Security: Next Steps

 
 
By Peter Coffee  |  Posted 2007-01-08 Email Print this article Print
 
 
 
 
 
 
 

Analysis: Threats have gotten bigger, faster and more complex. So, too, must IT pros' defense strategies.

If you ask most people to free-associate from the trigger term "September 2001," likely responses might be "World Trade Center" or "terrorists." Only people at the epicenter of an enterprise IT operation are likely to recall, without being reminded, that the week after 9/11 was marked by the worldwide attack of the Nimda worm—which many now regard as an inflection point in the sophistication and, consequently, the speed and severity of attacks against e-business. The University of Calgary, in Alberta, Canada, has since compiled estimates of Nimdas impact that include 2.2 million infected machines within 24 hours and a cleanup cost of $539 million.
Thats more than the individual gross domestic products of 15 of the member countries of the International Monetary Fund, not to mention being enough to take every worker in the United States out to Starbucks.
The IT industry has had five years to recognize the significance of such numbers and to make the best practices of enterprise security the norm rather than the exception. But that recognition has remained largely nominal, and the response superficial. Two years after Nimda, for example, the Slammer worm successfully inflicted a billion dollars worth of nuisance and cleanup. Slammer doubled its number of victims every 8.5 minutes, affecting 90 percent of vulnerable targets worldwide within its first 10 minutes in the wild.
Even two years later, the Sober worm in 2005 may have accounted at times for as much as 70 percent of worldwide e-mail volume—succeeding by taking advantage of laxity in risk assessment and prevention; underinvestment in detection and response; and, all in all, a general lack of vigilance. Security success depends on good management. Click here to read more. By no coincidence, those five elements of security—risk assessment, problem prevention, attack detection, incident response and creation of a climate of vigilance—were the five sections of a major eWEEK Labs series of articles, titled "Five steps to enterprise security," that was launched in November 2001. Taking no pleasure whatsoever in the continuing relevance of recommendations made five years ago, Labs staff revisit that report in the following pages—with the aim of reiterating whats still critical and also raising consciousness in areas of concern that have emerged or intensified since then. We hope this update finds a climate of improved awareness and expanded resources for addressing security issues, so that the end of 2011 will find us less tempted to issue a 10th anniversary update to this manifesto for enterprise infrastructure protection. Next Page: Step 1: Assessment



 
 
 
 
Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel