RealTime IT News

'Horses' Ass' Thinking Out of Security Industry

SAN JOSE, Calif. -- Wake up, security industry. And get the back ends of Roman warhorses out of your thinking in order to meet the challenge of today's enterprise security needs.

That was just one part of a larger message to technology and security professionals at the RSA Security conference here.

"Who among us believes he is fearless enough to believe that today's technology alone can make our enterprises more trustworthy and magically defending," said Thomas Noonan, chairman and CEO of security firm Internet Security Systems.

"One thing we agree on: It's nearly impossible to determine the signal-to-noise ratio in today's crowded and over-hyped security marketplace," he said during a keynote address.

"Business enterprises are longing, starving for solutions that live up to this hype."

Last year, for example, the financial losses alone from security breaches clearly proved that fearless, trustworthy and self-defending security is failing, Noonan continued, referring to products and security concepts by major technology providers in the industry.

And he added this: The security industry is valued at $18 billion dollars annually, and growing at a rate of between 10 percent and 12 percent.

Yet financial losses are estimated at nearly $50 billion dollars a year by corporations and businesses grappling with security. And it's growing at a rate of three times the investment.

"If you've come to the conclusion that the more we invest, the bigger the problem gets, you're right. What's wrong here?"

One answer brings us to the rear end of the horse example. The width between the rails on today's railroads was largely determined by Roman chariots more than 2,000 years ago.

Why? Because the railroads were influenced by the size of the roads in ancient England, which were built by the guards of Imperial Rome. The ruts in those roads were influenced by the width between the two horses that pulled the chariots, or, more specifically, the width between the horses' rumps.

The width of those rail gauges, four feet by 8.5 inches, influenced the widths in U.S. railroads, which were designed by British citizens. Fast forward to the space shuttle booster rockets of today.

The rocket booster for the U.S. space shuttles had to be shipped by train, from the factory, through a mountain whose tunnel was only slightly wider than those rail gauges, four feet by 8.5 inches.

What that means, Noonan continued, is that the "most advanced features of rocket boosters were determined by the width of two horses' asses. I'm sure you know more than a few horses' asses in this industry," he said to applause.

"But this morning we gather in spirit of fellowship and moderation to advance thinking in the industry. I believe the industry's at a crossroads and stuck in a rut."

The industry needs to think about how to protect enterprises uniformly across the infrastructure, independent of which routers or operating systems you use –- now, or in the future.

That means not just bolting on best-of-breed solutions. It means building entire security platforms.

"Security platforms are an entire systems blueprint, architectured from the ground up to operate as a unified system, ensuring that all the threats and vulnerabilities are preemptively addressed.

"And they leverage best-of-breed components. That's why they're open. Today, these best-of-breed systems only exist as islands of automation."

Instead, he urged the industry to think of platforms that extend across the network, desktop and mobility platforms to ensure that consistent security polices are enforced.

"They are preemptive in nature. And this preemption comes from unified management and on-demand services. So tomorrow's security platforms will operate much like the human immune system, and not a random collection of parts stitched together."

Work like that takes new ways of thinking, Noonan added. The same questions remain in the security industry -– and among enterprises trying to figure out their crazy quilt networks, such as who is getting access, or which endpoints are accounted for.

He urged attendees to take the example that Albert Einstein used with his students.

One said to him: Professor, all the questions on this year's exam are the same as last year's exam. Yes, Einstein replied, but this year, all the answers are different.

"I do not have all the answers -- don't even pretend to," Noonan added. But the question is: Can the technology industry get itself out of the fix it's gotten itself into with the patchwork of systems?

"It's a matter of looking for different answers to the same question."