European firms getting security wrong

[William Knowles <wk () C4I ORG>]

http://www.vnunet.com/News/1107229

John Leyden, Friday 21 July 2000

Security has finally become an item on the corporate agenda but many
companies are taking the wrong approach to addressing the issue,
according to research by IDC.

In its Security Services: Protecting the eBusiness Infrastructure
report, published this week, IDC argues that many companies rolling
out ebusiness programs are failing to formulate and apply an
appropriate security policy, which is needed to properly secure their
internet infrastructures.

Sandra Baccari Edler, research analyst from IDC's European business
infrastructure and technology services programme, warned that
companies with piecemeal security in place are both at risk from
crackers and at a competitive disadvantage to competitors.

"Companies are putting up walls or filling in holes and are not
building a secure environment based on a cohesive, holistic security
policy," said Baccari Edler.

"If ebusiness in Europe is to be successful, this approach will have
to change. Security needs to be incorporated into a corporate culture
- not treated as an add-on," she added.

IDC argues that due to a lack of forethought, companies commonly
believe they are secure after implementing one or two security
measures. Another common mistake identified by IDC is that companies
tend to focus on keeping the bad guys out - without considering the
needs of legitimate users from both inside and outside their
organisations.

The researcher found that of companies that employ some security
measures, virus detection software is by far the most popular choice
with 97 per cent of respondents to its survey claiming use of it.

Other security measures employed by European companies drop in
popularity as they increase in complexity and cost. The implementation
of firewalls, used by 67 per cent of companies, is rather
straightforward, while complex public key infrastructure technology -
which require extensive management - are used by only nine per cent of
the firms.

IDC also found that, fuelled by the explosion of ebusiness, the
security services market in Europe is undergoing enormous growth.
Increased access to company resources over the internet and the need
for companies to protect their brand in cyberspace are other factors
stimulating the expansion of the security market, which IDC
characterises as being still in its infancy.

"Improvements in security will become a priority when legislation
comes that will require companies on the web doing business to be
secure or when security lapses affect the bottom line. Good security
will not come through a watershed event, though awareness is getting
there," said Baccari Edler.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".