Security spending rising for data centers, surveys show

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.computerworld.com/securitytopics/security/story/0,10801,81261,00.html

By JAIKUMAR VIJAYAN 
MAY 15, 2003
Computerworld 

As the director of global security at Hewitt Associates LLC, Dan 
Josephites is taking a multifaceted approach to bolstering defenses at 
his company, which is the nation's largest human resources outsourcer. 

Firewall, antivirus and other intrusion-detection technologies are a 
key part of the strategy. But Hewitt is also shoring up its internal 
networks, performing network and application-level penetration 
testing, and working with developers to ensure secure code on all 
Web-facing applications. 

"We are spending more on security, there's no two ways about it," 
Josephites said. 

Hewitt isn't alone. A new study released this week, by the Orange, 
Calif.-based AFCOM's Data Center Institute, shows that information 
security has become a major priority for the nation's largest data 
centers in the face of constant terror alerts, tensions in Iraq and 
proliferating cyberthreats. 

The study, conducted earlier this year among 257 data center managers, 
showed that nearly 50% of the companies surveyed said they had 
increased security budgets by 5% to 15% in the past year. While a 
majority of organizations are still spending less than 10% of their IT 
budgets on security, about 17% allocated between 9% and 20% of their 
budgets for it. 

AFCOM's survey results are nearly identical to the results of a 
worldwide survey of 500 financial services companies being released 
next week by Deloitte Touche Tomhatsu. The Deloitte survey shows that 
despite the economic downturn, most companies have maintained or 
increased security budgets and boosted IT security staffing levels. 

The budget increases come at a time when a growing number of companies 
face external and internal cyberattacks, said Jill Eckhaus, president 
of AFCOM. "The most surprising thing in my mind was that almost 30% of 
the companies surveyed did have a breach of security last year," she 
said. 

In the financial services sector, 40% of the respondents to the 
Deloitte survey reported breaches in the past year -- with most of 
them coming from external sources. 

Growing concerns about cyberattacks have made "the approval process 
for security spending somewhat easier," Josephites said. "It is very, 
very difficult to 'ROI' security, but my management understands that 
it is the cost of doing business these days." 

"I'm not having any trouble getting money for [corporate] security," 
said David Krauthamer, director of IS at Advanced Fibre Communications 
Inc., a Petaluma, Calif.-based manufacturer of telecommunications 
equipment. Proliferating virtual private network access and an 
increase in the number of workers accessing the corporate network from 
outside have made remote access a major security concern for the 
company, he said. 

If there is a challenge, it would be to get the funding needed to 
guarantee that home networks are properly secured, he said. "Most of 
the money is spent on making the corporate network a fortress," he 
said. 

The need to have a more proactive security posture has driven up 
security spending, said Kevin Ott, vice president of technology at 
Terra Nova Trading LLC, a financial services firm in Chicago. 

Apart from having to stay on top of the growing number of hacker 
threats, Terra Nova is, for instance, also having to respond to 
customer demand for instant messaging support on the company's 
network. That means investing in technologies to secure and archive 
such communications -- measures the company has already invested in 
for internal IM use. 

Despite the increased security spending, only about 5% of the 
respondents in the Deloitte survey claimed to be extremely confident 
about their ability to withstand attacks. "The lack of confidence in a 
company's ability to respond to internal and external attacks was 
surprising," said Ted DeZabala, a partner with Deloitte's security 
services group. 


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.