The enemy within

Enforcing security policies, installing authentication and the all-in-one appliance are proving hot buttons in the security market. JENNIFER O'BRIEN reports.

You might lock the door and bar the windows, but fail to set the security alarm. In the work environment, companies may have security policies in place but let the guard slip.

Many Australian enterprises and government agencies expose their information to potential breaches simply because they haven't put security policies into effect, WorkShare director of worldwide corporate communications, Samia Rauf, said. This was because they had failed to implement automated safeguards preventing inadvertent disclosure or malicious misuse of customer, investor, employee and other information.

CLOSE TO HOME

A recent WorkShare-sponsored survey of private sector and government organisations in Australia proves her point. It showed email, portable USB devices, such as USB keys, and a lack of policy enforcement as the biggest data leak risks. Part of the problem is that Australian security strategies remain preoccupied with the prevention of hacking and other unwanted network attacks. "Only 44 per cent of businesses automatically enforced information security policy compared with 84 per cent that had solutions to protect their corporate network perimeters," Rauf said.

She urged companies to refocus their energies on threats generated from within their own ranks. "Many organisations are setting policies based on blind faith, relying heavily on the trust and integrity of their employees alone. This leaves information security prone to human error," Rauf said. "In the past, the focus was on the threats from the outside on the network (spam and viruses), but today we need to look at the threat within; whether it's done maliciously or not."

"This was despite expressing concerns about disclosing customer data", Rauf said.

The lack of awareness surrounding security policies and other preventative measures highlights a big opportunity for resellers to jump in and set corporate customers straight. IDC forecast the security solutions market to grow at near doubledigit growth rate to reach over $1.3 billion by 2010.

IDC security solutions market analyst, Patrik Bihammar, said growth would be driven by the continuously evolving threat landscape, the need to secure new and emerging business enabling technologies, and increasing pressure from government and industry regulations.

BUG BEARS

From surveillance technology and biometrics to data mining programs and advanced data protection, the security market is a good source of business for resellers.

One bug bear for many companies is authentication, password protection and compliance. For starters, employees were overwhelmed by the volume of passwords they must manage at work, RSA solutions strategies country manager, Mark Pullen, said.

The impact of passwords on IT security was a key