I wrote about this a while back, but it seems like others are taking note: "The U.S. Federal Trade Commission (FTC) on Thursday (Feb. 25) screamed “the Emperor has no clothes” by reporting to consumers that one of the largest…
It was the best of security, it was the worst of security. This story is not about Citibank, nor London or Paris for that matter, but two anonymous regional financial institutions that characterize an interesting aspect of security. Their IT…
Security Review Site Really a Front for a Security Consulting Company? The security space is a very interesting arena. For the customer, it's often very difficult to separate fact from fiction in many aspects. There are security companies that sell…
AKA: Are you building a house of cards?
The gear myth is the mythical view that investing in more technology will inevitably make an enterprise network more secure. While there is a tremendous amount of new gear available to help make networks more secure, our perspective is that more gear, in fact, may not only fail to achieve your security goals, but it may even add risk.
First let me visually explain the gear myth, then I’ll discuss why layering additional technology into a network can be counterproductive.
Initial state: we have some security risk, lets address it by deploying some new technology.
The image at left is a graph that shows how someone, say an IT manager, might view their level of security for a specific component of their IT environment. The scale shows that the level of security is very low. Based on this assessment the IT department deploys some new technology.
The new gear is installed: everything is fine, no risk…. right?
After deploying some new gear, which in many cases is limited to buying expensive technology and lobbing it into the data center, the perceived level of security is much higher.