Hewlett-Packard's John Diamant points out most enterprises invest little in the area with the greatest vulnerabilities: application security.
"There's a substantial disparity between what the investment is and where the remaining successful attacks are," says Diamant, HP security product development strategist, in an interview. In the interview, Diamant:
- Cites research that shows upward of 70 percent of successful attacks occur at the application layer, yet application security spending accounts to as little as 10 percent of the IT security budget in most enterprises.
- Expresses satisfaction that there's a growing awareness of the importance of application security, citing a recent survey of IT security practitioners that contend application security is their No. 1 concern.
- Laments that many organizations take a "head-in-the-sand" approach to application security.
Diamant, who also is an Hewlett-Packard Distinguished Technologist, leads the company's enterprise-wide security quality program. He holds CSSLP and CISSP certification.