This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."
Download it now to read this article plus other related content.
industry progress and attitudes
Uniform security among IT systems is nonsensical, yet that attitude still prevails in many
Yet, despite the incredible transformations in hardware, operating systems, databases, languages and more, overall information security may be worse now than it was in the 1960s. We're still suffering from problems known for decades, and systems are still being built with intrinsic weaknesses, yet now we have more to lose with more systems coming online every week.
Why have we failed to make appreciable progress? In part it is because we've been busy trying to advance on every front, and have every system perform all possible tasks. There is a general lack of awareness that security needs are different for different applications; instead, people seek uniformity of OS, hardware architecture, programming languages and beyond. Ostensibly, this uniformity is to reduce purchase, training and maintenance costs, but fails to take into account risks and operational needs. Such attitudes are clearly nonsensical, so it is perplexing they are still rampant in IT.
This was first published in October 2008