[ISN] Security spending rising for data centers, surveys show

From: InfoSec News (isnat_private)
Date: Fri May 16 2003 - 00:30:13 PDT

  • Next message: InfoSec News: "[ISN] NIST releases draft security standard"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.computerworld.com/securitytopics/security/story/0,10801,81261,00.html
    
    By JAIKUMAR VIJAYAN 
    MAY 15, 2003
    Computerworld 
    
    As the director of global security at Hewitt Associates LLC, Dan 
    Josephites is taking a multifaceted approach to bolstering defenses at 
    his company, which is the nation's largest human resources outsourcer. 
    
    Firewall, antivirus and other intrusion-detection technologies are a 
    key part of the strategy. But Hewitt is also shoring up its internal 
    networks, performing network and application-level penetration 
    testing, and working with developers to ensure secure code on all 
    Web-facing applications. 
    
    "We are spending more on security, there's no two ways about it," 
    Josephites said. 
    
    Hewitt isn't alone. A new study released this week, by the Orange, 
    Calif.-based AFCOM's Data Center Institute, shows that information 
    security has become a major priority for the nation's largest data 
    centers in the face of constant terror alerts, tensions in Iraq and 
    proliferating cyberthreats. 
    
    The study, conducted earlier this year among 257 data center managers, 
    showed that nearly 50% of the companies surveyed said they had 
    increased security budgets by 5% to 15% in the past year. While a 
    majority of organizations are still spending less than 10% of their IT 
    budgets on security, about 17% allocated between 9% and 20% of their 
    budgets for it. 
    
    AFCOM's survey results are nearly identical to the results of a 
    worldwide survey of 500 financial services companies being released 
    next week by Deloitte Touche Tomhatsu. The Deloitte survey shows that 
    despite the economic downturn, most companies have maintained or 
    increased security budgets and boosted IT security staffing levels. 
    
    The budget increases come at a time when a growing number of companies 
    face external and internal cyberattacks, said Jill Eckhaus, president 
    of AFCOM. "The most surprising thing in my mind was that almost 30% of 
    the companies surveyed did have a breach of security last year," she 
    said. 
    
    In the financial services sector, 40% of the respondents to the 
    Deloitte survey reported breaches in the past year -- with most of 
    them coming from external sources. 
    
    Growing concerns about cyberattacks have made "the approval process 
    for security spending somewhat easier," Josephites said. "It is very, 
    very difficult to 'ROI' security, but my management understands that 
    it is the cost of doing business these days." 
    
    "I'm not having any trouble getting money for [corporate] security," 
    said David Krauthamer, director of IS at Advanced Fibre Communications 
    Inc., a Petaluma, Calif.-based manufacturer of telecommunications 
    equipment. Proliferating virtual private network access and an 
    increase in the number of workers accessing the corporate network from 
    outside have made remote access a major security concern for the 
    company, he said. 
    
    If there is a challenge, it would be to get the funding needed to 
    guarantee that home networks are properly secured, he said. "Most of 
    the money is spent on making the corporate network a fortress," he 
    said. 
    
    The need to have a more proactive security posture has driven up 
    security spending, said Kevin Ott, vice president of technology at 
    Terra Nova Trading LLC, a financial services firm in Chicago. 
    
    Apart from having to stay on top of the growing number of hacker 
    threats, Terra Nova is, for instance, also having to respond to 
    customer demand for instant messaging support on the company's 
    network. That means investing in technologies to secure and archive 
    such communications -- measures the company has already invested in 
    for internal IM use. 
    
    Despite the increased security spending, only about 5% of the 
    respondents in the Deloitte survey claimed to be extremely confident 
    about their ability to withstand attacks. "The lack of confidence in a 
    company's ability to respond to internal and external attacks was 
    surprising," said Ted DeZabala, a partner with Deloitte's security 
    services group. 
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri May 16 2003 - 03:50:41 PDT