Are vendors holding back IT security progress?
I just read an article by Phil Muncaster in computing.co.uk. It details a keynote speech by Neil MacDonald,VP of Gartner research at this weeks Gartner Security Summit 2008. I was not at this event, so can't report first hand on it, but taking Phil's article at face value, it seems that Neil was blaming security vendors for security professionals not being able to keep pace with the changing face of security threats. Too me this is like blaming Smith & Wesson for not making better guns for police officers. The fact that the bad guys are doing bad things somehow doesn't enter the equation. IT security progress is being held back because the threats we are facing are growing more complex and sophisticated! Lets not confuse the people trying to help with the solution with the people causing the problem.
On top of this, there are a lot of security vendor products out here that are not being used. I have yet to speak to an IT security professional who has the budget to get all of the security tools, training and services they need. Overall the security industry is constantly trying to make 30 cents out of a quarter. In an environment where the bad guys are making lots of money, resource starved security professionals are waging this war with one hand tied behind their back. It is not a lack of security tools, it is a lack of resources and money to buy and deploy them. Don't underestimate the deploy them part of it. How many times have we seen hard won budget dollars spent buying security products
That is not to say that security vendors are without blame. Security products are too hard to use, don't play nicely with each other and we don't do a good job of arming security professionals with compelling value propositions to sell the solutions up the chain.
Related articles by Zemanta
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=20a8fba3-2f1c-4db7-9930-7fbee115af99)
Comments