Enterprise efforts to secure web services and WLan
implementations will be among the top security initiatives for
companies in 2003, according to Gartner research detailed at its
Symposium ITxpo 2003 conference.
Although security remains a critical priority for most
enterprises, previously overhyped security technologies have led
companies to be more cautious about future implementations,
according to Victor Wheatman, vice-president and research area
director at Gartner.
Intrusion detection is one of those over-hyped technologies,
Wheatman said. On the surface it sounds like a good idea but alerts
you only that something is going on. It is not always so effective
to just see the alarms going off and not have the tools to address
the problem.
The area of intrusion detection is now moving into firewall
management to become intrusion protection, which would allow
enterprises to do something about the alarms, Wheatman said.
Because companies are exploring the promise and potential of web
services deployments, securing those applications will be an
important consideration this year.
"Web services is being hyped as the new development platform for
all kinds of wonderful things. But often [new technologies] are
brought forward and then security is considered after the fact,"
Wheatman said.
Specifically, web services can poise security issues because
some web services-based applications are designed to bypass
firewalls, which could leave enterprises vulnerable, he said.
Other critical security issues poised to bubble to the top in
2003 include identity management and provisioning, intrusion
prevention, and event correlation, according to Gartner.
The increased use of instant messaging (IM) in enterprises will
result in prioritised efforts to secure the "holes" IM can open in
corporate networks. Because it seeks any open port, IM and
other P2P programs can put enterprise networks and sensitive
information at risk.
Preparations to prevent or secure networks against the next Code
Red or Nimda attack, industry-specific security efforts,
infrastructure security, protecting intellectual property have also
made it onto the list, along with initiatives to improve the
trustworthiness of enterprise transactions and the corresponding
audit trail.