Worldwide IT spending should top $3.4 trillion in 2008, up 8 percent from 2007, research firm Gartner is predicting.But much of that growth is due to the decline in the U.S. dollar. When adjusted for currency issues, worldwide spending is predicted to grow only 4.5 percent.

Software spending and IT services are expected to see the biggest gain, up 10 percent and 9.4 percent respectively in 2008.Analysts attributed some of the software growth to replacement cycles, but noted that "the replacement of systems does not automatically equate to new software market growth."

"Software as a service/cloud computing, service-oriented architecture/Web 2.0, and open-source software are causing huge changes to the software market," wrote Joanne Correia, managing vice president at Gartner in a research note. "Many of these factors are impacting market growth as enterprises replace assets with per-use services."

Hardware spending is expected to rise 7 percent in 2008, thanks to strong Asia/Pacific and Western Europe sales and a global shift to mobile computers.

Cloud computing is all the rage. "It's become the phrase du jour," says Gartner senior analyst Ben Pring, echoing many of his peers. The problem is that (as with Web 2.0) everyone seems to have a different definition.

As a metaphor for the Internet, "the cloud" is a familiar cliché, but when combined with "computing," the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers available over the Internet. Others go very broad, arguing anything you consume outside the firewall is "in the cloud," including conventional outsourcing.

Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT's existing capabilities.

Cloud computing is at an early stage, with a motley crew of providers large and small delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Yes, utility-style infrastructure providers are part of the mix, but so are SaaS (software as a service) providers such as Salesforce.com. Today, for the most part, IT must plug into cloud-based services individually, but cloud computing aggregators and integrators are already emerging.

• Attempts to Gain Access through Existing Accounts
• Failed File or Resource Access Attempts
• Unauthorized Changes to Users,Groups and Services
• Systems Most Vulnerable to Attack
• Suspicious or Unauthorized Network Traffic Patterns

While information security has became the most important aspect for any form of business process, the mushrooming of vendors in the space of security management tools has also became a noticeable aspect. Even in today’s financially tough phase, security infrastructure is one such priority of users that has shown resistance.

 There are certain security tools which security managers have patronized over a past couple of years. Among them UTM appliance is one. Factors like low cost of UTM solution coupled with the ease of deployment make it more popular among the SMBs.

 While UTM vendors claim that it takes off the pain of managing security by controlling multiple security tools like firewalls, spam filtering, etc, there are a few security managers who are not happy with the performance aspect of this swiss-knife approach to security. The only reason for such an experience is their lack of planning and weak pre-deployment process of the UTM appliance. To avoid this kind of experience, security managers should take a systematic approach while shopping around for an UTM. This systematic approach entails a complete understanding of what these solutions can do and what they actually want from their UTM. This sounds very easy, but if ignored, it could change the entire deployment experience.

 Network security is no longer just about keeping viruses, worms and other threats at bay. In an era of highly complex and blended threats, organisations have a very short window of time to respond to threats before it bring down network, leak critical data and tarnish the reputation beyond repair. Therefore, the decision to deploy an UTM should be well informed and thought out.

So what should you be really looking for while deploying an UTM for your infrastructure? To start with, security managers should look at getting a complete integrated solution that should have firewall, VPN, gateway anti-virus and anti-spyware, gateway anti-spam, intrusion prevention system, content filtering, as well as bandwidth management and multiple link management – all over a single platform. Organisations can choose and zero in on the best productivity and security features that match their needs.

 In a scenario where mainly threats are from internal than external, centralized reporting and management also become vital features that security administrators should look for in an UTM solution. Organisations with branch offices and remote locations need to maintain the same levels of security in these locations as the central office. While the threats faced by these locations are at the same level as the central office, organizations need to maintain high security while keeping expenses under control.

 The standard advice is to choose a UTM solution that meets your security needs. There is a raft of solutions in the market that claims to defend against a variety of threats. It becomes essential for enterprises to judge “Critical Impact Value” of a particular threat and the corresponding ROI from the appliance. However, that will differ from organisation to organisation as there are significant differences between verticals in terms of business pain points and drivers and concerns for deployment in a particular security. For example in educational institutes the UTM suite of features must include the Content filtering which effectively fulfils the need to shield young minds from viewing unwarranted and malafide content on the net. Similarly, for segments like government and defence there is a pressing need to protect sensitive data and the inclusion of IDP is in the feature suite is a must.

 While talking of these many points, getting proper post sales support from the vendor is also very critical for a successful deployment. Yes, in the UTM deployment there is a need to check vendor credibility over the issue of a support as well because security devoid of good support is bad choice. The vendor support system should be able to rapidly scale its support capabilities in step with the growth of their customer base. Only then customer satisfaction and responsiveness will be effectively addressed and by reducing business impact due to incidents through quick resolution time.

Selecting an Enterprise Firewall - Click here

SCADA, the control systems for such infrastructure services as water and energy, has us worried whenever critical infrastructure defense is mentioned. Why, then, is it the most insecure industry on the planet?

SCADA security is as crucial as ever today with cyberattacks on the rise, including those that are apparently state-sponsored. And without contest, SCADA is a major target, with the most potential damage to the economy and to daily life.

Many efforts are in the works to increase the security of SCADA systems, but I do not see any measurable results. Lack of security processes, such as secure coding, auditing, and modern patch distribution systems, are some examples, but the most telling one is how SCADA vendors treat software vulnerabilities.

SCADA security vulnerability-handling is a sham as it stands today. In the 1990s, Bugtraq and other forums introduced the concept of openly releasing vulnerability information on products from IT vendors in full disclosure. Ten years later, many of these vendors acknowledge reports, work with researchers to solve the issues, and provide their clients with relevant information and patches in a timely fashion. Today many software vendors act responsibly, and full disclosure has mostly become a matter of choice.

This model may not work with SCADA, however. How do you release information when a SCADA vendor will not patch the vulnerability? Misuse can seriously damage civilian infrastructure.

Full disclosure is a public-shaming technique. Perhaps another sort of public shaming could be introduced?

One idea is to create a centralized reporting Website where SCADA vulnerabilities are tracked (with whatever information can be made public), and the vendors can be called out for their slow response and patching time.

SCADA operators say taking a plant offline is unacceptable. In my opinion, the threat is serious enough to make security top priority. If it were a priority, then SCADA systems would be designed so that patching can be done without a shutdown.

Unless an alternative is found, I will soon be of the opinion that for us to be safe two or even 20 years in the future -- when the world is even more connected -- public shaming on SCADA system vulnerabilities is the only alternative to waking up to a digital 9/11 or Pearl Harbor.