INDUSTRY INTERVIEW: Safenet

Joe Moorcones
Corporate Vice President, Chief Technology Office
SafeNet

Joe Moorcones joined SafeNet from Johnson & Johnson, a Fortune 50 company, where he was the vice president of worldwide information security. Prior to his 10-year tenure with Johnson & Johnson, he was the assistant deputy director for information security at the National Security Agency, where he spent 24 years.

SafeNet is a global leader in information security. Founded 25 years ago, it holds a leadership position in every market in which it competes: government and network security, identity protection, and digital rights management.

Q: How are government agencies, and organizations in general, changing the way they protect their data?

A: In the past, a “perimeter” defense consisting of firewalls, intrusion detection and anti-virus software was considered enough to block threats to data. Likewise, easily cracked passwords were used to control access to sensitive data inside of the perimeter. Today, threats are more sophisticated and more pervasive. And connected enterprises require that data be made available in more places, in more ways. Government agencies and enterprises, therefore, require an enterprise data protection (EDP) solution to effectively secure their data from the “core,” where key data repositories exist, across networks, and all the way to the “edge,” where the data is used.

A truly comprehensive EDP solution includes database encryption, network encryption, key management systems, disk and file encryption, authentication tokens, and digital rights management. Even though all of these technologies are available from many different sources in the information security industry, it is extremely difficult and complex to integrate, operate, and manage them into one comprehensive enterprise solution. SafeNet is the only company in the information security space that can provide the whole solution to both government and commercial organizations.

Q: What is the most important element in ensuring full data security?

A: Encryption is the most important element in ensuring full data security. Encryption is the process of transforming information to make it unreadable to anyone except those possessing a special key for decryption. Data encryption used to be considered an esoteric practice with no real value or application outside of the government or military space. The advent of personal computers, the Internet, and an overall shift to a digital world have changed the way we handle data. Again, today’s threats are more sophisticated, both externally and internally, and the more enterprises connect, the more their data is at risk.

The increased need for collaboration has made firewalls obsolete, since more and more “outsiders” are operating inside of the firewall. Having strong perimeter security without robust internal security is an antiquated and even dangerous practice. Security must follow the data by way of encryption and not just rely on a protected infrastructure. Encrypting data ensures that it cannot be compromised while it is in transit over networks, at rest on databases or laptops, or in use on workstations. Encrypting data also ensures that it is rendered useless should a security breach occur.

Q: Can you describe how SafeNet addresses the needs of the federal government?

A: SafeNet is committed to supporting the mission needs of both federal defense and civilian agencies by delivering encryption solutions that protect sensitive data while it’s in transit, at rest, and in use. For example, SafeNet secures all presidential telephone voice communications, Department of Defense fiber optic networks, communications to satellites, tanks, and ships, and the digital identities of U.S. embassy staff worldwide. SafeNet has also been instrumental in helping government agencies comply with federal mandates, such as HSPD-12 and the Office of Management and Budget directive M-06-16, which requires encryption protection for sensitive data on all government laptops and workstations. SafeNet was also selected by the General Services Administration as a top vendor of disk and file encryption solutions for all federal government agencies, and select state and local governments, under the government’s SmartBUY program.

Q: What is a significant trend emerging from government customers?

A: A trend we see emerging from our government customers is the use of COTS security products. COTS is software or hardware that is ready-made and available for sale, lease or license. These products are often used as alternatives to in-house developments or one-off government-funded developments. The use of COTS is being mandated across many government and business programs, as they have already been tested and proven in the commercial space. The government can accelerate the time to market by leveraging existing commercial products for Type 1 applications and vice-versa.

The use of COTS solutions reduces overall system development costs and involves less development time because the components can be bought instead of being developed from scratch. COTS IT is being used by DoD to bolster capabilities in the area of command, control, communications, computers, intelligence, surveillance and reconnaissance. COTS products are typically 80 percent of a security solution. SafeNet has the unique ability to address the COTS market, as we are one of the only companies in our space that has crossed the chasm between commercial and classified government industries. ♦