October 13th, 2011 by Tim Greenhalgh
Is global network security in a state of crisis? I think so.
I was at the RSA Conference Europe this week, with client Wave Systems (www.wave.com) where the best minds and leading commentators networked, shared ideas and worked the business.
There were enough stories of defence breach there to back the case for crisis.
But having a crisis doesnâ€™t mean that itâ€™s not manageable and the directions offered by the conference were confident, sanguine and believable.
Weâ€™re seeing a growing understanding that software in the device and at the network layer cannot provide the level of protection we need in this â€˜anytime, everywhereâ€™ connectable universal space.
Warwick Ashford wrote a fine article around this in Computer Weekly today. He quotes Eddie Schwartz, chief information security officer at RSA and it is a telling statement:
â€œOne of the goals of any organisation’s security strategy should be to create new intelligence about attackers and attack methods rather than rely only on what is already known.â€
How this will pan out over the next year is moot but we have to move from reaction to awareness in network security strategies.
At the same time, we should be making sure that our defences are the best. Layered software, in the device and at the network level just does not cut it. We should begin with an understanding that network security starts in the device. Secure that, and everything follows, right up to the management layers.
Weâ€™re in a war zone and it is endless. We will never find the silver bullet to solve all our network security problems because the hackers on the dark side will always be probing and testing our defences. Right now, we are making them look good because we donot implement the best solutions.
But we are better than them. We just need to wake up, move faster and keep running ahead.