The cyber-security field is booming right now. New vendors are budding in what had been a wide-open field offering little growth. Burgeoning revenue opportunities have enticed old timers like Network Associates and Symantec Corporation to broaden their cyber-security offerings.
With the spate of online breaches and cracker escapades widely publicized in the media, all signals point to real market demand for integrated and responsive security products with expertise available to install and possibly manage them.
Further light on industry's need for protection is shed by a recent poll conducted by Cutter Consortium, an information technology advisory and consulting group. The results of Cutter's survey emphasize how tenuous security investments in technology and staff really are in the corporate community. Alarmingly, almost a third of the 134 multinational corporations surveyed reported no firewall protection and marginal internal security expertise, even for security fundamentals. While not a scientific study, the results offer additional confirmation that business is still wide open to all levels of intrusion -- from script kiddies to professional crackers who deface, deny site access, steal, or destroy.
Know thyself to evaluate others
Don't waste your time evaluating security vendors before doing a thorough internal threat and vulnerability assessment. Effective security solutions will vary depending on organization size and industry niche.
Small firms will initially need to review total security solution vendors to determine their security needs, then install integrated protection that can be easily managed internally. The good news is that these vendors are available and are focusing on small and mid-sized firms.
Mid-sized companies are often accustomed to "traditional" security products such as virus protection and firewall operations, but now need the seamless protection dictated by e-commerce transactional activity. Welcome to the world of encryption, VPN, PKI, secure transactions, privacy assurance and much more. These firms suffer from a dual dilemma: whether to pursue a total security solution from a sole source, or take the threat and vulnerability analysis route contracted from one firm followed by reviews of security products or services from other vendors to address upcoming expansion or current vulnerabilities.
In essence, the conundrum is between taking on a single solution vendor to obtain one source for problem resolution and communication (which comes with negatives such as proprietary software and services) versus obtaining best-of-breed products from various vendors (which means dealing with several sources to resolve operational or security breach problems).
Enterprise-level organizations, if attempting to maintain secure infrastructures, have found that isolated point security products each require a unique product-dependent expertise that often cannot be applied across applications. This multiple expertise requirement wreaks havoc on security staff who have great difficulty maintaining disparate and proprietary security products.
Each class of organization, due to Internet development and greater technological flexibility (e.g. Internet design-based software, new operating system versions expressly incorporating cross-platform, Internet-linked functionality), now contains wide variations in security requirements. Within the class, each company now represents a distinct security profile warranting a limited range of solutions to counter specific threats. Accordingly, complete solutions for every company are difficult to offer at this stage in the security market.
