Gartner warns against over-hyped IT fears

By Matt Whipp

Posted on 9 Jun 2005 at 17:49

Analysts at Gartner have identified five IT risks they believe are being wildly overblown in the industry, and urge companies not to hold back IT expansion plans.

Most of the points centre around burgeoning new industries. Internet telephony is picked out as being tainted with the notion that it is simply unsafe. But, says Gartner, the same security measures can be used to protect a VoIP deployment as for any data network. The danger of eavesdropping a VoIP call is as low as that of eavesdropping any other data packet on the network.

'Enterprises that diligently use security best practices to protect their IP telephony servers should not let these threats derail their plans,' said Lawrence Orans, principal analyst at Gartner. 'For these enterprises, the benefits of IP telephony far outweigh any security risks.'

Another over-hyped fear lay in rumours of an imminent wave of mobile viruses. This is no more than the antivirus industry trying to drum up business for a potential new market, says Gartner. As the desktop market for antivirus protection flattens out, and with Microsoft set to release its own product onto an already crowded and commoditised market, players are already looking out for new opportunities.

Handhelds with always-on wireless connections, which would be most susceptible to this form of threat, are used by no more than 3 per cent of us, with this figure unlikely to top 10 per cent by the year's end.

John Pescatore, vice president and Gartner Fellow, said: 'The most effective approach to blocking mobile malware will be to block it in the network ... Companies should ask their wireless service providers to document existing and planned capabilities. By the end of 2006, all wireless service providers should be required to offer over-the-air mobile malware protection.'

Similarly, the idea that the Internet will be subject to mass infections of epidemic proportions in short spaces of time are increasingly less likely. The so-called Warhol worms - which string up hundreds of thousands of infections in 15 minutes - will be a thing of the past. Gartner believes that by 2007 all business-to-consumer traffic, 70 percent of business-to-business traffic and more than half of corporate wide area network (WAN) traffic will meet security requirements.

Yet in the same breath, Gartner warns that simply by meeting security standards, for example governmental regulatory demands like the Sarbanes-Oxley requirements, companies may only be succeeding in accurately reporting more security breaches rather than effectively protecting against them. It urges both software builders and regulatory bodies to focus on building more secure software and systems from the outset.

Finally, Gartner puts the kybosh on the idea of wireless hotspots being inherently unsafe. While it was expected that unprepared and unprotected users will fall foul of hackers, businesses can educate employees on best security practices and encourage them to use encrypted corporate VPNs when making connections.