HackDig : Dig high-quality web security articles for hackers

Is the Security Community Out of Touch?

2017-04-04 23:50

Security professionals are never at a loss for words when it comes to security practices across the enterprise. Users keep on creating the same old weak passwords, clicking dodgy links and opening suspicious attachments. Developers, in a rush to agility, often leave security as an afterthought. Meanwhile, the C-suite frets about potential breaches but doesn’t fully understand security priorities.

One industry observer argued that the security community has retreated into its own silo and is failing to communicate with users, IT and executives, let alone provide effective industry leadership.

Listen to the podcast: Tell it like it is… but in English

An Isolated Community

Writing for InfoWorld, Fahmida Y. Rashid pointed to two recent San Francisco conferences as evidence of the security community’s self-imposed isolation.

The RSA Conference coincided with the nearby DeveloperWeek conference, yet DeveloperWeek featured only one security-centric talk, along with a pair of workshops on the integration of DevOps and security. All speakers were associated with one firm; the rest of the security community was nowhere to be seen.

Rashid suggested that this lack of dialogue between security professionals and their clients relates to a broader industry trend.

Forging a Framework

Currently, no major industry leader is willing to take the initiative to offer a comprehensive framework for security. Rashid cited Microsoft’s decision to shutter its Trustworthy Computing group in 2014 as evidence of this retreat. No one, she argued, has fully taken its place. Apple devotes its efforts exclusively to its own ecosystem, while Facebook is more of an early adopter than a leader. Mozilla “used to be a security darling, but it hasn’t used its megaphone in a while,” she wrote.

Google offers interesting ideas, such as its BeyondCorps framework, which bases trust on users and devices while treating the network as untrustworthy. However, the firm has not stepped forward to build an ecosystem of partner relationships.

The Security Community Must Take the Lead

Organizations are reluctant to take the lead in this area, not because they have abdicated responsibility, but because today’s technology ecosystem is simply too rich and complex for any one firm to set its security agenda. It may be true that Microsoft no longer rules the tech world, but neither does anyone else.

That’s why it falls on the security community as a whole to take on the leadership role by encouraging discussion, dialogue and collaboration rather than repeating the familiar litany of poor security practices.

Taken one by one, security professionals’ common complaints are all too valid, but repeating the complaints does not encourage change. Today, IT and developers are working together more than ever, and enterprises are placing a growing emphasis on user training. Users, too, are taking cues from the news and becoming more aware of security issues. There is a broad security discussion waiting to happen, and the security community should step forward to lead it.

Listen to the podcast series: Take back control of your cybersecurity now

The post Is the Security Community Out of Touch? appeared first on Security Intelligence.

Source: /krGjT6CSnvc/3~/ecnegilletnIytiruceS/r~/moc.elgoog.yxorpdeef

“Is the Security Community Out of Touch?”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud