You are here: Home / Cyber Security / Opinion: The most needed innovations in IT are in the security domain

Opinion: The most needed innovations in IT are in the security domain

April 8, 2010 By

The IT industry is about two things:  Functionality and Security.  They go hand in hand.  If you have functionality with no security it is worthless.  If you have security without functionality it is stupid.  So the reality is that security and functionality really go hand in hand.   But another reality is that every organization and innovator tends to focus on getting the functionality out with just the minimum amount of attention provided to security.  Meanwhile, cyber criminals, hackers, hactivists and even nation sponsored attackers are continually looking for weaknesses to exploit.  We the good guys of IT need to continually consider ways to enhance innovation in security.

That is part of the reason I think the work of the Security Innovation Network is so important.  More from their website:

Security Innovation Network

The Security Innovation Network (SINET) www.security-innovation.org is focused on advancing IT security innovation through collaborative models. Our goal is to “Give the Entrepreneurs a Voice” by increasing situational awareness for both the builders and buyers of innovative cyber security solutions and services. A critical focus is “Bridging the Gap” between the Silicon Valley and the Beltway.

A coming event I would like to bring your attention to is the Security Innovation Network Showcase, which will be in DC on 27 October 2010. This showcase/expo has some huge goals and will no doubt move the ball forward in matching the most innovative cyber security solutions with some of the most critical needs of today’s enterprises.

If you are in an early stage cyber security company or if you are a CTO/CIO/CISO in an enterprise, please consider engaging in the Security Innovation Network and this showcase.

And if you are on Twitter please follow SINET at: http://twitter.com/SINETconnection

Filed Under: Cyber Security
  • ags

    "The IT industry is about two things: Functionality and Security." That would be hilarious, if the consequences to customers of security functionality NOT being present in new products weren't sometimes so severe.

    The I.T. industry does NOT have any significant regard for security. Look at where the I.T. industry is with regard to overall security. Billions lost every year, lots of companies too afraid to even report break-ins. A need to call in the military, and even they haven't defined the problems. The military is now providing classified briefings to industry to assist them in protecting their systems. Yes, the I.T. industry has done a great job on security.

    The I.T. industry is about one thing – making money – no different than other for-profit efforts, nothing out of the ordinary there.

    What is a bit different is that no major new commercial technology rollout has been delayed due to obvious security concerns. Rarely has any verification of the reliability of security features been released with the new product.

    Considering the huge damage that has been done while using some new I.T. products, there is not that much product liability law or enforcement extant. Think Toyota will get away with stuff like that?

    The truth is a little closer to: Various target audiences (individual, group, corporate) have been conditioned to periodically look for the latest I.T. snake oil that will supposedly solve most problems, save them money, do things better, and generally make the world a better place to live and make them very stylish among their equally clueless peers.

    Just review for yourself the last few years of the "latest, greatest things," and how well they have lived up to their hype.

    I don't deny that a lot of useful products with interesting and creative features are available and being used to good effect. What I do maintain is that, for the most part, security planning and engineering was not a major part of the development process. More security is slapped on just prior to implementation, and a whole lot of add-on security and management products are needed because the security engineering process and sometimes the product development process just sucked!

    We sure do have a lot of I.T. industry associations out there. I know of at least a dozen myself. What I have never heard of is an I.T. association that has real quality standards that they push their members to adopt and that the association tries to enforce. These associations feel no obligation to the industry or society in general, their only obligation is to advantage themselves and their members so that they obtain greater political influence and more money for them and theirs.

    I am for security innovation, but I do wonder whether you are just pursuing developing and selling products that provide security functionality that a responsible product vendor would have built into the original product.

    So, security is a hot topic today, so go out and give your elevator speeches and hype your products and make your fortune and write wonderful pieces on interesting websites, but don't expect anyone to think that we are getting measurably closer to the responsible, integrated security that our computer-dependent society and economy need, and spare us all "The IT industry is about two things: Functionality and Security."