IT professionals call for more checks and balances...
By Sally Watson
Published: 30 January 2002 17:45 GMT
IT professionals think security vendors should be regulated to prevent "negligent and irresponsible" project implementation.
According to a survey, sponsored by PKI specialist Indicii Salus, 68 per cent of respondents felt encryption companies were behaving irresponsibly by allowing anyone to download their software.
Relative novices can then use the technology without fully understanding it, thereby jeopardising the security of the companies employing their services.
A similar number of respondents felt an independent body should be set up by the government and industry to monitor the purchase and use of encryption technology.
Paran Chandraekaran, chief executive of Indicii Salus, said that people in the IT industry are angry with the top management consultancies in particular for offering 'slapdash' security advice.
"You can't just box security up and shove it out to Joe Public," he told silicon.com.
In one example, Chandraekaran came across a 26-year-old consultant with three months information security training who had been sent to a FTSE 250 company to implement a £1.2m European rollout.
"It beggars belief that you can irresponsibly sell this kind of business and mission critical kit," he added.
According to Chandraekaran, problems occur particularly after PKI technology has been rolled out across a large organisation, leaving encryption keys stored on the desktop vulnerable to spoofing and copying.
"Until we get to be more responsible about weeding out irresponsible vendors then we're putting our businesses and infrastructures at risk," he said.
Fred Piper, a professor at the University of London, agreed that the situation for companies wanting to buy security technology wasn't clear.
"There are obviously problems," he said. "Many people are making exaggerated claims for PKI."
The DTI is expected to release the findings of a study into the information security industry in the next few weeks which could lead to security professionals being licensed under the Private Security Industry Act.
Consultancy skills within large scale client environments - Design & implementation of large-scale / high-throughput complex messaging architectures, ...
JOB TITLE: UK Sales Executive-Disk Encryption & Data Protection Sales SELLING: Disk Encryption and Data Protection SELLING TO: Enterprise and Mid ...
Systems/Engineering background working in the field of systems/ software development including security architecture before operating successfully as ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Power Solutions Article: High-Availability Virtualization with Dell EqualLogic Arrays...
Power Solutions Article:Â Power Solutions Article: Getting Started with Microsoft...
Customer Case Study:Â A L Filters
Solution Brief: Dell Equalogic PS Series Can Offer Robust, High-Availability Infrastructure...
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Naked CIO Naked CIO: Social networks are useless for finding a job 'Quantity over quality' approach poisoning professional networks
Peter Cochrane Peter Cochrane's Blog: Uneconomics We must move away from short-termism to prevent next economic crisis