Category: Trends

“The long-term value of today’s IT specialists will come from understanding and navigating the situations, processes and buying patterns that characterise vertical industries and cross-industry processes,” said Diane Morello, a research vice-president at Gartner, in a media statement.

According to Gartner, the workplace will also spawn a trend which will see the transfer of laptop ownership from company to employee. By 2008, 10 percent of companies will adopt this practice, managing the use of employee-owned laptops with schemes such as notebook allowances.

In addition, the analyst predicts that spending on regulatory compliance will grow at a rate twice that of IT spending. In a bid to keep up with regulatory compliance requirements by the US government and European Commission, businesses may consume discretionary IT budgets. This would leave little resources for organisations to manage initiatives key to business growth, such as exploring the use of new technology, Gartner warned.

The analyst advised IT departments to work with their legal, financial, and corporate departments to ensure business growth.

These and other industry trends are part of Gartner’s research series that discusses major trends affecting IT users, vendors and most industries in 2006 and beyond.

http://news.zdnet.co.uk/business/employment/0,39020648,39238831,00.htm

He explained that large organisations thrive by having a developed understanding of risk, and by accepting it when it offers a business advantage.

Instead of the ability to scare budgets out of chief information security officers, a future risk management officer will be well-versed in communication and project management skills and more likely to have trained in business school than as a techie. “The days of security being handled by the ‘network person’ who did security in their spare time are over and increasingly we are seeing seasoned professionals with real business experience and business school qualifications stepping into the security space.” Business people also need to adapt and realise the security cannot be achieved by technology and needs to be built into a corporate culture. This will require cultural, behavioural, procedural and technical change, according to Gartner.

Proctor made his comments during a presentation at the Gartner IT Security Summit in London.

http://www.securityfocus.com/news/11317

The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past.

Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Symantec’s Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception. According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, “the most of any browser studied,” the report’s authors stated. Eighteen of these flaws were classified as high severity.

“During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity,” the report noted. The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as “high”, which Symantec defined as “resulting in a compromise of the entire system if exploited.”

The Mozilla Foundation did not immediately respond to requests for comment.

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it’s not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.

Symantec admitted that “at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred,” but added that it “expects this to change as alternative browsers become increasingly widely deployed.” There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor.

According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

The report also highlighted a trend away from the focus of security being on “servers, firewalls, and other systems with external exposure.” Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a “dramatic increase in malicious code variants”.

http://news.com.com/Symantec+Mozilla+browsers+more+vulnerable+than+IE/2100-1002_3-5873273.html

First a good analogy: “In the history of business and consumer use of the Internet, the vast majority of security approaches have relied on customer premises equipment — security hardware and software at the edge of every business or on the PC of every consumer. This is the equivalent of the water company telling you to put water purifiers onto the water pipe into your house because it is sending you many poisonous substances mixed into your water.”

Despite usability and liability obstacles, few would argue that “immunizing” the network for cyber threats this way doesn’t make sense.

Governments in Western Europe, Southeast Asia and the Middle East have projects in launch mode or in the planning stages.

Even in the U.S.–which like the U.K. has long resisted the urge to require citizens to bear ID cards–federal officials are pushing a de facto national ID. ID card projects around the world include efforts to collect biometric data, such as fingerprints, on citizens and permanent residents. The identifiers get stored on a microprocessor chip embedded in a digital card and on a central database.

Although officials often try to promote the technology as bringing government closer to the people, at bottom they see it as one of the most effective ways to stem the flow of illegal immigrants, crack down on ID fraud and, for many countries, reduce the threat of terrorism. Among the large national ID projects on the drawing board in the West, France and the U.K. are tying their cards to planned rollouts of electronic passports. And although critics of the plans, led by privacy advocates and fiscal conservatives, have been gaining strength of late, officials are not likely to back down, especially after the recent terrorist attacks in London.

