The overlooked cost of hiring technologists expert in online security means that "The true costs of security are going through the roof," Eric Maass, a consultant to the banking industry, told a BS&T webcast this week. The Nov. 5 webcast will be available shortly at www.techweb.com/webcasts.
Maass, director of enterprise security solutions, with Lighthouse Security Group, a Lincoln, R.I., consultancy to the Defense Dept., banks, and other businesses, said, "Businesses are now hiring and certifying specific IT professionals singularly focused on security."
Compliance with regulations, alone, is huge, Maass said, noting, "the security specifications for individual standards each run to hundreds of pages. Developers, quite honestly, are not keeping up with them." He listed about a dozen such standards, including, for example, XACML, which stands for eXtensible Access Control Markup Language, and is used to ensure that only those authorized to use a particular system can gain access to it.
Akamai Technologies, the webcast sponsor, noted a big increase in security attacks this year. Through its 35,000 web servers, the Cambridge, Mass. firm deliver about 20 percent of Internet traffic.
Lighthouse's Maas, suggested its impossible for banks and others to keep up with hackers new waves of attack. "It's like a calculus limit: we're exponentially increasing our responses but never getting to our destination." Even with a single security standard, Maas said by the time it makes its way from a firm's CIO to its programmers it has become like "the telephone game" in which the message gets distorted.
Lighthouse has adapted a seven-year security project for Lockheed Martin, the Bethesda, Md., aerospace manufacturer, into a managed security services offering for sensitive applications, which are corralled from the general web environment, Maass said.
Lighthouse's bank clients include State Street Corp State Street, Boston, ($154.4 billion in assets) and Citizens Financial, Providence, R.I. ($162 billion in assets).