Data Security Deluge - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:15 PM

Data Security Deluge

The popularity of security-management software rises as more vendors enter the market and prices fall

When software designed to manage the loads of information collected from security systems debuted a few years ago, its high cost and complexity stood in the way of its adoption. Yet for some businesses, managing such data is now a requirement in order to comply with government regulations on the collection and retention of data.

Nowhere is this pressure felt more than in the health-care and financial-services markets. Take Genesis HealthCare, which finds itself needing to comply with state data privacy laws in the 12 states where it operates, in addition to compliance with various federal laws. "Firewalls alone produce reams of [data] logs per week," says Bruce Forman, director of information security for the $1.5 billion-a-year health-care provider, which has more than 200 locations, 400 servers, and 38,000 employees.

Once companies get past the up-front investment, security-management software can save them time and money by automating controls that make sure their systems are in compliance. It will let users, for example, check to see if a setting on a password policy is compliant with the company's overall password policy or if an FTP event is starting on a server where it's not supposed to. "Security information- and event-management software isn't new; the main thing that's changed is that now we're in a world that's more heavily regulated," Forman says.

At least two dozen companies offer this type of software, including big vendors such as Cisco, Hewlett-Packard, and IBM and pure-play security vendors including ArcSight, McAfee, NetIQ, Network Intelligence, and Symantec. IDC projects the market for security information- and event-management software will grow to more than $635 million in sales by 2009, up from $267 million last year.

Genesis is using ArcSight's Enterprise Security Management suite of software, which has helped to consolidate threat information that affects its Linux, Unix, and Windows systems. Genesis feeds ArcSight ESM with data from its open-source Nessus vulnerability-scanning software, intrusion-detection systems, and firewalls in an effort to help Forman figure out how to prioritize his security responsibilities.

"You can also designate which systems in your environment have to adhere to different regulations," such as the Health Insurance Portability and Accountability Act or Sarbanes-Oxley, Forman says. "Assuming you can figure out the most important things to look for, then having something that puts all of your log information in one place gives you some comfort over how well you're doing keeping your network secure."

More SecurityIn a move to extend its appeal to companies under the gun of regulatory compliance, ArcSight last week disclosed details about ArcSight's Compliance Insight Packages, which works with the company's ArcSight ESM software and follows National Institute of Standards and Technology standards to provide 85 reports that assess the effectiveness and internal controls necessary to keep security efforts in sync with regulatory requirements. The Compliance Insight Packages module is scheduled to ship by June.

The key to making such software accessible to small and midsize businesses is making it more affordable. Gartner's June Magic Quadrant report for Security Information and Event Management technology estimates that initial software deployment costs are in the $200,000 to $400,000 range, in addition to a substantial investment in server hardware, storage, database software, and implementation service.

The good news: As demand for security-management software grows, prices appear to be dropping in some cases. ArcSight says the starting price for its Enterprise Security Management software suite is about $75,000, and competitor eIQNetworks launched Enterprise Security Analyzer 2.1, which starts at about $56,000.

Some business-technology managers have had a hard time in the past justifying to upper management spending on security because the return on such investments isn't easily quantifiable. But security-management software, with its ability to help IT professionals better understand threats and enhance a company's ability to deal with those threats while ensuring compliance with government rules, is becoming more appealing. As for return on investment, preventing a single attack that could lay waste to a company's tech infrastructure or avoiding hefty fines for violating regulations turns out to be a pretty good return.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll