Wednesday, 8 August 2007

What is security?

Well, I think we've roundly proven that security isn't journalism. I always thought security was a technical issue, but soon found out that that wasn't true, despite the number of moans from engineers that PCI isn't good enough, etc...

So, what is security? I've often said here, quite lazily as it turns out, that security is a business issue. But what is "business" exactly? Well, the more I read about security on other people's blogs the more I am drawn to the new theories being put out there by people like Mark Curphey, Jon Robinson and Alex Hutton. I don't think Alex will thank me for putting him in the same category as the other 2, as he is firmly set in the Risk arena, however, what they all do superbly in different ways is discuss the economics of security.

I really believe this is the "now" of security since it has gone mainstream. As Mark rightly points out in 3 superb recent posts, the money in security is located in its "long tail", not the commoditised "silver bullet".

I think we're going to see a lot more need for proper linking together of security, more movement towards frameworks and SOA, possibly driven by open source, and definitely a lot more for consultants. There's still money to be made out of security as it is, but the market is changing, rapidly now, and we all have to change with it.

Of course, making people aware of security is a big helping hand on the economics ladder, not just in terms of making sales, but allowing people to see how security can be leveraged in a multitude of different ways dependent on their needs. Smaller vendors can breathe a sigh of relief in the knowledge that MicroGoogle cannot fill every niche that they can, but it may mean smaller returns in the short term, or a different business model.

As security itself becomes more static, fewer quantum leaps are being made, so my job has moved from being able to do the technical dance to doing the business dance. I find the input of the economists invaluable, and it's like a breath of fresh air to me.

Web 2.0 is here to stay, securing it moves us into a new arena. As for me, I may have to go back to school.

No comments: