Upgrades, HR costs squeeze British tech budgets

Posted on by admini

A survey of 168 organizations in the United Kingdom found that more than half expected IT spending to increase over the next year by an average of 1.9 percent. The annual Benchmark of IT Spending was conducted by Britain’s National Computing Centre. That figure of 1.9 percent varies widely over different sectors.

In central government, manufacturing and finance, overall IT spending is predicted to actually fall over the next year. Ian Jones, head of content and publishing at the NCC, described the outlook of IT buyers as “cautiously optimistic.”

The bulk of IT budgets is still taken up by running and maintaining the existing infrastructure, with operational costs making up 68 percent of total spending. Fresh investment in IT only accounts for 28 percent, with the rest accounted for by end users and other sources within the organization. Again, the figures differ in each sector, with IT investment greater in central government and finance, and lower in construction and manufacturing.

IT staff remain the single largest budget item, accounting for almost a third of overall budgets. The average level of IT staffing is 26.5 techies per 1,000 end users in a company, which is slightly down from 31 last year. The finance sector has the highest ratio, at over twice this year’s average.

Desktop replacement is the most important IT department activity, and 42 percent of Windows systems are expected to be upgraded over the next two years, mainly to Windows XP. The proportion of sites running Linux desktops remains low, though strong growth is predicted. Jones said the Linux vendors had come in for “a real kicking” after all the rhetoric and hype about open source on the desktop. “It has really made no impact whatsoever on the desktop,” he said. “The Linux vendors need to raise their game.”

The big area highlighted by user organizations is thin-client desktops. These are currently only used in 16 percent of firms, but that is expected to rise to 24 percent over the next two years. Laptops and PDAs are also expected to grow proportionately much faster than desktops, at just more than 50 percent over two years, though the actual numbers remain a lot smaller.

The Windows 2003 server upgrade is also a major project on the table for many companies, while the decline of the mainframe continues apace.

http://news.zdnet.com/Upgrades%2C+HR+costs+squeeze+British+tech+budgets/2100-3513_22-5386982.html?part=rss&tag=feed&subj=zdnn

Read more

Why security is an information problem

Posted on by admini

Rather than thinking about the value of their mobile or laptop, employees need to be trained about the value of information to their company,” said Perry.

Esther George, policy advisor for the Criminal Prosecution Service (CPS), said that the authorities are limited in what they can do when it comes to prosecuting criminals by a general reluctance on the part of companies to admit to hack attacks.

During the debate, some criticism was made of the lack of new legislation to tackle hacking but George argued that despite the lack of new laws, older ones were wide enough in scope to be applied to modern Internet crimes.

Martin Jordan, a senior manager from KPMG, said that despite the best efforts of the security community, end users would always be playing catch-up to hackers and criminals — what companies need to decide is how far they are want to lag behind.

During the debate, some criticism was made of the lack of new legislation to tackle hacking but George argued that despite the lack of new laws, older ones were wide enough in scope to be applied to modern Internet crimes.

Computer Associates’ Perry said that another key factor in combating hacking is for home users to take security as seriously as business users, because many new viruses and spyware are propagated on personal machines.

http://news.zdnet.co.uk/internet/security/0,39020375,39168216,00.htm

Read more

Passwords Fail To Defend Enterprises

Posted on by admini

According to the Meta Group, passwords aren’t cutting the mustard because of both organizational and user failings, as well as a lack of cost-effective alternatives.

“Enterprises are pretty frustrated with passwords,” said Earl Perkins, vice president with the firm’s security and risk strategies group. On the organizational level, Perkins said that passwords’ failings range from enterprises wasting time creating convoluted policies to spending too little time protecting crucial applications.

On the end-user front, meanwhile, passwords are ineffective when people have too many to maintain. But the issue with password protection isn’t just numbers, said Perkins.

“From a cultural standpoint, many individuals don’t believe the value of the password reflects the value of the assets it protects.

The solution that enterprises are looking for is a low-cost way to add strong authentication to identity management. Among the possible additions or alternatives to passwords are such concepts as tokens, smart cards, and PKI-style services. “But it’s going to take someone willing to drive down the price of, say, tokens to create a low-cost solution,” he added.

There are hints that that might happen as early as the end of 2004 or the beginning of 2005, Perkins said, if only because rivals of RSA, the dominant player in the identity management market with its SecureID, want to break its grip. “If a competitor can shake that tree, things will loosen up.

One of Meta Group’s clients, for instance, wanted to deploy a token-based authentication to its entire 60,000+ employee workforce, but the price tag was simply too high.

Instead, companies tend to apply the higher-cost, but more secure, authentication to higher-value assets, such as servers, and leave passwords, as ineffective as they are, to defend other assets, like desktops.

http://www.techweb.com/wire/security/47900125

Read more

Linux firms join forces on security

Posted on by admini

Mandrakesoft, joined by Bertin Technologies, Surlog, Jaluna and Oppida, will boost Linux so it meets the Evaluation Assurance Level 5 (EAL5) of an internationally used security certification called Common Criteria, the companies said onThursday. The certification is particularly important among military and government customers; the French Ministry of Defence is funding the project.

The EAL5 certification level is significantly higher than what current versions of Linux have attained. Red Hat reached EAL2 in April and EAL3+ in August, while Novell’s SuSE Linux reached EAL3+ in January. Those companies, which dominate the commercial market for the open-source operating system, are working on higher certifications in conjunction with IBM and Oracle.

Mandrakesoft will release the fruits of the work as open-source software when the project is done, the company said.

Microsoft’s Windows, Sun Microsystems’ Solaris, Hewlett-Packard’s HP-UX and IBM’s AIX all have EAL4 certification.

EAL5 certification is rarer; one company to attain it is IBM, with the technology that lets its z900 and z990 mainframes be divided into independent, isolated partitions.

http://news.zdnet.co.uk/0,39020330,39167716,00.htm

Read more

Phishers Fake FDIC Web Site

Posted on by admini

This isn’t the first time that phishers have used the FDIC as a disguise to trick consumers.

Earlier this month, the Anti-Phishing Working Group detected a less sophisticated scam that tried to get users to give up their credit card account numbers, Social Security numbers, and PINs.

http://www.securitypipeline.com/news/47902805;jsessionid=H4IZU5N52KWUCQSNDBCCKHY

Read more

Only XP SP2 Secure Internet Explorer

Posted on by admini

Microsoft this week reiterated that it would keep the new version of Microsoft’s IE Web browser available only as part of the recently released Windows XP operating system, Service Pack 2.

That, say analysts, is a steep price to pay to secure a browser that swept the market as a free, standalone product. “It’s a problem that people should have to pay for a whole OS upgrade to get a safe browser,” said Michael Cherry, analyst with Directions on Microsoft. “We do not have plans to deliver Windows XP SP2 enhancements for Windows 2000 or other older versions of Windows,” the company said in a statement.

Three years have passed since Microsoft introduced its last new OS, and its upcoming release, code-named Longhorn, has been plagued by delays. Microsoft last month scaled back technical ambitions for Longhorn in order to meet a 2006 deadline.

Those ongoing security updates do not, as Microsoft points out, include the latest security fixes with Service Pack 2, released last month. Now it’s unclear whether even half the Windows world will have access to the shored up IE.

Of Microsoft’s approximately 390 million operating system installations around the world, Windows XP Pro constitutes 26.1 percent, Windows XP Home 24.7 percent, IDC said.

http://news.zdnet.co.uk/internet/security/0,39020375,39167607,00.htm

Read more