When I think about IT security, I don’t immediately start thinking about threats, hackers and countermeasures, but begin with what is happening to IT in general. Right now, the three big megatrends in IT can be summed up in three words: virtualization, collaboration, and mobility. Unfortunately, it’s become something of a Newtonian principle that any action driving information technology forward generates an equal or greater counteraction by hackers to corrupt and exploit the new technology. I also find it disconcerting that at any given time, the most aggressively marketed “solutions” to IT security problems represent a trailing indicator of what cyber criminals are actually doing to raise hell.
One thing that all recent change transformations in IT have in common is the role of the network as the connection fabric binding everything together. To make progress in containing security risk factors, we stop thinking of the network as a perfectly transparent carrier of all traffic—good, bad, and ugly—and to make greater use of the network as a means for identifying and interrupting security threats. I realize that I have packed a lot of ideas into a couple of paragraphs and they demand some explanation. I have recorded a series of video blogs on the topic of Net-Centric Security and invite you to view the opening episode. I’ll have more to say over the next few weeks, so stay tuned.