‘Horses’ Ass’ Thinking Out of Security Industry

SAN JOSE, Calif. — Wake up, security industry. And get the back ends of
Roman warhorses out of your thinking in order to meet the challenge of
today’s enterprise security needs.

That was just one part of a larger message to technology and security
professionals at the RSA Security conference here.

“Who among us believes he is fearless enough to believe that today’s
technology alone can make our enterprises more trustworthy and magically
defending,” said Thomas Noonan, chairman and CEO of security firm Internet
Security Systems.

“One thing we agree on: It’s nearly impossible to determine the
signal-to-noise ratio in today’s crowded and over-hyped security
marketplace,” he said during a keynote address.

“Business enterprises are longing, starving for solutions that live up to
this hype.”

Last year, for example, the financial losses alone from security breaches
clearly proved that fearless, trustworthy and self-defending security is
failing, Noonan continued, referring to products and security concepts by
major technology providers in the industry.

And he added this: The security industry is valued at $18 billion dollars
annually, and growing at a rate of between 10 percent and 12 percent.

Yet financial
losses are estimated at nearly $50 billion dollars a year by corporations
and businesses grappling with security. And it’s growing at a rate of three
times the investment.

“If you’ve come to the conclusion that the more we invest, the bigger the
problem gets, you’re right. What’s wrong here?”

One answer brings us to the rear end of the horse example. The width
between the rails on today’s railroads was largely determined by Roman
chariots more than 2,000 years ago.

Why? Because the railroads were influenced by the size of the roads in
ancient England, which were built by the guards of Imperial Rome. The ruts
in those roads were influenced by the width between the two horses that
pulled the chariots, or, more specifically, the width between the horses’
rumps.

The width of those rail gauges, four feet by 8.5 inches, influenced the
widths in U.S. railroads, which were designed by British citizens. Fast
forward to the space shuttle booster rockets of today.

The rocket booster for the U.S. space shuttles had to be shipped by
train, from the factory, through a mountain whose tunnel was only slightly
wider than those rail gauges, four feet by 8.5 inches.

What that means, Noonan continued, is that the “most advanced features of
rocket boosters were determined by the width of two horses’ asses. I’m sure
you know more than a few horses’ asses in this industry,” he said to
applause.

“But this morning we gather in spirit of fellowship and moderation to
advance thinking in the industry. I believe the industry’s at a crossroads
and stuck in a rut.”

The industry needs to think about how to protect enterprises uniformly
across the infrastructure, independent of which routers or operating systems
you use –- now, or in the future.

That means not just bolting on best-of-breed solutions. It means building
entire security platforms.

“Security platforms are an entire systems blueprint, architectured from
the ground up to operate as a unified system, ensuring that all the threats
and vulnerabilities are preemptively addressed.

“And they leverage best-of-breed components. That’s why they’re open. Today, these best-of-breed systems only exist as islands of automation.”

Instead, he urged the industry to think of platforms that extend across
the network, desktop and mobility platforms to ensure that consistent
security polices are enforced.

“They are preemptive in nature. And this preemption comes from unified
management and on-demand services. So tomorrow’s security platforms will
operate much like the human immune system, and not a random collection of
parts stitched together.”

Work like that takes new ways of thinking, Noonan added. The same
questions remain in the security industry -– and among enterprises trying to
figure out their crazy quilt networks, such as who is getting access, or
which endpoints are accounted for.

He urged attendees to take the example that Albert Einstein used with his
students.

One said to him: Professor, all the questions on this year’s exam are the
same as last year’s exam. Yes, Einstein replied, but this year, all the
answers are different.

“I do not have all the answers — don’t even pretend to,” Noonan added.
But the question is: Can the technology industry get itself out of the fix
it’s gotten itself into with the patchwork of systems?

“It’s a matter of looking for different answers to the same question.”

News Around the Web