IT security: What's hot, what's not

Data-loss prevention, fingerprint readers, OpenID, reputation services -- diverse though they might be, these security technologies are top attention-getters among the four gurus we recently gathered (virtually, that is) for a roundtable chat about enterprise security. Our experts -- Network World columnists and bloggers Andreas Antonopoulos, Jamey Heary, Dave Kearns and Noah Schiffman -- also throw out their opinions on whether we'll ever break the patch-hack-patch cycle, the true meaning of defense-in-depth enterprise security, and how social networking might affect identity management.

Moderator -- Beth: Hello and welcome. We're going to dive right into our first question, so here goes: What is the most innovative security technology you've seen in the last year or so, and why?

See our complete chat schedule and an archive of chats on topics including IPv6, social networking and wireless-LAN management.

Noah_Schiffman: DLP is one of the better technologies I've seen this year, as security measures need to be instituted internally more so now than ever before.

Dave_Kearns: Ubiquitous fingerprint readers (for example, eikon). I've been following biometrics and specifically, fingerprint technology for the past 10 to 12 years. Each time I think it's about to take off, the sizzle turns to a fizzle once again. But now the time might be right. Not that biometrics are any more acceptable (even though they are), nor that the accuracy has improved (even though it has), but because the right application has come along.

Andreas_Antonopoulos: The most innovative security technology is the development and quite broad adoption of OpenID -- an open, decentralized, free framework for user-centric digital identity. What's so interesting about OpenID is that it is completely decentralized and allows an individual to maintain one or more independent IDs, of varying levels of security. It allows owners of Web-based applications, services and sites to authenticate the users without forcing them to create yet another user ID.

In fact, I can see a potential synergy between OpenID, back ends and Dave's ubiquitous fingerprint readers.

Dave_Kearns: You're the first person I've heard mention OpenID and security in the same sentence in a positive way -- is everyone else wrong?

Jamey_Heary:  I'm the most excited about the explosion of security companies that are integrating reputation-based controls into their products. Reputation scoring represents the evolution of the traditional whitelist/blacklist approach used in URL filtering and antispam solutions. Classification based on reputation provides you with far more visibility, granularity and control over your traffic-security policies. As reputation matures, I hope to see it moving into other security products like firewalls, [intrusion-prevention systems] and host security clients. The power of being able to classify and control traffic based on its reputation should turn out to be a game-changer for security.

Andreas_Antonopoulos: I think people see OpenID as a means of authentication rather than a framework. The nice thing about it is that it is a framework that can provide really loose authentication and really strong authentication depending on the back end. It does not inherently tie into a specific level or strength of authentication, so its biggest weakness is also its strength.