Are We Becoming Less Secured?
As majority of you are aware of the fact that anti-Midas touch with regards to financial crisis has been spreading to technology sector. One amongst the biggest VC funds present in ‘Silicon Valley’, i.e. Sequoia capital has given a presentation stating that ‘Go on to become profitable right now, or else, go home’. At the time of last bust, security appeared of being counter-cyclical with @Stake, Guardent, SecurityFocus, and loads either starting or acquiring during downturn. Most of the security bloggers/analysts believe that the present scenario is, by all means, different. This field would be experiencing identical cutbacks which we would see through wider tech industry, albeit in a less severe manner.
Security spending would not come to the halt. Every person would always require anti-virus packages and spam filters. What the common man expects is, however, more technology innovation and less products, which provide just marginal improvements in terms of security within the next few months or years. No one would be ready of shelling out money from his/her pocket for a novel ‘database security solution’, especially when UTM can just be capable of keeping ‘web compromises’ down. Any person wishing of having pushed a new-fangled product forward is advised to solve any of the pre-existing problems in a well-established market more effectively as well as at the lower cost instead of giving their competitors a chance to surpass them.
Such a thing cannot be termed as bad news, as though. Attackers would be having a golden time with downturn. Limited resources would mean that machined would be staying online for longer duration. Moreover, reduced staffing would mean that they would remain unpatched for longer intervals. The ‘home users’ would stretch their budgets further, thereby having replaced an ‘ideally fine computer’ to be the last on the list. Problems regarding distributed attack are expected. These problems would include spam having driven by the bots, in order to continue to have increased as an outcome.
Bottom line message is that people would be forced to have focused on fundamentals, along with having dispensed with processes and products which do not keep them secure. People are advised of having kept only the products which do so, that too, with present hardware and minimum with regards to human oversight. In fact, as per the opinion of experts, IT security has nothing to do with technology. There’re loads of good stuff which can be done with worthwhile and sensible technology, guarding parameters, installing systems, repulsing the attackers, and having identified users as ‘login’ takes place from their side. However, this isn’t what actually matters. In reality, it’s the type of policies for having ensured that technology, in actual sense, gets used that matters.
If you do not have thought-out policy, thousands might be spent in having blocked up the ‘gap’ with regards to security. The other gaps can be left wide open. The worst part would be that without a concrete policy, the staff would not understand reasons behind security measures. It might then, deliberately or accidentally, side-step or break them.
