Be Prepared: Gartner Outlines Top Security Risks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Be Prepared: Gartner Outlines Top Security Risks

The research firm says companies must cut through the hype to develop a coherent security plan

With the war in Iraq now in its second week and with security a global worry, what better time to delve into the defensive and protection issues enterprises will face through the end of the year?

Market research firm Gartner obviously thinks so. It released a report that leverages the news to put corporate security front and center. At the just-concluded Gartner Symposium/ITxpo in San Diego, where Gartner brought together thousands of IT professionals from companies both in the United States and overseas, analyst Victor Wheatman outlined a top-10-plus-one list of security issues businesses will confront during 2003.

The challenge that companies face, he said, is in cutting through the hype--from grandiose promises by security providers to worrisome news running on cable channels around the clock--to develop a coherent security plan for the year, and prioritize the most important issues.

"The economic downturn and buyers' remorse over previous grand-plan security initiatives are in balance with a defensive stance driven by modern political realities," Wheatman said. "The result is that enterprises tend to implement products and services that are 'good enough', while navigating through minefields of overpromoted products, or products so advanced, the need is not readily apparent."

To help companies put things in perspective, Wheatman assembled a list of the year's top IT security concerns that businesses and government organizations should consider.

- Web services security: With security standards still in a state of flux, Wheatman recommended caution in deploying Web services across enterprise perimeters in 2003.

- Wireless LAN security: Although progress is being made to secure wireless networks, rushing to deploy wireless poses a major threat of information theft, Wheatman said. In addition, he noted the ongoing underground movement to tap into hot spots, including those maintained by businesses, opening up the potential for service and bandwidth shoplifting.

- Identity management: Identity theft is rampant, and is mostly accomplished by mundane means such as "dumpster diving." It's crucial that companies have identity management and provisioning plans in place to prevent workplace identity theft, and educate workers on the dangers of the crime, Wheatman said. And although some vulnerabilities exposed by poor identity management are rarely hyped, they've simply been around too long and remain potent threats.

- Role of security platforms and intrusion-detection systems: Security systems are evolving from after-the-fact detection software into platforms that focus on prevention of intrusions before they occur. That's a good thing.

- Correlation of events for reporting, monitoring, and managing consoles: Companies should consider deploying console software that correlates data across all parts of the network so that they can determine if an attack against one part of the infrastructure is related to a problem on another.

- The next Code Red/Nimda: These two attacks cost businesses $3 billion in lost data and time, Wheatman said. Even more damaging assaults are likely, so companies must do everything possible to minimize vulnerability, including putting patch-management policies in place--one of the key lessons learned from the recent Slammer incident.

- Instant messaging security: Instant messaging and other peer-to-peer programs create holes in the network's defenses, particularly since many users are deploying IM on their own, without the knowledge of the IT staff. Securing IM, or at least setting usage policies, will continue to be an important issue in 2003.

- Homeland security: Still getting underway, the Department of Homeland Security will need to be addressed by some industries and, of course, by local, state, and federal government agencies.

- Tactical to infrastructure security: As part of the nation's move to wider security concerns, Wheatman recommends that companies shift their strategies from strictly tactical security solutions to put attention on the security of the overall infrastructure.

- Protecting intellectual property: Protecting information assets, whether proprietary data or patents, should be a security priority for all enterprises, Wheatman said, to prevent corporate espionage. Annual losses to U.S. businesses from pilfered trade secrets may be as high as $1 trillion.

-Transaction trustworthiness and auditing: Recent business scandals such as those that hit Enron and several accounting firms show that every company should improve the trustworthiness of its transactions and provide audit trails.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll