Security: Focus on Fundamentals

Jon Gossels, president of SystemEXPERTS, a security consulting firm, says his clients are getting back to basics. In reviewing his firm's projects over the last year, Gossels says he has seen a renewed focus on fundamentals in the security space. In a letter to his clients, many of which are financial-services firms, Gossels notes that budget limitations are still preventing many firms from accomplishing even basic required tasks, such as regular perimeter penetration testing, vulnerability assessments of essential Web applications and maintaining adequate staffing.

Gossels recaps the trends he has identified:

- The need for comprehensive security audits remains strong.

- The trend toward clients focusing on Web and application-level vulnerability assessments continues.

- The use of application service providers (ASPs) continues to grow. As a result, the need to review the security of ASPs has grown as well. In the past, these reviews were driven by the client, which was concerned about inadvertently putting its own systems or information at risk by using the ASP. In contrast, last year, there was an increase in the number of ASPs asking for security reviews to prove to clients that their systems are safe.

- SystemEXPERTS has seen a dramatic increase in the number of security code reviews. In 2003 there were twice as many as the year prior.

- The number of hand-held security projects has increased substantially. These projects have ranged from helping clients develop hand-held security strategies to helping other clients figure out what hand-held security products to deploy.

- Lastly, the firm performed more Telephone Vulnerability Assessments (both war dialing and PBX assessments) than at any time since 2000.