You can’t count on me

Whether you run your IT in-house or farm it out, no approach is invulnerable to hacks and theft these days, according to a spate of recent reports.

First off, IDC claims that one-quarter of application service providers (ASPs) have shoddy security, based on a survey of 50 companies. Basic

items such as user authentication, virus protection network security and firewalls were among the missing elements. Despite this, IDC considers the market to be undergoing “”healthy consolidation”” and expects conditions to improve.

If you don’t even have the basics down, I guess the only way to go is up. User identification? Virus protection? Come on, folks, these are the nuts-and-bolts of IT security. For a market that’s expected to hit US$13 billion annually by 2005 (according to IDC figures from last summer), you’d expect customers to get better than one-in-four odds.

After all, ASPs are supposed to ease the burden of managing IT. As happens all too often in this industry, hype wins out over reality, leaving clients in the lurch.

Not scared yet? Maybe you think you’re better off, since you run your own network and IT infrastructure. You can keep tabs on your setup whenever and however you like.

It sounds good, but another study has uncovered lurking problems.

Sixty per cent of firms don’t know what security “”incidents”” cost them, according to a study released last month from Forrester Research Inc. As well, 30 security hazards per week were uncovered in 2001, according to the report, IT Security Fails — Now What?

That puts a lot of pressure on IT staff, regardless of whether they work for you or your outsourcer.

Firms that don’t prepare — and fund — security and contingency strategies end up with ad-hoc responses, often only focused on the problem at hand. Besides the immediate financial impact of having someone steal data or hurt their ability to do business, companies face long-term problems trying to regain customers’ and partners’ goodwill.

All too often, IT and network staff get blamed for not keeping up to date on technology flaws. But if they don’t get support from higher up the corporate ladder, what else can they do? Sleep less? Eat less? Work for free?

Shrinking IT budgets and shirked security obligations are a potentially disastrous combination. That’s not to say that more spending is the answer, but if you cut staff and spending on crucial parts of your infrastructure, ultimately, you’ll be prone to attack.

It’s not just a case of you get what you pay for (just think of those lackadaisical ASPs). Smart managers don’t throw good money after bad, but take an informed approach and weigh their options carefully, instead of leaving it up to third parties or stressed out staff.

On a final (and stranger) note, those blinking LEDs on your modem could actually be broadcasting the data the device is transmitting and receiving, according to a recent U.S. experiment. The flashing lights create a form of morse code that’s too fast for the human eye, but can be picked up electronically.

The good news, according to one report, is that most communications equipment operates much too fast for those diodes to keep pace. Still, you might not want to put your servers in the storefront window.

Oh, and don’t forget to keep a look out for the latest variant of the Klez worm, which was supposed to spawn more evil-doing this week. It’s time for another visit to Microsoft Corp.’s Web site for the latest Outlook fix. Happy patching.

jsaunders@sympatico.ca

Share on LinkedIn Share with Google+