SAN DIEGO -- Of course you need to be thinking about the security of your systems. A good "guard dog" is essential.
But try not to step in any hype as you look at the "breeds."
Analysts with Gartner Inc. said last week at the company's Symposium/ITxpo that one of the great hurdles companies must clear while they're shopping for security products is the hurdle of hype. They stressed the importance of finding the products that best suit your firm's business needs -- not the products that vendors say you absolutely must have. Otherwise, you might as well flush those precious security funds.
And because IT security initiatives are near the top of many CIOs' "to do" lists, many vendors are making a lot of noise.
Victor S. Wheatman, vice president and research director for the Stamford, Conn.-based research firm, added that the stagnant economy, global unrest and a wariness born of "previous grand-plan security initiatives," which may not have been as grand as planned, are also having an impact on how IT managers shop for security solutions.
Hype, buyer's remorse, squeezed budgets, economic uncertainty, and expectations that security measures will deliver -- that's a lot to juggle, and it has resulted in cautious companies buying time rather than security.
"Enterprises tend to implement products and services that are 'good enough' while navigating through minefields of over-promoted products or products so advanced [that] the need is not readily apparent," Wheatman said.
In order to help you get past the veggies and to the meat of what's important, security-wise, Gartner has compiled a "Top 11" list of security issues for 2003. They're in no particular order, and the list doesn't have the knee-slapping qualities of a Letterman Top 10, but let's face it: security is no laughing matter.
- Web services security
The use of Web services is an issue because these technologies will change the way new applications will be secured.
- Wireless LAN security
Vulnerable wireless LANs could leave services out on the table for the taking, and there is no shortage of thieves.
- Identity management and provisioning
Directory Network Service and denial-of-service attacks aren't going away.
- The role of security platforms and intrusion-detection systems
The intrusion-detection business is evolving toward prevention and forensics.
- Console monitoring and management
You need to know whether a problem with one part of the network is related to a problem on other parts of the network.
- The next big virus
Code Red and Nimda were two costly wake-up calls, and a nastier worm could be out there.
- Instant messaging security
IM is everywhere, and its very omnipresence is creating exploitable holes.
- Homeland security
Corporate America has not yet felt the impact of this government initiative.
- Tactical security to infrastructure security
Addressing tactical security solutions will lead to more interest in infrastructure security.
- Protecting intellectual property
This issue won't go away, thanks in no small part to corporate spies.
- Transaction trustworthiness and audit-ability
Thanks to firms like Enron and WorldCom, there will be more attention paid to information security measures and the "audit trail."