Companies that pursue new IT strategies to cost cuts in the economic downturn could put their corporate security at risk, experts have warned.
Speaking at a press event at the RSA Conference Europe 2008 in London on Monday, the conference's chief security strategist, Tim Mather, warned businesses about the use of untested technologies.
"Some companies will be pushed to implement insecure technologies to lower costs," Mather said.
Microsoft's U.K. security adviser, Ed Gibson, also appearing at the event, said that "security will suffer if people take their eye off the ball".
Mather noted that relatively new technologies do not have "security maturity". He mentioned technologies such as VoIP between enterprises, virtualization and cloud computing, which, he said, increase the risk of systems compromise. "VoIP has been widely implemented, but within the enterprise, not between enterprises," Mather noted.
Mather highlighted the new parameters that need to be considered with virtualization. "There's a question of how you can assume the security of virtual systems", he said.
Another speaker, Ben Jun, vice president of technology at Cryptography Research, said that, while the technologies may be fairly well established, the security around them had not been fully tested.
"It's a maturity effort," said Jun. "We're not there yet, in spite of virtualization not being new."
Jun said that virtualization companies were addressing the issue, and cited VMware launching its VMsafe API earlier this year as an example. VMsafe allows accredited third parties to develop applications which interact with VMware software.
"While VMware has launched VMsafe, the security maturity of virtualization is not as high as we would like it to be," said Jun.
VMware had not responded to a request for comment at the time of writing.
Play video
Cloud Computing and Corporate Culpability
Re: Cloud Computing Security Risks and Accountability for Loss of Data, Breach of Privacy and Other Violations
I am not a lawyer. I don't play one on television. And after my last divorce, I have no motivation to further enrich any member of the legal profession. Nevertheless, my first and best advice to any American business executive considering "cloud computing", "SaaS" or "PaaS" as cost-cutting solutions in recessionary times is GET THEE TO AN ATTORNEY!
Regardless of who wins the White House next Tuesday--Oblabla and the Mouth, or Geezer and Gidget--and no matter what remuda of Republocrats controls our Congress thereafter, the recently exposed excesses of Wall Street's Bonus Buccaneer CEOs guarantee increased scrutiny and accountability for executives at all levels and in all arenas, including and perhaps especially that of the CIO. In such a charged political environment, any harm, damage, loss or breach of HIPAA or other privacy mandates attributable to corporate decisions to outsource sensitive information for bottom-line benefit is likely to have repercussions that go far beyond reversing any perceived savings. And when time comes for the ax to fall in the boardroom--or worse, the gavel in the courtroom--rest assured that your cries to blame the Data Manager in Mumbai will fall on deaf ears.
Bruce Arnold, Miami Web Designer
WebDesignMiami.PervasivePersuasion.com
Posted by MiamiWebDesigner on Thursday, October 30 2008 11:57 PM