March 04, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Los Alamos and The Network Forensic Search Engine: A Talk With Packet Analytics | Main | Next Hundred Years of Security »

March 03, 2008
Is Security Still Unnecessary?

The reason for the somewhat nonsensical title to today's blog is it's a response to some commentary on Wired by Bruce Schneier written awhile ago, which essentially wonders why security is even necessary. While this was written in May of 2007, I believe that many of the points Schneier made are still particularly valid.

Today's security is mostly built after the fact, after the exploit has been exploited, and in how many other industries would such a system work: I mean, you can't exactly sell life insurance after the guy is dead.

The entire existence of the security industry today depends on IT products and services that are not secure. This method is a very inefficient way to manage and spend security money. The most problemmatic of this arrangement is that, for all the security products and services and doomsday bluster, system and security remains effectively insecure.

Also, as Schneier says, "As IT becomes more of a utility, users are going to buy a whole lot more services than products. And by nature, services are more about results than technologies. Service customers -- whether home users or multinational corporations -- care less and less about the specifics of security technologies, and increasingly expect their IT to be integrally secure."

Why can't applications applications secure right out of the box? The fact is, things are definitely trending this way (see Rothman's excellent Penetration Testing article).

The way I look at it, you can make every application as secure as Fort Knox (by the way, is Fort Knox still the Gold Standard in security, or are they just piling gold bricks behind a hurricane fence these days?), and there is still going to be vulnerabilities. Because as I've said here time and again, the main security loophole is us: wetware, the human being, the 99 percent-of-the-time smart and savvy but only occasionally gullible and dumb-as-bricks (I'm speaking for myself here) security loophole.

So I guess if security is ever going to get truly effective, we're gonna have to get something to plug or download into us. And like they say in the military, Generals are always fighting the last war, and as far as I can see, there is always going to be an effective hacker insurgency doing active battle against our networks and data, forcing us to change strategies and troop alignments (i.e. security spending).


Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3210

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:


Implementing Information-As-A-Service: A Practical Approach

Playing LIVE in 67 minutes
I WANT TO ATTEND

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map