Despite the number of IT security products and services cramming the market, businesses are more exposed than ever to emerging threats according to industry experts speaking at the Etre technology conference in Cannes.
"Enterprises are more exposed than a year ago. The hackers have won!" said Eli Barkat, managing director of venture capital firm BRM Capital, who has been involved in investing in security firms. Barkat cited a lack of innovation in the security industry as to why the situation has not improved.
Mike Dalton, European president of McAfee, agreed that the security situation is dire but said that innovation was not necessarily the roadblock. A major problem is a lack of integration in security products, he said.
And while all the experts predicted further consolidations among security companies, that will not necessarily lead to more comprehensive, integrated products, they said.
"Today the security business is very diverse and very complex," said Phillip Dunkelberger, head of encryption company PGP. "You have four or five different point solutions and they don't all work together."
Yanki Margalit, head of digital rights management provider Aladdin Knowledge Systems, agreed that enterprises are more exposed than ever, but did not put the blame squarely on security company's shoulders. "This is a long-term fight. There are so many threats," Margalit said.
Part of the remedy would be widely available tools that help developers check the security of the applications they are building, commented Barkat, adding that he hopes Microsoft takes a leading role.
On the subject of the software giant, the experts were divided on the work the company is presently doing on the security front. "Microsoft is clearly not doing a good job at security. Most people in this room who work in security have their jobs because of Microsoft," said McAfee's Dalton.
Margalit disagreed: "Microsoft is getting its act together. They did a horrible, terrible job in the past but now they are serious. I believe that they will be a very strong security player and force the rest of the industry to be niche players."
While the speakers gave no clear direction on the path the industry needs to take to truly alleviate companies' security woes, they did have some words of advice. Invest in integrated security products and avoid security appliances whose architecture changes after a few years, Barkat said.
Forget about white lists, which normally refers to a list of e-mail address from which you agree to get mail, thinking they are safe. You will fail if you try to define everything you can do, Margalit said. "We need to get out of the defence mode and allow companies to go on the offensive," said PGP's Dunkelberger.
Despite the various opinions, on one point at least everyone seemed to agree. "The existing security situation sucks," Barkat said, to resounding nods from attendees.