The latest illustration of the pervasive cluelessness in infosec comes from Cisco's EOL announcement on Ace XML Gateway. Back in the day, there were Web services, at some point people realized that these would be worth protecting (seeing as how they enabled access to the enterprise's sensitive assets). Two of the more popular choices at the time were Data Power and Reactivity. Data Power was acquired by IBM, and I remember being surprised at the time that IBM put Data Power into the Websphere (software) group not the Tivoli (ops) group. Cisco acquired Reactivity and began to attempt to sell it to the infrastructure people that comprise their core customers.
What happened next? Well, two paths diverged in the forest as the poet says. Data Power is now a major, major part of the IBM product landscape, it was offered to software architects and developers who could readily figure out that their Web services lacked security and needed help. Cisco on the other hand had the misfortune of trying to present the idea that data, applications, identity and services are worth protecting not pizza boxes and sprockets. What a sad commentary on infrastructure security that this message did not get through.
Please notice, that I am not analyzing the relative merits of these products, when they were acquired, they were each viewed among the leaders in the product group. However, the sales channel (of all things) was what determined the fate. In my beginning is my end.
Infrastructure focused security is a necessary ingredient, but nowhere near sufficient. If that is the sum total of your group's focus, you need to focus on the infostructure (apps, data) and metastructure (policy, identity) To give some ideas on how to move security architecture in a positive direction, I wrote a Security Gateway Buyer's guide, which discusses patterns and deployment considerations for how a Security Gateway can deliver security services to apps, data, and identity assets in common enterprise Use Cases like Mobile and ESB.
Absolute, unadulterated truth.
Posted by: Chris | November 02, 2010 at 11:59 AM
Two roads diverge... two roads. Don't go poorly paraphrasing The Poet :-)
Posted by: Jon | November 03, 2010 at 05:34 PM