Toyota: No panacea in security

Some security firms promise too much, said the head of information security at Toyota, as he cautioned against buying into the security "panacea".

Some security firms promise too much, said the head of information security at Toyota.

Richard Cross, the automaker's information security officer, warned against misleading doublespeak and promises of universal cure-alls.

"There is a temptation to go searching for a panacea, but if you find yourself speaking to a vendor and it sounds as though you are being offered a panacea, then it's time to change the conversation," Cross told attendees at the Gartner IT Security Summit in London this month.

He added that in his view, many companies intentionally mislead customers.

The remarks drew a variety of reactions.

Ian Schenkel, managing director of security company Clearswift, agreed with Cross that there are no panaceas. But he added that if there are any IT directors who have fallen for a misleading approach, it is in part because they have not done their homework.

"Some IT directors are looking for the holy grail," he said, adding that some have a tendency to only hear what they want to hear. "But they are basically kidding themselves. What IT directors want to hear is that I'm the medicine man here to cure all their ills, but that simply isn't the case. Companies should always be looking at a layered solution, involving multiple vendors. To expect a single solution is unrealistic."

Some vendors say the problem of overselling is less severe than it used to be.

Simon Perry, vice president of security strategy at Computer Associates International, said: "Five years ago, it was certainly true that most antivirus vendors were talking things up, but a growing sense of maturity and responsibility in the industry has definitely seen this decline."

Perry warned that companies that do oversell are in danger of not being taken seriously and jeopardizing their business. He said that typically it is smaller companies attempting to gain recognition in a crowded marketplace that may make bolder claims.

Schenkel, of Clearswift, conceded that the 1990s weren't great days for honesty within the industry, or for the image of the IT vendor overall, but he added that much of the current negative press addresses little more than the kind of marketing that is rife in any competitive industry.

"There is always going to be an element of jostling, with companies claiming theirs is the best product on the market, but that is just the software industry," he said. "The bottom line is that companies still have to back up their claims."

David Guyatt, CEO at Clearswift, told Silicon.com he would support any industry initiative and codes of practice that would effectively expose any company making exaggerated claims.

Will Sturgeon of Silicon.com reported from London.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All