Gartner names top security issues for 2003

Enterprise efforts to secure web services and WLan implementations will be among the top security initiatives for companies in...

Enterprise efforts to secure web services and WLan implementations will be among the top security initiatives for companies in 2003, according to Gartner research detailed at its Symposium ITxpo 2003 conference. 

Although security remains a critical priority for most enterprises, previously overhyped security technologies have led companies to be more cautious about future implementations, according to Victor Wheatman, vice-president and research area director at Gartner. 

Intrusion detection is one of those over-hyped technologies, Wheatman said. On the surface it sounds like a good idea but alerts you only that something is going on. It is not always so effective to just see the alarms going off and not have the tools to address the problem.

The area of intrusion detection is now moving into firewall management to become intrusion protection, which would allow enterprises to do something about the alarms, Wheatman said. 

Because companies are exploring the promise and potential of web services deployments, securing those applications will be an important consideration this year.

"Web services is being hyped as the new development platform for all kinds of wonderful things. But often [new technologies] are brought forward and then security is considered after the fact," Wheatman said.

Specifically, web services can poise security issues because some web services-based applications are designed to bypass firewalls, which could leave enterprises vulnerable, he said. 

Other critical security issues poised to bubble to the top in 2003 include identity management and provisioning, intrusion prevention, and event correlation, according to Gartner. 

The increased use of instant messaging (IM) in enterprises will result in prioritised efforts to secure the "holes" IM can open in corporate networks. Because it seeks any open port, IM and other P2P programs can put enterprise networks and sensitive information at risk. 

Preparations to prevent or secure networks against the next Code Red or Nimda attack, industry-specific security efforts, infrastructure security, protecting intellectual property have also made it onto the list, along with initiatives to improve the trustworthiness of enterprise transactions and the corresponding audit trail.

Read more on Hackers and cybercrime prevention