What is the biggest vulnerability in most security systems? Any good security expert will tell you that good security is mostly not about technology. It is about the people, processes, policies, and ways in which technology is used in an organization. People play a huge role in cybersecurity, and people are not infallible. Even the best make mistakes.

We know the basic human-error risks in security -- people don't always follow security policies, creating holes in the system. But perhaps the biggest weak spot of enterprise corporations and government agencies can be found inside the hundreds of thousands of servers that live within the data center. The number of required security patches and updates for all these servers and the applications that run on them is overwhelming.

According to the security group Attrition.org, Microsoft alone released over 100 security patches last year. And Sun Microsystems (Nasdaq: SUNW) Latest News about Sun Microsystems currently has no less than 35 security patches just for Solaris 7. With new patches being released by software vendors on nearly a weekly basis, IT managers simply can't keep up. The result: Systems are more vulnerable than ever. According to Attrition.org, in 2001, failing to responsibly patch computers led to 99% of the 5,823 website defacements last year, up 56% from the 3,746 websites defaced in 1999.

[ Read more ]