Gartner analysts talk about the security companies don't need

IDG News Service - The plethora of security technologies on the market are enough to overwhelm even the most knowledgeable IT managers, but in sorting through all of the options, it may be helpful to look at what is not needed, according to research that Gartner Inc. detailed today at its IT Security Summit conference in London.
The list of security items a company probably doesn't need within the next five years includes personal digital signatures, quantum key exchanges, passive intrusion detection, biometrics, tempest shielding (to protect some devices from emanating decipherable data), default passwords or enterprise digital rights management outside of workgroups, according to Victor Wheatman, vice president and research area director at Gartner, based in Stamford, Conn.
"You have to be aware of what the overhyped technologies are. You don't need personal digital signatures, because in most cases, an electronic signature will be enough, and in terms of biometrics, you won't need that unless your company is using airplane pilots or has high-level executives that won't or can't remember passwords," Wheatman said.
Wheatman also singled out "500-page security policies" and security awareness posters as things an IT manager would be better off not spending company resources on. "You do need security policies, but not ones so large that no one reads them. It is also important to have a business continuity plan. We got a lot of calls when the hurricanes came through Florida, but for the most part, that was a little too late," he said.
IT managers need to be much more proactive about implementing systems that work correctly in the first place, rather than spending the time and money on fixing problems after the fact, Wheatman said. Software need not have flaws, he stressed, and IT managers need to challenge their vendors to make safer software. Otherwise, security costs within the industry will continue to grow.
"We've been in the biggest beta test in history and this test is still going on: It's called Windows," Wheatman said. "Longhorn will fix some of the problems [within Windows], but it isn't a full solution and flaws will remain. Our studies have found that it is three to five times more expensive to remove software defects after the fact. Why not get it right to begin with?"
A company should demand proof that a software product it buys is safe and make sure that the vendor has reviewed the code of the software with security in mind, he said.
By 2006, Gartner projects that when it comes to software and hardware, a

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.