Firms recast security as a money saver

[InfoSec News <isn () c4i org>]

Forwarded from: "eric wolbrom, CISSP" <eric () shtech net>

http://news.com.com/2100-1001-935484.html?tag=fd_top

By Robert Lemos 
Staff Writer, CNET News.com
June 12, 2002, 4:50 PM PT

SAN FRANCISCO -- At a recent publicity event here, two security
companies and accounting giant PricewaterhouseCoopers showed off their
latest tool for selling software: a calculator that lets clients
estimate how much money they can save by using the companies'
offerings.

The tool highlights an ongoing change in the market. Despite the
terror of Sept. 11 and cries of imminent cyberattack, companies aren't
interested in security for its sake alone; they want to be able to cut
their bottom line as well.

"Every customer that we are talking to says, 'We want to save money;  
we want fewer suppliers; and we want someone to put themselves on the
line and do it for us,'" said Steve Lesem, vice president of the
security business unit for corporate application maker BMC Software,
one of two companies that partnered with PricewaterhouseCoopers for
the Tuesday event.

With clients more watchful of their purse strings, security-software
makers are arming themselves with return-on-investment calculators and
trying to emulate the success of the early explorers of the "virtual
private network" sector. In that market, corporations save money by
buying technology to split a single Internet connection into many
secure channels rather than paying hefty fees to telecommunications
providers for dedicated lines. The result is not just more secured
connections, but cheaper ones as well. The focus has paid off for VPN
sellers: The companies should rake in $46 billion in 2006, according
to market watcher Infonetics Research.

Now other security sectors are borrowing the "savings over security"  
mantra.

"There is real money being saved by these solutions," Lesem said. And
for BMC Software--a player in the up-and-coming, and somewhat obscure,
market of identity management--and single sign-on Web service partner
Oblix, the calculator and other such methods are important ways to
help potential customers quantify the benefits.

Identity-management software attempts to provide a single system for
managing all the accounts on every server and service on a network.  
When new people need to be registered, a single administrator can
easily set them up with the proper access to databases, Web servers
and other network resources.

Problems involving user accounts are widespread, said Chris Pick, vice
president of product strategy for security software maker PentaSafe
Security Technologies. As a security consultant for a Big 4 consulting
firm, Pick would regularly find valid accounts belonging to old users
who had been laid off or had left the company.

"About 70 percent of the people on the separated user list still had
active accounts," Pick said. "Worse, about 10 percent of those
accounts had been accessed within the last 30 days."

While companies tend to activate user accounts quickly out of
necessity, deactivating the accounts tends to take far longer,
sometimes not until a company has reorganized, said a report by
analyst firm the Meta Group.

"Our data suggests that a company has to delete the average user from
30 different accounts," said Chris King, program director for Meta.  
King believes that less than 25 percent of all people who leave a
company have all their accounts deleted by the technical staff.

Catching such slipups is key to corporate security, but lowering the
cost of supporting employees and improving service have gained in
importance.

"Essentially, what we are saying here is that the first justification
is security, the second is cost, and the third is increased level of
service," King said. "But those get shifted around a lot."

The Meta Group survey found that more than 5 percent of all
information-technology spending at companies can be cut by using an
identity-management system. In a large company, that could easily mean
savings of hundreds of thousands of dollars every year.

However, such savings aren't guaranteed, King warned.

"The thing is, the cost benefits assume a successful project," King
said. "But these things are hard to pull off. Some organizations are
not going to be able to make the shift in mindset needed to be
successful."

"It's not as simple as a VPN, where you are going to plunk down a
box," King added. "But from a customer's perspective, if you think you
can pull this off, you would be foolish not to."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.