Gartner names top security issues for 2003

San Diego — Enterprise efforts to secure Web services and WLAN implementations will be among the top security initiatives for companies in 2003, according to Gartner research detailed here Tuesday at its Symposium ITxpo 2003 conference.

Although security remains a critical priority for most enterprises, previously over-hyped security technologies have led companies to be more cautious about future implementations, according to Victor Wheatman, vice president and research area director at Gartner, based in Stamford, Conn.

Intrusion detection is one of those over-hyped technologies, Wheatman said. “It sounds good idea but alerts you only that something is going on. It is not always so effective to just see the alarms going off” and not have the tools to address the problem, he said. The area of intrusion-detection is now moving into firewall management in order to become intrusion protection, which would allow enterprises to do something about the alarms, Wheatman said.

Because companies are actively exploring the promise and potential of Web services deployments, securing those applications will be an important consideration this year. “Web services is being hyped as the new development platform for all kinds of wonderful things. But often [new technologies] are brought forward and then security is considered after the fact,” Wheatman said. Specifically, Web services can poise security issues because some Web services-based applications are designed to bypass firewalls, which could leave enterprises vulnerable, he said.

Other critical security issues poised to bubble to the top in 2003 include identity management and provisioning, intrusion prevention, and event correlation, according to Gartner.

The increased use of IM in enterprises will result in prioritized efforts to secure the “holes” IM can open in corporate networks. Because it seeks any open port, IM and other peer-to-peer programs can put enterprise networks and sensitive information at risk, according to Gartner.

Also making the list are preparations to prevent or secure networks against the next Code Red or Nimbda attack, industry-specific homeland security efforts, infrastructure security, protecting intellectual property, and initiatives to improve the trustworthiness of enterprise transactions and the corresponding audit trail.