Thank the flying spaghetti monster, it's Friday's IT Blogwatch: in which we ponder the fate of the security industry. Not to mention deterministic programming gone mad...
Bruce Schneier asks, "Do We Really Need a Security Industry?":
What [does] it mean for the IT industry that there are thousands of dedicated security products on the market: some good, more lousy, many difficult even to describe. Why aren't IT products and services naturally secure, and what would it mean for the industry if they were?...The primary reason the IT security industry exists is because IT products and services aren't naturally secure ... Aftermarket security is actually a very inefficient way to spend our security dollars ... Fold security into the underlying products, and the companies marketing those products will have an incentive to invest in security upfront, to avoid having to spend more cash obviating the problems later.
I know this is a utopian vision that I probably won't see in my lifetime, but the IT services market is pushing us in this direction. As IT becomes more of a utility, users are going to buy a whole lot more services than products. And by nature, services are more about results than technologies.
No comments:
Post a Comment