In Brief

Banks help ID thieves; unified security appliances; server security

Banks Unwittingly Aid ID Thieves

Through carelessness or lack of comprehension, financial institutions are losing ground to identity thieves, says Forrester Research.

According to the Federal Trade Commission’s “Identity Theft Survey Report” from September 2003, identity theft costs $50 to $60 billion a year in the U.S. Activity relating to banks accounts for just over half of that. Yet many banks are making it more difficult for consumers to recoup money lost to identity theft, says Forrester, and not taking the overall identity-theft threat seriously.

Without rapid moves to repair the damage, consumers will continue to grow more suspicious of—and value less—their Internet communications with financial institutions, the analyst firm warns. As a result, financial institutions could lose a low-cost means—the Internet—of communicating with, and marketing to, their customers.

“Despite this clear threat to their business, firms’ efforts to fight these scams are anemic. Consumer-facing measures typically consist of education campaigns and hotlines for reporting fraudulent activity. Ordinary interactions with customers do not seem to have changed at all,” notes Jonathan Penn, a Forrester analyst.

Some efforts are even counter-productive, he says, noting a recent E*Trade OptionsLink enrollment offer, sent by a partner, that actually resembles a phishing attack.

What specific changes are needed? “Financial firms must own up to their role as unwitting contributors to consumers’ susceptibility to these scams,” says Penn. He recommends organizations “protect against both internal and external threats” by limiting employee’s access to sensitive or personally identifiable information, making sure it’s all secured and encrypted, and documenting and verifying procedures for access.

In addition, financial firms might secure their customers’ systems. “Some banks, such as the Royal Bank of Canada and Standard Bank of South Africa, are requiring and supporting personal firewalls for their customers,” he notes. Such relatively low-cost investments today may ultimately reduce banks’ expenses, and complicity in identity theft losses.

- - -

Unified Security Appliances Gain Popularity, IDC Says

When security managers improve their network’s defenses, they’re increasingly turning to security appliances with more security technology under the hood. These “unified threat management” (UTM) security appliances, according to IDC, are helping drive overall security appliance growth.

Worldwide, the security appliance market grew by 57 percent from the second quarter of 2003 to the second quarter of 2004, the research firm says. Related factory revenues totaled a half-billion dollars.

In the future, unified devices’ “performance, convenience, and choice” will drive their increasing use by security managers and availability from vendors, says Charles Kolodgy, an IDC research director. Already such devices account for 12 percent of the security appliance marketplace, and the market grew 60 percent from the first to second quarter of 2004. By contrast, the firewall and VPN appliance market fell from 87 to 70 percent during the same time period. Today, Fortinet has about a quarter of the unified appliance market, followed closely by Symantec. Secure Computing had about 10 percent.

The intrusion detection and prevention security appliance market also grew at an “outstanding pace,” according to IDC, with 29 percent growth from first to second quarter of 2004, and almost 150 percent annual growth. Cisco had about a quarter of the market, followed by ISS at 15 percent, and McAfee at 11 percent.

Smaller appliance vendors are also driving market growth, IDC notes, and taking market share from the top-five security appliance vendors: Cisco, Juniper, Nokia, SonicWALL, and WatchGuard. Other vendors now account for 41 percent of the market.

- - -

Virtual Eye on the Server Closet

Joke about the server closet that isn’t even fit to be a closet all you like. The reality is that managers often have to adopt an any-space-possible approach to installing gear, especially at remote offices.

Oftentimes gear must be shunted into less-than-ideal spaces. In fact, according to consulting company Launch International, the average organization has 30 percent of its critical, infrastructure assets in sub-optimal, and unmonitored locations. In addition to burst pipes, fires, or other unforeseen hazards, everyday heat and humidity can also wreck equipment. Sure, insurance might cover new equipment, but lost productivity is another story.

New equipment doesn’t help either. According to NetBotz Inc., which makes Web-based, wired and wireless physical monitoring products, IT equipment is getting denser, hotter, and often more distributed.

“The problem of affordably protecting an organization’s distributed IT investments from damaging environmental and physical conditions is a conundrum,” says NetBotz’s chief technology officer, Mitch Medford. He estimates the average “wiring closet” contains $150,000 to $300,000 worth of gear, and a small server room, at least several times that.

Of course, monitoring IT gear, especially at remote locations, is one way to ensure business continuity should environmental conditions become non-optimal for equipment. Such products can also be a reality check. Netbotz notes one of its users, the Chicago Stock Exchange, was able to prove to the vendor of its new cooling system that the system wasn’t functioning properly, expediting a repair.

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.