Global 2000 companies say their investment plans for security technology have not lagged and remain on target, reports Meta Group, a Stamford, Conn.-based industry analyst firm. Strong short-term and long-term interest in intrusion detection software is based on that fact that it's now widely accepted as a necessary part of a strong corporate security plan.
''Organizations that have taken an intelligent approach to intrusion detection have had no problem establishing the value of the technologies,'' says Chris King, senior program director for META Group's security and risk strategies team. ''Those that have purchased a product without the benefit of an underlying policy and plan, naturally feel like they have wasted their money, because they have. Technology alone does not improve security, and causing a false sense of security can actually harm the security effort.''
Meta Group analysts are warning clients that if they fail to deploy intrusion detection software, they could be liable of not meeting a court-set standard of due care.
Industry experts have been warning business executives that the IT department needs to be a separate entity from the IT security department. To truly protect a company, security managers need to be on the same level as the CIO, reporting straight to the CEO. IT and information security need to work together, but they also need to work separately.
That's still not largely happening.
''As security has now started showing some signs of maturation, we are seeing a gradual growth in understanding that technology risk needs to be managed in parallel with IT rather than within IT,'' says Mark Bouchard, a senior program director for Meta Group. ''But it is difficult to find an executive other than the CIO who is willing to take over an area like information security before it fully matures. Of course, even many CIOs are still resistant.''