Wednesday, November 15, 2006

Thoughts On Security Evolution

So, Amrit Williams of Gartner fame has this fun post on security evolution. It can be summarized as three major points (yeah, even though we are supposed to hate Gartner, I just love how some Gartner folks have this great ability to condense unstructured data into succinct bits such as this one):

1. "The threat environment has become increasingly dangerous..."
2. "Business is leveraging the internet..."
3. "Regulatory compliance pressures ..."

He also draws some conclusions, which I happen to agree with, mostly (aaah, how boring and quaint :-))

a. "You cannot prevent all bad things from occurring ..."
b. "Data is more important than the systems ..."
c. "Visibility and control are the foundation to improving security"
d. "Process is as important, actually even more so, than technology..."
e. "Security can no longer exist in a silo or a vacuum" [well, this one is probably the weakest conclusion; we all know that humans can screw up everything and so many orgs will still choose to run security "in a vacuum" for years to come...]

Now, why this post, you might ask. Well, apart from further distilling the insights of Mr Williams for my readers (which I am sure are his readers as well...), I would like to state a meta-conclusion and then test it on my readers - do they like it or not, so:

I. The security is going to become mainstream, accepted, mature, maybe even mundane somewhat and it will happen in our lifetime.

Now, do you agree?
And if you do, is it good or bad for us in this profession?

BTW, I still stick to what I said here in my post "Will security ever "get done"?": security won't really be "done," it will simply "grow up" as a discipline ...

Dr Anton Chuvakin