There seems to be an increasing lack of confidence in the overall state of security. On the face of things, it's little wonder. Every day we seem to read about yet another security breach and after a while all that bad news starts to play on the psyche of end users and corporate managers alike.
For example, the research unit of Unisys just completed a survey that shows that 71 percent of the people using a mobile device in 14 different countries would not use that device to bank or shop online. In the same survey, 59 percent said they would not trust these devices to perform a financial transaction.
While the Unisys survey highlights the fears of mobile users, all over the landscape you here people expressing fears about conducting business on the Web. The simple fact is that the security infrastructure that we have in place today doesn't seem to be enough to protect us from first ourselves and then those that are truly determined to steal our digital assets. That doesn't mean that we don't need that security infrastructure, but it does mean that we need to start spending more time thinking about how to embed security inside the business process as opposed to simply layering security around the edge of the network.
The vendor community is starting to bang the same drum as evidenced in recent statements by Art Coviello, president of EMC's RSA security division, and the proposed merger of Tumbleweed Communications with Axway, a unit of Sopra Group in France. Both RSA and the new Axway are making a case for how security needs to be better embedded in the business process. That means taking security into account at the developer level when applications are first being built and then extending that out to the application level when the applications are deployed.
That also means that we should probably have a whole lot less dependence on passwords as the lynchpin of our security strategies. Every day we hear about how somebody walked off with information they were not suppose to have access to as part of some criminal inquiry. The good news is that biometric security technology for SAP applications from companies such as Fraud Mitigation are getting not only better but easier to roll out. As a result, we see biometric security technology starting to show every where from Disney World to the school lunch room.
Unfortunately, we collectively seem to be stuck in neutral when it comes to security. The real question is will it take a major crisis in business confidence surrounding Internet transactions before security truly becomes an integrated element of every business process. And if that is the case, just how long will it take for corporations to realize there is a major issue here. Chances are that most of them won't be taking proactive steps to deal with the issue. So once again we'll all be reading about any number of reactive approaches to the problem as the mountain of evidence continues to build with each passing day that when it comes to security the real enemy is our own complacency to deal with the issue at its root level rather then after the fact at the network level.