BW Online | December 31, 2002 | Toward a More Secure 2003

BW MAGAZINE Get Four Free Issues Register Subscribe Customer Service

ONLINE FEATURES Book Reviews BW Video Columnists Interactive Gallery Newsletters Past Covers Philanthropy Podcasts Special Reports BLOGS Auto Beat Bangalore Tigers Blogspotting Brand New Day Byte of the Apple Economics Unbound Eye on Asia Fine On Media Green Biz Hot Property Investing Insights Management IQ NEXT: Innovation NussbaumOnDesign Tech Beat Working Parents TECHNOLOGY J.D. Power Ratings Product Reviews Tech Stats Wildstrom: Tech Maven AUTOS Home Page Auto Reviews Classic Cars Car Care & Safety Hybrids INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads

BW EXTRAS BW Digital BW Mobile BW Online Alerts Dashboard Widgets Podcasts RSS

RSS Feeds

Reprints/ Permissions Conferences Research Services

DECEMBER 31, 2002

SECURITY NET
By Alex Salkever

Toward a More Secure 2003
The challenges to info-tech security will surely be daunting, and companies' efforts to stay safe will have to keep increasing

STORY TOOLS

Printer-Friendly Version

E-Mail This Story

Security Net Archive

POLL INSTANT SURVEY >>

PEOPLE SEARCH

Search for business contacts:

PREMIUM SEARCH
Search by job title, geography and build a list of executive contacts

Tech White Papers

Most Recent

Most Popular

With holiday cookies and sweets still being shared around offices everywhere, security is the least of concerns these days as most businesses are thinking merry, not wary. So what better time to examine the year ahead for what to expect in terms of computer security? First, 2003 will surely pose some pretty daunting challenges to chief security officers and the organizations they protect. At the same time, improvements in software and technology will elevate computer security to another level. Here's a quick rundown of what to expect:

Spam becomes an even bigger headache
According to e-mail security-service provider Message Labs, spam's growth rate will continue to be faster than that of legitimate e-mail -- and in terms of sheer volume, spam will eclipse the legit stuff. That will make the spam torrent more burdensome and harder to control. Companies that haven't invested in antispam software will need to do so, pronto, or have their employees waste more and more time simply hitting the delete key.

Part of the bargain will be businesses accepting the fact that some messages will get tossed out with the trash, as antispam programs are hardly perfect. Still, it's better than being up to your eyeballs in smutty missives and come-ons for investment scams from randomly generated e-mail addresses.

Instant messaging succumbs to spam, too
Once a relative haven, instant messaging has recently become a target for spammers seeking new outlets. According to e-mail consultancy Ferris Research, IM spammers works off lists of addresses freely traded on the Internet. They usually send a message to someone on live IM asking them to visit a Web site that sells smut, bogus software, or often legitimate products being marketed in unfortunate ways.

Since no IM spam-screening software is yet available, an IM user on the wrong list could spend a good chunk of time refusing invitations from IM spammers. That coverage hole will force many corporations to consider moving their IM users onto private messaging systems not accesssible to the public Internet.

Hardware, hardware, hardware
Security isn't shrink-wrapped anymore. Eighty percent of the licenses for expensive, high-grade firewall programs come on specially configured pieces of hardware designed to run this software. That's way up from a few years ago. And its only the start.

From virtual-private-network servers to intrusion-detection systems to newer pieces of software designed to spot behaviorial aberations that point to a security breach, more and more products are moving from a piece of self-contained software that an IT consultant or your own systems administrator installs to a specialized piece of equipment built with security in mind. The upside? These systems are generally easier and cheaper to install and launch in a network. The downside? Less flexibility for companies with special software needs.

Safe computing outside the corporate perimeter
Employees logging into corporate networks from home PCs over public broadband connections are now commonplace. As a result, security software and hardware that once did a fine job of guarding sensitive systems looks increasingly vulnerable. That's because all these remote networkers, be they employees or partners, are no longer snuggly inside the "official" data-security perimeter.

Also, persistant worm-virus outbreaks, such as Nimda, explain why more and more corporations are going through the considerable hassle of putting security software -- firewall, intrusion detection systems, antivirus software -- on every desktop machine. Companies with end-to-end protection remain in the minority, but they won't be for long as it becomes easier to link up fleets of desktops with central control consoles that not only talk to the big, heavy-duty security appliances but also to the thousands of small programs guarding the road warriors' machines.

Identity theft goes berserk online
Call in the copycats. When well-organized ID thieves convinced a clerk at a Long Island (N.Y.) software company to give them access to tens of thousands of credit reports using his company's password, they illustrated how the Net makes the part of ID theft that was hard until now -- accumulating the information -- much easier. With widely available credit reports such an integral part of American business, it's hard to imagine how the credit agencies can quickly and simply limit access to the reports without impeding the flow of commerce.

With easy access to credit reports available to thousands of people throughout the U.S., expect blockbuster ID thefts in 2003 and beyond. Whereas credit-card numbers were traded freely on the Internet in the past, now the bad guys will trade entire personal dossiers. And fixing the problem will be much harder because it's pretty easy to screen out someone who has picked up one of your credit-card numbers but much harder when it comes to a rogue who has that, your bank-account number, you social security number, and the last five addresses you have called home.

Of course, this little list is just the beginning. I haven't even touched on still-early trends such as merging physical and online security: Companies are starting to look at guarding these assets in coordination because often computer-security breaches start with physical breaches.

Likewise, more and more businesses are installing software that tracks theft of sensitive, high-end intellectual property. Once hamfisted, the second generation of these systems works much better, according to Gartner security analyst John Pescatore. Both of these are topics I'll explore in depth during the next few months as their markets and uses develop.

All told, computer security remains one of the more dynamic areas of the moribund IT sector. And it'll get only more interesting in the coming year.

Salkever is Technology editor for BusinessWeek Online and covers computer security issues weekly in his Security Net column

Get BusinessWeek directly on your desktop with our RSS feeds. XML

Add BusinessWeek news to your Web site with our headline feed.

Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.

To subscribe online to BusinessWeek magazine, please click here.

Learn more, go to the BusinessWeekOnline home page