Security a bright spot for IT spending

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1014-996798.html

By Michael Kanellos 
Staff Writer, CNET News.com
April 14, 2003

SAN FRANCISCO -- Technology spending remains depressed, but increased
government spending and concern about privacy could make security
companies a rare bright spot.

Companies that specialize in software, hardware and services for the
security industry could see stronger growth this year than
counterparts in other technology fields, said speakers at this week's
RSA Conference 2003 here.

"This space will get more attention in terms of (information
technology) dollars," said Eugene Munster, a research analyst at U.S.  
Bancorp Piper Jaffray, who predicted that security companies could see
their revenue grow 5 percent to 20 percent between 2003 and 2004,
depending on the company and the products it makes.

Part of the growth will derive from the havoc wreaked by spam and
viruses in corporate networks, speakers at the conference said. The
subdued optimism, however, also is based on mandates from the
government. Funding for security technology is up 60 percent from 2002
to 2003, Munster noted.

Much of the increase will be spent by September, the month when annual
government technology budgets get used up. Consultants and IT
professionals could reap a substantial portion of the budget increase
as nearly 80 percent of the new funds revolve around hiring people to
implement these systems.

"The September quarter is the potential inflection point for the
security vendors," said Wendell Laidley, a former security analyst
turned investor. "The magnitude of the spending has the potential to
represent a positive catalyst."

NetScreen, which makes inexpensive firewall and virtual private
network (VPN) servers, is enjoying particularly strong growth, Laidley
added.

However, Jeff Glidden, RSA Security's chief financial officer, warned
against expecting too much from the increase in government spending.  
Government spending is now 5 percent of RSA's total revenue and could
reach 10 percent. The market, though, remains difficult to predict.  
RSA specializes in encryption software and services.

"If we get an uptick, it will probably offset any imbalances from
downturns in Europe and elsewhere," he said. "It is a little bit of an
uptick, but it is not a reason to buy the stock."

Regulations and legal restrictions imposed on private businesses could
also boost sales. Amazon.com, Microsoft and others in recent years
have been hit with lawsuits and enforcement actions because of
security breaches, which have resulted in fines and huge legal bills,
said John Tomaszewski, chief privacy officer at CheckFree, which
specializes in payment systems.

In one celebrated case, Amazon spent $1.9 million to settle a privacy
suit with customers, another $1.9 million in legal fees, and had to
build a security system as a result of failed privacy policies.  
Citibank, meanwhile, paid $1.4 million in fines and an unknown amount
of legal fees in an action before the Federal Trade Commission for
selling customer data.

Similarly, Eli Lilly got hit with a $160,000 fine and paid an unknown
amount in legal fees after it sent a notice to Prozac patients that
the company was going to discontinue e-mail alerts on the drug. The
problem? The pharmaceutical company put 669 names in the "to:" field
on the e-mail, inadvertently disclosing the names of patients who take
the drug, Tomaszewski said.

Select compliance and enforcement provisions of The Heath Insurance
Portability and Accountability Act of 1996 become active on April 14,
he added. The law mandates that hospitals and health care providers
impose security precautions for patient records. Failure to do so
could result in penalties and jail time.

"You are going to have to do security," Tomaszewski said. "If you
don't do it, the federal government will make you do it, or the state
government will make you do it, or annoyed customers will make you do
it."




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.