Maturity … it happens

It’s been 10 years and one month since my last Network World column ran and it has been an interesting decade, to say the least. Unprecedented highs gave way to terrifying lows. And that was just my stock portfolio.

Ten years ago my priorities consisted mostly of finding out who was having a keg party that night. Today, as a husband and father, I’m still on the lookout for a good party, but it usually involves following my kids though some inflated jumping contraption that looks like Mr. Incredible. I guess they call that maturity.

How many of you remember what an uphill battle it was to convince your organization to deploy anti-virus software on every device? Remember the old question: “Do we really need that firewall?” Now it’s not if you need security, it’s how much and where. Yep, that’s a form of maturity.

The sheer number of threats has mushroomed as well. Ten years ago, attacks were infrequent enough that you could set a couple of router and firewall rules to stay ahead of the bad guys. Now, with about 4,000 vulnerabilities annually, the reality is you aren’t going to get everything fixed, so you need to choose carefully. Another sign of maturity.

The folks trying to break into your network have changed as well. At first hacking was a novelty (anyone remember the movie “War Games”?), undertaken by socially inept high school students looking to impress their friends. Today, hacking is a business run by global organized crime cartels. These folks don’t mess around. The objective is not to deface a Web site, but to monetize stolen private information and to turn unprotected devices into zombies. You guessed it – that’s maturity.

Now companies are facing the oversight of various regulators to make sure private information is protected and adequate financial controls are in place. You think Congress spends time figuring out how to regulate emerging markets and businesses? Score one more for maturity.

Finally, let’s look at growth and the types of vendors providing these security solutions. Sure, there are still a ton of start-ups (actually way too many), but the ones driving the agenda are not pure plays anymore. Cisco and Microsoft are the titans of the arena. The biggest pure play, Symantec, acquired Veritas last year because providing security alone is no longer enough. That is maturity with a capital M.

Mature problems require mature solutions coming from mature vendors. The objective is to build a security architecture that doesn’t need a new widget for every new threat. Network professionals need to act maturely in thinking strategically, not tactically.

In this column, I’ll be focusing on strategies and the associated tactics required not only to survive the onslaught of attacks, but also to turn technology safely into the asset it needs to be – while keeping the auditors and regulators happy.

Ten years have passed, but my philosophical bent has not changed. It’s not about me or the vendors – it’s about you, the enterprise network professional. You can count on me not to shy away from taking the hard position and calling out stupidity for what it is. You deserve no less.