The frequency and intensity of leading indicators for widespread regulation of the IT industry are increasing, but many vendors and most corporate IT organisations are unprepared to meet the requirements that regulated IT will likely impose on their processes and procedures, according to Gartner, Inc.
"Three years ago Gartner published research predicting that either catastrophe from IT failure, or a continuing history of lower-level failures would provoke either a governmental regulation or industry self-regulation of IT products and services in the US by 2015 and in the European Union by 2015 to 2018," said Richard Hunter, vice president and distinguished analyst at Gartner. "Although the exact date of arrival for regulation is difficult to predict, we believe that, in recent months, the tempo and intensity of the indications of such an event have increased."
Mr Hunter said several recent articles describing the growth and scale of criminal hacking networks aimed at governmental and industry targets, as well as recent statements by representatives of the US and UK governments, indicate that the state of IT security is now viewed as unacceptably dangerous. Mr Hunter also referred to the emphasis that US President Barack Obama has placed on the importance of cyber technology and security in his appointments and public comments.
In addition, healthcare industry representatives have asked the Obama administration to hold software vendors liable for failures resulting from implementation of administrative software mandated by the US federal government by 2014. Elsewhere, corporate customers are filing litigation against their IT providers with greater frequency.
The rise of social networks such as Facebook, MySpace and Twitter have generated increased concern over the extent to which personal data and the safety of minors are threatened by criminals using these networks to gain access to potential victims.
"All these events are taking place within a global climate that is shifting towards regulation on many fronts," said Mr Hunter. "As a result of the economic crisis, the social environment is considerably less trusting and secure. The public is wary of cascading risks and would seem to be supportive of legislation and litigation aimed at reducing those risks, including those posed by IT."
While neither supporting nor opposing regulation of IT, Gartner considers it increasingly likely and thinks it is probable that the EU will take formal steps to establish a regime for regulation of consumer-oriented IT products and services as early as 2011. Given the increasing likelihood of this scenario, Gartner advises IT vendors, service providers and user organiations to consider the implications of the regulation of IT on their businesses.
Mr Hunter said software vendors need to be aware that increased liability will drive generic software out of the market, and they should prepare for transparency and product/price differentiation based on quality and certified fitness for purpose. IT service providers should do the same and mitigate risks by incorporating strong documentation, audit right provisions and legal compliance terminology into outsourcing deals.
Corporate technology users are likely to benefit from regulation in terms of clearly understanding the functions and features they buy but should be aware that they cannot outsource regulatory compliance. They should consider whether the liabilities applied to vendors will apply to them as well, and consider whether the enterprise is prepared to manage its processes to regulatory requirements.
Additional information is available in the Gartner report "Childhood Ends: The Signs Are Clearer." The report is available on Gartner's website at http://www.gartner.com/....
"Three years ago Gartner published research predicting that either catastrophe from IT failure, or a continuing history of lower-level failures would provoke either a governmental regulation or industry self-regulation of IT products and services in the US by 2015 and in the European Union by 2015 to 2018," said Richard Hunter, vice president and distinguished analyst at Gartner. "Although the exact date of arrival for regulation is difficult to predict, we believe that, in recent months, the tempo and intensity of the indications of such an event have increased."
Mr Hunter said several recent articles describing the growth and scale of criminal hacking networks aimed at governmental and industry targets, as well as recent statements by representatives of the US and UK governments, indicate that the state of IT security is now viewed as unacceptably dangerous. Mr Hunter also referred to the emphasis that US President Barack Obama has placed on the importance of cyber technology and security in his appointments and public comments.
In addition, healthcare industry representatives have asked the Obama administration to hold software vendors liable for failures resulting from implementation of administrative software mandated by the US federal government by 2014. Elsewhere, corporate customers are filing litigation against their IT providers with greater frequency.
The rise of social networks such as Facebook, MySpace and Twitter have generated increased concern over the extent to which personal data and the safety of minors are threatened by criminals using these networks to gain access to potential victims.
"All these events are taking place within a global climate that is shifting towards regulation on many fronts," said Mr Hunter. "As a result of the economic crisis, the social environment is considerably less trusting and secure. The public is wary of cascading risks and would seem to be supportive of legislation and litigation aimed at reducing those risks, including those posed by IT."
While neither supporting nor opposing regulation of IT, Gartner considers it increasingly likely and thinks it is probable that the EU will take formal steps to establish a regime for regulation of consumer-oriented IT products and services as early as 2011. Given the increasing likelihood of this scenario, Gartner advises IT vendors, service providers and user organiations to consider the implications of the regulation of IT on their businesses.
Mr Hunter said software vendors need to be aware that increased liability will drive generic software out of the market, and they should prepare for transparency and product/price differentiation based on quality and certified fitness for purpose. IT service providers should do the same and mitigate risks by incorporating strong documentation, audit right provisions and legal compliance terminology into outsourcing deals.
Corporate technology users are likely to benefit from regulation in terms of clearly understanding the functions and features they buy but should be aware that they cannot outsource regulatory compliance. They should consider whether the liabilities applied to vendors will apply to them as well, and consider whether the enterprise is prepared to manage its processes to regulatory requirements.
Additional information is available in the Gartner report "Childhood Ends: The Signs Are Clearer." The report is available on Gartner's website at http://www.gartner.com/....
