Debate: Is there evidence of innovation in the information security industry any more?

FOR - Dr. Steve Moyle, CTO, Secerno

True innovation comes where real invention is first transformed into new products, processes or services. That creative change is driven when environmental forces link with business needs to foster new solutions.

Radical innovation occurs when a genuine technological breakthrough is combined with a market need to produce new capabilities. The move to de-perimeterisation is already forcing major vendors to rethink their design strategy but, more importantly, is giving birth to new firms able to see things in a different light.

Innovation means discontinuity, which scares many organisations. So industry should look to the universities and start-ups to see where the real breakthroughs are happening. The freshness of vision to apply new techniques and ideas in original ways often comes from academic hotbeds and new companies.

As IT environments face more sophisticated threats, infosecurity will focus on automated technologies that will allow system owners to understand their applications’ complex security behaviour. This is where the future lies.

AGAINST - Jon Tullett, technology editor, SC Magazine

There is innovation aplenty from companies in the security sector, but less and less is recognisable as security-specific. A significant proportion is instead focused on IT operations, with some firms actively trying to shed their pure-play security image and position themselves as IT operations solutions. Tripwire, for example, is moving away from the host IDS niche to position itself as a broader change-management and audit suite.

This is happening because operations teams in many organisations are finding the products deployed by the security team have major benefits to offer in a broader context, and vice versa. The technologies are overlapping as security matures into mainline IT.

Conversely, security teams are finding it easier to obtain board support if they demonstrate broader business benefits. Compliance was one example of this, painful though it was for some.

So innovation is not dying, but the frenzy of buzzword-laden new “solutions” is slowing. We will always need innovation to tackle new threats, but mature security technology is rapidly losing its niche, to everyone’s benefit.