The future of IT security

The ARN round table was held in conjunction with Firewall Systems and its vendor partners, AirMagnet, Blue Coat, Check Point, Network Box, TippingPoint and WatchGuard.

Brian Corrigan, ARN (BC): What are the biggest security threats today and how is the landscape evolving?

Anthony Stitt, Dimension Data (AS): People are taking security policy more seriously and looking at how that plays into their business. We're also seeing more of the security portfolio moving away from being regarded as cutting edge to become accepted technologies that every business must have.

Daniel Smith, Klikon Solutions (DSm): Previously, customers were worrying about whether something was patched or whether they had the right box in place but now we are seeing a lot more phishing attacks and easy money grabs. Clients are asking us to help them protect against things that are not known vulnerabilities.

Marc Jolly, Priority One Solutions (MJ): I'm starting to see infrastructure changes, particularly with virtualisation, and customers want to know how to protect that environment. We still have end-users coming in from the desktops but should we be concerned about what's happening at the desktops or the changes that are happening at the core?

Deni Saupin, Matrix CNI (DSa): Security is a moving target and clients wonder whether they have everything covered. Are their policies up to date and do they have the bandwidth to deal with it? Our view is that they need to keep an open mind and chat to as many people as they can, because gathering lots of information will help.

Brendan Smith, Fujitsu (BS): A lot of businesses we deal with are grappling with the fact that the perimeter is disappearing. Can their policies and technological solutions match up with their mobile workforce and having data all over the place? They don't really trust a lot of internal networks that previously would have been regarded as secure.

Dermot McCann, IBM (DM): Our researchers are finding massive increases in malware and Trojans. That's a difficult problem to solve because it changes every day but the approach we're taking [as an industry] is wrong. Internal threats are still very much leading the way and the intelligence that goes into malware continues to evolve.

BC: Is the primary role of a security partner to mitigate risks or minimise threats?

DSm: With a lot of clients, I don't know that it's possible to limit threats. Large enterprise customers are aware that threats exist and look to a partner to minimise the impact.

AS: Implementing technology and policy is more about reducing vulnerability. The corollary to that is that a partner with consulting capability can help a customer understand how its business is supported by IT assets and where threats are likely to come from.

Nick Verykios, Firewall Systems (NV): The idea is to keep assets humming and make sure they're not brought down by a security threat or misuse.

BS: If you have an outsourcing arrangement then you'll be mandated and will have executive-level relationships that expect a certain amount of risk mitigation from an IT perspective. The same organisation might have a discrete project where it brings in a consultant or a technical resource. The scale of what they are being asked to do means they can't be three times removed from the application so I don't think it's as simple as saying 'a partner is responsible for this'.

DM: Too often we see point solutions to a problem. As an industry we need to build security into the business process so infrastructure is inherently secure. Businesses think we have solved problems by putting point solutions in but the reality is that threats are changing. We're all losing out on Internet-based commerce as a result of these threats.