Vendors Pushed For Greater Integration By TIM WILSON and RUTRELL YASIN In 1998, security was hot; enterprise management was not. Several well-publicized hacker attacks--and catchy TV commercials (IBM's "Go back to sleep ...")-- helped IT managers present a case for strong network security. On the enterprise management side, IT managers were stymied in delivering quality management services across the enterprise by unfulfilled vendor promises. On the security front, IT managers learned that attacks can come from anywhere, both from inside and outside an organization. A rise in Internet-based attacks piqued IT managers' interest in tools and services that could help them determine if their networks and systems are vulnerable to hacker attack. This doesn't mean inside attacks--in the past considered the greater problem--are diminishing, but the threats from outside are increasing. External threats have spurred demand for vulnerability scanners to probe networks and systems for security holes, and for intrusion-detection systems (IDS), high-tech burglar alarms that alert IT administrators when suspicious activity is detected. In addition, vendors such as Cisco and Network Associates Inc. validated, if not consolidated, the market through acquisitions earlier in the year. "There's no question there was a high level of interest" in these intrusion-detection tools, Forrester Research analyst Ted Julian said. IDS may not have rolled off the assembly line as fast as firewalls did in their first years on the market, but Julian expects a ramp up next year as IDS matures. The market for assessment and detection systems is projected to grow from $50 million in 1997 to $100 million this year, according to the Aberdeen Group. Public-key infrastructures (PKI) also generated user interest, as vendors such as Entrust Technologies Ltd. and VeriSign Inc. continued to spread the digital certificate gospel. PKI solutions are a set of security services including authentication, encryption and certificate management usually provided by a certificate authority. Digital certificates, a key component of a PKI, are electronic signatures that verify that a person sending a secure message is actually the sender. "We've seen a lot more user interest in PKIs, but there's a difference in interest and wide-scale deployment," Aberdeen Group analyst Eric Hemmendinger said. "There was a lot of pilot work this year, which should result in significant deployments in 1999," he said. Julian, however, doesn't think there will be major deployments until 2000 and beyond. "There will be a much more gradual ramp up of PKIs, [compared to] intrusion-detection systems," because the infrastructure needed to support PKIs is more comprehensive, he said. It was harder getting users to buy PKI solutions because their plates were filled with Y2K problems or Gigabit Ethernet deployments, said William Crowell, CEO of Cylink Corp. The U.S. Postal Service, for example, is using that company's PKI technology to let users download postage from the Internet. Although more IT managers understand the importance of security, there still is a need to educate CEOs and other senior executives, Crowell said. Senior management needs a better sense of what the right level of security is for their company, and how to get a better return on investment, he said. While the security market was hopping in 1998, the network and systems market remained largely dormant from the IT manager's point of view. During the year, vendors made many promises for service level management, policy-based control and standards-based application integration, but very few users actually deployed any of the new technologies. Service level management, the process of measuring the performance of specific network services or applications, was perhaps the most ballyhooed idea of 1998, and one of the most disappointing. Although vendors introduced scores of products tagged as service level management tools, many IT managers could not deploy or even define the service level management concept. "I was just talking with my [management vendor] yesterday, and they still don't think I understand service level agreements the way they do," said Brian Seal, who is responsible for managing database systems for the county of Henrico, Va. "There needs to be more clarity on what to monitor and what the benefits are." In a survey of 100 IT and network managers who read InternetWeek, 60 percent of respondents said they have a service level management plan in place, according to Enterprise Management Associates, the consulting firm that conducted the survey. Yet 21 percent of respondents could not define the term. "There are too many confusing messages coming from the vendors," said Rick Sturm, a principal at Enterprise Management Associates. "Right now, [IT managers] don't know what to do." A similar confusion surrounds the notion of policy-based management, which was touted throughout 1998 as the solution for managing switched networks and IP quality of service (QoS). Although major vendors such as Cisco and 3Com launched policy management for their own hardware, only small companies such as Ukiah Software Inc. and IPHighway Inc. have developed multivendor tools for controlling QoS. "IP networks don't behave rationally, they behave randomly," said Gordon Smith, vice president of marketing at Ukiah. "But [IT managers] are finding that a best-effort network is not going to cut it for mission-critical applications." Vendors also continued their struggle to integrate disparate management applications. While enterprise management vendors such as Computer Associates and Tivoli Systems Inc. offered some integration through their broad-ranging frameworks, most other vendors focused on standards now being developed by the Desktop Management Task Force. In 1998, the DMTF accepted full responsibility for developing the Common Information Model (CIM), which describes a standard method for storing and transmitting management data, and Directory-Enabled Networking (DEN), which describes a common method for linking directory data. "The CIM standard is an important direction for us. But customers don't have it right now," said Martin Neath, executive vice president at Tivoli, a DMTF member. "DEN will also be an important part of the work that the DMTF does, but it isn't all that well defined." Such comments typify the discussion of network and systems management issues in 1998. Many in the industry, especially IT managers, hope the technology will become more concrete in 1999. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:14:57 PDT