The fundamental problem with security is that it's everyone's problem, which means that no one is actually responsible. When people talk about security today, they tend to focus on the edge of the network, where they deploy firewalls and VPN software to secure access to the network. The trouble is, this gives IT people the illusion that the entire enterprise is secure when they have really just set up a first line of defense. Once you secure the network, the second line of defense is the applications themselves.
Much greater attention should be paid to making the applications secure from intruders. Failing that, a third tier of defense should be set up around the data in the applications. After all, when you visit a bank they don't have locks on just the front door. The vault itself has its own lock and inside it are safety deposit boxes with their own locks.
The link for this article located at InfoWorld is no longer available.
