Firms spend more on printers than security

Users are spending less on security than printers, according to a report from IDC. However, the company does not think that...

Users are spending less on security than printers, according to a report from IDC. However, the company does not think that pouring in more money is necessarily the answer.

IDC's report agreed with research from the DTI that said a greater priority should be put on security, but that companies should move to a more systems-based approach where security is embedded in the network.

In 2003, companies spent £36bn on printers, and £35bn on security. It is well known that the printer market is kept artificially high by the inflated cost of ink and cartridges. In the case of security, however, waste comes through lack of integration, according to IDC's report, which said the figure should go up to £40bn this year, and £65bn by 2007.

"We need to approach security differently," said Thomas Raschke, program manager for IDC's European security research, and one of the report's authors, arguing for an integrated approach, rather than cobbling together best-of-breed firewalls and other devices.

"In the past, it has been a patchwork of point solutions," said Raschke. "There always will be certain companies who are early developers. Many of their customers have the attitude that only the best is good enough, so they bought all these expensive high-price products."

They realised too late that they did not have tools to manage them all together: "People have a heterogeneous environment, that makes it impossible to run those things."

This is, of course, music to the ears of the report's sponsor, Cisco Systems. As the industry's biggest full-spectrum network equipment supplier, Cisco will be very pleased to learn that integrated, network-based systems are better than putting together point products - even point products which might be superior to individual parts of the integrated solution.

Cisco comes out well in the report, with kudos for its Network Admission Control (NAC) system - that enforces patch and anti-virus policies on all devices connecting to a corporate network similar to the feature introduced last month by iPass.

At the Infosecurity trade show in London this week, Cisco gave a good look at its own network security infrastructure, which plays heavily on the need to co-ordinate different security functions, and relate client and the network. As well as NAC, the company demonstrated Cisco Security Agent (CSA), a software intrusion prevention system it acquired with Okena last year, that is now running on all the company's laptops.

"We think that CSA is secure enough to consider turning off other personal firewalls, and allowing laptops to connect to the internet directly," said Paul King, principal consultant at Cisco. As it is, Cisco is confident enough in its ability to block rogue behaviour that it leaves even urgent patch updates until a scheduled download.

Cisco's approach also blocks the ability of users to fiddle with security settings and controls things centrally, something which Raschke would approve of. "The rogue element in security solutions is people," he warned.

Peter Judge writes for

Read more on Identity and access management products