This year will mark a period of reckoning for the IT security industry as spending begins to decline, Gartner has predicted.
Victor Wheatman, managing vice president at the analyst firm, told the RSA Conference in San Francisco that by 2006 security spending will have dropped to four or five per cent of corporate IT budgets. In more efficient companies it could drop lower with no harm to the level of protection, he claimed.
"It is a myth that the more you spend on security the more secure you are," said Wheatman. "2005 will be the year of reckoning for security spending. The lowest spending organisations, often the most efficient, can and will safely reduce spending to three or four per cent [of corporate IT budgets]."
The analyst suggested that the IT security industry is bedevilled by myths, including the belief that the more you spend the safer you are.
Wheatman added that it was erroneous to believe that regulation drives security spending, when in fact it is auditors who were most likely to insist on proper security set-ups.
The other key myth, according to the analyst, is that software is inherently flawed. Some IT buyers seem to accept that all software must contain errors and security flaws.
"You need to buy safer software for your applications," said Wheatman. "Software only has flaws if you buy code with flaws. Has anyone here taken part in that massive beta test of some software called Windows?"
He went on to outline those technologies which Gartner considers effective, and those that it does not.
Chief among the "must have" security items is 802.1x wireless authentication, enhanced firewalls that allow for deep packet inspection of data, and more intelligent networking technology that would check devices trying to join to see whether they were properly patched and virus free.
Physically locking down PCs within a company, and maintaining a proper business continuity plan, were also mentioned.
Of the technologies to avoid Wheatman's most surprising choice was biometrics. He maintained that hackers could beat such systems relatively easily, and that some companies which had installed biometric identification were now giving up and shutting down such systems.
Other security ideas getting the wooden spoon included default passwords, personal digital certificates and anything to do with quantum computing. He also ridiculed fads like paint that could apparently shield Wi-Fi emissions from buildings.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away