Feeds

Windows is the 'biggest beta test in history' - Gartner

Less is more

  • alert
  • submit to reddit

Security for virtualized datacentres

Spending more on security doesn't necessarily make you more secure, Gartner warned yesterday.

The analyst firm forecasts that information security spending will drop from an average six-to-nine per cent of IT budgets to between four and five per cent as organisations improve security management and efficiency. Victor Wheatman, Gartner security veep, told delegates at the IT Security Summit in London that the most secure organisations spend less than the average and that the lowest spending organisations are the most secure. The businesses can safely reduce the share of security in their overall IT budget to three or four per cent by 2006, he said.

The idea that the most secure organisations spend the most on security was among a number of myths debunked by Wheatman during a keynote before approximately 700 delegates at the Gartner IT security Summit yesterday. He also attacked the popular misconception that "software has to have flaws". Wheatman said this is true only if enterprises continue to buy flawed software, and he singled Microsoft out for particular criticism.

He described Windows as “the biggest beta test in history" and warned warned IT security pros not to expect too much from Microsoft’s vaunted Trustworthy Computing initiative. "Microsoft will try, and there'll be improvement with Longhorn, but it will not solve all your security problems - no matter what the richest man in the world says,” he said. According to Gartner better quality assurance of software is needed before it goes into production. If 50 per cent of vulnerabilities are removed prior to software being put in production then incident response costs would be reduced by 75 per cent, it estimates.

Gartner has identified IT security technologies enterprises will need over the next five years - and other technologies most companies probably won't need. On the enterprise shopping list is host-based intrusion prevention, identity management, 802.1X authentication and gateway spam and AV scanning. Security technologies Gartner reckons most companies can safely do without include personal digital signatures, biometrics, enterprise digital rights management and 500-page security policies. ®

Related stories

Insecurity downtime on the up
'Independent' report used MS-sourced data to trash OSS
Microsoft warns of poisoned picture peril
Investors fret about IT security

Security for virtualized datacentres

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
Yes, Virginia, there IS a W3C HTML5 standard – as of now, that is
You asked for it! You begged for it! Then you gave up! And now it's HERE!
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.