Users are spending less on security than printers,
according to a report from IDC. However, the company does not think
that pouring in more money is necessarily the answer.
IDC's report agreed with research from the DTI that said a
greater priority should be put on security, but that companies
should move to a more systems-based approach where security is
embedded in the network.
In 2003, companies spent £36bn on printers, and £35bn on
security. It is well known that the printer market is kept
artificially high by the inflated cost of ink and cartridges. In
the case of security, however, waste comes through lack of
integration, according to IDC's report, which said the figure
should go up to £40bn this year, and £65bn by 2007.
"We need to approach security differently," said Thomas Raschke,
program manager for IDC's European security research, and one of
the report's authors, arguing for an integrated approach, rather
than cobbling together best-of-breed firewalls and other
devices.
"In the past, it has been a patchwork of point solutions," said
Raschke. "There always will be certain companies who are early
developers. Many of their customers have the attitude that only the
best is good enough, so they bought all these expensive high-price
products."
They realised too late that they did not have tools to manage
them all together: "People have a heterogeneous environment, that
makes it impossible to run those things."
This is, of course, music to the ears of the report's sponsor,
Cisco Systems. As the industry's biggest full-spectrum network
equipment supplier, Cisco will be very pleased to learn that
integrated, network-based systems are better than putting together
point products - even point products which might be superior to
individual parts of the integrated solution.
Cisco comes out well in the report, with kudos for its Network
Admission Control (NAC) system - that enforces patch and anti-virus
policies on all devices connecting to a corporate network similar
to the feature introduced last month by iPass.
At the Infosecurity trade show in London this week, Cisco gave a
good look at its own network security infrastructure, which plays
heavily on the need to co-ordinate different security functions,
and relate client and the network. As well as NAC, the company
demonstrated Cisco Security Agent (CSA), a software intrusion
prevention system it acquired with Okena last year, that is now
running on all the company's laptops.
"We think that CSA is secure enough to consider turning off
other personal firewalls, and allowing laptops to connect to the
internet directly," said Paul King, principal consultant at Cisco.
As it is, Cisco is confident enough in its ability to block rogue
behaviour that it leaves even urgent patch updates until a
scheduled download.
Cisco's approach also blocks the ability of users to fiddle with
security settings and controls things centrally, something which
Raschke would approve of. "The rogue element in security solutions
is people," he warned.
Peter Judge writes for Techworld.com