If you were holding your breath for tech stocks to hit bottom and turn around, last week finally offered some good news in the form of earnings reports from AOL Time Warner, Apple Computer, Celestica, Extreme Networks, IBM and Microsoft, just to name a few. But while markets and the economy may be poised for a spring rebirth, the winter of our discontent is likely to have a devastating and lasting impact in an area few had anticipated — network security.
While everyone has been focusing on the economic consequences of this very painful market correction, what has been largely overlooked is the resulting institutional bedlam, which could prove to be much harder to repair over the long run. The dot-com shakeout has wiped out not just a lot of companies and jobs, along with a few personal fortunes, but huge portions of the networks institutional memory as well. Many of the resulting holes are going to keep more than a few I-managers awake at night for many months to come.
Readers of our Infrastructure Insight section this week will find an article examining how several companies are coping with the disruption of enterprise systems that had been dependent on now-failed application service providers (ASPs). And Senior Writer Laura Lorek examines a growing form of theft by price changing on Web sites, pointing out that many of the most vulnerable e-tailers dont even realize theyre at risk because the designs of their sites — and sometimes the infrastructures as well — were outsourced.
Both scenarios are ripe for security disasters. ASPs often provide crucial portions of the security on which their customers depend. Many site developers and hosting services were among the second wave of business failures set in motion by the dot-com shakeout. In the resulting turmoil, huge caches of crucial information about ongoing operations have been lost to client enterprises.
In addition, there is the problem of client information, much of it of a private nature, being declared a disposable asset in bankruptcy proceedings. So far, the issue has been addressed primarily from the standpoint of privacy concerns, but its inevitable that the uncontrolled sale of such data could also pose a potent security risk for clients, partners and even vendors, as well as for the bankrupt dot-com itself.
Finally, layoffs, too, threaten to take their toll on enterprise security. Internal breeches, generally caused by lapses in workers compliance with security procedures, are already the most common vulnerability in most corporations. Widespread layoffs will exacerbate this danger in two ways: First, companies will lose the technical personnel responsible for monitoring and repairing security breeches. Second, a new class of disgruntled worker may be created, many of whom have detailed knowledge of the systems they used or even helped to develop, including network access points, data locations and unrepaired infrastructure vulnerabilities.
Beyond providing a field day for hackers, crackers, vandals and thieves, expect this increase in vulnerabilities to have an economic impact as enterprises large and small struggle to find and patch new holes in their systems. While a few enterprising folks will no doubt find ways to turn the ensuing pandemonium to their advantage, the larger impact is likely to be a slower-than-expected recovery, as information technology departments divert budgets and human resources to new security distractions.
As the business of rebuilding progresses, were also likely to witness a reassessment of which portions of a companys network — whether e-commerce, customer relationship management, data acquisition or inventory control — can be safely outsourced. Once-burned survivors are very likely to become twice shy about entrusting increasingly critical online portions of their business to third parties whose viability is beyond their control. In the end, that shift in attitude could have a far more profound impact on the shape of enterprise networks than todays fleeting economic miseries will ever have.