Security Is an Infrastructure Problem: Q&A With Trend Micro CEO Eva Chen
In a virtual environment, input/output, hard drive space and antivirus tools are shared among several virtual machines. In that sort of situation, "putting firewalls in front of servers is no longer enough; you need to wrap each virtual server with individual granular security policies which follow it wherever it goes," according to Trend Micro CEO Eva Chen.
Eva Chen, CEO of security vendor Trend Micro, wears many hats. She's a mom, a chief executive, a philosopher, an idealist and a highly savvy technologist who's guided the development of several award-winning security technologies while serving first as the company's executive vice president, then as its chief technology officer. Chen received a B.A. in philosophy and holds two master's degrees, in business administration and management information systems.
Chen also has won several honors, the most recent being in March, when she was named one of Silicon Valley Journal's Top 100 Women of Influence in 2010. She was named one of the 50 most powerful people in networking in 2004; selected as one of Information Security's top five women of vision in 2003; and received the Lifetime Achievement Award from Secure Computing in 2001.
Chen, her sister Jenny, and brother-in-law Steve Chang, cofounded Trend Micro in 1988.
TechNewsWorld: From your bio on the Trend Micro blog, it looks as if you not only conceptualized and delivered your Network VirusWall product but also drove several industry firsts.
Eva Chen: Yes. I like new things so we were the first ones to use an Internet update in our first consumer product, PC-cillin. We were also the first company to come out with Internet gateway protection, mail server protection, and cloud-based protection, both from the cloud and for the cloud.
TNW: What do you mean, from the cloud and for the cloud? How do you differentiate between them?
Chen: Security for the cloud is for cloud service providers. They can use our software to provide a secure infrastructure for their users. From the cloud is a Trend Micro service. To provide antivirus security, you need to do a lot of pattern updates, and Trend Micro pioneered moving all these comparisons and pattern updates to the cloud. There's just a small, smart agent in the user's PC that knows which file has been activated, accessed or copied onto the user's computer, and it queries the cloud about that file. That enables users to have real-time protection and a much lighter footprint on their computers.
We think security is an infrastructural problem; if we don't fix the security problem for the Internet or the cloud, then this great Internet information sharing platform can't be sustainable. That's why we moved into security for the cloud -- more and more people are storing their information in the cloud, and they're using shared systems where they can rent a virtual server or computing power from different cloud providers. They will need to make sure all the systems they rent and all the storage they use are secure.
TNW: Let's talk about the computer security field in general. The amount of malware developed is growing, and both consumers and corporations are being hacked regularly. What can be done to make them safer?
Chen: I think we need to do more user education. We recently launched a campaign to help small business owners understand security, for example, because we found that hackers consider them the weakest link in the security chain.
First, small businesses' bank accounts have more transactions and hold more money than those of large businesses, so they're bigger and easier targets. Second, small companies do business with big organizations, and while the big organizations have security and IT infrastructure experts, the small companies don't, so hackers use them as their vehicles to attack the larger enterprise.
Our surveys show that small-business owners think they're too small to be targeted so they're on lower alert and don't have security staff. But we've recently seen a lot of attacks against small businesses.
TNW: Well, why don't businesses enforce policies more strictly?
Chen: Even if you enforce policies strictly, many hackers get around this by using phishing emails. For example, there was a wave of attacks on small businesses recently where hackers sent them emails claiming to include eligibility forms for funding from the federal government. But the forms were really malware and infected the victims' computers when they were downloaded.
TNW: What about security in the corporate arena?
Chen: We are major players here, and are focusing on security for the cloud. Take virtualization -- this is a big thing in almost every enterprise, but people don't realize that when you switch from physical to virtual servers, you need to consider new security practices.
Traditional security software needs to be redesigned because in the virtual environment, you're sharing the I/O [input/output] and hard drive and antivirus software among several virtual machines.
So if one of your desktops or servers starts scanning its files in a virtual environment, it might drag down the environment's performance. Also, you need to know who your neighbor is.
Putting firewalls in front of servers is no longer enough; you need to wrap each virtual server with individual granular security policies which follow it wherever it goes. That's what our Deep Security product offers.
TNW: You have a program for targeting women at home. Can you tell us more about this?
Chen: Women are the CEOs of the home. We have a nonprofit program called "Internet Safety for Kids" in which we produce content for moms on how to keep their kids protected online. This includes protecting them from cyberbullies. I'm a mom; I really care about this.
We suggest some very simple things such as always keeping your computer in the common area of the home, and having a separate, small computer for Internet banking only.
TNW: Your sister Jenny, who's one of the cofounders of Trend Micro, is now its chief culture officer in charge of promoting and maintaining the company's core values and open-minded transnational culture. Tell us about that.
Chen: Our vision statement is a world safe for changing digital information. When I came to the U.S. to study, it took seven days for my mom to receive my letters and for her to write me back; today, it takes just seconds. We want to make sure we can have this capability passed down to future generations and enable people to exchange information no matter where they are in the world.
That's why we do a lot of things that don't make very much business sense, but we feel very passionate about them. Steve, my cofounder, is planting trees in Vietnam; Jenny is helping Filipinos build homes and helping their kids learn to use the Internet.