As enterprises seek out ways to reduce IT costs, optimize resources and improve operational efficiencies, three technology trends have started to dominate: virtualization, service-oriented architecture and mobility. More promising yet is the intertwining of these unique technologies.
Some examples: Mercy Medical Center, in the US, is piloting virtual desktops rolled out on encrypted USB devices to its mobile doctors and residents. RedRoller, an online-shopping comparison service, created an SOA to connect its small-and-midsize business (SMB) customers to best pricing at shipping carriers -- a system that's likely to go virtual down the road. Delaware Electric, gives field workers with tablet PCs access to an SOA infrastructure.
What does this mean from a security perspective? It means myriad new layers of risk being created along the stack -- all of which must be securely deployed and managed. "We're talking layers and layers you need to pay attention to, both in isolation and also where they're mixing up with unexpected interactions," says Dennis Moreau, CTO of Configuresoft, a configuration management company.
Take the virtual machine environment. This environment comprises a virtual machine manager (VMM) or hypervisor that's shimmed between the kernel and the host operating system to create a layer of layers, or as some call it, a "virtual stack." In that stack are the hypervisor and guest layers that call among themselves and cannot be monitored by most of today's tools.
"There's a whole series of security dilemmas IT professionals are facing with these new technologies," says M. Victor Janulaitis, CEO of Janco Associates, an IT and business analysis firm. "The most prevalent problems are change management and version control, all the way to the cellular phones," he says.
Best practices, standards and tools are emerging, but they're mostly piecemeal, open to interpretation and incomplete in their coverage. Today that makes comprehensive management of any of these technologies problematic.
In its annual security report, Cisco outlines likely attacks against virtualization, SOA and mobility infrastructures. Here are some excerpts:
On SOA: Malware attacks exploiting application vulnerabilities will grow and become more significant during the next several years. Expect more sophisticated attacks from professional attackers. Organizations probably will see an increasing number of infected systems attempting to access protected networks.
On virtualization: Malware rootkits that execute entirely in system memory emerged during 2007. As average RAM size continues to increase, such strategies probably will grow in popularity.
On mobility: The huge increase during the past year in the use of multipurpose smart phones, such as Apple's iPhone, means there are more mobile devices with fully functional operating systems in use than ever before. Future mobile malware will take advantage of the richer capabilities of these operating systems. Expect future mobile-malware attacks to propagate via mobile e-mail, Short Message Service, Wi-Fi, and instant messaging applications.
More malware will target portable media and gaming devices. As more users take advantage of growing storage capacity in iPods and other flash media to store sensitive business information, expect attackers to target these devices.
Across all three technologies: Expect more multiplatform attacks.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Strategies for Eliminating .PST Files
Achieving the impossible: Unlimited application scalability
The state of Middleware
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Email Archiving 101—Customer Case Study
CRM your salespeople will love
Email Archiving Implementation: Five Costly Mistakes to Avoid
Discover the advantages of an open architecture multi-vendor network solution
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 2008-12-05 16:00:00+11
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 2008-12-05 15:52:00+11
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
Taking On Demand CRM Integration to the Next Level
Discover the current integration challenges facing businesses attempting to deploy on demand CRM systems. Learn how to create comprehensive integration of your data, user interface and business process levels and transform a portfolio of disparate applications into a unified, virtual application suite.
Buying Guides
Buying Guides
