By Tom Espiner
Wednesday, October 29 2008 09:06 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,62047695,00.htm

Companies that pursue new IT strategies to cost cuts in the economic downturn could put their corporate security at risk, experts have warned.

Speaking at a press event at the RSA Conference Europe 2008 in London on Monday, the conference's chief security strategist, Tim Mather, warned businesses about the use of untested technologies.

"Some companies will be pushed to implement insecure technologies to lower costs," Mather said.

Microsoft's U.K. security adviser, Ed Gibson, also appearing at the event, said that "security will suffer if people take their eye off the ball".

Mather noted that relatively new technologies do not have "security maturity". He mentioned technologies such as VoIP between enterprises, virtualization and cloud computing, which, he said, increase the risk of systems compromise. "VoIP has been widely implemented, but within the enterprise, not between enterprises," Mather noted.

Mather highlighted the new parameters that need to be considered with virtualization. "There's a question of how you can assume the security of virtual systems", he said.

Another speaker, Ben Jun, vice president of technology at Cryptography Research, said that, while the technologies may be fairly well established, the security around them had not been fully tested.

"It's a maturity effort," said Jun. "We're not there yet, in spite of virtualization not being new."

Jun said that virtualization companies were addressing the issue, and cited VMware launching its VMsafe API earlier this year as an example. VMsafe allows accredited third parties to develop applications which interact with VMware software.

"While VMware has launched VMsafe, the security maturity of virtualization is not as high as we would like it to be," said Jun.

VMware had not responded to a request for comment at the time of writing.