Category: Trends

It’s the startups that are bringing out new, innovative products, and will likely be acquired, he said.

In the next four years, Gartner sees continued consolidation of vendors, consolidation of servers through virtualization, a move toward green IT, an expansion of cloud computing and “hardware as a service” — i.e. hardware rental. Green IT won’t be just confined to the U.S., it will be a global effort. Gartner estimates two percent of worldwide carbon emissions are attributable to IT. “IT vendors are seen as part of the problem, so it will be necessary to get your house in order,” said Cox. Even though it is viewed as an emerging market with a much smaller IT infrastructure than the U.S., China is already concerned with power consumption and the government is coming up with guidelines on for businesses on power consumption policies.

Gartner Research Director George Shiffler then spoke of hardware spending as it relates to the economy. He ate some crow and admitted Gartner’s earlier predictions of a downturn in sales due to economic conditions didn’t manifest.

Citing research from the financial analysis firm Global Insight, Shiffler said there could be a notable drop in spending in the U.S. and Europe, which would result in slowdowns in sales in the second half of this yearand the first half of next year. However, it’s a slowdown, not a plunge like after the dot com bubble popped. The server market has to deal with a number of changes all at once: the economy, the decline of RISC and ascension of x86, the game changers that are virtualization and cloud computing, and the drop in average selling prices (ASPs).

Gartner believes cloud computing could be a disruptive force in the market, particularly for server vendors, and that server vendors will need to target a range of external and Web datacenter providers as customers try to avoid making commitments and go to pay as you go cloud services.

On the desktop side of things, Principal Research Analyst Mikako Kitagawa said that soon, China will surpass the U.S. as the single largest PC market. The reason for that is the U.S. is a “highly saturated” market, where people own two and three and four PCs, and much of the business is in upgrades and replacements. China is still growing as a market and has not reached saturation. HP and Dell combined hold about 55 percent of the total market, with Apple coming in third with around 10 percent of the market, and the best annual growth rate of 37.9 percent quarter-over-quarter.

Gartner is predicting mini-notebooks, also sometimes called netbooks, will ramp up significantly, led by ASUSTeK, with its popular Eee-PC. Mini-notebooks will be a consumer phenomenon, with 89.1 percent of sales in 2Q08 going to consumers. ASUS had 50 percent of the market in that quarter, but that might get spread around a little with the entry of more players, including Dell. Worldwide, Gartner expects mini-notebooks to hit more than 50 million units by 2012 under the best case scenario and around 25 million units under a most likely scenario.

http://www.internetnews.com/hardware/article.php/3769666

“If more states would publish breach notification lists, there would be more information to study and to help us understand this growing concern,” she said.

Additionally, more companies are starting to audit their security and network systems and use readily available security measures.

The group highlighted a recent massive breach caused by a retailer using unsecured or poorly secured networks to store customer data. Early this month, the US Attorney General’s office indicted members of a hacking ring that allegedly lifted 40 million credit and debit card numbers from retailers TJX, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21, and DSW.

Feds estimate the hackers netted about 45.7m payment cards from TJX (which operates T.J. Maxx stores) alone.

http://www.theregister.co.uk/2008/08/27/itrc_data_breaches_2008_beat_2007/

“Those companies become victims of the breach as much as the individuals whose information has been affected,” said Linda Foley, founder of the ITRC. “In many cases they entrusted a vendor to provide a service to safeguard information at the highest level, and when they transport it from one place to another unencrypted, they’re not taking it to the highest level… Companies need to have a better understanding of the contractual obligations of the firm they outsource payroll and other processes to, Foley said.

Foley said the growth in the number of breaches from year to year can no longer only be attributed to required reporting laws and media investigative work. Since each state has its own law requiring notification, companies are not held to one consistent standard to report a breach. Some states are adding language to the law, making it a requirement to provide public notification of the breach notification letters issued to customers, Foley said.

The researchers said current breach laws are problematic because they leave any action, such as canceling a credit card, up to the consumer.

Foley said the ITRC’s breach response program provides a consultant to the company to advise them on an appropriate breach notification letter and first responder calls.

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1327048,00.html

Adrian Davis, senior research consultant and author of the report comments:Without doubt, our research shows that information security professionals want to change; to become information risk professionals and true business partners to add value and shape business strategy and processes. This change will involve more than just re-labelling job functions, activities and responsibilities. Skill sets will need to change, as will the way security professionals communicate with their businesses and measure performance.The ISF study examined where security in organisations is headed along with the security value proposition and challenges that have to be faced. Using this extensive research work and analysis including input from over 160 senior security professionals in some 100 major ISF Member organisations from around the world, Adrian Davis and his team identified key areas of change and drivers for change, and looked at the future for information security.

Davis added:It is clear that Information security is changing radically and will continue to change. The pressure for this comes from within the profession and from external forces such as businesses, regulators and changes in culture and behaviour.Although differences exist between both geographical regions and industry sectors, common themes can be identified.

The Report entitled, the Role of Information Security in the Enterprise, is one of over 200 authoritative reports available free of charge to ISF Members.

http://www.net-security.org/secworld.php?id=6357

The report includes real documented discussions conducted by the company’s researchers with resellers of stolen data and their “bosses”, confirming it’s analysis of the current state of the cybercrime economy.

“Over the course of the last 18 months we have been watching the profit-driven Cybercrime market maturing rapidly… This makes businesses today even more vulnerable for cybercrime attacks, especially considering the maturity of the cybercrime market and its well-structured cybercrime organizations,” said Yuval Ben-Itzhak, Finjan’s CTO.

The report explores the trend of loosely organized clusters of hackers trading stolen data online being replaced by hierarchical cybercrime organizations. These organizations deploy sophisticated pricing models, Crimeware business models refined for optimal operation, Crimeware drop zones, and campaigns for optimal distribution of the Crimeware. These cybercrime organizations consist of strict hierarchies, in which each cybercriminal is rewarded according to his position and task. Directly under him is the “underboss”, acting as the second in command and managing the operation. This individual provides the Trojans for attacks and manages the Command and Control (C&C) of those Trojans.

As a preventative measure, businesses should look closely at their security practices to make sure they are protected.

http://www.security-industry-today.com/news/news_all.asp?ID_key=381

Many other protocol implementations are built entirely from scratch, and have not benefited from years of public analysis and repeated attack, resulting in unproven protocol implementations that may be vulnerable to attack.

Even when vulnerabilities are identified, patches must be developed for each device or device family by the vendor, requiring tight collaboration between embedded software developers and the OEM’ s building devices based on the developers’ software.

http://www.net-security.org/secworld.php?id=6247