If there is such thing to improve on IT Security, its not on the products, its on the better education and literacy of the users.
By the way threats have been going out now, we have to admit it that we are too naive to recognize these threats. We need to take IT security seriously. We can do so much things at a technological level, but by the time that we have to choose our own passwords, we choose the weak ones.
Sometimes, we feel that it is better to keep data and information where security products can see it. However, improved user education can only accomplish so much: IT systems developers should also need to make their solutions simplier to use safely.
If you want millions to use a product or a service, it needs to be easy, without the need for them to install more software.
But the obligation isn’t only on customers to learn: it’s also on suppliers to inform. Buyers can’t make educated decisions about how to set up and run their IT infrastructures unless vendors supply them with the necessary information.
Nowhere is that more the case than in the market for cloud computing services, where vendors vaunt the fact that their customers don’t need to know how things work.
We need transparency from vendors and providers. We should know how their systems are organized, and we should know about the people they hire.
She wants to see more transparency in such products and services, and better standards for security practices, so that customers can evaluate service vendors and providers.
If the level of security and transparency is very high, then there is a probability that clients and users are willing to pay more. They do not care about security because they can pay less, but at least, it gives them a choice.
There’s still a lot of work to do on standards and certification” of security practices, but are we willing to pay for it?