Security is becoming more of an issue for many companies. Increased regulation, more scrutiny from the media, and customers that are more concerned about their data handling and privacy are forcing companies to spend more resources to ensure better security. However building secure systems takes skill and experience, something many companies lack. Acquiring those skills can be hard, and I think as an industry, we do not disperse information on secure coding well. If we could get developers and administrators to read about security with the same level of interest they show in the iPhone 5 v the Galaxy S3 v the Lumia 920 debate, perhaps things would be different.
One vendor is betting that companies will look to outsource security needs. Webroot has moved to a hosted service, confident that customers will move to the new service for its ease of implementation and arguably better protection. By controlling the software themselves, and updating it as quickly as possible to meet new threats, Webroot can do a much better job of ensuring security than most companies can by managing the service themselves.
That's an interesting idea, and it's similar to the idea of threat detection that Bruce Schneier wrote about a decade ago. This doesn't solve application issues, but it can improve security for threats that attack your network. That's if the vendor actually does their job correctly.
There are any number of issues with this model, but as more companies get comfortable with the idea of renting services and platforms, moving to the "cloud", I can see this idea growing. For us in the data world, this means that we have another group to interface with, potentially audit to ensure they are not violating any data protection. As far as your actions if you find issues? That can be complicated, but it certainly will require that your communication skills are strong.
The Voice of the DBA Podcasts
We normally publish three versions of the podcast each day for you to enjoy. Today there is no podcast due to Steve being ill. Hope to have the podcasts return tomorrow.