Investment plans for security technology remain on target for Global 2000 organizations, according to META Group, Inc. An analysis of purchase intents by META Group analysts showed strong short-term interest in both network and host intrusion detection. Long-term plans showed an even stronger interest in various forms of intrusion detection, which is finally becoming widely accepted as a necessary part of well-secured environments. Other long-term plans also include centralized security information management consoles for many organizations.

"Organizations that have taken an intelligent approach to intrusion detection have had no problem establishing the value of the technologies," said Chris King, senior program director for META Group's Security & Risk Strategies team. "Those that have purchased a product without the benefit of an underlying policy and plan naturally feel like they have wasted their money, because they have. Technology alone does not improve security, and causing a false sense of security can actually harm the security effort."

META Group believes that organizations failing to successfully deploy some level of intrusion detection capability could experience increased liability by not meeting a court standard of due care. Security officers have shown only minimal confusion as a result of the vendor transition from intrusion detection to intrusion prevention. META Group projects that the minimal difference between these two closely related approaches will disappear within two years.

Not all areas of security are maturing as rapidly as intrusion detection. Despite widespread recognition that information security requires separation from IT in order to meet generally accepted system security principles (GASSP), the vast majority of Global 2000 organizations still have information security reporting to the CIO, CTO or equivalent.

"As security has now started showing some signs of maturation, we are seeing a gradual growth in understanding that technology risk needs to be managed in parallel with IT rather than within IT. But it is difficult to find an executive other than the CIO that is willing to take over an area like information security before it fully matures. Of course, even many CIOs are still resistant," says Mark Bouchard, senior program director for META Group's Security & Risk Strategies.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access