SAN FRANCISCO -- It's all about the hardware. Well, at least, it's going to be, if you believe Gartner Inc. vice president of Internet security John Pescatore.
The influential security researcher said Monday at RSA Conference 2003 that the decade of the naughts (2000-2009) will be hardware driven, much the way the 1990s was built on software.
Specifically, he said that network security platforms -- appliances holding everything from antivirus protection, intrusion detection and firewalls -- will move market momentum to new leaders like Cisco, who specialize in hardware and faster connections.
"Firewalls in 2002 became commodity stateful," Pescatore said. "Now, we're moving to the application level and inspecting for content, and doing switch and load balancing. We're looking into the packet, figuring out where to send it. As we get faster connections, we're going to start looking to hardware that can do all these things."
Pescatore and his crystal ball shined on several fronts Monday.
- On security spending, Pescatore said he expects it to swell industrywide to $27.9 billion by 2006, up from $12.9 billion in 2001. Most spending (61%) is on services. He notes that software spending is still higher than hardware, but hardware's growth rate is much higher. "It's still a best-of-breed world," Pescatore said. "But there is still going to be a lot of shuffling on who is going to be best of breed."
- On security budgets,
- he said, security will account for 5.4% of IT budgets this year, up from 4.3% last year and 3.3% in 2001. Financials and government continue to be the biggest spending vertical markets.
- On cybersecurity insurance, don't expect it to be the turning point for security standards until 2005, Pescatore said. "Without a regulatory push, cybersecurity insurance is not the standard tool a CFO uses for risk management," he said.
Open Security Exchange melds physical, IT security
Physical and IT security are rarely considered in the same thought when it comes to enterprises. However, the convergence of those two disciplines is becoming inevitable, as technology rapidly moves in to govern access to buildings, data centers and server rooms, as well as IT networks and systems.
Computer Associates International Inc. took a giant step toward managing that convergence by heralding the formation of the Open Security Exchange, a collaboration that will develop security specifications and best practices that it hopes to someday submit for ratification by a standards body such as OASIS. On Monday, it posted its specification, best practices and data models to the Web. The group's founding members also include HID Corp., Gemplus SA and Software House, a division of Tyco International.
The Open Security Exchange will concentrate on managing physical and IT security via these specifications, which will be built into CA's Security Command Center, currently in beta. The initiative grew out of success with CA's eTrust 20/20 software, said Russell M. Artzt, eTrust executive vice president. eTrust 20/20 enables IT administrators to see anomalies in a system or building by monitoring employee activities against an established user profile and issuing alerts when there are deviations.
Artzt proclaimed the Open Security Exchange an open forum, one open to competitors as well. CA, initially, must fight the perception that this is not just another partner program, especially since no other IT partner is among the founding members.
"The Open Security Exchange is an open collaboration. We will add additional members, partners and clients as the program evolves," Artzt said.
Robert Rodriguez, Secret Service special agent in charge of San Francisco's Electronic Crimes Task Force, said that this kind of collaboration builds trust, even if the initial steps are small.
"We have to explore ways to share information with the community to secure infrastructure," Rodriguez said. "There's a lot of money to be saved on the government and private sector end."
The OSE is also up against a large pool of standards and specifications.
"There's a lot more talk about [specifications] being done than there are specifications actually being done," said Gemplus CEO Alex Mandl.
We're not in Kansas any more
The quirky highlight of the annual RSA Conference is the kickoff by a classic rock band. Past shows have been graced by the presence of Pat Benatar and Cheap Trick, among others. This year was no disappointment to aficionados of VH1's Where Are They Now. If you've been looking for Kansas, they're not in Kansas anymore. They were at RSA Monday afternoon.
Kansas cranked out its two biggest hits, "Dust in the Wind" and "Carry on Wayward Son," with the lyrics of each tweaked a tad to reflect IT security.
Samuel "Sandy" Berger, the Clinton administration's national security advisor, delivered the keynote and addressed the war in Iraq. Berger spoke at length on the regime change and the United States' involvement in the establishment of a new Iraqi government. ... The popular cryptographer's panel played to a full house. Moderated by Counterpane CTO Bruce Schneier, the panel also featured crypto guru Whitfield Diffie, CSO at Sun Microsystems Inc., and Paul Kocher, president and chief scientist of Cryptography Research Inc. It also included Ronald Rivest, Viterbi professor of computer science at MIT, and Adi Shamir, professor at the Weizmann Institute of Science. Together, the men make up the R and A in RSA.
FOR MORE INFORMATION: