Vendors in the dock over slow IT security progress

IT security chiefs cannot keep pace with threats because vendors are holding them back

IT vendors are not ploughing enough funds into research and development to target new threats

IT security professionals cannot keep pace with the changing nature of threats because vendors are holding them back, according to experts at this week's Gartner IT Security Summit 2008.

Speaking at the opening keynote presentation, Gartner research vice president Neil MacDonald said that IT vendors are not ploughing enough funds into research and development to target new threats.

They are also failing to support new security standards for information sharing, and perpetuating siloed security systems.

"There are too many unconnected point products with too much complexity," he said. "Information security must become adaptive … but the vendors are holding us back."

MacDonald called on IT security managers to be more aggressive with their suppliers, demanding more for less, and to invest in a platform of connected products rather than individual solutions.

"We are trapped in the past. Spam is not a security issue anymore, it is an operational issue. We need to turn many functions over to the operations teams and concentrate on new threats," he said.

Elsewhere at the show, experts called for a higher priority to be given to security awareness-raising programmes within organisations.

Martin Smith, chairman of the Security Awareness Special Interest Group, said that, despite firms spending more than ever before on IT security, they are not putting it into the right areas.

"The traditional approach is that this is a technology-based problem with technology-based solutions, but it isn't. We are focusing on brain surgery while the patient dies of a common cold," he said.

Andrew Strong, global security director at Unilever, demonstrated the firm's latest global campaign to improve security awareness, in which a Second Life-style virtual environment is used to demonstrate security-related scenarios, rather than a conventional video.

"A vast majority of the people working for us are under 35, so we thought they would relate more to this than a staid video," he said. "We need to get into the daily lives of staff to make sure they know what is good behaviour and what is bad behaviour."

Strong said that key strategies at Unilever to ensure the success of projects include an annual refocus on the highest risks to ensure they are constantly targeting the right areas, and gaining endorsement from the chief executive which helps to give the initiative a higher profile.

Local leadership gives the campaign credibility and local priority, and ensures that staff on the ground follow their training, he said.