Data Security Deluge - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Feature
News
2/3/2006
12:15 PM
50%
50%

Data Security Deluge

The popularity of security-management software rises as more vendors enter the market and prices fall

When software designed to manage the loads of information collected from security systems debuted a few years ago, its high cost and complexity stood in the way of its adoption. Yet for some businesses, managing such data is now a requirement in order to comply with government regulations on the collection and retention of data.

Nowhere is this pressure felt more than in the health-care and financial-services markets. Take Genesis HealthCare, which finds itself needing to comply with state data privacy laws in the 12 states where it operates, in addition to compliance with various federal laws. "Firewalls alone produce reams of [data] logs per week," says Bruce Forman, director of information security for the $1.5 billion-a-year health-care provider, which has more than 200 locations, 400 servers, and 38,000 employees.

Once companies get past the up-front investment, security-management software can save them time and money by automating controls that make sure their systems are in compliance. It will let users, for example, check to see if a setting on a password policy is compliant with the company's overall password policy or if an FTP event is starting on a server where it's not supposed to. "Security information- and event-management software isn't new; the main thing that's changed is that now we're in a world that's more heavily regulated," Forman says.

At least two dozen companies offer this type of software, including big vendors such as Cisco, Hewlett-Packard, and IBM and pure-play security vendors including ArcSight, McAfee, NetIQ, Network Intelligence, and Symantec. IDC projects the market for security information- and event-management software will grow to more than $635 million in sales by 2009, up from $267 million last year.

Genesis is using ArcSight's Enterprise Security Management suite of software, which has helped to consolidate threat information that affects its Linux, Unix, and Windows systems. Genesis feeds ArcSight ESM with data from its open-source Nessus vulnerability-scanning software, intrusion-detection systems, and firewalls in an effort to help Forman figure out how to prioritize his security responsibilities.

"You can also designate which systems in your environment have to adhere to different regulations," such as the Health Insurance Portability and Accountability Act or Sarbanes-Oxley, Forman says. "Assuming you can figure out the most important things to look for, then having something that puts all of your log information in one place gives you some comfort over how well you're doing keeping your network secure."

More SecurityIn a move to extend its appeal to companies under the gun of regulatory compliance, ArcSight last week disclosed details about ArcSight's Compliance Insight Packages, which works with the company's ArcSight ESM software and follows National Institute of Standards and Technology standards to provide 85 reports that assess the effectiveness and internal controls necessary to keep security efforts in sync with regulatory requirements. The Compliance Insight Packages module is scheduled to ship by June.

The key to making such software accessible to small and midsize businesses is making it more affordable. Gartner's June Magic Quadrant report for Security Information and Event Management technology estimates that initial software deployment costs are in the $200,000 to $400,000 range, in addition to a substantial investment in server hardware, storage, database software, and implementation service.

The good news: As demand for security-management software grows, prices appear to be dropping in some cases. ArcSight says the starting price for its Enterprise Security Management software suite is about $75,000, and competitor eIQNetworks launched Enterprise Security Analyzer 2.1, which starts at about $56,000.

Some business-technology managers have had a hard time in the past justifying to upper management spending on security because the return on such investments isn't easily quantifiable. But security-management software, with its ability to help IT professionals better understand threats and enhance a company's ability to deal with those threats while ensuring compliance with government rules, is becoming more appealing. As for return on investment, preventing a single attack that could lay waste to a company's tech infrastructure or avoiding hefty fines for violating regulations turns out to be a pretty good return.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
Strategies You Need to Make Digital Transformation Work
Joao-Pierre S. Ruth, Senior Writer,  11/25/2019
Commentary
Enterprise Guide to Data Privacy
Cathleen Gagne, Managing Editor, InformationWeek,  11/22/2019
News
Watch Out: 7 Digital Disruptions for IT Leaders
Jessica Davis, Senior Editor, Enterprise Apps,  11/18/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll