Focus On Security

As the year's biggest security conference RSA , gets underway this week in San Jose, it seems like a good time to both project and reflect on the dynamics that are making enterprise security such a challenge for many organizations. The for-profit cyber crime trend is keeping system administrators hopping to keep up with the increasingly dangerous nature of things like spam and spyware which were once looked at as merely nuisances. Security experts seem almost universally concerned about the escalating nature of threats - and the over-reliance on patching vulnerabilities.Instead, experts are urging IT departments to look at more holistic - and admittedly complex - security solutions that rely on technologies such as Public Key Infrastructure (PKI) and smart cards. But in the absence of that, there are a number of things businesses can do to make sure they are more secure than in the past, starting with educating users on how to protect their systems -- and their identities.

Simple tips on avoiding phishing scams, which are becoming much more sophisticated with time, can go a long way toward helping companies avoid the loss of critical data such as passwords. A security researcher I spoke to recently said that security education will bring the faster return on the business' investment than any other expenditure.

Businesses also need to make sure they have the right policies, practices, and products in place to stave off pending threats. As is pointed out in the article on security myths, depending on last years practices to be current in 2006 is not very wise. As another security researcher once told me, security is not a project but an ongoing practice which requires constant reevaluation.

So as this week's conference gathers steam, it will be interesting to hear what everyone from Bill Gates and Scott McNealy to Symantec's John Thompson and VeriSign's Stratton Sclavos have to say. Cisco started off the week with the unveiling of its own new security event manager, the Cisco Security Management Suite (CSMS) which looks to at least on paper help ease IT managers pain when it comes to managing device security in heterogeneous networks.