The reactive nature of information security has led to the creation of multi-layered, inefficient, and ineffective solutions. Security providers have embraced a philosophy of inevitable data breaches which fosters a culture of mediocrity and apathy. Misplaced public trust allows the AV sector to fail while avoiding the downside of standard market forces. Since IT security companies profit from the current situation, they have great incentive and many reasons not to change.
The future of successful information security requires the selection of proactive, preventative, lightweight solutions that align with the buyer’s business mission. They should introduce a minimum amount of control friction into the IT environment, and their goal should be 100% threat prevention, not an endless cycle of erecting new defenses over the broken remains of the last.
For the last four years, the information security sector has been charging more for less. Until or unless the market’s understanding of the security industry changes, this trend is likely to continue.