Younger generation taking 'sledgehammer' to security
Digital natives v digital immigrants
RSA 2012 The new generation of "digital natives" coming into the workplace is going to blow apart existing security practices, Symantec's CEO Enrique Salem warns.
In his keynote speech on Tuesday at the RSA 2012 conference in San Francisco, Salem said that the current young generation, born in the 1990s, has a radically different approach to the internet and security than that of the older "digital immigrants" who built it.
"These digital natives are a freight train coming that will hit businesses like a sledgehammer," he warned. "They are the sledgehammer of change, and they're going to need to work with digital immigrants like you and me."
Salem said that the average US 21-year-old has sent over 250,000 emails, text messages, and IM sessions, has spent over 14,000 hours online, and doesn't accept information from a single source, but checks with his or her network instead. They use email rarely and have never known life without the internet. They even think differently, multitasking constantly in what he called "continuous partial attention."
Companies are going to have to get used to this, and should see productivity benefits, Salem said. But this style of working is going to need a dramatic reworking of traditional security practices, he warned, then proposed new ways to deal with the situation.
Authentication needs to be altered, he suggested, so that it is similar to single sign-on, but much more flexible for working across a variety of platforms. Security has to work on multiple devices, since digital natives take a "bring your own device" approach to hardware, and on multiple levels, so that it can incorporate new data such as location and online behavior.
The firewall will also need to be reinvented, he said, so that it not only watches what data comes into an organization, but also what data goes out. That data leaving via the cloud needs to be automatically tagged, since users can't be trusted to do it themselves, and clear cloud audit trails need to be set up and monitored. Finally, IT administrators need to be able to shut down access to information quickly when the native leaves the company.
Salem raised some good points, but he was short on solutions. He promised that Symantec would provide protection, but gave little indication as to how and why. No doubt details will be forthcoming, but he set himself a very high target. ®