Users are spending less on security than printers, according to a report by analysts IDC. However, the company does not think that pouring in more money is necessarily the answer -- security spending can be wasted, just as easily as money spent on printers.
IDC agrees with research from the DTI that said a greater priority should be put on security, but instead of just putting more money in, companies should move to a more systems-based approach where security is embedded in the network, it said.
In 2003, companies spent US$43 billion on printers, and $42 billion on security. It is well known that the printer market is kept artificially high by the inflated cost of ink and cartridges. And the whole idea of comparing printers with system security is ludicrous and clearly only made to get press attention (ahem - Ed). In the case of security, however, waste comes through lack of integration, according to the IDC report. IDC believes the security figure should go up to $48 billion this year, and $77 billion by 2007.
"We need to approach security differently," said Thomas Raschke, program manager for IDC's European security research, and one of the report's authors, arguing for an integrated approach, rather than cobbling together best-of-breed firewalls and other devices.
"In the past, it has been a patchwork of point solutions," said Raschke. "There always will be certain companies who are early developers. Many of their customers have the attitude that only the best is good enough, so they bought all these expensive high price products." They realized too late that they did not have tools to manage them all together: "People have a heterogeneous environment, that makes it impossible to run those things."
This is, of course, music to the ears of the report's sponsor, Cisco Systems Inc. As the industry's biggest full-spectrum network equipment vendor, Cisco will be very pleased to learn that integrated, network-based systems are better than putting together point products -- even point products which might be superior to individual parts of the integrated solution.
Cisco comes out well in the report, with kudos for its Network Admission Control system -- that enforces patch and anti-virus policies on all devices connecting to a corporate network (similarly to the feature introduced last month by iPass Inc.
At the Infosec trade show in London this week, the company gave a good look at its own network security infrastructure, which plays heavily on the need to coordinate different security functions, and relate client and the network. As well as NAC, the company demonstrated Cisco Security Agent, a software intrusion prevention system that it acquired with Okena last year, that is now running on all the company's laptops.
"We think that CSA is secure enough to consider turning off other personal firewalls, and allowing laptops to connect to the Internet directly," said Paul King, principal consultant at Cisco. As it is, Cisco is confident enough in its ability to block rogue behavior that it leaves even urgent patch updates until a scheduled download.
Cisco's approach also blocks the ability of users to fiddle with security settings and controls things centrally, something which Raschke would approve of: "The rogue element in security solutions is people," he lectured.