Business Technology: The Security Revolution: Coming Soon To A Vendor Near You - InformationWeek
02:08 PM
Bob Evans
Bob Evans
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

Business Technology: The Security Revolution: Coming Soon To A Vendor Near You

Cyberattacks are soaring, countermeasures are sucking up tons of cash, and hardware and software vendors for the most part are sitting it out, Bob Evans says. But big customers are starting to say enough is enough, so the business-technology world is about to get whirled.

FACT No. 1: As you are all far too painfully aware, cyberthreats are increasing in volume, severity, and complexity.

FACT No. 2: Customers (that is, you) are footing the bill and liking it less: flawed software costs the U.S. economy $60 billion every single year, according to the Commerce Department.

FACT No. 3: Asked about these issues, most IT vendors cluck their tongues, agree that the situation stinks, promise to focus more on security, and then go about business as usual--which means they'll increase by 50% the size of the "Caveat Emptor" stamp they put on their products and contracts, and they'll stick it on every page instead of every other page.

PREDICTION No. 1: As discussed previously in this space, the attackers won't stop--they will have to be stopped.

PREDICTION No. 2: Tight budgets and increased scrutiny--financial, operational, and now legal--will drive these staggeringly wasteful products and services out of the dark basement and into the light where they'll be isolated, evaluated, and eliminated.

Other Voices

"NT had a good run--I'm sorry to see it go only in that it became a standard, well-understood, and workable OS, with a wide base of expertise available, and I fear it will be awhile before I'm as familiar with XP as I am with NT. Of course, by then we'll all be switching to Longhorn or its successor."

-- LAN administrator, commenting in John Foley's Windows Weblog, July 8

PREDICTION No. 3: Technology vendors--whether they make servers or storage devices or databases or routers or operating systems--will be evaluated more vigorously than ever before on not just their current security capabilities but also on their ongoing commitment to at least sharing the security burden with their customers, rather than leaving those customers to carry the full load by themselves.

PREDICTION No. 3a: Technology buyers will begin, this year, to say "up yours" to those technology vendors that don't aggressively demonstrate not just a willingness but indeed a desire to help their customers gain control over this potentially disastrous situation. (Unsolicited advice to technology vendors: If you are among the unfortunates on the receiving end of the "up yours" colloquialism, do *not* interpret it as shorthand for, "So you're asking me what I'm going to do with my vendor-by-vendor spending allocations for next year? First, I'm going to up yours." While it's understandable that you'd want to interpret it that way, trust me--that's not the right translation.)

PREDICTION No. 3b: Industry groups have begun to exert considerable pressure on technology vendors, and those efforts will increase dramatically in size, scope, and intensity. They won't be "lobbying" for changes and improvements--they'll be demanding all that and more. They've had enough, and they're pushing back. And this is just the beginning.

PREDICTION No. 3c: If the community of technology vendors does not take up this cause passionately and urgently, then by the end of this year we'll all hear about how Congress is going to step in and legislate the issue. The World's Greatest Deliberative Body has already begun to insinuate itself through the actions of the elegantly named and tightly focused "House Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census." (P.S.--Which would you rather do: sit through one of those meetings, or review your company's phone-call logs for the past three quarters?) As we reported last week, that group's chairman, Rep. Adam Putnam, R.-Fla., co-authored an amendment to the 1996 Clinger-Cohen Act that would make information security a required consideration when government agencies buy computer systems. Putnam is monitoring self-regulation efforts by groups such as BITS in the private sector."

PREDICTION No. 3d: The makers of technology will never again use the explanation, "Hey, this stuff is so complex, it's just not possible to make it completely hacker-proof." And while they should drop that line because it's inherently lame and pointless, some will do so because their legal departments will advise that such statements constitute clear and prior knowledge that we make flawed stuff and that we know we make flawed stuff but that we still go ahead and sell it anyway. In court, that type of audit trail would require a particularly nuanced type of defense built on the question of precisely what the definition of "flawed" is, a courtroom approach leaning heavily on the famously successful precedent of what "the definition of 'is' is."

PREDICTION No. 3e: By this time next year, a recent call-to-arms from Oracle's chief security officer will become standard procedure at many IT vendors: "The next frontier is for vendors to drop their competitiveness," says Oracle's Mary Ann Davidson. "Developing secure code is not a trade secret. Vendors need to start calling each other up and sharing development techniques. The hackers certainly share attack and vulnerability information."

PREDICTION No. 3f: I'll see you next week, but not before a lot of you tell me that I or my predictions or both are crazy.

To discuss this column with other readers, please visit Bob Evans's forum on the Listening Post.

To find out more about Bob Evans, please visit his page on the Listening Post.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll