Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. SecurityMatters.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.

LINK TO: SecurityMatters.com, home page.
The network security practice of Bennett Gold LLP, Chartered Accountants.


Join the
Bennett Gold
News List:

(enter e-mail)
read privacy
disclosure

Security News Headlines:

PROTECT YOUR PRIVATE PARTS

Canadian Security Market is in its infancy. Plenty of opportunities for resellers and systems integrators.

GO BACK to Previous Page.

Source: Plesman Communications
Posted on August 20, 2000

When it comes to handling security issues, it's not what you say, it's what you do that ultimately matters. And that's exactly what IDC Canada analyst Cheryl Carleton worries about.

      According to a recent study, while 53 per cent of Canadian medium- and large-sized companies surveyed called network, data and Internet security a "very important" priority, a whopping 41 per cent deemed it only "somewhat important."

      And while most participants said they plan to increase investments in IT security over the next 24 months, more than half said they will allocate only 10 per cent or less of their total IT budgets to security solutions and services.

      "As much as people say they have an extremely high interest, there's very limited spending," says the Toronto-based Carleton. "Basically what people are doing is buying point solutions like antivirus software."

      According to the study, about 30 per cent of respondents said their total corporate IT budget for 1999 ranged from $100,000 to $1 million. Approximately 20 per cent reported budgets of $10 million or more annually.

      The study, titled Is IT Safe? Network Security in Canada, found that respondents from most (40 per cent) medium-sized companies cited computer viruses as the greatest threat to security, an opinion shared by only 27 per cent of those surveyed from large corporations.

      That view of security, Carleton says, indicates that the Canadian security market is still in its infancy.

      In agreement is Michael Murphy, Canadian general manager for Symantec Corp., a vendor of virus protection, risk management, Internet content, e-mail filtering and mobile code detection technologies.

      "If people think security is about virus protection . . . I think they're missing a lot of other things," he says. "What most people fail to realize is that security is more about a process than a product."

      Murphy cites most corporations' inability to balance security costs with risk as one of the biggest factors hindering adoption of security technologies.

      "We so often see people putting million-dollar fences around $10 assets because they haven't measured the value of that asset."

      However, not everyone has such a pessimistic view of Canadian corporations' security smarts.

      "The Canadian corporation understands the security element as its own function; it's not wrapped up in something else, so it's in the Canadian companies that you will see dedicated security officers," says Mark Fabro, senior scientist and managing director of Guardent Inc., a U.S.-based digital security consultancy which recently opened offices in Toronto.

      In the U.S., the security function is still the domain of the IT department, he adds. And Canadian companies are just better-educated when it comes to security.

      "In the U.S., people confuse certain concepts in information security with concepts in information technology, and they really are quite different."

      Guardent, which has about 30 Canadian customers, mostly in the private sector, offers consulting, assessment, analysis, design and implementation services, as well as a 24x7 security incident response team.

      Fabro agrees with the IDC study's findings that pinpoint the acquisition of Internet and intranet technologies, rather than e-commerce, as the driving force behind security solutions acquisitions in Canada.

      He points to the explosion of mergers and acquisitions that have dominated the financial papers' headlines over the past year or so, and notes that every time one organization buys another's assets, it also buys its security weaknesses.

      "The question for the large organizations we're dealing with as they grow larger becomes 'how secure is the infrastructure we just bought that we're now rolling into ours?'"

      Even for organizations not in throes of digesting their corporate prey, the issue of merely managing security can be overwhelming.

      That's why Tivoli Systems Inc. is rolling out its SecureWay Policy Director Deployment Kit, says Bob Kalka, an Austen, Texas-based product line manager for the IBM subsidiary.

      According to Tivoli, which sells products to help users manage their networked computers from a single location, the kit is designed to help companies manage their security policies while they're in the process of transforming themselves to e-businesses.

      The product, says Kalka, eliminates the need to make changes to policies on a per-application basis, by providing a central point from which to access and manage security policy.

      "We've written code that allows you to determine who has access to the application and developers don't have to write a single line of code."

      According to Kalka, one the biggest problems organizations currently face in managing their security needs is that they still tend to see security as an insurance policy, rather than a tool to increase business.

      As well, he says, most companies still tend to take a patchwork-quilt approach to security and implement a number of point products, such as antivirus software and firewalls throughout the various network layers.

      The bigger issue, though, is the lack of trust between the IT department or security team and the business units, he says. "The business units do not see IT security as being able to supply their security needs at the application level."

      Kalka argues that because of that weak relationship, the business units will typically code security policy data into each of the applications they deploy on their Web site. As a result, every time someone needs to change the policy, such as defining user access for that application, he or she has to do it manually. Tivoli, which recently issued its Top 10 Secure e-Business Recommendations, has placed at the top of the list the establishment of a high-level executive, such as a chief information security officer.

      According to Kalka, that position should fall to someone in the IT group who will develop and enforce policies consistently.

      "The chief information security officer is not a person who tells people what they're doing wrong, it's someone who makes sure the security policies of the company are consistent across the applications, across the network that ties those applications together and the servers running those applications."

      "It's almost an advisory role."

      A study that Guardent recently conducted with IDC found that global spending on Internet security products and services could grow to more than US$8 billion by 2003. And the New York-based investment banking firm Bear-Sterns released a study in June predicting that number could climb as high as US$15 billion by 2004.

      For value-added resellers and systems integrators, the budding market for security services and solutions in the age of e-business transformation offers enormous opportunities, especially considering the scale of some multi-site, multi-country projects.

      "It's a huge opportunity for us to get involved with these projects," says Kal Kurm, sales manager for Sea Change Corp., a Mississauga, Ont.-based reseller of Borderware security products. "Some of these projects are really large-scale," says Kurm. "E-commerce is a huge part of it. As well, companies are sharing information and diversifying."

      Tom Slodichak, executive vice-president of info security at 4comm.com, which resells security products, reports a 350 per cent jump in sales of RSA Security Inc. authentication, encryption and public key management systems solutions, an increase he attributes in part to the fact that budgets have finally been freed up after the Y2K lockdown.

      But to take advantage of these opportunities, VARs and SIs will have to develop extensive expertise, resellers agree.

      "Clearly the organizations that have focused their energies on the security practice will win out over the traditional, multi-faceted SI," says Phillip Lightstone, president of Lightstream Technologies Inc., a Markham, Ont.-based reseller of security solutions and network security consultancy.

      "Technology such as biometrics requires some substantial expertise within the reseller community. But more specifically, it requires the reseller to help the end user decide on the appropriate security policies. Then their job is to match the security technologies to the levels of investment and of risk the company is willing to take, and to craft the appropriate solutions."


RETURN TO TOP OF PAGE.



LINK TO: Site development and design by PLANETCAST.