 he
cliché is that everything’s changed as a result of September 11th.
But like most cliches, it holds more than a grain of truth. On the
Internet, businesses are placing greater emphasis on protecting their
sites and the servers they reside on. Conversely, the U.S. government
and its agencies want to find easier access to the information on
these sites in order to thwart future acts of terrorism. What are
some of the trends to spot in this sector? NRO Financial asked several
technology experts for their prognoses.
Glenn
Reynolds, instapundit.com
You’re going to see a certain amount of bureaucratic opportunism
from Washington as a result of September 11th, but if people think
seriously about terrorism and the threats to infrastructure and
to e-commerce, they’re going to come to the conclusion that what
we probably need is a lot more encryption, rather than less.
We’re going
to come to realize in the next few weeks and months the extent to
which the cyber-infrastructure is vulnerable to attack, and encryption
turns out to be pretty important to protecting against that sort
of thing. The government has been hostile to the idea of encryption,
because they think of it as a lock that lets terrorists lock them
out. But I think we’re going to realize that it’s also like a lock
that can keep terrorists out, and there are a lot more things that
need to be locked up against terrorists than there is information
that terrorists might lock us out of.
I’m doubtful
that Carnivore [the FBI's e-mail surveillance tool] is going to
work, going forward. The real problem with e-mail and terrorists,
so far, was not that messeges were encrypted, and that authorities
couldn’t break it, it was that nobody was looking. Most of this
communication occurred in the clear, and if anybody had bothered
to look at these accounts, encryption wouldn’t have mattered. But
if anybody had known enough about these guys to be bothering to
look at their e-mail, we probably would have been arresting them
anyway.
— Reynolds is a law professor at the University of Tennessee
and host of instapundit.com.
Mark
Fernandes, Merrill Lynch
What’s really changed is that a company now has to go from being
defensive minded, to actually taking a more proactive role in security.
There are four or five main “buckets” of security where you’ll see
this trend developing.
Firewalls,
the biggest security category, used to be just gateways, and often
still are. Nowadays, the firewall can have an application that sits
on top of it, called a virtual private network, or VPN. A VPN is
basically an encrypted tunnel through a public network, and it requires
lots of encryption and authentication, just to give some idea of
how we’ve evolved from purely defensive measures, to enabling things
like two people being able to talk over a public network. This field
is pretty much dominated by Check Point Software Technologies, Inc.
(CHKP) and Cisco Systems (CSCO).
A second bucket
is intrusion detection service, or IDS, which basically means detecting
someone trying to hack into a network or server. This field is dominated
by Cisco and by a company called Internet Security Systems, Inc.
(ISSX). The third bucket is authentication, or simply identifying
yourself. Currently, 95% of authentication is done with passwords.
The 5% who want stronger technology use multiple methods, such as
secure ID, which is a token provided by RSA Security Inc. (NASDAQ:
RSAS).
The fourth
bucket is anti-virus. The main providers here include Network Associates,
Inc., Symantec Corporation, McAfee.com, Trend Micro, Inc., and some
smaller companies. Anti-virus has evolved from simply being a floppy
loaded into a PC to more proactive and different types of technologies.
We’re in very
strange times — we don’t know what the next three to six months
are going to hold. But if you’ve got a 12-to-24 month horizon, it’s
very clear that there are a few companies that are very well positioned
in this space. Check Point, for instance, is absolutely a dominant
player in the firewall and VPN space. ISS is a very good company,
but it had some trouble a quarter ago, struggled for a while, but
it’s gotten its act together. It’s done very well in the past couple
of weeks; they’ve almost returned to normal levels. Then there are
a whole bunch of players below them, in terms of size and critical
mass. Netegirity, Inc., RSA Security, and VeriSign, Inc., which
is a good company, but only a quarter of their business is security.
Investors
need to look for the right spots to buy these companies over the
next few years. There already is a lot more emphasis and awareness
on security, but I don’t think we’ve done much about it yet, and
I think that time will come.
— Fernandes is a software analyst for Merrill Lynch.
Wayne
Crews, CATO Institute
Companies have to secure their networks, and they’re getting better
and better at that. Over the decades ahead, I think you’ll even
see some companies setting up what amount to private internets.
For example, eKids Internet is a private internet that you surf,
but you can’t get there from here. You can’t go onto the Internet
and get on the eKids Internet, because it’s a separate internet
with its own servers and routers — you have to be a member
to use it. And of course, in a private, insulated network, there’s
a whole lot less risk of someone getting in there and damaging it.
Of course,
it helps that the Internet as a whole was originally designed to
withstand a nuclear attack. If you knock out a whole piece of it,
the traffic gets routed elsewhere.
— Crews is director of technology policy for the CATO Institute
|
