Time for defensive technology to become top priority

Today marks the fifth time in a row that I have been in London and it has been sunny out. A remarkable difference from just a few years ago when you could depend on rain and cold any time of the year in London. If this is global warming at work there is at least one country that is benefiting! I am attending the Garter Security Summit at the Royal Lancaster Hotel across from Hyde Park. While IT security people from all over Europe convene to get their annual level set from the Gartner analysts on where the security market is going the thing that bothers me is the amount of talk about compliance, risk management, policy management....yawn.

It is all well and good to "operationalize security" but as usual this type of thinking tends to be rearward looking. I believe the level of threats that are emerging from two fronts are going to drive real IT security spending for the foreseeable future. As enterprises are forced into defensive positions to ward off targeted attacks they will have to invest more in blocking and tackling types of defense while the compliance driven investments will be less important.

Those two fronts? Cyber crime and state sponsored attacks (not ready to call it Information Warfare). There are so many examples of each occurring in recent months that it is fair to say that we have been warned.