Security Products often Less Secured than They Appear to be

The market for IT security has a lot of bad products and purchasers often are not aware of their quality, delegates attending the RSA security conference came to know.

Founder and CTO of BT Counterpane, Mr. Bruce Schneider, said that numerous security products claimed to offer the required security but they could not live up to the mark. Channel Register reported this on October 24, 2007. Consumers may not trust vendors to provide a reliable summary of the capabilities of a security product, Schneider cautioned.

The subject of IT security is very complex. Therefore, the purchasing decisions in the field depend on rather abstract opinions involving doubts and feelings instead of real conditions. Here, suppliers take advantage of this instability and Schneider describes this process as "security theatre". Products sold in this manner often fail to fulfill their claims or address an overstated threat.

Schneider described information technology security industry with the term 'lemons market' meaning it contained both high and low quality products whose difference is not easy to tell. Americans use the term 'lemon' to describe a used car whose value is much less than the amount at which it is sold.

In ComputerWorld news, Schneider said that there was no test to run on a product that would say whether it is good or bad. One can understand this by going to the period 15 years back when there were plenty of firewalls. But not all of them that survived were the best. Buyers could not point the different characteristics between the good and inferior products. Further, the bad products could push out the good ones from the market.

The same is true in the current market, Schneider said. If two products are packed in a box each, with one as securely coded and the other not so securely coded, then there is no way to distinguish the two; there is also no functional test for them. So the buyer takes the less costly one.

Schneider said this made users feel unsure about the products' actual security. Accurate information was also not sufficiently available for consumers to make the right choices.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 11/12/2007