RSA Conference begins as companies tighten security budgets

By Robert Westervelt, News Editor 07 Apr 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

An uncertain economy and tightening IT budgets are leaving security professionals with fewer dollars to spend on new security technologies. As a result, industry observers believe when IT professionals hit the show floor at RSA Conference 2008, they are likely to take a more cautious approach.

We're seeing people finding a flat budget for security and because of that vendors are being forced into showcasing their products as part of a wider, more strategic deployment. Nick Selby, director of the enterprise security practice, The 451 Group

Over the last several years, organizations have been focusing on protecting the underlying infrastructure, but now companies are focused on data classification, said Paul Stamp, a principal analyst at Cambridge, Mass.-based Forrester Research. Security budgets have leveled out at about 7% to 8% of the IT budget. But IT budgets are increasing only 2.5% this year. There's a lot of belt tightening, Stamp said, and that translates into shifting strategies.

"Over the years, we've been very much blocking and tackling," Stamp said. "Now it's about identifying those information assets that are much more sensitive to us."

Thousands of security pros are flocking to San Francisco this week to attend RSA Conference 2008. The event is a weeklong security extravaganza, featuring vendor keynotes, panel discussions on encryption, security policy, and virtualization security, and educational sessions on a variety of security topics. Some of the largest software and hardware vendors and some of the tiniest security niche vendors pack the conference show floor to tout their products to any security pro that will listen.

"We're seeing people finding a flat budget for security and because of that vendors are being forced into showcasing their products as part of a wider, more strategic deployment," said Nick Selby, director of the enterprise security practice at New York City-based 451 Group.

Organizations continue to struggle to get a handle on their data. A recent survey conducted by the 451 Group found that 37% of enterprises have done no work at all to determine where their data resides, Selby said.

In addition to not knowing where the data resides, Selby said organizations are having trouble monitoring where the data is flowing. The survey found that 80% of organizations are unable to say who their employees are speaking to outside their organization. That ultimately results in a data breach, Selby said.

Analysts agree that the growing interest in virtualization technologies offers a unique challenge for security pros. While attacks have been so far theoretical, security pros are trying to understand the complexities of the technology such as how a patch is applied in a virtual environment, said Jon Oltsik, a senior analyst at Milford, Mass.-based Enterprise Strategy Group.

"There are a lot of people looking at theoretical threats here and there is a lot of academic brainpower going into this," he said. "We'll see a lot more virtualization architectural solutions."

451's Selby said most organizations are about three to five years away from full fledged virtualized deployments. Still, niche vendors and some of the more established players deserve a look at RSA.

A number of niche players are coming to market with products specifically for virtualized environments. Redwood City, Calif.-based Altor Networks Inc. opened its doors March 17. Scotts Valley, Calif.-based Catbird Networks, Inc. and Atlanta-based Reflex Security, Inc., sell appliances that monitor and control access to the virtual network. Cupertino, Calif.-based Blue Lane Technologies Inc. sells VirtualShield, which taps into the VMware platform. The vendors are also taking part in VMware's VMsafe program and will use VMware application program interfaces to produce software that integrates with VMware's hypervisor; tapping into the software that runs the virtualized environment.

"We see evidence that the tires are getting kicked," Selby said. "These vendors are getting bake offs and taken for spins."

Meanwhile, application security appears to be gaining priority for many security pros, Oltsik said. With applications becoming much more dynamic and complex, more attacks are happening at the application layer, he said.

"We have much more of a worldwide sophisticated threat network that knows how to attack those application vulnerabilities," Oltsik said.

Vendors are responding with more secure products, he said. Microsoft has taken a leadership position with its secure development lifecycle. Other vendors, such as Oracle and RSA, have followed, ensuring every product is going through security standards and evaluations.

Tags: Security Industry Market Trends, Predictions and Forecasts,  Virtualization Security Issues and Threats,  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research Virtualization Security Issues and Threats How to find virtual machines for greater virtualization compliance Quiz: Virtualization and compliance Virtual appliances boost flexibility, improve security Lack of cloud computing definition adds confusion, risk Three cloud computing risks to consider App service cloud could boost security, manageability Kodak CISO on virtualization, compliance Face-off: Assessing cloud computing risks Citrix virtual desktop, app delivery controller includes security benefits Who should secure virtual IT environments? Emerging Information Security Threats DDoS attacks hit U.S., South Korean government websites New attack code targets Microsoft ActiveX zero-day vulnerability Adobe ColdFusion websites being compromised Antispyware buying guide for Indian enterprises ATM malware lets attackers take over machines FTC shutters rogue ISP for hosting malicious content, botnets The failing war against cybercriminals White House cybersecurity czar faces major hurdles Cybercrime and threat management The Pipe Dream of No More Free Bugs

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter body scanning  (SearchSecurity.com) marketecture  (SearchSecurity.com) NCSA  (SearchSecurity.com) Palladium  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary