Glen Gooding, director of IBM's Institute for Advanced Security in Australia, said that it; “Would make the job of security advisors a little bit easier” if laws were in place obliging companies to disclose security breaches.
He’s in good company – earlier this week in an interview with the Financial Review, Timothy Pilgrim, the Australian Privacy Commissioner, again called for mandatory data breach notification laws to be introduced. In other jurisdictions enterprises are obliged to report security breaches – but Australian companies can often stay mum if they are hacked or data is compromised.
It’s an approach that can create a false sense of security. According to Mr Gooding Australian enterprises are just as vulnerable as international organisations.
And the ways in which companies can be targeted is on the increase according to Mr Gooding who said that simple perimeter security measures no longer offered sufficient protection.
Mr Gooding said that IBM’s acquisition of Q1 Labs a year ago had delivered the cornerstone of its security portfolio which tackled security issues associated with people, applications, data and infrastructure. The new security systems also position IBM to command a larger slice of the security solutions market which is expected to reach $US104 billion by 2015 according to Mr Gooding.
He said that internationally IBM had built up a team of 6,000 security professionals, although he was not able to say how many security professionals the company had on its books in Australia. The company launched its Security Systems division earlier this year.
Among the announcements today is an upgrade for the Guardium system which now provides real time monitoring for Hadoop based big data applications. Mr Gooding said that the company had some local users of the system, but was not able to name the early adopters.
The company has also announced other products including a mobile security framework to help manage mobile access, provide mobile applications protection and device control; a series of cloud focussed security tools; and new mainframe security systems.