Be Prepared: Gartner Outlines Top Security Risks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Be Prepared: Gartner Outlines Top Security Risks

The research firm says companies must cut through the hype to develop a coherent security plan

With the war in Iraq now in its second week and with security a global worry, what better time to delve into the defensive and protection issues enterprises will face through the end of the year?

Market research firm Gartner obviously thinks so. It released a report that leverages the news to put corporate security front and center. At the just-concluded Gartner Symposium/ITxpo in San Diego, where Gartner brought together thousands of IT professionals from companies both in the United States and overseas, analyst Victor Wheatman outlined a top-10-plus-one list of security issues businesses will confront during 2003.

The challenge that companies face, he said, is in cutting through the hype--from grandiose promises by security providers to worrisome news running on cable channels around the clock--to develop a coherent security plan for the year, and prioritize the most important issues.

"The economic downturn and buyers' remorse over previous grand-plan security initiatives are in balance with a defensive stance driven by modern political realities," Wheatman said. "The result is that enterprises tend to implement products and services that are 'good enough', while navigating through minefields of overpromoted products, or products so advanced, the need is not readily apparent."

To help companies put things in perspective, Wheatman assembled a list of the year's top IT security concerns that businesses and government organizations should consider.

- Web services security: With security standards still in a state of flux, Wheatman recommended caution in deploying Web services across enterprise perimeters in 2003.

- Wireless LAN security: Although progress is being made to secure wireless networks, rushing to deploy wireless poses a major threat of information theft, Wheatman said. In addition, he noted the ongoing underground movement to tap into hot spots, including those maintained by businesses, opening up the potential for service and bandwidth shoplifting.

- Identity management: Identity theft is rampant, and is mostly accomplished by mundane means such as "dumpster diving." It's crucial that companies have identity management and provisioning plans in place to prevent workplace identity theft, and educate workers on the dangers of the crime, Wheatman said. And although some vulnerabilities exposed by poor identity management are rarely hyped, they've simply been around too long and remain potent threats.

- Role of security platforms and intrusion-detection systems: Security systems are evolving from after-the-fact detection software into platforms that focus on prevention of intrusions before they occur. That's a good thing.

- Correlation of events for reporting, monitoring, and managing consoles: Companies should consider deploying console software that correlates data across all parts of the network so that they can determine if an attack against one part of the infrastructure is related to a problem on another.

- The next Code Red/Nimda: These two attacks cost businesses $3 billion in lost data and time, Wheatman said. Even more damaging assaults are likely, so companies must do everything possible to minimize vulnerability, including putting patch-management policies in place--one of the key lessons learned from the recent Slammer incident.

- Instant messaging security: Instant messaging and other peer-to-peer programs create holes in the network's defenses, particularly since many users are deploying IM on their own, without the knowledge of the IT staff. Securing IM, or at least setting usage policies, will continue to be an important issue in 2003.

- Homeland security: Still getting underway, the Department of Homeland Security will need to be addressed by some industries and, of course, by local, state, and federal government agencies.

- Tactical to infrastructure security: As part of the nation's move to wider security concerns, Wheatman recommends that companies shift their strategies from strictly tactical security solutions to put attention on the security of the overall infrastructure.

- Protecting intellectual property: Protecting information assets, whether proprietary data or patents, should be a security priority for all enterprises, Wheatman said, to prevent corporate espionage. Annual losses to U.S. businesses from pilfered trade secrets may be as high as $1 trillion.

-Transaction trustworthiness and auditing: Recent business scandals such as those that hit Enron and several accounting firms show that every company should improve the trustworthiness of its transactions and provide audit trails.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll