The majority of IT suppliers will say that they already build products in response to user demand. But in truth they develop products because they meet an immediate need, rather than fit some grand plan. Although this method of product development works well in many sectors of the industry, when applied to IT security it has been less successful.
Through this approach we have ended up in a situation where users are locked in to expensive security measures, layered on top of each other, which do not integrate well because in many instances they are proprietary. Users have had to engineer their enterprise security through a combination of what is available and compatible with their systems, rather than what will protect their systems most effectively.
The situation is set to get worse as web services open up organisations' networks to suppliers, customers and other third-parties. How will users be able to protect their data and applications in this new world?
The worry is that suppliers will not be able or ready to respond to the radical change required. To help ensure that they do, a group of users from some of the biggest organisations in the world have banded together in an attempt to set the agenda on IT security. The group, called the Jericho Forum, has suggested a strategy which turns the current approach to IT security on its head.
For example, instead of protecting the network by adding layer upon layer of security to prevent access, why not assume the network is insecure? Viruses and hackers can roam freely - but they should not be able to do any damage. Instead of protecting access to the network, the Jericho Forum is suggesting that the industry needs to pay attention to securing the data that resides in the enterprise applications that run on the network.
The Jericho Forum says a more fundamental approach to security is needed and it has presented its case. The forum's members spend billions of pounds on IT, so it would be foolhardy for suppliers to ignore their concerns. But for the forum to change the way IT users handle security, it needs to engage suppliers in its agenda.
If it does so, and the result is an open standards approach that secures the next generation of networked systems, then user power will be seen to work.