BOSTON – The most recent IDC Enterprise Technology Trends Survey of 500 North American companies found that among those with at least 1,000 employees, 60% saw "minimal impact" on their own security policies when a major breach was reported somewhere else. Slightly more than 20% said that such an announcement would have a "high impact."
"Security for the most part is an afterthought," said Dan Kusnetzky, IDC vice president of system software, at the Directions 2004 -- Making IT Matter conference held last week in Boston. "They think about security only after some sort of breach."
And then, according to Kusnetzky, few actually change plans internally to prevent such a compromise within their own networks. He asked organizations to reconsider the way they approach security, especially if they are part of the migration towards highly distributed application architectures or "grid computing."
Grid computing refers to the harnessing of computer systems to collaboratively solve a problem requiring a lot of CPU or data storage and processing -- far more than one system can handle. Though used primarily in technical and scientific projects, grid computing is gaining popularity in the corporate world because of its cost-savings potential.
But many of these computational collaborations are being built with systems that build up, rather than replace, legacy components. And that can make securing everything more difficult.
"Organizational infrastructure is a chronological cake…everything builds upon its predecessors," Kusnetzky said, listing "five generations" of infrastructure beginning with the 1960s and continuing to the present: host-based, remote access, client/server, multi-tier and IT utility infrastructure.
Black hats could compromise any component system that can be accessed via a public network, including the client portion, with virus or worms and intercepting or modifying application logic.
"You need to start thinking of security as a way of life, not simply adopting a series of products," Kusnetzky said.
Joe Clabby, president of Clabby Analytics, reiterated the theme of security when the decision is made to migrate to a grid.
"The first and foremost concern is that the things are protected -- you are protecting your data. You have got to make sure your network is secure," Clabby said.
Clabby said the first question his clients ask analysts about grid computing is always, 'Can it be secure?'"
Clabby said that grid computing standards established at the 2001 Global Grid Forum as part of Open Grid Services Architecture, especially Web Services Security, make grid computing a more secure option.
"Enterprise have become really good at protecting those programs at the physical level," he said, adding they are authenticating identity and "have come along" with authorizing user identity.
"You must make sure identities are authorized to receive data...authenticate the server, and you must encrypt the data during transit," Clabby added.
On a side note, Clabby said that there are certain types of jobs employing job-specific applications that lend themselves well to a grid-based network, including the life sciences and drug discoveries industries.