[ISN] Firms recast security as a money saver

From: InfoSec News (isnat_private)
Date: Thu Jun 13 2002 - 00:41:25 PDT

  • Next message: InfoSec News: "Re: [ISN] Ultimate Computer Security Devices"

    Forwarded from: "eric wolbrom, CISSP" <ericat_private>
    
    http://news.com.com/2100-1001-935484.html?tag=fd_top
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    June 12, 2002, 4:50 PM PT
    
    SAN FRANCISCO -- At a recent publicity event here, two security
    companies and accounting giant PricewaterhouseCoopers showed off their
    latest tool for selling software: a calculator that lets clients
    estimate how much money they can save by using the companies'
    offerings.
    
    The tool highlights an ongoing change in the market. Despite the
    terror of Sept. 11 and cries of imminent cyberattack, companies aren't
    interested in security for its sake alone; they want to be able to cut
    their bottom line as well.
    
    "Every customer that we are talking to says, 'We want to save money;  
    we want fewer suppliers; and we want someone to put themselves on the
    line and do it for us,'" said Steve Lesem, vice president of the
    security business unit for corporate application maker BMC Software,
    one of two companies that partnered with PricewaterhouseCoopers for
    the Tuesday event.
    
    With clients more watchful of their purse strings, security-software
    makers are arming themselves with return-on-investment calculators and
    trying to emulate the success of the early explorers of the "virtual
    private network" sector. In that market, corporations save money by
    buying technology to split a single Internet connection into many
    secure channels rather than paying hefty fees to telecommunications
    providers for dedicated lines. The result is not just more secured
    connections, but cheaper ones as well. The focus has paid off for VPN
    sellers: The companies should rake in $46 billion in 2006, according
    to market watcher Infonetics Research.
    
    Now other security sectors are borrowing the "savings over security"  
    mantra.
    
    "There is real money being saved by these solutions," Lesem said. And
    for BMC Software--a player in the up-and-coming, and somewhat obscure,
    market of identity management--and single sign-on Web service partner
    Oblix, the calculator and other such methods are important ways to
    help potential customers quantify the benefits.
    
    Identity-management software attempts to provide a single system for
    managing all the accounts on every server and service on a network.  
    When new people need to be registered, a single administrator can
    easily set them up with the proper access to databases, Web servers
    and other network resources.
    
    Problems involving user accounts are widespread, said Chris Pick, vice
    president of product strategy for security software maker PentaSafe
    Security Technologies. As a security consultant for a Big 4 consulting
    firm, Pick would regularly find valid accounts belonging to old users
    who had been laid off or had left the company.
    
    "About 70 percent of the people on the separated user list still had
    active accounts," Pick said. "Worse, about 10 percent of those
    accounts had been accessed within the last 30 days."
    
    While companies tend to activate user accounts quickly out of
    necessity, deactivating the accounts tends to take far longer,
    sometimes not until a company has reorganized, said a report by
    analyst firm the Meta Group.
    
    "Our data suggests that a company has to delete the average user from
    30 different accounts," said Chris King, program director for Meta.  
    King believes that less than 25 percent of all people who leave a
    company have all their accounts deleted by the technical staff.
    
    Catching such slipups is key to corporate security, but lowering the
    cost of supporting employees and improving service have gained in
    importance.
    
    "Essentially, what we are saying here is that the first justification
    is security, the second is cost, and the third is increased level of
    service," King said. "But those get shifted around a lot."
    
    The Meta Group survey found that more than 5 percent of all
    information-technology spending at companies can be cut by using an
    identity-management system. In a large company, that could easily mean
    savings of hundreds of thousands of dollars every year.
    
    However, such savings aren't guaranteed, King warned.
    
    "The thing is, the cost benefits assume a successful project," King
    said. "But these things are hard to pull off. Some organizations are
    not going to be able to make the shift in mindset needed to be
    successful."
    
    "It's not as simple as a VPN, where you are going to plunk down a
    box," King added. "But from a customer's perspective, if you think you
    can pull this off, you would be foolish not to."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jun 13 2002 - 03:41:44 PDT