Nothing, of course, could be further from the truth, and the continued disconnection between technology propaganda and reality is one of the main reasons why the security sector continues to struggle to stay ahead of the new range of threats that are continually being delivered. It is also why the professionally-driven, criminally and illegally motivated elements of the threat world find the ease with which they can make use of technology so tantalizingly inviting.
Going back to the industry messages that continually flood in each day, there have been several good examples recently of the comfortable, perhaps almost smug, way that the security sector positions itself. These have included hints on the top five ways to secure your company’s mobile devices; the easy way to effectively implement instant messaging policies; and easy-to-implement email security strategies.
The one common theme that runs through all of these emailed missives is the desperate requirement to position IT protection services as simple-to-use, and capable of delivering one-time fixes.
For 2007, there are two things that stand out when it comes to high-level areas of IT security. Firstly, the list of requirements is a lot longer than it was 12 months ago, and secondly, the required levels of interaction and integration between protection solutions, and indeed between security vendors, has also gone up significantly.
Take, for example, the issue of identity theft, where we will be looking at what is being done by the industry to remediate against phishing, pharming, key logger, spyware, and man-in-the-middle attacks – especially where these problems impact upon current and future business development in on-line trading and commerce in areas such as retail and financial services.
Furthermore, in support of business-to-business and business-to-customer interactions, there is a growing range of security products springing up to support enterprise network infrastructures. These include products that enable organizations to understand the full extent of all devices that operate across their systems and networks, products that are used to provision, control, and manage such devices, products that authenticate user and device status as they log on, and products that will need to be capable of handling convergence between physical and logical access systems.
None of these solutions fall into areas where easy-to-use hints and tips feel to be appropriate, but all have the substance that is required to take the industry forward.
For the IT security sector, 2007 needs to be a year where more emphasis is placed on the requirement for good quality, unified protection systems, and one where product substance takes over from the usual industry hype.
Source: OpinionWire by Butler Group (www.butlergroup.com)