[xg15]

That clashes big time with the fact that more users than ever are online today with no clue at all about security. (And it's not practical to change that)

So how would that new approach look? The de-facto solution today is that security is more and more delegated to device vendors and cloud providers. But that seems worse to me than delegating it to the admins of your organization that you know and trust.

[drvdevd]

I don't think it's so much about who you delegate responsibiltiy for securing networks to so much as how that security actually works. I believe traditional perimeter security is dead or dying and the idea of incident responders manually pouring over pcap files just doesn't scale much further either.

We need machines and global policy to help do this work and we need to stop putting faith in magic black boxes which we know will be thoroughly compromised (e.g.: all enterprise vendor equipment).

More on point, TLS 1.3 seems like a step in the right direction of thought: that you can improve your local security posture by improving the global posture.