Perspective: The state of security: It ain't pretty

(continued from previous page)

more dangerous than it was when we were worried about two-digit date codes, but we've added spam and phishing to really make the security guys pull their hair out.

To be fair, there has been progress here. BorderWare Technologies and McAfee have great e-mail security products, but this is definitely an area where we take two steps forward, then one step back.

Worm holes
What about worms? In August 2003, everyone got slammed by MSBlast and Sobig, to the tune of about $4 billion dollars in damage worldwide.

We may have made some progress on worm prevention since then, but the lion's share of companies are still suffering. In our survey, 66 percent of users said their organizations had been impacted by a worm in the last 12 months, and more than half those were hit more than once.

Almost everyone said their businesses suffered financial and operational impact from worms, and 14 percent of users said this impact was severe. Yikes!

I still have visions of security Sisyphus pushing an ever-growing boulder up an ever-steeper hill.

We got tons more data--too much to expound upon here, so I'll do my best to offer a summary. Most users see risk, threats and vulnerabilities all around them but remain confused about which way to turn. Before choosing a technology solution, they labor through about a half dozen disparate product evaluations, adding time and cost to the implementation process while their organizations remain insecure.

The data did show some positive signs. For example, ESG found that companies that have adopted Intrusion Prevention Devices (IPS) said they'd had fewer security problems and voiced a great deal of satisfaction.

Of course, there are also a lot of investment dollars at hand to finance new companies with better mousetraps in time for next year's RSA Conference.

Nevertheless, after analyzing this data for the past month, I still have visions of security Sisyphus pushing an ever-growing boulder up an ever-steeper hill.

I love San Francisco, and RSA is always a blast. It's not just the cocktail parties; it's the opportunity to speak with the brightest minds in our industry and compare notes on what everyone is seeing. This year, however, I'll make sure to curb my enthusiasm and seek out the security professionals in the crowd for a reality check. It won't be hard to do--they'll be the harried-looking men and women constantly on their cell phones in the midst of the industry glitz.

Biography
Jon Oltsik is a senior analyst at the Enterprise Strategy Group.

More Perspectives