Lenovo ThinkCentre M50 IDC white paper titled "The Coming of Age of Clien - Page 1

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER The Coming of Age of Client Security: Top Managers Realize They Have to Lock Down the Point of Entry Sponsored by: IBM Corporation Roger L. Kay January 2003 SUMMARY Although security technology has progressed tremendously over time, awareness of the need for security on the part of people who use computers - both consumers and businesspeople - has not in general kept pace. Essentially, there is plenty of technology on hand, but the understanding of what it does and how to use it has lagged. However, much has changed since the attacks of September 11. CEOs and IT managers everywhere drew lessons from the differing fates of companies that had backup and restore procedures and those that didn't. Data recovery is, of course, only one piece of the security pie, but as political tensions have increased on the macro level, this and other security concerns have risen in visibility with top managers. "To what degree is our data - and therefore our business - safe?" CEOs are now asking in ever greater numbers and with increasing vehemence. "Just where are we with security?" they want to know of their CIOs. This shift in attitude represents an evolution from the pre-September 11 state, which was characterized by a vague awareness of some subset of security issues but a misunderstanding of the complete security picture and a widespread lack of adoption and deployment. Now managers are beginning to assess their vulnerability and to ask what their alternatives are. In most corporations, the security infrastructure is still inadequate and full of holes. Even the most sophisticated organizations are vulnerable. In one incident, widely reported in the press, that had an impact of major but unknown proportions - the degree of penetration was difficult to assess - a hacker from St. Petersburg, the intellectual seat of the old Soviet Union, broke into Microsoft's network and absconded with a large number of important files, including, purportedly, an unknown quantity of Windows source code files. Naturally, Microsoft never advertised the extent of the damage - if, indeed, it is actually known. And if a company at the epicenter of the information technology business is vulnerable (and by inference should know better), truly, no company is safe from attack. The security threat is growing in several dimensions at once. The amount of value flowing across the network - in the form of actual money, but also business plans, intellectual property, and strategic documents - is rising by leaps and bounds. And value is at risk in less obvious ways. A reputation can be damaged irreparably by an attack, business can be lost as a result of downtime, and the trust on which ebusiness is based can be destroyed permanently. To the growing list of imaginative crimes must be added identity theft, which has become a veritable cottage industry. In addition, malicious hackers are getting more sophisticated. Malevolent programmers are not only figuring out more effective ways to harm businesses and individuals but are also publishing their tricks on Web sites for other less creative, but perhaps more vindictive, people to find and use. "To what degree is our data  and therefore our business  safe?" CEOs are now asking. The security threat is growing in several dimensions at once.