Security hosting on the rise
Still, managed security service providers and network management firms said they have seen a substantial increase in interest in the wake of the Sept. 11 attacks.
"Inquiries about security services continue to increase. We are definitely seeing an upswing," said Kathleen Ryan, spokeswoman of IBM Global Services. Big Blue's services arm had significant success in outsourcing this year, signing more than US$1 billion in Web hosting contracts since Jan. 1. The company has also launched a fleet of new security-related services, including firewall construction and management, intrusion detection, virus alert monitoring and ongoing security checks.
The recent Code Red and Nimda worms have also accelerated interest in outsourcing hosting and security, Ryan said. "If you are self-hosting and you get hit with a virus attack, you have to handle it yourself."
Node Com, a real estate firm that specialises in data centres and telecom hotels, said it also has seen a dramatic up-tick in interest, which it attributes to a widespread realisation among I-managers that the best way to protect themselves against disasters like the destruction of the World Trade Centre is by spreading their resources among locations.
But as more companies move equipment off-premises, that will likely lead to increased need for managed security services and remote network management, said Chuck Adams, security general manager of remote network management services provider NetSolve.
"This isn't science fiction anymore," Adams said. "Companies can't deny any longer that they need to employ diligent management practices to handle significant business risks" that come from security-related issues.
Information system security is indeed a management responsibility BUT it also a responsibility of the vendors of the associated hardware, software and network systems themselves. AND this area was totally missing from the ZDNET analysis. You buy a car - you expect it to follow the appropriate Australian standards for car safety and quality. The problem today is that commodity systems, e.g. Windows 2000 / XP which have not even achieved a lowest level of trust analysis ( i.e. the old "C2" level of evaluation) are being used in mission critical server/hosts/workstations. It is time the IT industry was held responsible itself - profesisonals need to work with trusted systems that have been assessed according to security standards - and we have one - an international one - ISO 15408 - for system trust. None of this gets any mention in your analysis. Strange ! After all - there is no point blaming a driver for not stopping the car if it has no brakes ! By today, for example, mandatory / role based access control, segmented memory protection and the like should have been standard - they are not. There is the problem. Untrusted, commodity, consumer systems being used in government, business systems and networks for which they are ill suited. Even Steve Balmer of Microsoft was reported in June in the UK as commenting that his company could have done a better job in the security area ! Multiply that by a nation - and we have the potential for cyber disaster.
Bill Caelli
Information Security Research Centre
Queensland University of Technology