Beating the stealth threat in IT security

A businessman uses his smartphone
Image caption It is harder to protect data now that employees have greater say over which devices they use

Each week we ask high-profile technology decision-makers three questions.

Image caption Enforcing security policies within organisations is now a bigger challenge, Gerhard Eschelbeck says

Sophos is a leading international vendor for IT security protection, providing protection for small and medium-sized businesses, large global corporations, educational institutions and government agencies.

Gerhard Eschelbeck is the company's chief technology officer and senior vice-president. He told the BBC about how his company was facing the challenges of new - often invisible - security threats.

What's your biggest technology problem right now?

If you look at what's happening today, there are two major driving forces for security at the moment.

One is clearly that the threat landscape is changing significantly. It's changing in a sense that it becomes more stealthy, more invisible and more targeted. And that certainly creates quite a challenge for our customers - for organisations that are using IT.

The second force that I see, which poses quite a significant challenge, is around the fact that IT environments are changing today.

The IT environment is changing in the sense that there are new devices in what was historically a very Windows-centric PC-based architecture. It is really becoming a very heterogeneous environment today with Macintosh being very successful and with tablets coming into the organisation and being a big part of the IT environment.

All of that of course creates a new set of security challenges for any organisation.

The industry, including ourselves, is clearly looking at how we can solve some of those security problems with new approaches to solve those heterogeneous environments, but also to solve security or an environment that is becoming a cloud-based delivery model.

Enterprise software is more and more moving into the cloud, being delivered as a cloud application.

Of course there are security implications to that as well. This is really what we are focusing on as an organisation, to solve some of those problems.

What's the next big tech thing in your industry?

The single thing that I want to emphasise on is the trend of the consumerisation of the IT environment - which really means it's all about the mobile devices and the smart devices that are coming into an organisation.

The IT manager team, and the IT department, is being asked to connect all those personal devices - be it an iPhone, Android, Windows Phone or whatever it may be - to the corporate network.

That clearly has dramatic implications from a security perspective in the sense that those devices are not even owned by the IT department or the company. The enforcement of policies is becoming quite a unique challenge.

Clearly, that is an area where I see a significant challenge down the road and an opportunity at the same time to solve some of those security problems within the mobile environment - in particular security layers but also device management.

We have been working on mobile security for quite some time and have products on the market for that as well, which allow our customers to manage devices from a heterogeneous perspective.

In the next year I predict some significant investment in that area.

What's the biggest technology mistake you've ever made - either at work or in your own life?

As a technology pioneer you're always worried about time-to-market. You can be too early, too late - neither of them is really what you want to strive for.

The first example of this is when I started, around 10 years ago, to innovate around cloud and starting cloud technology.

It was by no means clear that this technology would ever get anywhere. As a matter of fact there were a lot of people questioning the approach. Today it's pretty obvious, 10 years later, that the cloud is a huge success. In this case, timing was right.

The other project that started about the same time, maybe a little bit earlier than that, was around an idea we had to build detection for hackers, to essentially have a computer be able to automatically be able to identify hacking attempts and things like that.

That project was really too early to the market at that time - there was no market existing at that point in time. Eventually this technology became a part of a bigger feature within the firewall to be known as "intrusion prevention systems".

The lesson learned in a big way here is that you always involve your customers to help you guide on the path when you make technology choices.

Related Internet links

The BBC is not responsible for the content of external Internet sites