[ISN] Windows is the 'biggest beta test in history' - Gartner

InfoSec News isn at c4i.org
Wed Sep 22 06:52:01 EDT 2004


By John Leyden
21st September 2004

Spending more on security doesn't necessarily make you more secure,
Gartner warned yesterday.

The analyst firm forecasts that information security spending will
drop from an average six-to-nine per cent of IT budgets to between
four and five per cent as organisations improve security management
and efficiency. Victor Wheatman, Gartner security veep, told delegates
at the IT Security Summit in London that the most secure organisations
spend less than the average and that the lowest spending organisations
are the most secure. The businesses can safely reduce the share of
security in their overall IT budget to three or four per cent by 2006,
he said.

The idea that the most secure organisations spend the most on security
was among a number of myths debunked by Wheatman during a keynote
before approximately 700 delegates at the Gartner IT security Summit
yesterday. He also attacked the popular misconception that "software
has to have flaws". Wheatman said this is true only if enterprises
continue to buy flawed software, and he singled Microsoft out for
particular criticism.

He described Windows as “the biggest beta test in history" and warned
warned IT security pros not to expect too much from Microsoft’s
vaunted Trustworthy Computing initiative. "Microsoft will try, and
there'll be improvement with Longhorn, but it will not solve all your
security problems - no matter what the richest man in the world says,”
he said. According to Gartner better quality assurance of software is
needed before it goes into production. If 50 per cent of
vulnerabilities are removed prior to software being put in production
then incident response costs would be reduced by 75 per cent, it

Gartner has identified IT security technologies enterprises will need
over the next five years - and other technologies most companies
probably won't need. On the enterprise shopping list is host-based
intrusion prevention, identity management, 802.1X authentication and
gateway spam and AV scanning. Security technologies Gartner reckons
most companies can safely do without include personal digital
signatures, biometrics, enterprise digital rights management and
500-page security policies.

More information about the ISN mailing list