Big Blue opens Canuck IT security centre to growth market

"It's not as though Canadian companies aren't spending enough money (on security), but there are gaps. And they are the role of business intelligence in security and the ability to integrate various technologies into a holistic program," he said. "The specific focus on geographical threats is not enough. We need to look at security in a holistic manner and from a worldwide standpoint."

Political aspects, changing regulatory requirements and the ever-increasing threat of malicious attacks mar the modern business landscape, he said.

"One trend we see in the Canadian marketplace is the band-aid approach to security services and not a holistic approach," he said. "What companies need to do to fill this gap is to be analyzing threats and risks within their environments."

IT security is one of the fastest growing market segments in the Canadian IT sector, according to IDC Canada Ltd. in Toronto. The IT consultancy forecast the market to grow 12.7 per cent this year over last, creating a market worth an estimated $765.3 million in 2004.

According to IDC Canada's recent survey of 460 companies dubbed, "IT Security Concerns and Gaps in the Canadian Market", security is a top concern for Canuck organizations.

"There are a number of issues that are IT security-related concerns for companies," said Steve Poelking, director of research, security and infrastructure management for IDC Canada. "The emphasis we see is still on the PC, server, and network security . . . things we might have thought organizations would have a handle on but they're still grappling with."

The total worth of the Canadian IT security market is about $35 billion (annually), Poelking said. But IT security budgets are, on average, modest in light of the overall Canadian economy, he said. Moreover, when it comes to measuring security performance and costs, the survey's results showed over 50 per cent of SMBs and about 25 per cent of large enterprises admitted to not using any metrics at all.

"To some degree, there are 'just enough' security attitudes or cavalier attitudes -- that I'll be okay' rationale. But there seems also to be a lack of understanding in organizations, that they don't have the skills and the staff to understand this issue fully," he said. "Metrics are important to this issue. You have to know what you're focusing on in business, what the costs are, and how well you're doing."

With that focus in mind, Big Blue's goal is use the new security operations centre  the first of its kind north of the 49th parallel  in tandem with its business partners to serve as a so-called nerve centre to respond to emergencies. The centre will provide companies of all sizes to manage, monitor, and deter security problems, be they outside or inside threats. Moreover, the centre will be open 24/7 and it would provide real-time monitoring of security situations and coordinate response activities, Small said.

"What we're focusing on is the ability to respond in real-time to threats now," he said. "This operations centre will focus on linking to security at a worldwide level. It will be linked to our network of global security consultants, security operational staff, and to our command centre in Boulder, Colo."

In Rene Hamel's view, one common error companies make is they don't pursue or have the mechanics to trace all threats to their network or company. The vice-president of computer forensic sciences for the Toronto- based Inkster Group praised IBM Canada's security operations centre as great for monitoring information to help companies in the event they suffer a serious attack and an electronic investigation is required.

The Inkster Group specializes in computer forensic investigations, asset tracing and recovery, security risk assessment, and whistle-blowing.

"The laundering of money, stolen intellectual property, these are common events that companies usually want to keep internal, but more public companies have less choice in the matter," he said. "In my experience, monitoring tools or basically any system that can help identify or authenticate a user on the other end of the keyboard is very important."

Hamel said companies that do monitor their networks and users shows that company has accountability and it understands how information is flowing throughout the organization.

"No company likes to be told they have a control problem inside the company and that information leaked out . . . there are different tools available now for disgruntled employees to use," he said. "It's a matter of education with companies. You need to have the right structure in place, the monitoring tools and support services, (in the event of an attack) and you have to find out who they are."

Hamel said the use of anonymous proxy servers as a springboard to attack a company's network has become more common in Canada. He cited instances of a Web-based email service as one means for persons to initiate a threat or virus attack.

He also cited lax security practices at companies due to high business demand as another potential flashpoint for attacks.

"There's a huge amount of money that's lost within a company because they didn't have the proper structure or monitoring tools in place," he said. "Doing regular backup of data is another area of concern . . . people in charge of a company big or small need to realize information is the lifeblood of your company . . . for instance, a mid-sized company doing only a weekly backup is not appropriate."

Source: Integrated Mar