Gartner Says System Downtime Caused by Software Vulnerabilities will Triple by 2008 for Firms that Don't Take Proactive Security Steps
New Gartner Strategic Planning Report Provides Key Guidance, Insights and Recommendations for Successful IT Security Strategies
STAMFORD, Conn., September 13, 2004 — Organizations that don't include security as a criterion when building or buying software will see system downtime caused by security vulnerabilities grow from 5 percent of downtime in 2004 to 15 percent of downtime in 2008, according to Gartner Inc.
"Increasing Internet activity, along with the use of Web services, wireless connections and other new technologies, will lead to more vulnerable configurations," said John Pescatore, vice president and research fellow for Gartner. "These vulnerabilities will cause increased downtime for organizations that don't push security concerns into their processes for software development and procurement."
Gartner defines a "vulnerability" as a weakness in process, administration or technology that can be exploited to compromise IT security. Vulnerabilities can exist in any layer of the application stack, caused by weaknesses in just about every IT administration, process or design function.
"Basic changes to the operating systems and hardware platforms used by servers and PCs will make dramatic leaps forward possible in some areas of software security," said Pescatore. "However, through 2008, IT leaders will need to implement stopgap approaches to deal with new vulnerabilities associated with unsafe customer, employee and business partner platforms."
Organizations must do the following to avoid the escalation of major system problems caused by software vulnerabilities:
Pressure vendors to build more-secure software
Drive their development organizations to reduce security vulnerabilities in their own software
Base software architectures on security standards
Incorporate mechanisms to limit the "attack surface" of applications directly exposed to the Internet
These findings and others are included in Gartner's new Strategic Planning Report, "Building a Sound Security Infrastructure: New Defenses for a New World of Threats." The report provides comprehensive guidance on implementation plans and best practices for developing successful information security strategies.
Topics addressed in this report include:
Planning an organization's security strategy and technology infrastructure
Trends in intrusion detection and prevention technologies
Mounting a solid defense against viruses, worms and "social engineering" attacks
Trends and prospects for smart cards and biometric security technologies
Best practices for mobile/wireless and Web services security
This 250-page report features 19 fact- and advice-filled chapters; two appendices providing Gartner's "hype cycle" analysis of security technologies and glossary of related terms; as well as six "Magic Quadrant" vendor evaluations.
The Gartner security report (ISBN 1-932876-01-4) is priced at $1,295. The report is an offering from the Gartner Strategic Planning Report Series, an eight-volume series from Gartner Press that provides buyers with comprehensive reference guides on topics of critical interest to today's business and IT executives.
For information about purchasing the report or others in the Strategic Planning Report Series, visit www.gartnerpress.com/reports. Other Strategic Planning Reports available for purchase cover the following topics: business intelligence; data center; mobile and wireless; customer relationship management; application integration and Web services; outsourcing; and asset management.
About Gartner:
Gartner, Inc. (NYSE: IT and ITB) is the leading provider of research and analysis on the global information technology industry. Gartner serves more than 10,000 clients, including chief information officers and other senior IT executives in corporations and government agencies, as well as technology companies and the investment community. The Company focuses on delivering objective, in-depth analysis and actionable advice to enable clients to make more informed business and technology decisions. The Company's businesses consist of Gartner Intelligence, research and events for IT professionals; Gartner Executive Programs, membership programs and peer networking services; and Gartner Consulting, customized engagements with a specific emphasis on outsourcing and IT management. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, and has more than 3,500 associates, including approximately 1,000 research analysts and consultants, in more than 75 locations worldwide For more information,
visit www.gartner.com.
