Conference patrons say security needs simplicity

The variety of hardware and software-based security offerings on display at Cebit this year means a careful sorting for network administrators of how those products can meet their needs.

But the overwhelming concern with security products -- regardless whether they are hardware- or software-based -- is a desire for simple, fast deployment through organizations.

Network administrators don't want to do many of the falling-domino changes often required when implementing a new security product, said Pete Smith, operations director of Focus Europe Ltd., a company based in the U.K. that specializes in supplying hardware-based security products to businesses. Those changes could include allocating new IP (Internet Protocol) addresses to computers on a network and loading a new management system.

"What customers are saying is 'We can't have this anymore'," Smith said. "We want the security, but it has to be transparent. It has got to drop in place, and it has got to be very easily implemented."

And when in place, IT managers want the hardware to have no overall impact on network infrastructure. Those high-end products tend to be expensive, but the payback is fewer overall changes to the network, Smith said. Security vendors tend to be moving toward systems that are less disruptive to set up, he said.

Companies are also looking beyond firewalls and the "perimeter" mentality toward security, said Gareth Jones, managing director of Focus Europe. The proliferation of wireless devices used by organizations represents an increasing threat to the health of networks, Jones said.

"With wireless access coming in, it's a leaky perimeter now, so you need to be able to protect what's inside," Jones said. "That's the area where we are going to go to next."

So far, more than 160 viruses have been detected for mobile devices, said Mikko Hypponen, chief research officer for F-Secure Corp., a security vendor based in Helsinki. While most of the mobile viruses have targeted the Symbian Series 60 OS, two have targeted Microsoft Corp.'s Windows Mobile software.

While the problem with viruses is much more prevalent on desktop computers, it's expected mobile devices will be increasingly targeted because they have built-in billing, Hypponen said. Last week, the first "for profit" mobile virus called Redbrowser emerged and targeted Russian speakers, he said. The virus was engineered to repeatedly send text messages to a phone number that charged exorbitant rates.

In regard to desktop antivirus software, Hypponen said he was recently asked if the software could generate an automatic quarterly report for chief financial officers. The report would contain information such as the number of viruses stopped to justify the expense of the software.

"If you invest in a security product and if you have a large company, it costs you a lot," said Hypponen, who added F-Secure is working on such a virus report. "And if it works perfectly, you have no problem, which means you don't see the product at all. You pay lots of money, but you don't see any results."

The government market for security software is also being courted at Cebit as countries move toward biometric passports and stronger immigration controls. One technology on display is a four-finger identification system that takes grayscale images of fingerprints and stores them in a database.

The system comes from Dermalog Identification Systems GmbH in Hamburg, Germany. The scanning of fingerprints takes less than a second, and that data is stored in a database along with a photograph and a scan of a person's passport, said Nik Stoimenovski, sales manager for Dermalog.

The technology is applicable to airlines who want to speed up processing of registered passengers or for governments at immigration stations along borders.