A vast market Reliable estimates of the ID card tech market are difficult to come by. U.S.-based equity research firm Morgan Keegan last year estimated governments worldwide spent $4.8 billion in 2003 to identify and track citizens and residents, mainly through the use of low-tech cards and associated databases and network infrastructure. That is expected to grow to $10.7 billion by 2007, fueled largely by the higher costs for chip-based, or “smart,” cards and biometrics, including the biometric databases and readers.
“National ID has big growth, and that’s purely being driven by China.” Anoop Ubhey, analyst, Frost & Sullivan Smart card suppliers project they will ship 60 million government ID cards worldwide this year, up by a third from 2004. The estimate includes some health cards that patients use to file their insurance claims.
U.S.-based printer and PC giant Hewlett-Packard has seized on such projections to help it tout a “National Identity System” offering, which it announced in late May. HP, eager to reduce its dependence on sales of ink cartridges and the fiercely competitive PC business, has cast itself in the role of systems integrator to governments around the world. It hopes to sell officials on complete “identity management systems,” including biometric verification, smart cards and networking software. For this it has enlisted various IT “partners,” including Microsoft. “It’s a crying need from those governments,” says Jim Ganthier, worldwide marketing director for HP’s Defense, Intelligence and Public Safety unit.

U.S.-based research firm Frost & Sullivan isn’t quite as bullish on the market. It estimates governments worldwide issued just 12.4 million electronic ID cards to citizens and permanent residents last year. It predicts that will increase to 450 million cards a year in 2009. But much of that growth will come from one massive project. “National ID has big growth, and that’s purely being driven by China,” says Anoop Ubhey, an analyst for Frost & Sullivan. “We certainly don’t think the whole project will be completed by 2008.” And Beijing is keeping card costs low and restricting almost the entire $6 billion-plus project to domestic vendors.

http://news.com.com/Tough+road+for+identity+tech/2100-7341_3-5839928.html?part=rss&tag=5839928&subj=news

Like any other critical enterprise risk, identity theft has reached a point where it makes sense for companies to provide a corporate benefit to protect employees and the company itself. As anyone who has had his or her identity stolen can relate, the experience is both memorable and rehabilitating. It has become so pronounced that volunteer programs in some states, like California, have set up centers whose full-time role is to help people get back on their feet. One of these organizations, the ID Theft Resource Center, recently identified a new and vicious type of theft: identity theft of children.

It is a growing concern as an underage child is typically not in the market for credit lines, and so the problem could go undiscovered until the child applies for that first car loan or school loan. Their credit could be permanently damaged, creating serious problems for them much later on in life. For adults identity theft can mean weeks and months of time spent closing bogus accounts, contacting creditors, and correcting credit reports. During this time, the adult, who is typically also someone’s employee, is clearly not focused on his or her job or much of anything else. Remember, until the ID issue is cleared up, their home may be at risk, their cars could be repossessed, and they may be unable to effectively pay bills. There will be no higher priority for them and, from the viewpoint of their company, they are just as unavailable, perhaps even more so, then if their home was lost or they had critically ill family member.

It is part of a corporation’s responsibility is to ensure the continued productivity of its workforce and healthcare benefits certainly speaks to that. In 2003, the Identity Theft Resource Center published a detailed report noting the impact of identity theft. The organizations that the victim must turn to often seem to treat that victim very poorly.

Financial Identity Theft: This is where a victim’s social security number is stolen and used to open a series of fraudulent accounts ranging from loans (particularly lines of credit and credit cards), leases (cars and apartments), checking accounts, and telephone services.

Criminal Identity Theft: This is where the identity is stolen and used by a criminal in place of their own so the crime tracks back to the victim not the criminal.

Identity Cloning: In this scenario, the identity thief actually uses the victim’s identity to get paperwork, credit lines and pay rent. The thieves are often used illegal immigrants, felons, people avoiding judgments (like child support), and anyone hoping to leave their ‘old life’ behind.

http://www.securitypipeline.com/166402571