BANGALORE, INDIA: In the current economic slump, enterprises - both big and small - are looking for unconventional methods to cut costs and lower expenditure on necessities. Hardware consolidation, power reduction, decreased space and cooling requirements and reduced IT staff time and other methods are being implemented.

In the scenario of cost cutting, organizations often forget to take "security" into measure. In an interview with CIOL, Murtaza Bhatia, National Manager, Professional Services Security & iBOSS for Datacraft India Ltd., says that managers need to be wary of threats to their virtual data and also to their physical machines.

Excerpts:

CIOL: What  are the top technologies that are going to make an impact on the SMB sector during 2009 ?

Murtaza Bhatia: The top five technologies that will cater to the needs of SMBs in 2009 are:

1.Data Leakage Prevention (DLP) - At first glance, the problem of data leakage prevention seems overwhelming. But with a few commercially available tools, leakage can be tamed, whether online, through the Web or by storage device.

2.Virtualization – Much of the current buzz is focused on server virtualization, but virtualization in storage and client devices is also moving rapidly. Virtualization to eliminate duplicate copies of data on the real storage devices while maintaining the illusion to the accessing systems that the files are as originally stored (data reduplication) can significantly decrease the cost of storage devices and media to hold information.

3.Green IT - Green IT is one of the fastest-growing initiatives in the industry. Green IT is not just an earth-friendly solution, it is also a competitive technology for profitable business. Reduce costs are earned costs.

4.Network Admission Control (NAC) - refers to Cisco's version of Network Access Control, which restricts access to the network based on identity or security posture. When a network device (switch, router, access point, DHCP server, etc) is configured for NAC, it can force user or machine authentication prior to granting access to the network. In addition, guest access can be granted to a quarantine area for remediation of any problems that may have caused authentication failure. This is enforced through an in-line custom network device, changes to an existing switch or router, or a restricted DHCP class. A typical (non-free) WiFi connection is a form of NAC. The user must present some sort of credentials (or a credit card) before being granted access to the network.

5.Unified Communications  (UC) - Formerly distinct markets, each with distinct vendors resulted in massive consolidation in the communications industry. Organizations must build careful, detailed plans for when each category of communications function is replaced or converged, coupling this step with the prior completion of appropriate administrative team convergence.

CIOL: Adopting new technologies also mean new challenges to enterprises. What are the challenges enterprises will encounter in the days ahead ?

MB: In lieu of the current economic slump, organizations are looking for unconventional methods to cut costs and lower expenditure on necessities. Hardware consolidation, power reduction, decreased space and cooling requirements and reduced IT staff time are all methods being implemented. In the scenario of cost cutting, organizations often forget to take “security” into measure. Managers need to be wary of threats to their virtual data and also to their physical machines, plus additional threats stemming from the virtualized environment that need to be addressed. With the expected increase in cyber crime, threats will continue to grow in number and sophistication.

During the cost-to-benefit portion of risk analysis, organizations should make sure to measure the values and costs of the new security control in each of these areas. Compliance may always be an issue. While organizations are getting smarter and being more prepared, cyber crime operators are going one step ahead by actively exploiting code on popular, trusted web sites where users have an expectation of effective security. Organizations need to be wearier of Compliance tools to avoid this.

CIOL: How serious is the threat of storm worm ?

MB: The so-called storm worm is a great example of sophisticated botnets, installing rootkits and making each infected system a member of a new type of botnet. Economic espionage will be increasingly common as nation-states use cyber theft of data to gain economic advantage in multinational deals. Mobile phone threats, especially against iPhones and Android-based phones; mobile phones are now lesser-computers, therefore viruses, and other malware will increasingly target them. The developer toolkits provide easy access for hackers. And hackers are taking note. In short, the VoIP attack surface is enormous.

CIOL: What about insider attacks ?

MB: Insider attacks are usually initiated by rogue employees. The  consultants or contractors  need to be taken care of this problem and   organizations need to put into place substantial defenses against this kind of risk. One of the most basic things to prevent such attacks is to limit access to what users need to do their jobs.