Which security vendor would you rather choose if you were to ignore your current Return on Security Investment model? The one telling you "everything's under control" , that "malicious attackers are loosing creativity and cannot bypass our security solutions", or the one who's attitude is "our solutions fully demonstrate marginal thinking in respect to fighting cyber threats, namely, they mitigate certain risks and limit the probability for a security incident, but do not and cannot provide 100% security"?Basic human psychology and purchasing habits would stick to the first one, the one pretending to offer 100% security -- something even a condom cannot offer yet everyone's thankfully using them. Even worse, which is falling victim into the myopia that the market leader, or the company with the highest brand equity is actually the one worth doing business with. As it appears, McAfee CEO David DeWalt had a drink from the truth serum before InformationWeek's 500 Conference in order to comment that "We're in inning two of a nine-inning game here" in respect to how cyber threats often outpace security measures. Moreover, an year ago I commented on a Gartner analyst's statement that security is all about percentage of budget allocation, and therefore the more you spend the more secure you get, among the most common myopias nowadays. Now, Gartner vice-president John Pescatore is wisely insisting that companies spend less on IT security, and given how when Gartner sneezes the whole industry gets cold, it's a step in the right direction - debunking common security myopias.
In a world dominated by perimeter defense solutions, being a visionary realist is an objective luxury.
No comments:
Post a Comment