Social media and the security risks they pose for business

Each week we ask chief technology officers (CTOs) and other high-profile technology decision-makers three questions.

Nir Zuk says applications like Salesforce.com and WebEx pose a security dilemma for businesses

This week it's Nir Zuk, the co-founder and chief technical officer of Palo Alto Networks.
Palo Alto Networks is a network security company which helps businesses enable the use of modern applications such as Facebook, WebEx and Salesforce.com.
The company is privately held, with investments totalling $65m from leading venture capital firms Globespan Capital Partners, Greylock Partners, JAFCO Ventures, and Sequoia Capital. Palo Alto Networks is based in Sunnyvale, California, and says it is enjoying triple-digit growth.

What's your biggest technology problem right now?

I think that the biggest challenge right now in our space is the change that the internet is going through in terms of the kind of applications that enterprises are using.
The technology that's been available until recently for protecting enterprise networks is technology that is 15 years old, from the mid-'90s, that was developed at a time when the internet was basically web browsing and e-mail. There was no Facebook, no WebEx, no Twitter.
Nowadays the internet is very, very different than it was in the mid-90s. Until a few years ago, when I was talking to other CTOs in the industry, what I heard from them was that they didn't care about this kind of technology.
They didn't care about Facebook, they didn't care about Twitter, they didn't care about applications like Google Docs. They hadn't seen the value of these applications in their business.
However, now that more and more businesses are seeing the value in these things, they have a big dilemma.
Are they going to allow these applications to go through their network, knowing that their current security infrastructure cannot secure these applications?
Or are they going to block these applications, potentially holding their business back from using these kind of technologies, and really losing some competitive edge compared to their peers?
So the problem right now is that the incumbent vendors, the vendors that sell network security technology today, cannot really bridge the gap between these applications and the need to secure the use of them.

What's the next big tech thing in your industry?

I think the next big thing in our industry is a derivative of what I've just said, that's technology that takes all the network security infrastructure today, which includes scanning for malware, scanning for exploit of vulnerabilities, scanning for data leakage, and extends it from basic web-browsing and e-mail to all applications.
With that, companies will be able to use these applications and secure them as they use and secure basic web-browsing and e-mail today.
They'll be able to make these applications as secure as web-browsing and e-mail, and will not have to compromise either their security or their ability to interact with the internet, their customers and their peers using modern communication tools.

What's the biggest technology mistake you've ever made - either at work or in your own life?

I don't know that I have a huge technology mistake but I have a related mistake.
In the past I was involved in another network security company, and at some point we got an offer to acquire the company for a lot of money, for about $4bn, from a much bigger company, a networking company - not a security company.
And back then my thought - and that of the other executives - was that if we sell to a bigger company, a networking company in general that sells routers and switches, we'll be able to expand our market; we'll have more money for research and development; we'll have more money for marketing our products and will have a better reach to customers.
That was a big mistake. It was just a huge mistake.
We quickly found out that security companies have to be specialised, and once you get swallowed by a big networking vendor you lose focus on security, and customers just leave you.
It happened to us, it happened to other companies that were bought by large networking vendors, and the stand-alone security companies were having a much easier time selling to their customers.
That was a mistake, and basically what happened, after a year I had to leave and start a new company to specialise in network security, and build everything from scratch.
Now we're pretty big - and I don't think we're going to repeat that mistake again.