INDUSTRY

For the IT analyst community, the beginning of 2007 is almost certainly a time for taking stock; a time for giving some serious thought to what the year ahead will offer up in our own areas of technology research. For Andrew Kellett, Senior Research Analyst with Europe’s leading independent IT Research and Advisory organization Butler Group, this means IT Security. In Kellett’s view, for the IT Security sector, 2007 needs to be a year where more emphasis is placed on the requirement for good quality, unified protection systems, and one where product substance takes over from the usual industry hype. Full comment follows below. When taking an early look through the Christmas-to-New-Year e-mail files, it would be easy to conclude that nothing much has changed as we move into the new year. It would appear that 2007 will seamlessly push forward with business users worrying about an ever-increasing range of security threats, and IT security vendors carrying on as usual by proclaiming that they have most of the protection answers already in place. Nothing, of course, could be further from the truth, and the continued disconnection between technology propaganda and reality is one of the main reasons why the security sector continues to struggle to stay ahead of the new range of threats that are continually being delivered. It is also why the professionally-driven, criminally and illegally motivated elements of the threat world find the ease with which they can make use of technology so tantalizingly inviting. Going back to the industry messages that continually flood in each day, there have been several good examples recently of the comfortable, perhaps almost smug, way that the security sector positions itself. These have included hints on the top five ways to secure your company’s mobile devices; the easy way to effectively implement Instant Messaging (IM) policies; and easy-to-implement e-mail security strategies. The one common theme that runs through all of these e-mailed missives is the desperate requirement to position IT protection services as simple-to-use, and capable of delivering one-time fixes. For 2007, when I list the high-level areas of IT security that need to be considered for in-depth research by Butler Group, there are two things that stand out. Firstly, the list of requirements is a lot longer than it was twelve months ago, and secondly, the required levels of interaction and integration between protection solutions, and indeed between security vendors, has also gone up significantly. Take, for example, the issue of Identity theft, where we will be looking at what is being done by the industry to remediate against Phishing, Pharming, key logger, Spyware, and man-in-the-middle attacks – especially where these problems impact upon current and future business development in on-line trading and commerce in areas such as retail and financial services. Furthermore, in support of Business-to-Business (B2B) and Business-to-Customer (B2C) interactions there are a growing range of security products that are springing up to support enterprise network infrastructures. These include products that enable organisations to understand the full extent of all devices that operate across their systems and networks, products that are used to provision, control, and manage such devices, products that authenticate user and device status as they log-on, and products that will need to be capable of handling convergence between physical and logical access systems. None of these solutions fall into areas where easy-to-use hints and tips feel to be appropriate, but all have the substance that is required to take the Industry forward.