[Moderator: Here is yet another theme that keeps popping up that really needs to die. First IBM, now Gartner Group, claim that they are stock full of "white hat" ethical hackers, while all these other companies are full of "grey" or "black" folks. Simple fact is, IBM hires a mix, and I would bet at least one or two of most major security companies have 'hackers' on staff, whether they know it or not. Most 'hackers' I know can dress in shirt and tie and play corporate very well.] 23Apr98 UK: UNSCRUPULOUS SECURITY FIRMS PREY ON UNSUSPECTING USERS. Jo Pettitt IT security companies are ripping off users, a senior security analyst from Gartner Group has claimed. Speaking at the Gartner Predicts conference in Paris this week, Helen Flynn said security firms were promising more than they can deliver, overcharging, and failing to meet users' needs. Oh, but Gartner Group is different... She said, "There are major shortcomings in most security products available today. Suppliers tend to focus on the soundness of their products and their functionality, all the bells and whistles. "However, when users come to implement these products, they find they don't match their requirements." Flynn added that, owing to the drain on finances from year 2000 and economic and monetary union work, companies did not have enough funds to put effective security solutions in place. "Worldwide, users are spending about 5%-8% of their IT budget on security. If they actually wanted to achieve the same level of security they had in the days of the mainframe, they would need to be spending 15%-25%." Flynn added that security firms were not helping the situation. She said, "There are too many individual products. It is too expensive for users to buy every one; they need more integrated solutions." All these factors, she said, were increasing users' vulnerability to what she called "grey hackers". "The high cost of products and lack of skills to develop better solutions mean users are at the mercy of certain individuals who are cashing in on the situation," she said. "These individuals are highly technically skilled, and are offering their services to firms looking for IT security services and checks. However, they are also hackers." And all hackers are evil and will not help, right? Flynn predicted that the need for more integrated security products would eventually drive down the number of IT security providers from about 1,000 firms today to fewer than 50 by 2003. COMPUTER WEEKLY 23/04/98 P4