Does user power work? Can it truly influence how the
billions of pounds IT companies invest in product development will
be spent?
The majority of IT suppliers will say that they already build
products in response to user demand. But in truth they develop
products because they meet an immediate need, rather than fit some
grand plan. Although this method of product development works well
in many sectors of the industry, when applied to IT security it has
been less successful.
Through this approach we have ended up in a situation where users
are locked in to expensive security measures, layered on top of
each other, which do not integrate well because in many instances
they are proprietary. Users have had to engineer their enterprise
security through a combination of what is available and compatible
with their systems, rather than what will protect their systems
most effectively.
The situation is set to get worse as web services open up
organisations' networks to suppliers, customers and other
third-parties. How will users be able to protect their data and
applications in this new world?
The worry is that suppliers will not be able or ready to respond to
the radical change required. To help ensure that they do, a group
of users from some of the biggest organisations in the world have
banded together in an attempt to set the agenda on IT security. The
group, called the Jericho Forum, has suggested a strategy which
turns the current approach to IT security on its head.
For example, instead of protecting the network by adding layer upon
layer of security to prevent access, why not assume the network is
insecure? Viruses and hackers can roam freely - but they should not
be able to do any damage. Instead of protecting access to the
network, the Jericho Forum is suggesting that the industry needs to
pay attention to securing the data that resides in the enterprise
applications that run on the network.
The Jericho Forum says a more fundamental approach to security is
needed and it has presented its case. The forum's members spend
billions of pounds on IT, so it would be foolhardy for suppliers to
ignore their concerns. But for the forum to change the way IT users
handle security, it needs to engage suppliers in its agenda.
If it does so, and the result is an open standards approach that
secures the next generation of networked systems, then user power
will be seen to work.