Modernizing Authentication — What It Takes to Transform Secure Access
By Matt Barzowskas
META Group sees President Bush's appointment of a presidential advisor for cyberspace security as a positive move, as it sends a message that computer security is a national priority. This alone should encourage a greater awareness of the needs for computer security, making people more willing to make the extra effort and pay the extra expense to ensure their security. This should continue to drive investment in the security sector and be a positive for the leading security vendors, including Check Point, ISS, Network Associates, RSA, Symantec and VeriSign.
Even if that massive cyber terrorist attack never materialized, organizations of all kinds are constantly being subjected to a variety of security threats from both inside and outside their organizations. Worms like Code Red and NIMDA appear with increasing frequency, key business Web sites are disrupted by denial of service attacks, and no one knows how much successful industrial espionage is taking place because that leaves no trace.
META Group believes the GOVNET proposal, if done correctly, will increase security in internal U.S. government connectivity. In itself this is not a new idea - most organizations have their own internal networks, ranging from simple LANs to global networks, which are protected from the Internet behind multiple firewalls and other security devices. META Group states technologies like virtual private networks, encryption and firewalls have proven their worth as parts of an overall digital security scheme.
META Group thinks GOVNET could be a very large project that might help the computer/communications industry start to recover from the severe economic downturn that it has been trapped in for the last year. META Group states most clients had planned for a significant increase in security investment during 2001. It now has become apparent that a 15%-20% increase in security investment will barely allow a corporation to stay even; or to maintain the current frequency of failure. META Group points out that organizations that have not yet made a reasonable security investment will see a large scale impact on productivity in 2002.
The danger in GOVNET, however, is in the idea that any network can be completely secure and that once that network is built and implemented no other security - and specifically no efforts by individuals throughout the government - is needed. META Group cannot stress enough that security is not a one-time effort. The threat continually changes - new worms and viruses continually appear, for instance, to take advantage of newly discovered weaknesses. The best security software and devices will quickly become ineffective if they are not constantly updated with the latest patches, new virus definitions, etc. This requires constant legwork, checking hardware and software vendors' Web sites, for instance, for new patches to operating systems and other key software, such as e-mail and database systems, and installing those patches.
Organizations often fail at this unglamorous, constant effort, with the result that several times in recent years e-mail spread worms have done large amounts of damage by attacking software weaknesses that were long identified and for which patches were issued long ago. This constant assessment and evaluation will keep security on the front burner for the foreseeable future, in our opinion.
First Albany makes a market in SYMC. Blue Sky exception in VI for SYMC.
This story was excerpted from META FACts, a newsletter published by META Group and FAC/Equities, a division of First Albany. Matt Barzowskas is a vice president with FAC/Equities. He can be reached at firstname.lastname@example.org or (617) 228-3512.