Of course, good security goes beyond keeping the bad guys out. More mundanely, it requires granular and manageable access control; and on that front, 2004 saw a few breakout products in identity management. The high point perhaps came from Oblix, which put together the first true SAML-compliant, cross-domain identity management platform, permitting companies to control access to applications served from partners.
Speaking of securing access, 2004 may also be remembered as the year SSL VPNs pushed traditional IPSec VPNs aside. The relative simplicity and resource-level control of the SSL VPN seems to be proving hard to match for general client access, although IPSec will continue to be widely used for site-to-site connectivity.
All considered, network security made some gains, but it also took some losses. Yet another year went by without a standard means of ensuring our Windows client systems are protected against the ever-growing array of worms and viruses. The Cisco and Microsoft efforts will hopefully bring some needed defenses, but it may be years before we see the results. For the moment, vigilance is the only solution.