Yes this could be a 500 page book, but I’m going to try to present the future of security in fewer than 1,200 words.

Up to now in this anniversary series, my fellow Symantecites have been discussing what has happened over the past 25 years around security and how Symantec and the industry have grown to meet these challenges in a number of areas, from malicious code and vulnerabilities through to modern day threats such as phishing. We’ve come from a world of floppy disks and modems into a world so connected and converged that few of us could have imagined how it would have become so in such a short time. The rate at which technology has evolved and been adopted has, at times, left security analysts scrabbling to catch up – which, in turn, has created significant risks.

First a little history: I’m one of the many people who came to work for Symantec via acquisition. I used worked for @stake in Europe for a number of years before the acquisition as a consultant to numerous sectors. Over those years, I think it’s fair to say there has been a meteoric shift when discussing security. What was once a problem for the great-unwashed, sandal-wearing brigade, as well as bank and government risk departments, today is simply an unavoidable topic for just about any company or organization.

Security today is definitely acknowledged and being addressed from the highest echelons of management down in most sectors. Why? Well the problem has become ever more complex and important as investment into IT and communications has increased. The result is that the availability, integrity and safeguarding of intellectual property among other aspects are now paramount if organizations expect to operate effectively and competitively. For better or worse, much of the world is wired. As well, the passing of legislation by governments and industry bodies has forced many sectors to address (or, at least, play lip service) to laws and rules which carry requirements for IT security compliance.

And, while progress has been made in educating businesses and users that a problem exists, solving it is a completely different issue. The world of IT still has many security challenges to deal with; something I’m afraid isn’t going to change in any short order. Vendors are still developing devices and applications that contain easily discoverable and exploitable security vulnerabilities. Yes, every vendor should have a well developed SDL (Secure Development Lifecycle); but alas, security is seen as a cost that, for companies under terrific pressure for first-mover advantage, or market space, or who simply can’t afford it, it is down on the list of priorities somewhere behind posh chocolate biscuits for managers and free soda for the minions.

Let’s take an (obvious enough) example: we have seen significant improvements by Microsoft in terms of investment and responsiveness when dealing with security (I think even their biggest critics have to acknowledge that). Yet even today, five years since the infamous rocket (aka, management memo) from Bill Gates, Microsoft still has security issues in their most secure version of Windows yet (Vista, if you hadn’t guessed); this, even after investing resources that small countries would be glad to have access to. This shows us that even the largest software vendor in the world finds it di