[Moderator: Here is yet another theme that keeps popping up that
 really needs to die. First IBM, now Gartner Group, claim that 
 they are stock full of "white hat" ethical hackers, while all these
 other companies are full of "grey" or "black" folks. Simple fact
 is, IBM hires a mix, and I would bet at least one or two of most
 major security companies have 'hackers' on staff, whether they 
 know it or not. Most 'hackers' I know can dress in shirt and tie
 and play corporate very well.]

Jo Pettitt
IT security companies are ripping off users, a senior security analyst from
Gartner Group has claimed.

Speaking at the Gartner Predicts conference in Paris this week, Helen Flynn
said security firms were promising more than they can deliver,
overcharging, and failing to meet users' needs.

Oh, but Gartner Group is different...

She said, "There are major shortcomings in most security products available
today. Suppliers tend to focus on the soundness of their products and their
functionality, all the bells and whistles.

"However, when users come to implement these products, they find they don't
match their requirements."

Flynn added that, owing to the drain on finances from year 2000 and
economic and monetary union work, companies did not have enough funds to
put effective security solutions in place.

"Worldwide, users are spending about 5%-8% of their IT budget on security.
If they actually wanted to achieve the same level of security they had in
the days of the mainframe, they would need to be spending 15%-25%."

Flynn added that security firms were not helping the situation. She said,
"There are too many individual products. It is too expensive for users to
buy every one; they need more integrated solutions."

All these factors, she said, were increasing users' vulnerability to what
she called "grey hackers".

"The high cost of products and lack of skills to develop better solutions
mean users are at the mercy of certain individuals who are cashing in on
the situation," she said.

"These individuals are highly technically skilled, and are offering their
services to firms looking for IT security services and checks. However,
they are also hackers."

And all hackers are evil and will not help, right?

Flynn predicted that the need for more integrated security products would
eventually drive down the number of IT security providers from about 1,000
firms today to fewer than 50 by 2003.