AOH :: ISN-3028.HTM

Gartner: Security costs fall with good policies

Gartner: Security costs fall with good policies
Gartner: Security costs fall with good policies 

By Jeremy Kirk
September 18, 2006 
IDG News Service

Enterprises will increasingly face skilled IT criminals trying to 
infiltrate corporate networks for sensitive data stored in databases, 
but adopting new policies to evaluate risk should help drive the cost of 
defense down, computer security analysts said Monday.

The attacks could come in a variety of forms -- extortion attempts after 
data is encrypted and held hostage and the theft of intellectual 
property -- but all could have "potentially disastrous" effects for 
unprepared businesses, said Vic Wheatman, managing vice president at 
research analyst firm Gartner Inc.

"Most businesses aren't attacked but some are," Wheatman said at 
Gartner's IT Security Summit. "We believe that cybercrime represents the 
next wave."

Businesses will need new IT strategies to defend themselves.  
Enterprises now should spend 4 percent to 6 percent of their IT budgets 
on information security. This figure is equivalent to what organizations 
allot for casualty insurance, he said. From its latest data, Gartner 
expects information security budgets to increase 4.5 percent over the 
next year.

But many corporations are creating security policies based on government 
regulations rather than threats. The result is policies that meet the 
auditors' requirements but aren't necessarily best for the overall 
security, said Jay Heiser, Gartner research vice president. "We refer to 
that as 'regulatory distraction,'" Heiser said.

Rather than trying to anticipate a new regulation, it's better for 
companies to treat regulation as one more factor in an overall risk 
portfolio, Heiser said. It could take at least five years for an 
enterprise to form this approach, he said.

Corporations can also rethink how they acquire new security software.  
Rather than buying the "best of breed" security product, companies can 
buy the "best of need," one that may not be the top of the market but 
meets the company's requirements, Wheatman said.

Security products are also increasingly meshing what were separate 
functions. Wheatman said companies have shown success in negotiations 
with security vendors in getting, for example, antispyware included with 
antispam and antivirus software instead of paying extra.

"We do think that over time, organizations can decrease their security 
budgets as a percentage of the IT budget," Wheatman said.

Gartner released figures last week showing strong growth in the computer 
security software sales. Revenue totaled $7.4 billion in 2005, a 14.8 
percent increase over 2004. Antivirus software represented 54.3 percent 
of the revenue, at $4 billion.

HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: 

Site design & layout copyright © 1986-2014 CodeGods