IT Sec Spending Ratios

Little luck so far finding a ratio. Well, there is a Gartner report that they want $5K for that might have that figure...

http://www3.gartner.com/1_researchanalysis/focus/security2002.html

And I found these:

• http://www.computerworld.com/securitytopics/security/story/0,10801,62002,00.html
• http://www.landfield.com/isn/mail-archive/2001/Jun/0051.html

This is interesting:

Only 0.4% of a company’s revenue, on average, is dedicated to information security in the U.S. By 2011, however, that figure will accelerate tenfold to 4% of revenue for U.S. companies, according to Gartner Inc.’s total cost of ownership model for information security.

AT&T Managed Instant Messenger

The AT&T MIM offering appears to be a managed Jabber server, hosted on an AT&T server in their Internet facility, using an AT&T branded version of the commercial JIM client.

The AT&T pricing appears reasonable (compared to the software license quotes we have from Jabber). The AT&T offering appears to be for a "virtual server", where different customers share not only the same hardware, but also the same Jabber server instance. This presents security and performance issues.

Many of the key benefits of corporate IM are derived from hosting the messaging server(s) in-house (LDAP integration, security, reliability, etc). Outsourced IM service hosted on the Internet negates many of these benefits.

Adtran "sbox" vs Check Point SMB

We have not received the Adtran unit for evaluation. This week I am finishing evaluation of PIX, Nortel, and two AT&T products (one of which we have proven to have serious security exposures), and we need to make our decision very soon.

We have serious qualms about the security of any Check Point product, but we realize that a SOHO box is not going to provide "perfect" security. It appears that the Safe@Office is the minimum configuration for our purposes.