Picking Fights

12:40 PM -- Every good streetfight starts basically the same way: The champion offers a criticism, and the challenger disagrees. The champ inevitably says something like, "Oh yeah? What are you gonna do about it?" And at that point, the challenger has to decide whether to keep talking or roll up his sleeves and test his belief system.

This week in IT security, we've seen more fighters and fewer talkers.

The most obvious example of putting your money where your mouth is came from the aerospace industry, which turned on the Certipath PKI bridge, one of the largest federated identity projects to date, which links more than a million aerospace employees with each other and with more than 500,000 colleagues at major government agencies. (See Aerospace, Feds Activate PKI Bridge.) The bridge creates a secure marketplace for government and its contractors: something that has been promised for years, but was never truly delivered.

Vendors, too, are putting up instead of shutting up. After suffering a vulnerability earlier in the week. (See Symantec Vulnerability Revealed.) Symantec not only fixed the problem, but it rallied to give more details on its roadmap for security and storage. (See Symantec Sets Out Roadmap.) Under the gun, Symantec was able to walk the walk.

Investors were backing up their talk with real dollars. In the past week, we've seen Sourcefire preparing for an IPO in a rough market, while venture capitalists put $12 million into startup Applied Identity and $6 million into emerging player Breach Security. (See Sourcefire Shapes Up for IPO, Applied Identity IDs Dollars, and Investors Dive Into Breach.) Fortinet, fresh off its acquisition of CoSine, shunned any IPO talk and unveiled some serious plans for playing with the big boys. (See Fortinet Scoops Up CoSine IP and Fortinet Thinks Big.)

Even government agencies made some definitive moves. The European Union, which has been talking about cross-border IT security initiatives for years, proposed some real action, and U.S. agencies began exploring the value of RFID in protecting its own borders. (See RFID Could Aid Border Security and Euro Security Initiatives Proposed.)

This real action couldn't have come at a better time. With recent high-profile data losses, end users are already beginning to lose their confidence in security technology and the Internet in general. (See Data Losses Erode User Confidence.) If businesses and government agencies are to get users back, they need to show they intend to take action now, not a year from now.

So will all of these user, vendor, and investor actions resolve users' confidence problem? Not a chance. There remains a lot more to be done, and big enterprises and vendors still need to step up to the plate. But at least now, some of the key technologies are moving forward, and there's real action behind them.

At least now, it's a streetfight.

— Tim Wilson, Site Editor, Dark Reading

Companies mentioned in this article: