Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Security needs to be 'baked in' say experts

Current security practice has failed users, they say.

Article comments

A panel of security experts agreed that security needs to thought of a lot earlier in the software development lifecycle, and that the IT industry needs to start shipping "hardened" products, especially with the advent of the cloud and visualisation making the location of sensitive data even more difficult to locate.

Speaking at Alcatel-Lucent's Dynamic Enterprise forum in Paris this week, a panel of experts including Wyatt Starnes, the founder and CEO of verification provider SignaCert, discussed how there are now thousands of applications out there, and that the traditional model of securing them via third party or add-on security packages, is now outdated.

Starnes was previously the founder and CEO Tripwire, and is a cofounder of RAINS (Regional Alliances for Infrastructure and Network Security). Also speaking on the panel was Carlos Solari, previously a senior executive at the Federal Bureau of Investigation (FBI), as well Chief Information Officer for the Executive Office of the President (the White House). He is now VP of Security Solution and Strategy at Alcatel-Lucent.

"Clearly, the current approaches are not scalable to Web 2.0," said Solari. "With virtualisation, where does your data reside? We need to rethink the problem. After market, or bolt-on security technology is a failed model, as things are increasingly residing in the cloud now. A new approach is needed."

SignaCert's Starnes agreed. "How we buy technology has to change," he said. He drew the analogy of how we purchased cars nowadays, and the fact that in the old days, cars did not ship with seat belts or airbags. "You wouldn't buy a car now, and then go and buy airbags from another vendor, so why do it with software?" he asked. "Security has to be 'baked in'. Software has to come in a hardened form."

The experts rejected arguments that software vendors cannot possible know the type of threats their software applications will be facing in the future. "We can harden products because we already know most of the threats the software will be facing in the future," said Solari. "It could be a criminal act, botnets, root kits, but all of these issues have existed before, and they have just mutated into a new form."

"We have gone from individual hackers, to a professional body of hackers, with a lot of tools and resources at their disposal," said Starnes. "The security problem is definitely upstream, where the product is made. It is not a user problem, as cars are now made safe thanks to airbags and seat belts build in by the manufacturers themselves. The same will happen in the software industry," he predicted.


More from Techworld

More relevant IT news


Clive Robinson said: Ihave been saying this for a considerable period of timeThe process of Security in software and technology is very much the same as the process of Quality in a complex consumer mass production environmentThat is it must be there before the start of the design process all the way through to the arival at the consumercustomerThe problem with a Quality process originaly was that managment looked at it as an extra cost with no realy definable returns However most managers now accept that Quality has a very real positive impact on the bottom line way in excess of its increased business costsThis is the same mind set we need for security in business managersAs technical people should be aware that like any form of defense spending Security is not amenable to ROI or other simplified business metricsUntill technical people learn to speak business and communicate effectivly with those who pay their wages then they must expect to be treated like loud to

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *