If I ask you the question  -

This time 3 years ago did you have an anti-virus and anti-spyware tool on your computer?

The answer will depend on who you are… If you are an IT Pro (i.e. you work in the IT Industry) you most likely had an anti-virus application at least. If you are a home user, you may have had an anti-virus application, but was it up to date? In the enterprise, many of you still did not even have anti-virus. The indication is today many people have both – why is that? Why do many people now have firewalls on their pc’s and at the perimeter of their networks?

The drivers here are connectivity and functionality. The more we have, the more we want. Email and Internet access is now critical to our business day and the more we use it, the more reliant on computers from desktop pc’s to laptops and pocket / mobile devices we are.

Generally once we had a more permanent connection to the Internet, came the perimeter firewall. Next was SPAM, so we installed filters on our email gateways. Then as people used the new resources came malicious software so we installed utilities like the Anti-Spyware tool from Microsoft. Now we have local firewalls on the PC, biometrics multi factor authentication.

What was the change, primarily education. People now know about the potential challenges they face because they or someone they know has had a problem. The great thing is that we talk about taking a ‘defence in depth approach’ and people are already doing it.

Defence in depth means looking at security at every part of your network system, from the perimeter to the network layer, to the application layer and the data stored on your network and taking in to account the hosts (servers and workstations). If you look at the direction we are heading in, our servers and workstations now are getting firewalls. We are encrypting the data not only as it sits on our networks, but as it traverses them and the Internet. We also help protect our systems by updating them regularly.

Now this is the fun bit, where do we go from here. The answer is that the perception of security [albeit slowly] is changing from a dark art to inherently built in. This is one of my biggest focuses for this year to be able to help people now be afraid of security, but embrace it as part of what they do every day.