Cisco’s recently published annual security report is not what you’d expect from a vendor of leading edge technology products. If you’re looking for a state-of-the-art analysis of emerging security technology, you’ll be disappointed. The report opens with an analysis of 21st Century trends but presents recommendations based on elementary security principles from decades long past. In fact there’s more focus on physical security, natural disasters and people than there is on technology. To me it’s further evidence of the current evangelistic, back-to-basics trend.
And that trend is not unexpected. There are three underpinning drivers. Firstly, it’s a consequence of a new focus on human factors arising from the growing empowerment and vulnerability of IT users. Secondly, it’s a necessary correction for security budgets which have failed in recent years to allocate sufficient resources to people-focused controls. But thirdly, it’s also a sad reflection on the continued lack of initiative and imagination to develop effective new technical measures to counter the increasingly sophisticated portfolio of threats.
The latter point is a concern that should not be overlooked. We need 21st Century solutions to counter emerging threats. You can’t simply dust down old solutions. Security education is an essential line of defence but users and customers are human. They will never be completely reliable, and they simply can’t address invisible or high-bandwidth threats that might be lurking in the infrastructure. We need new thinking and solutions, not old platitudes, from our leading vendors.