some tuesday thoughts – network versus application security

There is question that seems to be boiling around, both now and in the past year or so. Where is security headed? Is security moving to the network/switches? Is security moving to the application and away from the OS? Is it moving to protect data at rest and transit? End-point security? Or just to meet compiance?

These are pretty big questions because it can shape the direction of a company for the next 5 years. I wish I had more answers beyond, “If you take any one approach, you may leave yourself weak in the others. If the whole industry does this, we’ll just have a wavering trend where for 10 years the network solidifies and gives way to applications and then 10 years where applications get hardened and network progress breaks down.” You can even push that out to technology vs training.

Just some interesting, largely rhetorical questions I keep in mind lately and would love to see discussed at length in the community.