News
Bruce Schneier Questions Why We Need a Security Industry
The primary reason the IT security industry exists is because IT products and services aren’t naturally secure, Schneier says.
By Paul McNamara, Network World
The whereabouts of that initial "incentive to invest in security upfront" is something of a mystery—were it there today in sufficient quantities we wouldn’t be having this discussion—but once it is located and widely acknowledged, it’s difficult to argue that the other pieces wouldn’t fall into place. Today, however, the more prominent incentive for vendors is that so many customers appear perfectly comfortable buying today’s level of security, so why should vendors invest the time, effort and money to provide more?
Next he hits the eject button.
"I know this is a utopian vision that I probably won’t see in my lifetime, but the IT services market is pushing us in this direction. As IT becomes more of a utility, users are going to buy a whole lot more services than products. And by nature, services are more about results than technologies. Service customers—whether home users or multinational corporations—care less and less about the specifics of security technologies, and increasingly expect their IT to be integrally secure."
In the meantime—the very long meantime—IT hardware and software vendors will continue to swear their fidelity to security and fail to deliver the goods. The security industry will go on pumping out products that network professionals will continue to buy and deploy because their failure to do so will lead to their unemployment, among other nasty consequences. Market forces may eventually bring us Schneier’s "utopian vision" of a standard IT infrastructure built upon ubiquitous and inherently secure services, but I’m turning 50 this year and like Schneier do not expect to see this happen in my lifetime.
He spends the balance of the column touting security services, which his company provides (not that there’s anything wrong with it), and piling up caveats to counter this type of critique of the headline and top half of the piece.
So, do we really need a security industry?
Heck, yes—but we wouldn’t if pigs could fly.
-Paul McNamara, Network World
security industry
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
