News Stay informed about the latest enterprise technology news and product updates.

Schmidt: Current security model ignores threats to SMBs

Former cybersecurity czar Howard Schmidt said last week that the majority of U.S. businesses are small or medium-sized and that security is often inaccessible to them.

SAN JOSE -- Former Bush administration cybersecurity advisor and current eBay chief security officer Howard Schmidt said last week that security has been neglected in nearly 80% of American businesses.

"When we think of business in the U.S. we think of the Fortune 500 companies, but a great majority of the workforce in the U.S. work at small to medium businesses," said Schmidt at an Internet Security Systems Proventia product launch. "The current component model makes security inaccessible to a large group of the country's businesses. These companies are a big part of the country's infrastructure."

With the unique perspective of having worked at Microsoft and for the government, Schmidt also commented on a recent research report that the government's use of Microsoft products is a threat to national security. The report was penned by experts Bruce Schneier, Dan Geer, Becky Base and others. Geer was fired from his position of chief technical officer at consultancy @Stake for his part in the paper.

"I don't agree with that report," said Schmidt. "I think saying they are less secure is an unfair characterization of Microsoft." Schmidt likened Microsoft to the U.S. and said "we are the dominant player in the world, that makes us a target. As the dominant player in the IT world, Microsoft is also a target."

Schmidt was less adamant about Microsoft's recently announced "Securing the Perimeter" strategy.

Any security is good, but the perimeter changes over time," said Schmidt. He stressed that security is a process and that there are no quick solutions.

"It's (Microsoft's strategy) is a good start, but not everyone has the same perimeter," said Schmidt.

Schmidt's comments had a particular poignancy as they related to ISS's product release. ISS's Proventia network appliance combines firewall, intrusion prevention (IPS), and virtual private network (VPN) technologies into a single box to streamline network security, for smaller businesses in particular.

ISS president Tom Noonan pointed out the clutter caused by the component model.

"I want to apologize on the behalf of the Information Security industry for the short-term pragmatism that has caused the profusion of standalone legacy products," he said. According to ISS, Proventia provides more protection at a lower cost.

"ISS recognized that multiple technologies were starting to converge, and is the first vendor to understand and really embrace this with the introduction of Provetnia," said Matthew Kovar, director of security solutions and services for Boston-based analyst firm, The Yankee Group.


See these Best Web Links on security infrastructure

See this archived Featured Topic featuring reviews of security tools

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.