The recently concluded two-day IDC's (International Data Corporation) Saudi Arabia CIO Summit 2011 held under the auspices of Eng. Mohammad Jamil Bin Ahmad Mulla, the Saudi Minister of Communications and Information Technology at the Jeddah Intercontinental Hotel, focused on providing CIOs (Chief Information Officers) and senior business executives with new insights into the IT refreshed strategies, emerging technologies, and cutting-edge best practices that are shaping the business landscape. The summit also discussed the engaging of both emerging and established vendors as they outline their new product blueprints and practical solutions for dealing in the future. In an interview with the Saudi Gazette, David Jacoby, one of the prominent and senior speakers at the summit and an IT security researcher at Kaspersky Lab, articulated his vision and understanding of the industry. The excerpts follow: Gazette: What is the importance of such a summit and the significance of holding it in Saudi Arabia? Jacoby: As it is the first IDC's conference of-its-kind in the Kingdom, I think its importance is centered around one main objective, i.e, to have all the CIOs from outside and here in the region to convene and discuss IT security and IT intricacies in general. The main significance of this IT function is that it is a big gathering of experts in this field from both private sectors and government bodies where they have discussed questions, like: How can CIOs reignite the momentum and help rejuvenate businesses? What winning strategies can they adopt in their organizations to maintain their market share while growing their business? Gazette: How far does the so called” cloud services” contribute to maintaining the IT security in both private and government sectors? Jacoby: Before answering this question, I would like to outline the big confusing question about who is responsible in the IT security at any certain firm or organization? Is it the customer “the firm” or the “vendor”? The IT company producing the security platforms and software”? I think throughout scores of researches I have conducted in many regions and countries around the world there is a much more shared responsibility between the vendor and the customer. A company like Kaspersky would provide the latest solutions and software that can fight the IT security theft and any malware threats. However, the customer – whether an individual or an organization – should interact with the vendor and the provider of the security tools in terms of reporting about any hoaxes or spamming e-mails or any other hacking websites. In other words, the customer cannot just buy the IT security product and sit back and do nothing. There should be an updated feedback from the customers about any threats or hacking endeavors. Gazette: How could the CIOs help in sustaining the IT security within their organizations? Jacoby: Well, during the sessions at the summit, we focused on how to empower the CIOs throughout some strategies. The empowered CIOs with sharped minds, wits and creativity can stand against any challenging problems in the IT security area. The most pressing issue at this juncture for CIOs is to educate their organizations' board members and stakeholders on the benefits of effectively aligning IT with the objectives of all individual business units within the organization. Indeed, they must effect change with transparency, efficiency, and urgency. Gazette: How are security services provided to the banking sectors different from those provided to any other sectors? Jacoby: Very interesting question. Yes, sure. In our company we have implemented a big information services with trillions of data base entries about any security threat, (like) virus Trojan that can affect any banking system. This flow of IT security information is updated around the clock. The operating systems for corporations are very different from those of personal PCs. We have Free BSD with its several unique features of storage and several security-related features including Access Control Lists (ACLs). There are additional services for banking sectors in terms of a big collection of alerting services for banks. For, example, on our search engines, if we type any web address of any local bank here, let's say “Al -Rajhi Bank” we can be immediately alerted over any virus or cyber threat targeting this bank web page. Gazette: How do you evaluate the Saudi CIOs participations in this summit? Was there a positive reaction to the summit from the CIOs? Jacoby: Yes indeed, I was amazed by the key issues some Saudi participants broached via the sessions. I met with many IT representatives from both Saudi private and government sectors including Dr. Arwa Al Aama, the vice mayor for information technology affairs at Jeddah Municipality. The CIOs who came from many local banks here also have befitted a lot from the panel discussions about the updated issues concerning the IT security. I would like to add that IDC's Saudi Arabia CIO Summit 2011 have brought together the best minds from resilient enterprises, fresh perspectives from IDC analysts and collective intelligence from the top business leaders in order to share the updated solutions and strategies of the IT security. __