Gary Flood talks to Eva Chen, CEO and co-founder of security firm Trend Micro, about the changing face of the security market
Many of our readers will be familiar with your brand, but in your own words, what is Trend Micro all about?
We are the world’s largest independent security software company, and have been involved in computer-based and information security for 21 years. Right now we are looking at how security works with virtualisation, cloud computing and software as a service, which we think all require a new type of information security, so that’s what we’re focused on.
What is your role and your professional background?
I am the CEO but was also a co-founder, so have always focused on technology and product design. About 21 years ago I was an engineer at Acer Computer and my brother-in-law decided to found a company to protect information assets, and invited me to co-found – and that’s how I got here! Before that, I was an undergraduate studying management information systems and information management, so I have done a little bit of all things, but I am a technologist at heart. I formally became CEO at the start of 2005.
You are unusual in being a female head of a technology company. Why don’t we see more ‘Eva Chens’?
I think there should be more. Somehow in school, girls are not being so encouraged to take computer science or maths major, and I think that’s a pity; a lot of females from the beginning say "oh, that’s not for girls" and as a result don’t touch it. So I think there needs to be changes in the way we look at education right from the start, on a global basis, to alter this situation.
Talking of changing situations, how do you think the security market has changed in the time you have been CEO at Trend Micro?
A lot! Back in 2005, every year we probably had 5,000 viruses or malware; now we handle more than 80 million items of malicious code a year, with something being identified every 1.5 seconds. So the landscape has changed a lot in the past five years, but, of course, the infrastructure has changed, too.
Five years ago there was no such thing as cloud computing, and virtualisation was at its very early stages – now it’s more mainstream. As a result, this requires the whole industry to change how to think about protecting computers and information. For example, 70% of our business is with enterprise customers and we see a lot of that class of organisation doing virtualisation projects and consolidation – so there’s a lot of activity about how to protect a virtualised desktop and software on virtualised infrastructure. I think we are also coming up against the question of new types of compliance and monitoring, especially in a virtual environment.
Maybe cloud isn’t yet secure enough for real work, then?
I wouldn’t agree. Our customers tell us they want to take advantage of the cloud, but then also say they don’t know the best first steps. Patently, security is the biggest concern for everybody, but I have to say that just because they don’t know how to make it secure they aren’t prepared to at least start. A key word I hear a lot here and think is useful is "journey" – how will we conduct a staged approach to the cloud? How do we take the first steps and make sure we go in the right direction and are secure at every step?
What advice would you give, then?
There are, every year, infrastructure changes happening all around us and at a rapid rate. There is always the division in the market, as we know, between visionary/early adopters and laggards, but if we just take virtualisation on its own, I think the business case for potential savings that can and do come from this approach is now so compelling that the whole market has to engage with this.
So I would advise CBR readers to start by looking at what you have now in terms of security and how you might optimise that in a cloud or hybrid environment, and then look at the next step – what is the new security discipline you’d need to use to make that step safe? Plus, make sure what you have now can be implemented efficiently in a virtualised world; if you have that in place, your journey can be staggered and made successful. Certainly, you don’t need to jump up to the cloud in one go – that’s just too big a leap to take.