Openness and interoperability are long standing buzzwords in the digital ecosystem, but it is not always clear what it means, and why it is important. For McAfee, embracing these notions is critical to our success, and here’s why. Openness means that we share information, and interoperability means that this information is shared with our eco-system partners be they public and private entities all with the aim of fostering innovative solutions and services of benefit to all. We all have a natural instinct to defend ourselves against free-loaders, but in the digital world, however counterintuitive it may seem at first glance, this mindset is harmful to both digital business and our capacity to innovate.
Put another way, the more we collaborate and share, the more our customers trust that we are at the top of our game. By being a cog in a vast and interdependent digital machine, McAfee’s services become more valuable. Conversely, locking ourselves out of this process has real risk. This is because openness and interoperability cuts both ways. By giving others access to our expertise, we also gain access to theirs. This lets us focus on what we are good at, and we can leave it to others to create amazing new services that build on our innovation.
Of course, there is a bigger picture. An open and interoperable digital ecosystem is a cornerstone of competition. And ultimately, it is competition that drives innovation. Equally, devices or services that cannot interoperate will over time become less valuable.
That’s why we think the principles of openness and interoperability merit inclusion in the new European Commission’s technology and security policies, a point not lost on the Finnish Presidency, the current chair of EU ministerial meetings, who have made interoperability a priority objective for the next five years.
Openness has its drawbacks, of course. If we don’t excel and keep our products and services at the highest standard, someone else with a more robust solution could easily claim our place in the market. But being open and interoperable also acts as a rapid-alert system to let us know where we are falling short. Whether it is a bug in the code we produce, or a glitch in our interfaces, the community that we work with will let us know far sooner than if we were closed off to this scrutiny.
In relation to cyber security a lack of interoperability and cyber intelligence sharing across information systems can have serious consequences, including, for example, the limitation of response capability against cyber (or even, larger scale) terrorist attacks. Today’s threats are no longer confined to a particular country, company or group of people and their impact is felt by the whole of society.
The best way to keep people safe today is to share and receive cyber threat intelligence within and beyond a company’s boundaries, fast detection of imminent attacks by cybersecurity experts, and collaboration on threat analysis, automated threat exchange, and detection and response. If we do not prioritise openness and interoperability in our policies, real people could suffer as a result.
The benefits of open and interoperable cloud security architectures to digital transformation should also not be overlooked. Open and interoperable cloud security architectures provide a quick and comprehensive way of achieving higher security standards across governments and enterprises.
So, there is no question that openness and interoperability is the right way to go, and we’re proud the fact that McAfee and others use these as foundational principles.
As a case in point, on October 8th, McAfee and IBM Security kick-started an initiative to bring real interoperability and data sharing across the cybersecurity product landscape. The Open Cybersecurity Alliance (OCA) project is comprised of like-minded global cybersecurity vendors, end users, thought leaders, and individuals interested in fostering an open cybersecurity ecosystem, where products from all vendors and software publishers can freely exchange information, insights, analytics, and orchestrated response, via commonly developed code and tooling, using mutually agreed upon technologies, standards, and procedures.
The Alliance’s founders, McAfee and IBM Security, are joined in the initiative by Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient, and Tufin.
Formed under the auspices of OASIS, a respected consortium driving the development, convergence and adoption of open standards for the global information society, the Alliance was launched as an OASIS Open Project on October 8, 2019.
Its goal is to is to develop and promote sets of open source common content, code, tooling, patterns, and practices for operational interoperability and data sharing among cybersecurity tools. The Alliance aims to create an environment where cybersecurity vendors do not compete on plumbing; rather, the plumbing is the foundation – the common platform — upon which cybersecurity tools are built. Cybersecurity vendors have a real adversary they are trying to defeat, and vendors should not be distracted by each of us having to replicate different ways to provide product plumbing. (See OCA announcement blog)
Finally, if you are interested to learn more about why this agenda is important to European policy makers as the new European Commission is confirmed, I would encourage you to look to the work of the European Committee for interoperable systems (ECIS) and its recent white paper on how interoperability and openness works in theory and practice, particularly in the field of cybersecurity an cloud services.