Audience Favored: No (88%)
Continues to play essential role
Adrian Kingsley-Hughes: There's no doubt that the security landscape has changed dramatically over the past decade, and that threats have evolved from relatively simple viruses and macros designed to cause mayhem buried in documents and files, to advanced threats designed to steal data and carry out corporate sophisticated espionage.
When it comes to security, make one false move and your company can make headlines – in a very bad way. While no amount of security software can compensate for bad judgment by the people behind the keyboard, but it can help the user make informed decisions, and help IT admins to lock down systems and protect the whole infrastructure from attack. But lately there has been concern that security software won't be able to keep up with the advanced threats facing enterprises, especially given the complexity of these threats and the fact that many are customized based on the target.
The problem with this statement is that it's not new – naysayers have been making the claim for years that security software won't be able to keep up with the rapidly changing landscape, and yet keep up with threats it has. And keep up with future threats it will continue to do.
A lot more than software
Larry Seltzer: When a Symantec executive declared recently that antivirus was "dead," it was inevitable that he would be misinterpreted. Security software, including antivirus, is an indispensable tool for IT to block advanced threats. It just can't do the job alone.
In an enterprise, all the best security software in the world won't secure your users and data unless the right policies are in place and administrators have the authority to enforce them. Some of these policies can be unpleasant for users, who must be required to use complex passwords and change them frequently, to use two-factor authentication, to log in to corporate resources over and over again.
Best practices, best defined by OWASP in their Top 10 Web Application Security Flaws, can make things hard on administrators and developers too: They have to be careful how they design web pages and access databases, how they handle user passwords, and so much more.
A company that follows these rules and does security right has a lot more than software. It has good IT people and senior management that is committed to giving them what they need to protect the company.