HP execs debate reality of hacker expertise; lament most businesses don't understand

Summary:Hewlett-Packard execs argue that the problem with the security culture today is that many businesses are still following a "check box" approach without understanding hackers' resources and capabilities.

But Gilliland lamented that if you add up all the market spending on security, most of it is spent on blocking -- and we forget that there are several other stages we need to defend.

"We're still doing check-box security," Gilliland quipped.

Joni Kahn, vice president of services and support for HP's ArcSight unit, said that the "technology is there" but there is an "IT issue" in applying security solutions effectively.

"It's amazing to see that they have not done the fundamentals yet required for basic perimeter security," Kahn commented.

Explaining that the ArcSight unit spends a lot of time "around the people process" in enabling customers to deploy its products, Kahn reflected that a lot of companies have compliance priorities when buying this technology.

But at the end of the day, she continued, it's about getting them to understand how to best leverage it.

"It's amazing to see that they have not done the fundamentals yet required for basic perimeter security," she commented.

While Gilliland also noted that another problem is that many companies don't have the expertise (or the money to hire the brainpower), the question was also raised about increasing awareness among software developers.

Software developers were described to be often hard pressed to churn out work quickly, making security often a second thought when it comes to performing basic tasks that are actually opening up a network to potential threats.

Describing himself as a long time security professional and former developer, Jacob West, chief technology officer HP's Fortify unit for enterprise security software, acknowledged that it's difficult to find a balance.

"We're still doing check-box security," Gilliland quipped.

He posited that we need to enable developers to know they are making decisions even every time they make queries.

West cited that his department has seen an increasing number of businesses with large investments in security tying developer bonuses to adequate performance in regards to security.

While forecasting that more schemes like this are starting to emerge, West admitted this culture shift is happening slowly.

Topics: Security, Hewlett-Packard, IT Priorities, Privacy

About

Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider, FastCompany.com, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for MainStreet.com, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.