Businesses are suffering more downtime as the threat from viruses and worms continues to grow
That explains why enhancing application security is the highest tactical priority for this year's respondents. Some 45% in the United States list that as their top priority, compared with 54% in South America, 36% in Europe, and 40% in Asia-Pacific.
To ensure that his business applications remain secure, WesCorp's Hoff uses an on-demand vulnerability-scanning service from Qualys Inc. every day to find potential vulnerabilities. Hoff uses QualysGuard, along with open-source security scanner Nessus, open-source network- and security-auditing tool NMAP, and other tools from Sanctum Inc. and Internet Security Systems Inc. Before deploying QualysGuard, WesCorp's security team had to sort manually and prioritize reports of security vulnerabilities. "Once we weeded through the false positives and mapped it out, more than a week would go by," Hoff says. "It was very difficult."
Still, Hoff says, daily scans "are a control feature for us. It's a way to provide accountability." Fortunately, he says, "most of the time the report is a big fat zero."
In addition to monitoring the security aspects of off-the-shelf commercial applications, businesses also are trying to improve the processes they use for internally developed code. Secure software development is a top priority at New Vine Logistics Inc., a back-end logistics company for the wine industry. New Vine recently used Fortify Software Inc.'s development application to create more-secure code. "If our system is compromised, it could affect dozens of companies," says Pierre Tehrany, VP of technology and product development. Fortify's software helps the company avoid such problems. "Fortify's software exposed a couple minor vulnerabilities that we fixed," he says. The result: "Our programmers become better programmers, and the code became more secure."
Tehrany says his customers want to make sure that their information, such as inventory and financial reports, and their customers' data are properly secured and that the security of New Vine's network is tight. "The way businesses do business today, they're integrated and dependent on each other," he says. "You can't do business without communicating with others, and that warrants a different type of security."
That type of security also involves deploying innovative applications designed to protect systems against costly worms such as Blaster, Code Red, Nimda, and Sasser. This class of worms rips through companies' perimeter defenses and racks up billions in cleanup costs. But deploying the right kind of security technology can help.
The government of Overland Park was hit last year by a worm infection--an unprotected system was connected to a wireless access point, and hundreds of desktops quickly became infected. To prevent a repeat, network administrator Oehrle looked at a security device called an inverted firewall from startup Mirage Networks Inc. that's designed to monitor and protect a network's interior rather than its perimeter. In the demonstration, he asked a technician to simulate an attack. "I couldn't blink fast enough before the device stopped it," he says.
Oehrle deployed the product, called Mi40, to protect 850 desktops. Then the Sasser worm hit in the spring. Overland Park weathered the worm unscathed."No problems," he says.
On the way are more new technologies that may offer some hope in the battle against hackers, worms, and viruses. Major technology vendors, including Advanced Micro Devices, Intel, and Microsoft, support something called No Execute technology that aims to eliminate buffer-overflow attacks--the most common type of flaw that worms use to spread--at the hardware level.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.