Enterprise security is worst ever, experts say

Booming security market hasn't improved situation for users

Despite the number of IT security products and services cramming the market, businesses are more exposed than ever to emerging threats, according to industry experts speaking at the Etre technology conference in Cannes last week.

"Enterprises are more exposed than a year ago. The hackers have won!" said Eli Barkat, managing director of venture capital firm BRM Capital, who has been involved in investing in security firms.

Barkat cited a lack of innovation in the security industry as why the situation has not improved.

Mike Dalton, president of McAfee in Europe, the Middle East and Africa, agreed that the security situation is dire, but said that innovation was not necessarily the roadblock. A major problem is a lack of integration in security products, he said.

And while all the experts predicted further consolidations among security companies, that will not necessarily lead to more comprehensive, integrated products, they said.

"Today the security business is very diverse and very complex," said Phillip Dunkelberger, president and chief executive officer of encryption company PGP. "You have four or five different point solutions and they don't all work together."

Yanki Margalit, president and chief executive of digital rights management provider Aladdin Knowledge Systems, agreed that enterprises are more exposed than ever but did not put the blame squarely on security companies' shoulders.

"This is a long-term fight. There are so many threats," Margalit said.

Part of the remedy would be widely available tools that help developers check the security of the applications they are building, commented Barkat, adding that he hopes Microsoft takes a leading role.

On the subject of the software giant, the experts were divided on the work the company is presently doing on the security front.

"Microsoft is clearly not doing a good job at security," said McAfee's Dalton. "Most people in this room who work in security have their jobs because of Microsoft."

Margalit disagreed. "Microsoft is getting its act together. They did a horrible, terrible job [in the past] but now they are serious. I believe that they will be a very strong security player and force the rest of the industry to be niche players," Margalit said.

While the speakers gave no clear direction on the path the industry needs to take to truly alleviate companies' security woes, they did have some words of advice. Invest in integrated security products and avoid security appliances whose architecture changes after a few years, Barkat said.

Forget about whitelists, which normally refers to a list of email address from which you agree to get mail, thinking they are safe. You will fail if you try to define everything you can do, Margalit said.

"We need to get out of the defence mode and allow companies to go on the offensive," said PGP's Dunkelberger.

Despite the various opinions, on one point at least everyone seemed to agree.

"The existing security situation sucks," Barkat said, to the agreement of attendees.