The Sad And Increasingly
Deplorable State Of Internet Security, Revisited
By Lisa Phifer and David Piscitello
Published June 2007; Posted August 2007
Is your organization part of the
problem, or part of the solution?
In the February 2003 issue of BCR, we claimed that, “overall, Internet security really is in horrible shape.” We were convinced by computer crime statistics, incident reports and our collective experience that the security technology deployed to date had not proven effective. In fact, incident frequency and cost were increasing at an alarming rate, despite the fact that most organizations were claiming to have deployed state-of-the-art security defenses.
In our 2003 article, we also predicted that security would worsen before it improved. We cited insecure operating system (OS) and network architectures, lame authentication, poor software engineering, lax security management and creeping featurism as principal root causes for this “fall from security grace.” We concluded with a measure of hope, however, suggesting that feature moratoria, software reliability agreements, administration improvements and perhaps more regulatory influence could improve Internet security.
Now, four years later, BCR has again invited us to comment on the state of Internet security. Overall, we find that while security threats have evolved, the root causes of security vulnerability haven’t changed, and they are still being ignored in favor of “quick fixes” to ease security symptoms. Although most of our 2003 advice hasn’t been taken, progress is being made in a number of areas, including more secure operating systems and protocols, unified threat mitigation and identity-based network access controls.
About the authors:
Dave and Lisa own Core Competence, a network security technology consulting firm focused on emerging technologies and best practices.
This article is reproduced by special arrangement with our partner, Business Communications Review.
Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information. Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site. Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.