 |
By Anne Herreria, February 2007
Booth babes are back. The 7 foot lady is not nearly 7 feet tall. Colin Powell and Bill Gates delivered keynotes. Larry Ellison did not show for his, but there is no doubt, security is hot! No less than 15,000 people were expected to converge upon San Francisco’s Moscone Center in what was literally the most abuzz and successful show I have attended in years. Despite the countless gimmicks to attract attendees to the plethora of security vendors’ booths (and I defer to one blogger’s opinion that booth babes insult all involved), there were several issues that bubbled to the top:
- It’s still important (and essential) to secure your network, but the majority of today’s attacks occur at the application level.
- Newsflash! Vista, Ajax, Web 2.0, IM are susceptible to attacks. Actually no site is safe—over 8,000 vulnerabilities were discovered last year alone.
- Just as no site is safe, no vendor is safe from what the industry calls “ethical vulnerability disclosure”, but it doesn’t seem to slow down even the largest enterprise players, Adobe, Oracle, Microsoft, Yahoo, to name a few.
- XSS (Cross-site scripting) was cited as top security risk by countless vendors and featured prominently in their booth displays.
- Software as a Service (SaaS) has emerged for Security with many vendors offering managed services to protect all kinds of networks (wired, wireless, etc.) and applications. And the list goes on....
While all of these security experts were out of the office, hackers attempted the biggest attack against the Internet’s backbone in five years early Tuesday morning—targeting the 13 Internet “root” servers that manage global Web traffic, but, just as in an episode of “24”, their aspirations did not come to fruition, but gave us plenty to talk about.
And even with all of these security experts enjoying their growing celebrity status with each highly publicized hack attack, the word on the street is there is still not enough security expertise to protect us all! Security needs to be implemented earlier in development, and developers need to be up to speed on secure coding, as early as the college level where most of the focus in classes to date has been on functionality. To help combat this, Cenzic, Inc. announced its "No Web Site Left Behind" initiative to offer free security assessment solutions to universities such as Stanford to help get secure coding into the curriculum, and protect these institutions from hack attacks.
In some ways today’s focus on security reminds me of the focus on web site performance at the turn of the century, only far more serious. Instead of various vendors and associations reporting on who missed the “8 second rule” with slow Web pages on SuperBowl Sunday, today we’re talking about the security breaches at the Miami Dolphin Stadium’s web site and how malicious hackers could get access to football fans’ passwords and personal information. With slow performance, sure you might lose a customer. But with security flaws, customers could lose much more than that! Not to scare you…
| Blogs: |
|
|
| April 2008 Find PR that Fits (like a shoe!) |
|
|
|
February 2008 |
|
|
| January 2008 Passion, Drive and a Celebration of Fellowship |
|
|
| December 2007 Cheers to 2008 |
|
|
| October 2007 Life is a Storm |
|
|
| September 2007 DIY PR |
|
|
| August 2007 PR 2.0: Creating a Winning Social Media Strategy for your Company |
|
|
| July 2007 Selling Lemonade is Easy |
|
|
| May 2007 My Favorite Accessory...the BlackBerry 8800 |
|
|
| April 2007 Optimizing Your Press Release for the Internet |
|
|
| March 2007 NYC "Unplugged" |
|
|
| February 2007 RSA Conference 2007: The Verdict? Security is HOT! |
|
|
|
January 2007 |
|
|
| November 2006 Q&A with RCR Wireless reporter, Colin Gibbs |
|
|
| October 2006 Team Sports Rules Apply to Companies too! |
|
|
| September 2006 Musings from the Estrogen Office |
|
|
| August 2006 Web 2.0—Bit of the Bubbly? |
|
|
| April 2006 MySQL User Conference |
|
|
| March 2006 SOA in the City |
|
|
