In search of innovation

A colleague of mine recently commented on the ‘herd behaviour’ that has become commonplace in the information security community. It’s a dangerous trend, which stifles innovation. And it’s often reinforced by well-meaning central authorities, who set out to coordinate industry responses to problems, stamping out overlap and duplication of effort, rather than embracing creativity and diversity

Information security today uses the same methods first pioneered more than 20 years ago, but in those days there was more variety in how controls were implemented. Companies would steal ideas from others but aim to improve and tailor them. This diversity caused so much overhead in partnerships that we were promoted to create the BS7799 standard as a common reference point. Unfortunately the pendulum has swung too far the other way, and we now have far too much similarity (and mediocrity) in how organisations address security.

Talking to Jason Larsen, one the world’s top SCADA security authorities last week, I asked him what he thought was the biggest barrier to effective security defences. “Best practices” was his immediate response. Everyone now uses the same anti-malware products and operating systems. An attacker only needs to test new attacks against a handful of popular security products. This monoculture is a growing source of systemic risk.

With these thoughts in mind it was a welcome, refreshing relief to attend last week’s Global Security Challenge Finals in London. The strap line “competitions are the new innovation drivers” indicates the logic behind the contest. Security depends on new ideas, and there were plenty on display. Finalists included a new form of biometric authentication (eye movement scanning), a new solution to combat counterfeit products, and new technologies for more effective CCTV scanning, luggage scanning, video indexing, malware prevention and data loss prevention. It was good to see security solutions exploiting virtualisation and cloud computing, reflecting the phenomenon that solutions can emerge from the very technologies that introduce security challenges.  

We need more ideas, greater competition and better shop windows to attract venture capitalists to emerging products. The GCS is a great example of how to achieve this.   

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

From : Dr. Daphna Palti-Waserman, ID-U Biometrics Dear David, I enjoyed meeting you in the GSC, and enjoyed reading your IT security blog. At last someone get's what's going on around us. sometimes I feel no one get's what I am explaining. I have some nice photos of us talking in the GSC. If you want I can send them to you.
Cancel
Guy Kawasaki said this about innovation: "Those on the first curve are unable to comprehend, let alone embrace the second curve." My own experiences seem to back this. If he is correct, then who has the ability to think out-of-the-box and innovate, because it requires one to put down familiar approaches (or best practices) and what they know. If someone actually does have the vision or eureka moment and is able to innovate, then who else has the ability to recognize, understand and embrace the innovation, because it may be disruptive, counter-intuitive to the status quo and possibly destroy their current business model?
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close