Category: Trends

At the SAS Institute Inc. CIO Suzanne Gordon said that security occupies the top spot on the Cary, N.C., software firm’s 2004 wish list. Gordon said that SAS will have a rolling forecast and look at the budget every quarter, so if the company needs a weapon to combat a Blaster worm is needed, she can get it.

For Tsvi Gal, CIO of Warner Music Group in New York, Web services and service-level management in heterogeneous environments, as well as digital rights management, rank in the upper tiers of his list.

Both said that disaster recovery (DR) investments are high priorities, which is in keeping with Forrester’s prediction that DR will be right behind security on the CIO shopping list. Gal said that his company is moving from a model in which DR is considered an issue only for IT departments to one that gets business divisions involved.

The emphasis on DR and business continuity isn’t only a CIO priority, according to Bob Doyle of Dallas-based RPD Global Consulting and a CIO for more than two decades, most recently with Fleming Companies. Rounding out Forrester’s top five CIO priorities for 2004: upgrading existing applications and desktops (“business-as-usual investments” as Gal called them) and compliance with new laws, namely the Sarbanes-Oxley Act.

IT outsourcing, one of the hottest topics in 2003, finished closer to the bottom of the 2004 priority pile, with only 24% of respondents saying that they would be exploring outsourcing alternatives in 2004, and only 17% said that moving IT work offshore was of the utmost importance. Forrester finding — that of the firms that already use offshore providers, 68% will send even more work overseas in 2004.

More info: [url=http://searchcrm.techtarget.com/originalContent/0,289142,sid11_gci943125,00.html]http://searchcrm.techtarget.com/originalContent/0,289142,sid11_gci943125,00.html[/url]

There were tens of thousands of threats that affected individual businesses in various ways, depending on what systems and applications they had deployed and what kinds of security systems and practices they had in place.

– In 2000, the CERT Coordination Center, a government-funded security group, recorded 21,756 security-related incidents.
– Four out of five businesses were hit by a virus or worm in 2003, according to a survey of 404 security decision makers by the Yankee Group. Denial-of-service attacks were the second-most-common security incident, hitting about 40% of those surveyed.
– More than half of those surveyed by the Yankee Group expect their security budgets to increase during the next three years, while only 8% expect security spending to decline.

Security analysts and vendors predict that 2004 will bring thousands of new viruses and worms and a huge increase in the use of spyware. They also say that spammers will increasingly adopt tools used by virus writers, adding to the volume of spam and the problems it causes for corporate networks.

“The issue gets serious when it comes to telecommuters using home PCs, which may not have antivirus and firewalls installed,” says Scott Blake, VP of information security at security firm BindView Corp. “The corporation has no control over what software they install on their home PC.” For more than a year, he collected the keystrokes of the customers of the printing and copying chain, including passwords and user names, and used that data to fraudulently open bank accounts.

http://www.informationweek.com/story/showArticle.jhtml?articleID=17100340

The Yankee Group survey reports 54 percent of companies plan to boost their security budgets during the next three years, while only 8% say they’ll be decreasing what they spend to secure their systems.

Antivirus, intrusion-detection and -prevention systems, and firewalls will be the only security technologies in which more than half of respondents expect to increase security spending. Fewer than half of all companies will increase spending in other areas, such as access control, authentication and provisioning, personal firewalls, and digital-rights management. Fighting for scraps will be Web-application security, access control, storage security, anti-spam, authentication technology, and wireless security.

More info: [url=http://www.securitypipeline.com/news/showArticle.jhtml;jsessionid=JOEK2VKIRTGHKQSNDBGCKHQ?articleId=17100139]http://www.securitypipeline.com/news/showArticle.jhtml;jsessionid=JOEK2VKIRTGHKQSNDBGCKHQ?articleId=17100139[/url]

Revenue from high-tech systems used to protect corporate networks reached $379.1 million, compared to $311.02 million during the same period last year, International Data Corp. said.

Within the overall market, the intrusion detection appliance segment posted an 89 percent growth rate, but the firewall and virtual private network market remained the largest segment, with $317.7 million in factory revenues in the quarter. “IDC expects the security appliance market — particularly the intrusion detection appliance market — to continue its strong growth in 2004,” IDC analyst Charles Kolodgy said in a statement.

The three most expensive price bands for appliances had growth rates of more than 100 percent, with the largest price band, $100,000 to $249,900, experiencing a 348 percent increase in the quarter.

More info: [url=http://www.techweb.com/wire/story/TWB20031218S0014]http://www.techweb.com/wire/story/TWB20031218S0014[/url]

The $90 million SEM market could also could witness as much as 50 percent market consolidation in 2004.
The report, “Security Event Management Systems Defend Against Information and Regulatory Overload,” said that as security becomes a greater concern for network administrators, SEM systems that enable them to identify, manage and respond to virus and hacker threats are becoming more prevalent.

The $90 million SEM market also could witness as much as 50 percent market consolidation in 2004, said report author Phebe Waterfield. “Integrating a systems management solution with risk management has the potential to revolutionize the way enterprises manage security risks,” Waterfield added.

SEM systems burst onto the scene in the late 1990s, when security vendors created them to help network administrators cope with information overload generated by security devices.

More info: [url=http://www.securitypipeline.com/news/showArticle.jhtml;jsessionid=13LHM1WGIKYFKQSNDBGCKHY?articleId=17000228]http://www.securitypipeline.com/news/showArticle.jhtml;jsessionid=13LHM1WGIKYFKQSNDBGCKHY?articleId=17000228[/url]

Systems deployed to meet HIPAA’s privacy deadline in April this year will also help achieve compliance with a security deadline in April, 2005.

More info: [url=http://www.eweek.com/article2/0,3959,1408970,00.asp?kc=EWRSS03119TX1K0000594]http://www.eweek.com/article2/0,3959,1408970,00.asp?kc=EWRSS03119TX1K0000594[/url]