Security Still an Afterthought

A panel of security experts claims that IT is still not paying enough attention to the problems facing their organizations.

LAS VEGAS--Despite the current emphasis on security in the IT industry, CIOs and IT managers are still not paying enough attention to the problems facing their organizations, a panel of security experts said Wednesday.

"Security is still very much an afterthought," said Robert Thomas, CEO of Netscreen Technologies Inc., of Sunnyvale, Calif. "Its reactive and not proactive."

Thomas comments came during a keynote panel discussion at the NetWorld+Interop show here that also included representatives from Network Associates Inc., Enterasys Networks and Internet Security Systems Inc.

The other panelists echoed Thomas sentiments, saying that although security currently is getting a lot of attention, the basic infrastructure of the Internet and corporate networks is still fundamentally vulnerable.

"The reality is, everything is vulnerable. I just dont believe that well ever get ahead of the attacks," said John Roese, chief technology officer of Enterasys, of Portsmouth, N.H. "There will always be a threat, and youll never be completely protected. Im disturbed that most enterprises dont have the mechanisms to react to things like Code Red and Nimda."

That lack of readiness extends to the government and its vital networks, said Christopher Klaus, co-founder and CTO of ISS, of Atlanta.

"Any system that the government says isnt connected to the Internet, thats false," said Klaus, whose company does quite a bit of work with the government. "Theres always some engineer who needs to get his e-mail and he plugs the machine into the Internet."

And, although many enterprises revisited their security plans after Sept. 11, that hasnt necessarily translated into a boon for security vendors.

"The increase in spending on security products hasnt been that big," said Sandra England, vice president of business development and strategic research at Network Associates, of Santa Clara, Calif.

Related stories:

  • Security Proposal Nearly Ready for Inspection
  • Taking on IT Security
  • Commentary: Security: Time to Take Names, Lay Blame
  • Security Quandary: Whos Liable?