Worrying About The Next Big Thing

It's probably both a good and bad thing that outbreaks like the Mydoom virus really don't worry top IT professionals anymore. Bad, because these things are happening so often now nobody's surprised. But that's also part of the Good, because IT pros are quickly learning how to protect their installations against such attacks, deploying defenses ahead of time and educating users on how to help keep client devices up to date.

What does keep IT types awake at night (besides having to present budget reports to the board of directors) is wondering what the next big bad thing is going to be. Whenever it hits, according to some top CIOs at the Comnet show in Washington, enterprises are likely to be more on their own than not, since anti-virus and anti-spam software and hardware isn't as robust as they'd like it to be.

Bob Gayley, chief information officer at Amtrak, told an audience here Tuesday that relying on security software firms is increasingly less of an option. "The time you have to react [to attacks] has gone down massively," Gayley said. "It's minutes now, not hours. And the virus protection firms need 13 hours [to craft a response]."

Both Gayley and David Swartz, CIO for information systems and services for The George Washington University, said they'd like to see more power in security applications and in connectivity services, rather than having to do all the heavy lifting in-house.

"The things we do manually [with security software], have to be automatic," Swartz said. "Those capabilities don't exist today. The programs should [be able to] auto-isolate, and quarantine. That's not working today."Gayley said he wants to see such features delivered as services.

"We don't want these [security] products," he said. "They should be in the network. The U.S. economy would be a lot better if the big broadband companies would deal with it there. At Amtrak, we spend well over $1 million a year on things that have nothing to do with our business."

Even though I'm sure that this missive will spark a series of press-release rebuttals (I've already received one PR pitch from a company who wants to talk about how its users avoided Mydoom woes), from the sounds of it the security products aren't passing muster yet where it counts, with the users. In a keynote speech here Wednesday, longtime industry observer, analyst and investor Howard Anderson noted the recent attention to things like controlling spam, citing Bill Gates' recent pledge to offer more support via Microsoft products.

The reality, Anderson said, is that "this stuff is not quite ready yet." Anyone who takes a two-week vacation, Anderson said, knows what he means.

"By the time you get back, you have so much spam that it's almost easier to quit your company and rejoin than it is to read and delete all that email," he said.