As the world of managed security grows, Christopher Darby, CEO of @stake Inc., in Cambridge, Mass., has decided to play the cards he was dealt and not join the application service provider rush. Instead, Darby intends to continue preaching the gospel of security as a process to @stakes high-end clients and fine-tuning the companys services offerings. He spoke with eWeek Senior Writer Dennis Fisher about the state of Internet security and why he believes there is no perfect solution.
eWeek: How is @stakes approach to security different?
Darby: We dont go for the bogeyman or fear and uncertainty pitch. We think of security more along the lines of providing our customers the tools they need to conduct secure transactions. Think of it like a bank: You have to understand the risk profile in order to place the right bets.
eWeek: A lot of the press surrounding security focuses on problems with the Internet. But arent there just as many issues at the network level?
Darby: Sure. We dont just look at the network or the products you use. We look at the application and content layers. What information do you put where and how do you protect it? Its a complex process.
eWeek: Is there a tendency for people to lean too hard on their network-level defenses and not cover all their bases?
Darby: People rely way too heavily on their network-level IDS [intrusion detection systems] and penetration tests. Firewalls arent much more than speed bumps on the way in and out of a business. You need to have them, but theyre only one piece of the puzzle. People tend to look for the killer solution, and its not there in security.
eWeek: Does that mentality lead to other problems?
Darby: Yeah. People have to understand that youll never be 100 percent unhackable. The trick is to understand the risks and act accordingly. A lot of security problems are the result of people not being vigilant enough or careful enough.
eWeek: So some companies can go overboard?
Darby: We will sometimes—in fact often—tell people its not worth their time or money to secure certain parts of their network because no one cares [about the data thats stored there].
eWeek: But the nature of e-business sort of demands that companies secure parts of their networks that they never had to worry about before, doesnt it?
Darby: Yes. But we try to balance the business perspective with the technological one. The more you open your company, the more risk there is, thats true. But at the same time, you still have to make it easy enough for people to do business with you, or theyll go somewhere else.
eWeek: Considering the services that @stake provides, it wouldnt be much of a leap to move into the managed security business. Is that in the future?
Darby: I dont think so. Managed security is a very capital-intensive business. We dont mind being a smaller, highly valued, focused entity. Were good at what we do.
eWeek: Wireless security has been in the news a lot lately. Whats your opinion of the state of wireless security in general?
Darby: To say were not impressed would be putting it mildly. Were getting more and more requests every day for wireless services. That area of wireless security will be critical in the future as more and more applications emerge for those devices.