Gartner Says Previously Over-Hyped Security Initiatives Are Resulting in More Cautious Implementation in 2003
Analysts at Gartner Symposium/ITxpo 2003 Discuss Top Security Issues
San Diego, CA., March 25, 2003 — While IT security is a top initiative for most companies, many enterprises are dealing with the challenge to maneuver through the hype and find products that will suit their current needs, according to Gartner, Inc. (NYSE: IT and ITB).
Gartner analysts provided their scenario for information security during Gartner Symposium/ITxpo 2003, which is taking place March 23-March 27 in San Diego.
"The inhibiting effects of the economic downturn and buyers' remorse over previous grand plan security initiatives are in balance with a defensive stance driven by modern political realities as well as demands for privacy," said Victor S. Wheatman, vice president and research area director for Gartner.
"The result is that enterprises tend to implement products and services that are 'good enough', while navigating through minefields of over-promoted products, or products so advanced, the need is not readily apparent," Wheatman said.
While companies try to determine their IT security priorities, Gartner analysts have identified the top 11 security issues for 2003. They include:
Web services security — Web services will lead to discontinuities in how new applications will be secured. Enterprises should take a cautious approach to Web services deployment across the enterprise perimeter in 2003.
Wireless LAN security — Insecure wireless LANs represent a serious point of potential failure for enterprise networks. A mini-movement to find and mark free wireless Internet access locations primarily causes theft of service.
Identity management and provisioning — Identity theft is a rampant cybercrime mostly accomplished via pedestrian means, but Directory Network Service, social engineering and denial-of-service attacks remain threats that enterprises must address.
Role of security platforms and intrusion prevention systems — Intrusion detection systems (IDS) continue to evolve, particularly in correlation technologies to improve alerts, but also in an evolution toward prevention and forensics.
Correlation of events for reporting/monitoring/managing consoles — It's important to know what's going on and determine if an attack or a problem occurring on one portion of the network is related to a problem on another network segment.
The next Cod Red/Nimda — Code Red and Nimda cost enterprises as much as $3 billion. There are fears of something more damaging than Code Red and Nimda in the future. Then came the Slammer worm.
Instant messaging security — The ubiquity of this basic collaborative tool is creating worrisome "holes." Seeking any open port, instant messaging and other peer-to-peer programs can put networks and information at risk.
Homeland Security (industry-specific) — The impact of homeland security in the United States has not yet been felt in many industry sectors.
Tactical security to infrastructure security — The short-term attention to tactical security solutions will change to renewed attention to infrastructure security as part of the homeland dynamic.
Protecting intellectual property — Protecting intellectual property remains an issue because of competitive intelligence and corporate espionage activities.
Transaction trustworthiness/auditability — Recent corporate financial-reporting scandals will influence the application of information security techniques to improve the trustworthiness of enterprise transactions and the audit trail.
"Investing in an overhyped technology too early can result in a complete waste of enterprises' security funds. Enterprises should focus on their assessment of business needs and threats to prioritize security needs," said Wheatman.
Gartner Symposium/ITxpo is the IT industry's largest and most strategic conference, providing business leaders with an insightful look at the future of IT. For more than 10,000 IT professionals from the world's leading enterprises, Gartner's annual Symposium/ITxpo events are key components of their annual planning efforts. Attendees are responsible for more than $35 billion in IT spending for their respective companies. For more information about Gartner Symposium/ITxpo 2003, please visit www.gartner.com/symposium or call 1-800-778-1997.
About Gartner:
Gartner, Inc. is the leading provider of
research and analysis on the global information technology industry. Gartner serves more
than 10,000 clients, including chief information officers and other senior IT executives
in corporations and government agencies, as well as technology companies and the
investment community. The Company focuses on delivering objective, in-depth analysis
and actionable advice to enable clients to make more informed business and technology
decisions. The Company's businesses consist of Gartner Intelligence, research and
events for IT professionals; Gartner Executive Programs, membership programs and peer
networking services; and Gartner Consulting, customized engagements with a specific
emphasis on outsourcing and IT management. Founded in 1979, Gartner is headquartered in
Stamford, Connecticut, and has 3,700 associates, including more than 1,000 research
analysts and consultants, in more than 75 locations worldwide. For more information,
visit www.gartner.com.
