Unqualified providers try to jump into IT security projects
Printer-friendly version Email this CRN article
Increased IT security spending by the federal government has sparked a gold rush that's attracting unqualified security companies, solution providers say.
With technology budgets tight in the commercial sector, some security providers are eyeing the big dollars that the government is shelling out for data and systems security, said Barry Stauffer, CEO of Corbett Technologies, an Alexandria, Va., solution provider that primarily serves federal customers. "People are now turning to government security work as a panacea," he said. "They're exaggerating credentials to get in on the show."
Federal agencies are expected to spend $4.1 billion a year on IT security by 2006, up from $1.3 billion in 2001, according to research firm Input.
Bruce Tucker, president of Patriot Technologies, a Frederick, Md.-based security services firm, said he's seeing an influx of traditional networking integrators trying to jump into federal IT security projects. "Security isn't just hooking up a box. It's working with the client to develop policies and procedures," Tucker said.
In situations where network assets have been threatened, "there's no substitute for hands-on experience," said Gary Lynch, vice president of commercial information assurance at Booz Allen Hamilton, a McLean, Va.-based IT consulting firm.
For its part, the federal government has launched the National Information Assurance Partnership, which is developing a program that gauges the security qualifications of consulting firms and solution providers hired to conduct system certifications for federal agencies. NIAP is a joint initiative of the National Institute of Standards and Technology and the National Security Agency.
NIAP Director Ron Ross said the first objective is to create uniform system certification guidelines for federal entities, which currently use several different procedures. Eventually, NIAP will devise tests that technology providers will have to take to prove that they have the expertise to perform such certifications, he said.