Security shopping lists made for the New Year

From...

By Brian Fonseca

(IDG) -- Whereas 2001 may be remembered as a year marked by an exhausting string of virus attacks and cyberterrorism fears sparked by the events of September 11, security experts predict that computer security in 2002 will shift away from perimeter defenses in favor of internal access control and authentication management.

"Physical access, who you are, and [whether or not] you are allowed [specific privileges] is going to be among big technology questions that are going to be answered in 2002," said Charles Kolodgy, Internet Security analyst at Framingham, Massachusetts-based IDC.

"Smart cards, USB tokens, and biometrics will be some of the hot areas because companies, organizations, and others are beginning to realize they need to have a better handle on who's coming and going," Kolodgy said. "Passwords just don't give you enough confidence in these things."

IDG.net INFOCENTER InfoWorld Main Page InfoWorld Test Center Subscribe to InfoWorld Newsletters Infoworld Opinions and Spotlights Related IDG.net Stories CIA-backed analysis tool eyed for passenger checks Security data-sharing bill fails to pass in 2001 Stand by for more nasty Web attacks in 2002 Features PC World.com Product Finder Bluetooth wireless connectivity set to take off DSL in distress Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

End-users can also expect scrutiny directed at Web services applications. They may see improvements in the nature of safeguards to protect a specific set of database records -- such as profiles or user accounts -- while in transit across systems to validate identification, security experts said.

"Anyone not thinking about Web services for back end integration will be behind the eight ball for 2002," said Peter Lindstrom, director of security strategies at Hurwitz Group in Framingham, Massachusetts. "Web services is about simplifying communication between systems. That's where encrypting and signing the data becomes significant. It's not just data. It's content and context."

Lindstrom pointed toward a handful of vendors that look to build on capturing brisk Web services security momentum in 2002, including Vordel Systems, Netegrity, Foreign Systems, and Zolera.

In fact, Lindstrom said that he believes security software will mount a comeback atop users' ROI budget considerations as internal access issues such as lax user account passwords and ID management shift from nuisance to legitimate corporate threat. Lindstrom contends that the connection between workflow and self-service management and authorization/authentication was largely ignored in the past.

Vendors that provide an automated process to create, administrate, and manage user accounts include Waveset Technologies, Business Layers, Access 360, Courion, Thor Technologies, and BMC Software.

"I think software will take the lead [over hardware solutions]. You name the security player, and they have a management framework coming down the pike. Management frameworks will mature over 2002 and get a sense on how we're going to do enterprise security," Lindstrom added.

Still, Kolodgy notes that end-users will find a strong push for beefed up USB tokens and SSL (Secure Socket Layer) cryptographic acceleration products that require less cumbersome readers as an alternative to smart cards. In general, security hardware products remain attractive to customers due to ease-of-use functionality.

"You don't want users to play too much. You want distributed firewalls and products and that don't need a lot of human interface. [With hardware], you don't need to worry about support, upgrades, or patching. The software is still on [the] high end but appliances make it easy to fit in," Kolodgy said.