This SPIE addresses: · How the push for standardization will affect the structure of the network security industry · Implications of standardization on the industry · Recommendations for industry participants
In 1987, Dr. Tsugio Makimoto, a semiconductor industry executive with Hitachi at the time, observed the cyclical nature of semiconductor industry product innovation. Dr. Makimoto noticed that the industry would move to and from an emphasis on standardization and customization, characterizing the phenomenon as Makimoto’s wave. To quote Dr. Makimoto:
“When the whole semiconductor arena becomes oriented towards customization, there then appear reverse trends towards early market entry, cost reductions, and more efficient operation. If the whole industry moves towards standardization, then a push towards customization arises, and when the industry has moved towards customization, a force for standardization pushes back. As seen from a macro viewpoint, the semiconductor industry can be said to repeat alternate phases of standardization and customization.”
Similar to past cycles of the semiconductor industry, network security has seen a wave of market emphasis on customized security solutions, creating new point solutions to address the evolving threat landscape. However, an unforeseen consequence has developed. As the number of point solutions grew, so did management complexity in terms of controls and data.
The unintended consequence is that the quality of security is suffering: there is too much to manage and maintain. According to the IBM X-Force 2013: Mid-Year Trend and Risk Report, “Many of the breaches reported in the last year were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice. Attackers seem to be capitalizing on this ‘lack of security basics’ by using a model of operational sophistication that allows them to increase their return on exploit. The idea that even basic security hygiene is not upheld in organizations leads us to believe that, for a variety of reasons, companies are struggling with a commitment to apply basic security fundamentals.” 2
This observation, plus others like it, point to a standardization wave. Security administrators and analysts, for example, want to reduce security management sprawl. Instead of having a number unique solutions, one network security tool that integrates many functions onto a single platform is increasingly preferred.
Electronic Access - Single User Fulfilled By Publisher
Electronic Access - Global Site License Fulfilled By Publisher