Gartner Debunks Over-Hyped Security Threats

TPIRman writes "At Gartner's recent IT Security Summit, the research company's analysts identified five over-hyped security concerns. Among the supposed FUD are mobile malware, unsafe VoIP, and cracker-friendly wireless hotspots. Gartner, which has made a name for itself tracking hype, claims that irrational anxiety is holding back technologies that offer benefits greater than their security risks. A Techworld columnist argues, though, that Gartner is sending mixed messages."

"cracker-friendly wireless hotspots" ??

[RobotRunAmok]

And the hotspots less sympathetic to our racist neighbors south of the Mason-Dixon line? These are somehow more secure?

I'm so confused...

Gartner, debunk yourself

[Gothmolly]

From the department of wishful thinking:
Gartner, please debunk yourself as anything other than a PHB-opinion-bolstering old boys club. I battle the Powers That Be here constantly - any proposal is met with "well what does Gartner say about it?". Take your magic quadrant, and... well, you know.
If everyone waits for everyone else's opinion before they can make a decision, no wonder we have organizations with forms to change forms, where Dilbert stories are all true, and employees read Slashdot all day instead of working (because 50% of their projects won't go anywhere, and the other 50% of their projects are pending some approval process or another).

Gartner is just a multiplicity of Dvoraks, all groupthinking what the Next Big Thing is.

Warhol

[MECC]

A "Warhol Worm" is a worm that infects all
vulnerable machines on the Internet within 15 minutes.

Warhol must be a new spelling for Windows...

Re:Trust Gartner?

[AnonymousKev]

I have to agree, Mr. Pants. My previous employer paid the Gartner Group to research a particular subject. Their report indicated that our product was the best possible way of doing business. The next round of brochures had "Gartner Group reports indicate ..." in big bold letters. Six months and $26 million later, the company was sold for pennies on the dollar. Not just a miss, but a miss-by-a-mile.

Since then, anytime I see "Gartner Group" in print, my brain replaces it with "information prostitutes".

Depends on what you have to protect

[udderly]

I did not RTA, but it seems to me that your degree of paranoia should be relative to the importance of what you're protecting.

For instance, I don't use wireless on my work network because I have a lot of confidential client information to protect. But at home I like the convenience of being able to roam the house and yard.

Benefits of Technology?

[ThosLives]

The summary and article talk about

...holding back technologies that offer benefits greater than their security risks...

This leads to the question, "What do you mean by benefits of technology?"

This is actually a good question, especially in light of the security risk question. I think the only way to evaluate benefits of technology is to look at how much a technology reduces the cost of living and/or how much it improves quality of living. For instance, a plow greatly reduced the cost of living for farmers - they now had to spend less time plowing for a given amount of production. The invention of air conditioning increased quality of living quite a bit. It's a little more difficult to measure just what having VOIP, for instance, gives us. VOIP doesn't really reduce the cost of living, and it really doesn't improve the quality of living compared to POTS. Perhaps it does slightly reduce the costs, if VOIP is less expensive than POTS, because that means VOIP users spend less of their "time" paying for communications.

The risks need to be weighed against the benefit though. For instance, there's a greater risk of getting injured by a plow than by digging things by hand, but the benefit is huge. The way I think things should be examined is what is the added risk for added benefit?

My personal assessment is that VOIP or wireless hotspots, or whatever, are not going to improve my life quality over what it is now, nor will they reduce my cost of living significantly. So, if there is *any* added security risk, it's not even in my consideration.

The Pot Calling The Kettle Black

[Old+VMS+Junkie]

Over-hyped? Garntner makes their living on hype generation. This is just another attempt at getting more people to subscribe to Gartner reports.

Overhyped == "Hasn't happened to me Yet"

[GGardner]

I guess this is the definition of overhyped?

Gartner is bad. Their security summit is worse

[GodBlessTexas]

Last year, the only security training my company's Infosec director and manager took was to Gartner's Security Conference, but only because they paid for everything including travel and hotel costs because attendance is always low. When my boss got back, and she's not exactly a security expert by any sense of the word, she said it was horrible. That says a lot coming from someone as ignorant of security as her. She said people would show up, the presentations would start, and over the next hour or so people would file out the doors and never return. She said the rooms ended up being less thant 10% full by the end of the talks because no one wanted to hear them.

This company, which I left recently, based all of their decisions on Gartner's Magic Quadrant. Of course, it was always funny doing the conference calls with their analysts to discuss technologies we were interested in, and they could never go beyond the script they had prepared for the call. When my boss wanted to buy some form of HIDS, they basically did a call on why we should purchase Symantec's new product over Symantec's older product. Nevermind that there were better products from their own literature. The guy couldn't answer any question about the product that wasn't on the literature he'd sent or was reading from. It was depressing, because his opinion mattered more to my management than the opinions of those who would be using and monitoring the software and knew what our requirements were.