Outlook '09: Top Threats/Challenges

CIOL Bureau
Updated On
New Update

By Murtaza Bhatia, National Manager, Professional Services Security & iBOSS for Datacraft India Ltd.


INDIA: In lieu of the current economic slump, organizations are looking for unconventional methods to cut costs and lower expenditure on necessities. Hardware consolidation, power reduction, decreased space and cooling requirements and reduced IT staff time are all methods being implemented.

Murtaza Bhatia

In the scenario of cost cutting, organizations often forget to take “security” into measure. Managers need to be weary of threats to their virtual data and also to their physical machines, plus additional threats stemming from the virtualized environment that need to be addressed. With the expected increase in cyber crime, threats will continue to grow in number and sophistication. During the cost-to-benefit portion of risk analysis, organizations should make sure to measure the values and costs of the new security control in each of these areas.


Compliance may always be an issue. While organizations are getting smarter and being more prepared, cyber crime operators are going one step ahead by actively exploiting code on popular, trusted web sites where users have an expectation of effective security. Organizations need to be wearier of Compliance tools to avoid this.

The so-called 'Storm worm' is a great example of sophisticated botnets, installing root kits and making each infected system a member of a new type of botnet. Economic espionage will be increasingly common as nation-states use cyber theft of data to gain economic advantage in multinational deals. Mobile phone threats, especially against iPhones and Android-based phones; Mobile phones are now lesser-computers, therefore viruses, and other malware will increasingly target them.

The developer toolkits provide easy access for hackers. And hackers are taking note. In short, the VoIP attack surface is enormous. Insider attacks, initiated by rogue employees, consultants or contractors need to be taken care of and Organizations need to put into place substantial defenses against this kind of risk, one of the most basic of which is limiting access according to what users need to do their jobs.


Top 5 Enterprise/ SMB Technologies for 2009

1. DLP (Data Leakage Prevention) - At first glance, the problem of data leakage prevention seems overwhelming. But with a few commercially available tools, leakage can be tamed, whether online, through the Web or by storage device.


2.Virtualization – Much of the current buzz is focused on server virtualization, but virtualization in storage and client devices is also moving rapidly. Virtualization to eliminate duplicate copies of data on the real storage devices while maintaining the illusion to the accessing systems that the files are as originally stored (data reduplication) can significantly decrease the cost of storage devices and media to hold information.

3. Green IT - Green information technology is one of the fastest-growing initiatives in the industry. Green It is not just an earth friendly solution, but it is also a competitive technology for profitable business. Reduce costs are earned costs.

4. Network Admission Control (NAC) - It refers to Cisco's version of Network Access Control, which restricts access to the network based on identity or security posture. When a network device (switch, router, access point, DHCP server, etc) is configured for NAC, it can force user or machine authentication prior to granting access to the network.

In addition, guest access can be granted to a quarantine area for remediation of any problems that may have caused authentication failure. This is enforced through an inline custom network device, changes to an existing switch or router, or a restricted DHCP class. A typical (non-free) WiFi connection is a form of NAC. The user must present some sort of credentials (or a credit card) before being granted access to the network.

5. Unified communications - Formerly distinct markets, each with distinct vendors, converge, resulted in massive consolidation in the communications industry. Organizations must build careful, detailed plans for when each category of communications function is replaced or converged, coupling this step with the prior completion of appropriate administrative team convergence.