With the number of reported security incidents expected to skyrocket to more than 200,000 by the end of this year and economic losses resulting from identity theft rising to US$24 billion, enterprises are shifting their IT security focus towards more pragmatic purchases.
So says a recent report
by Boston-based research firm Aberdeen Group entitled 2003 Predictions for Security and Privacy, which found organizations are looking for security solutions that are able to demonstrate real financial and business benefits. That translates into increased spending on identity management, authentication services, and education and awareness campaigns (see sidebar), as companies struggle to ensure the individuals accessing their corporate networks are who they say they are and are adhering to corporate security polices.
“”There’s no doubt we’re hearing clients say there has been an increased focus on security,”” says Raj Krishnamoorthy, a partner Deloitte & Touche’s Enterprise Risk Services practice in Toronto. “”It was a serious issue, but it’s become a burning issue now.””
As part of an ongoing dialogue with clients, the consulting firm uses periodic surveys to benchmark what companies are doing. When asked if their security spending patterns have changed over the past 18 months, the consistent answer, says Krishnamoorthy, has been yes. Much of the money effort is going toward identity management, he says, as companies try to manage who has access to what information in the context of the ever-expanding enterprise that includes not only employees, but suppliers, vendors, customers and contractors.
“”Organizations are concerned about security, but they are more concerned about who’s authorized to do what within their system,”” he says. “”And the second component is ‘How do I authenticate individuals and feel comfortable that process is appropriate?’ In other words, how do I identify where this individual is as he or she accesses my system and, based on where they are, am I satisfied with the level of authentication?””
At Toronto-based Electramedia, a Web development company, concerns about network access have grown hand in hand with the success of Content Centre, a Web-based content management system it provides based on an application solutions provider (ASP) model. “”When it comes down to using a system that seems more complex than simple ID and password, people just say ID and password is enough,”” says Paul Chato, Electramedia’s president. “”We, as a company, believe that’s not the case.””
To protect confidential client data and ensure only authorized users gain access to it, Electramedia is using two-factor authentication technology from Ottawa-based CRYPTOCard Corp. Clients are issued either software or smart card tokens they must use when accessing Content Centre. Electramedia retains administrative control over who gains access to which data.
“”We made a corporate decision that everything was going to be secured, thank-you very mu