The Sept. 11 terror attacks changed corporation's perception of the value and importance of their data, including exposing a few myths, said Steve Faris, vice-president of marketing for Asia-Pacific at EMC Corporation.
According to recent industry surveys, corporations prior to Sept. 11 said 50 percent of their data was essential in case of an emergency recovery situation. After the attacks, business polled said 80 percent of data was essential for recovery, according to Faris at an IT forum by International Data Group.
EMC had many clients in New York's World Trade Center and Barron's Magazine recently called the company's replication software the "technology hero of the September catastrophe because of its key role in helping business resume operation quickly."
Among the lessons learned, corporations have come to realize that apart from under-estimating the value of their data for the survival of their business, they also need to have not two, but probably three recovery centers, Faris said.
"What Sept. 11 showed is that distance and location of your second site is key. Across the street isn't far enough," Faris said, nothing that many companies which had their recovery center in New Jersey were unable to get to it because all physical communications, like bridges and tunnels, had been closed.
"That's why you also need an automated restarting" in case you can't get to the second site, he added, pointing that this second site was now vulnerable to an outage.
Sept. 11 has also highlighted that relying on data stored on disk as a means of back-up can leave your company vulnerable, as access to disks and other methods can be restricted or eliminated.
However, while the industry absorbs the lessons of Sept. 11 and potential vulnerability, budgets have not been expanded. "Doing more with less" remains a motto for corporate executives in the current slowed economic climate, said Faris.
However, he argued that corporations could take many steps quickly without increasing their budgets by, for example, consolidating their data storage and back up.
Talking more generally about security, many conference participants agreed that more had to be done by corporations.
"There is still a lot of work that needs to be done (in terms of security) and it is a big issue for the industry, as well as regulators," said Tom Burns, director of Internet solution group in Asia-Pacific at Intel Semiconductor.
Steve Lowe, regional director for Asia Pacific at AT&T Business, said security was a very high priority for his company, especially at the level of its core network. "We are continuously testing ourselves on reliability, redundancy, survivability and robustness," he told the audience.
IDC estimates that in 2000, spending in security totaled $13 billion worldwide, with 50 percent in services, nearly 40 percent in software security and the rest in hardware.
Paul Mason, a research of infrastructure software at IDC, estimates that spending in anti-virus for software totaled $1.4 billion in 2000, while spending on firewall for hardware totaled $943 million
Mason said the security industry has a potential annual growth rate of 26 percent until 2005. Most of the spending growth will come from Asia-Pacific, which has been lagging behind in term of security spending, he said.