The blog postings have been a little thin over the last fortnight as I’ve been holidaying in one of those chic designer hotels. You know. The ones that have Zen styling, Eastern spa treatments, candle-lit rooms, designer landscaping, etc.
Of course in practice such styling is entirely impractical: shelves at the wrong height; darkened rooms you can’t read in; sunken baths that take an hour to fill; Japanese gardens that are a maze to navigate. But we wouldn’t have it any other way. We’d gladly suffer this inconvenience in the interests of style and one-upmanship. Because it’s the “wow factor” and the exclusive features that sells products. Not simplicity and utility.
It’s the same with IT and Security. Organisations rarely go for cheap, functional products. We look for the brand name, the fancy features and the Gartner rating of “completeness of vision”. This in turn makes big vendors and start-up technology companies focus on unnecessary functionality, standards and architectural potential. Their inclination is to develop new product features that will attract new customers, rather than perfecting simple, tried-and-tested functions that might delight existing clients. Which is why, over the years, vendors have been able to sell us security systems for authentication, risk analysis and identity management that have been less than fit-for-purpose.
And in the end, do we get the products we deserve? Unfortunately, yes. Of course it’s no bad thing that security standards and features continue to evolve. But we’d just prefer them to be a little more relevant to our day-to-day business problems.
Comments (2)
A good analogy and unfortunately true in many cases.
To compound the problem a number of security products are purchased then installed with little consultation with the Infrastructure departments (desktop for example) and which make the administration of them a major burden or run contra to existing Infrastructure processes. All of which will quickly alienate the Security group from the Infrastructure teams and hinder future co-operation and future projects.
Posted by Louis GAMON | September 14, 2007 1:05 PM
Posted on September 14, 2007 13:05
Alas, the bright lights and the latest whiz bang technology of security theatre sells. It won't be long before those signing off on the budgets for these 'point solutions' realise that following a tried and trusted methodical and standardised risk assessment approach pays dividends in deciding where to spend the limited security budget, rather using a scatter gun approach.
Then again why not use the most cost effective security control that I can think of.... Information Sharing. Let's face it: Information shared is knowledge gained.
Posted by Duncan | September 16, 2007 5:11 PM
Posted on September 16, 2007 17:11