A Year of Security Challenges Looms Ahead

By Cameron Sturdevant  |  Posted 2004-10-11 Print this article Print

IT managers must press for security standards on several fronts.

IT managers face daunting challenges next year: stopping spam, keeping systems up-to-date and tracking user identity. To surmount these obstacles, eWEEK Labs believes IT managers must become more assertive in getting executive managements buy-in for more personnel along with new technology purchases.

For IT managers grappling with business data security, the first major event of 2005 will be the RSA Security Conference in early February in San Francisco. This conference is among the must-attend educational security events for both IT practitioners and senior-level executives.

In the meantime, IT managers should demand guidelines from vendors on how IT products ranging from operating systems and applications to specialized appliances, including firewalls and VPNs, can be locked down.

To read eWEEK Labs recommendations for best practices, tools and strategies, click here. And then theres spam. Industry sources have found that spam now accounts for 60 to 80 percent of the total volume of e-mail worldwide. And with spammers motivating virus writers, the stage is set for even bigger problems.

For IT managers, this means two things. First, now is the time to start preparing reports for other senior managers about current anti-spam tools. Executives must understand anti-spam technology, or they will not have the context necessary to understand the coming wave of bulk junk mail.

Given the enormous amount of junk mail hitting the Internet, even the best anti-spam systems will appear to fail over time. Therefore, along with explaining their anti-spam efforts, IT managers should prepare, in three to six months, to tell their superiors why anti-spam tools seem to be breaking.

This is why it is also important for IT managers to press messaging vendors to fix the e-mail protocol in the near term by developing a sender authentication system. Strong authentication wont end spam, but it will enable two important anti-spam techniques. The first is the positive identification of good senders. False positives, desirable e-mail mistakenly being marked as junk, would be reduced if desirable senders could be positively identified.

The IETF recently shut down a group that was working to develop an authentication standard. Click here to read more. Second, valid authentication will enable reputation services to vouch for unknown senders trying to reach users. Establishing reputation will become a commercial activity requiring that IT managers be savvy in buying any e-mail system.

Small conferences, such as Inbox, will set the pace for showcasing e-mail security technologies, especially those designed to counter phishing.

IT managers must put the requirement for a locked-down configuration in the RFP (request for proposal) and specify written directions and an automated tool for making applications and operating systems secure.

Developments in the coming year should ease configuration management. First, heated competition is driving the rapid development of ever-better intrusion prevention systems. Second is work on network admission control systems, which could go a long way toward re-establishing the boundary between the inside and outside world of a company. IT managers should see products that facilitate keeping road warriors laptops isolated from the production network until these laptops are guaranteed to be clean.

Configuration management will require more IT resources, including more staff and more money for tools. IT managers can control costs by looking for management tools that assist staff in keeping machines current, but that likely wont be enough to stop strongly motivated hackers. IT staff must be bolstered now to ensure that at least as much brainpower is devoted to protecting business-critical systems as is being expended to compromise them.

In the long term, all these security concerns, if addressed, should also have a positive impact on businesses. Streamlined configurations, available applications and protected data arent just security concerns, but only secure systems make this state of affairs possible.

Technical Director Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel