There are several key reasons many companies are failing to successfully implement genuine cyber security. Cyber security was an after-thought of a computer industry that did not envision or plan for the connected world we live in today. Nearly all cyber security solutions in the market today fail to follow the eight time-tested principles of security, instead relying on a post-attack ability to identify and create lists of known-threats after the damage has been done. Nearly all solutions available today were not “built-in” but instead sit on top of the OS and rely on it for their functionality. Another major reason for this failure is that senior managers are looking to IT professionals to solve a problem that is less about IT than it is about process and mathematics. Few IT professionals are process engineers or mathematicians. Next-generation cyber security will be built-into applications and computing environments to create inherently secure processes that do not need to identify threats but rather handle processing in a way that makes such threats irrelevant. Many still don’t realize that the computing platform architectures we are leveraging today are more than thirty years old and reaching the end of their lifecycles. They were not designed with the Internet in mind, nor did they envision the potential secure computing problems that such an environment would produce.
Posted by Ed Brinskele on Thursday, May 30, 2013