Vendors Pushed For Greater Integration
By TIM WILSON and RUTRELL YASIN
In 1998, security was hot; enterprise management was not.
Several well-publicized hacker attacks--and catchy TV commercials (IBM's
"Go back to sleep ...")-- helped IT managers present a case for strong
network security.
On the enterprise management side, IT managers were stymied in delivering
quality management services across the enterprise by unfulfilled vendor
promises.
On the security front, IT managers learned that attacks can come from
anywhere, both from inside and outside an organization.
A rise in Internet-based attacks piqued IT managers' interest in tools and
services that could help them determine if their networks and systems are
vulnerable to hacker attack.
This doesn't mean inside attacks--in the past considered the greater
problem--are diminishing, but the threats from outside are increasing.
External threats have spurred demand for vulnerability scanners to probe
networks and systems for security holes, and for intrusion-detection
systems (IDS), high-tech burglar alarms that alert IT administrators when
suspicious activity is detected.
In addition, vendors such as Cisco and Network Associates Inc. validated,
if not consolidated, the market through acquisitions earlier in the year.
"There's no question there was a high level of interest" in these
intrusion-detection tools, Forrester Research analyst Ted Julian said. IDS
may not have rolled off the assembly line as fast as firewalls did in
their first years on the market, but Julian expects a ramp up next year as
IDS matures.
The market for assessment and detection systems is projected to grow from
$50 million in 1997 to $100 million this year, according to the Aberdeen
Group.
Public-key infrastructures (PKI) also generated user interest, as vendors
such as Entrust Technologies Ltd. and VeriSign Inc. continued to spread
the digital certificate gospel.
PKI solutions are a set of security services including authentication,
encryption and certificate management usually provided by a certificate
authority. Digital certificates, a key component of a PKI, are electronic
signatures that verify that a person sending a secure message is actually
the sender.
"We've seen a lot more user interest in PKIs, but there's a difference in
interest and wide-scale deployment," Aberdeen Group analyst Eric
Hemmendinger said. "There was a lot of pilot work this year, which should
result in significant deployments in 1999," he said.
Julian, however, doesn't think there will be major deployments until 2000
and beyond. "There will be a much more gradual ramp up of PKIs, [compared
to] intrusion-detection systems," because the infrastructure needed to
support PKIs is more comprehensive, he said.
It was harder getting users to buy PKI solutions because their plates were
filled with Y2K problems or Gigabit Ethernet deployments, said William
Crowell, CEO of Cylink Corp. The U.S. Postal Service, for example, is
using that company's PKI technology to let users download postage from the
Internet.
Although more IT managers understand the importance of security, there
still is a need to educate CEOs and other senior executives, Crowell said.
Senior management needs a better sense of what the right level of security
is for their company, and how to get a better return on investment, he
said.
While the security market was hopping in 1998, the network and systems
market remained largely dormant from the IT manager's point of view.
During the year, vendors made many promises for service level management,
policy-based control and standards-based application integration, but very
few users actually deployed any of the new technologies.
Service level management, the process of measuring the performance of
specific network services or applications, was perhaps the most ballyhooed
idea of 1998, and one of the most disappointing. Although vendors
introduced scores of products tagged as service level management tools,
many IT managers could not deploy or even define the service level
management concept.
"I was just talking with my [management vendor] yesterday, and they still
don't think I understand service level agreements the way they do," said
Brian Seal, who is responsible for managing database systems for the
county of Henrico, Va. "There needs to be more clarity on what to monitor
and what the benefits are."
In a survey of 100 IT and network managers who read InternetWeek, 60
percent of respondents said they have a service level management plan in
place, according to Enterprise Management Associates, the consulting firm
that conducted the survey. Yet 21 percent of respondents could not define
the term.
"There are too many confusing messages coming from the vendors," said Rick
Sturm, a principal at Enterprise Management Associates. "Right now, [IT
managers] don't know what to do."
A similar confusion surrounds the notion of policy-based management, which
was touted throughout 1998 as the solution for managing switched networks
and IP quality of service (QoS). Although major vendors such as Cisco and
3Com launched policy management for their own hardware, only small
companies such as Ukiah Software Inc. and IPHighway Inc. have developed
multivendor tools for controlling QoS.
"IP networks don't behave rationally, they behave randomly," said Gordon
Smith, vice president of marketing at Ukiah. "But [IT managers] are
finding that a best-effort network is not going to cut it for
mission-critical applications."
Vendors also continued their struggle to integrate disparate management
applications. While enterprise management vendors such as Computer
Associates and Tivoli Systems Inc. offered some integration through their
broad-ranging frameworks, most other vendors focused on standards now
being developed by the Desktop Management Task Force.
In 1998, the DMTF accepted full responsibility for developing the Common
Information Model (CIM), which describes a standard method for storing and
transmitting management data, and Directory-Enabled Networking (DEN),
which describes a common method for linking directory data.
"The CIM standard is an important direction for us. But customers don't
have it right now," said Martin Neath, executive vice president at Tivoli,
a DMTF member. "DEN will also be an important part of the work that the
DMTF does, but it isn't all that well defined."
Such comments typify the discussion of network and systems management
issues in 1998. Many in the industry, especially IT managers, hope the
technology will become more concrete in 1999.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Dec 31 13:21:53 1998