Security by itself is meaningless. Security only matters when its integrated to something - a subject, an object. What did you see at RSA?
People obsessing about threat du jour and people selling security products and services. Neither is at all helpful in making concrete forward progress on security issues.
The fact that security products are sold as separate rather than implicit tells you all you need to know about the lack of integration.
We have two working mechanisms in infosec:
1. Reference Monitor
2. Crypto
So you have three basic decisions: use a Reference Monitor or use crypto or use both.
Everything else is an integration challenge, and this should be where majority of time is spent on infosec matters. Not focusing on a panolopy of silver bullets, but rather getting closer to subjects and objects, finding cost effective ways to integrate security services.
Sure integration is not as fun a cocktail party topic as "omgwereallgonnadie" threat du jour, but in the long run it matters a lot more.
Good post. Vendors are too much into themselves
Posted by: Andre Gironda | February 18, 2011 at 03:26 PM
Crypto <> security.
Posted by: Roland Dobbins | February 18, 2011 at 09:58 PM
We just need a few more market consolidation takeovers. Then at least the products will be integrated on the PowerPoint slides ;-)
Posted by: Andrew Yeomans | February 25, 2011 at 05:26 AM