Forget about the past, it doesn't matter anymore.
Perhaps that's too broad a statement. How's this: Remember the past, it does matter -- but don't use security spending totals to gauge a company's commitment to protecting its data.
That's what we took away from this Dark Reading article, which reports on the Gartner IT Security Summit 2007 held this week in Washington, D.C. The reason that the past can't be used as a measuring stick is that so much is changing so rapidly about the business and technology of securing communications.
The news is good. In general, it creates the overall impression that the industry is enfranchising security as a key objective, not a noisome chore that produces lots of headaches but no revenue. The common wisdom is that hackers and crackers are looking at wireless and small and medium size businesses (SMBs) not because they see greater riches in these areas, but because they are losing in the enterprise. This suggests that SMBs and the mobile industries could, too, defeat the dark side if push came to shove.
Microsoft seems more engaged in security. That's important, of course, because Redmond must help create a landscape that allows SMBs to battle against the dark side. Though there is significant disagreement, many feel that the security in Windows Vista is a step in the right direction. A lot of innovation and price competition is arriving in the security industry with the launch last year of Microsoft's security suite, Windows Live OneCare. Though early reviews were negative, the latest word is that the service is improving.
There also have been significant mergers and acquisitions during the past year. For instance, Verizon bought CyberTrust, BT took ownership of Counterpane, EMC acquired RSA and Cisco took the reigns at IronPort. Each of these acquisitions has its own logic, of course. In general, these and other deals point to a future in which protection is more deeply ingrained in software and networks. These moves also suggest a landscape in which security is available as a service, an approach that seems natural for SMBs that don't have the money or desire to maintain dedicated security staffs.
In the Dark Reading article, Gartner vice president and distinguished analyst John Pescatore is quoted as saying that security is becoming a chess match, and that the bad guys always have the white pieces because they move first. We'd take it further: In chess, the white pieces dictate the entire nature of the match, not just a move or two ahead. Planners should look at the direction of the this chess match -- not the amount of money spent this year as compared to last -- when mapping out their companies' security future.