The industry reflects, looks ahead

By Staff, ZDNet Asia
Friday, March 14, 2008 06:39 PM

Andrew Namboka, chief technologist, Asia-Pacific, Nokia Enterprise Solutions

Andrew Namboka,
Nokia
Mobile access technologies need to provide confidentiality, to prevent unauthorized parties from eavesdropping or interpreting the transferred information. Secure links must be retained when the network changes.

Q: Name up to three security trends that IT heads should look out for in 2008.
Namboka: As information continues to move to the edge of the organization with deployment of business mobility, and more personal devices being brought into the business space, organizations are looking to strengthen their security measures around the perimeter and beyond.

The three key security trends that IT heads should look out for in 2008 include:
•  Being vigilant with Wi-Fi access. The convenience to access information using wireless does have its issues, due to their very openness. With no encryption or filtering protections for users, most public hotspots are easy prey for cyber criminals.

Hackers often lurk on public Wi-Fi nets, sniffing network traffic as it passes by for things like passwords, credit card numbers, or means of attacking devices that are using wireless. For example, they can also look for users who have turned on file sharing, and get direct access to the locally stored data. This can allow access to key corporate assets and put the organizations at serious risk.

Hence, network authentication is critical. Only authorized and authenticated users can be allowed to access information or corporate services. Mobile access technologies also need to provide confidentiality, to prevent unauthorized parties from eavesdropping or interpreting the transferred information. Secure links must be retained when the network changes.

Network authentication further defends organizations against a less well-publicized vulnerability, bandwidth robbing, which leads to genuine employees experiencing poor network connectivity service due to unauthorized Wi-Fi bandwidth usage.

•  The second is managing the disconnect, proactively. Mobility is a grass-roots development. Individuals have recognized the value of mobile access to data, e-mail and other applications when away from their desks, even if they are still on campus.

However, they are circumventing the IT department and adopting mobility personally. As such, it is likely that there are far more mobile devices in circulation in any organization than its IT department knows about. This means corporate data is daily walking out of the door with employees and regularly transferred on unsecured public networks. Furthermore, employees are accessing the corporate network with mobile devices that are not subject to corporate safeguards.

With device management, organizations can maintain total control of sensitive corporate data, synchronize user data, configure device settings, and install software applications remotely--all through a single, easy-to-use administrative console. In the event that a device is lost or stolen, a quick call to the IT department can help rectify the situation by immediately preventing any other user from accessing confidential information. Within moments, it is possible to delete email, PIM data, and other sensitive files, as well as wipe the device and restore the original factory settings.

•  Finally, preventing intrusions. In most organizations, the IT infrastructure is in a constant state of flux. From one month to the next, the changing number of network entry points in the form of wireless networks, new business ventures, mergers and acquisitions, collaborative web services for customers and suppliers, outsourced business processes and offshore partnerships, all represent an opportunity for compromise. As such, there is a need to detect and quarantine attacks and address vulnerabilities in real time without significantly degrading the performance of legitimate network traffic.

Intrusion prevention appliances can help to prioritize known threats dependent on their business impact with the minimum of human prevention and business disruption. These systems work on two principal levels: comparing network traffic with known threats; and passively scanning traffic to deduce information about the network from application behavior.

They work in real-time, rather than based on active timed scans, so they have a constant view of an organization's extended and virtual infrastructure. By aggregating and prioritizing event information from the sensors, the most critical events to an organization's business can be determined by comparing them with defined policies and appropriate actions then taken.

To combat the less predictable unknown threats such as those generally classed as zero day threats, a comprehensive threat management approach is required, to go beyond inline intrusion prevention defenses and to execute a co-ordinated threat response to distributed, unknown and unpredictable attacks leveled at network assets and resources.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.

Guest user

Guest user

Level: 
Joined: —
Already a member? Log in »



 

Loading...

Tech Jobs Now!

CodeGear extends the Borland legacy

Web Development

Discover what the CodeGear developers are working on.


Read more »



  • HPC Applications

    Ever wondered if High Performing Computing systems really matter in our day-to-day world? Let Dr David Scott from Intel take you a for quick tour on developing HPC applications.
    Play video


  • Maximize IT Spend: Business Acceleration

    How do you ensure your IT solutions are well integrated and streamlined across your enterprise? Rajen from Oracle highlights the important considerations ...
    Play video


  • HPC Architecture: Explained

    Why is High Performance Computing increasingly in demand in today's businesses? Find out which is the most widely deployed HPC architecture today.
    Play video

Tags

  1. bpo
  2. business
  3. china
  4. customers
  5. deal
  6. deals
  7. future
  8. green
  9. hp
  10. icahn
  11. ict
  12. india
  13. indian
  14. jobs
  15. microsoft
  16. microsoft-yahoo
  17. mobile
  18. offer
  19. outsourcing
  20. phones
  21. report
  22. services
  23. spore
  24. study
  25. tech
  26. technology
  27. tier
  28. unveils
  29. us
  30. yahoo

Has the Internet changed our core values?

Blog thumbnail

If you've been following this blog, you might remember that I'm a self-professed sufferer of a, erm, disorder I've come to call, privacy..... by Eileen Yu

Read more »