How 9 Hot Technologies Can Blow Up In Your Face - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Business & Finance
News
6/8/2007
10:05 AM
50%
50%

How 9 Hot Technologies Can Blow Up In Your Face

From smartphones to JavaScript to virtualization, these are technologies you need to consider. But know the risks.

Treat this list as a security blanket, not a wet blanket. You must aggressively explore emerging technologies such as virtualization, enterprise search, and smartphones. The following problems are no excuse to stick with the status quo. Just be prepared--then charge ahead.

Smartphones' Growing Risks

Nobody ever got fired for choosing BlackBerry.

It's a reassuring idea that rings hollow. You may not get fired for the "safe" smartphone choice, but one device can't cater to every professional's needs, so expect the complaints to multiply. Even if you play it safe, here are three smartphone gotchas, and tips on avoiding them:

1. Product cycles move at consumer electronics speed. "I've seen plenty of examples of companies getting halfway through a deployment, and then finding that the product is no longer available," says Bruce Friedman, CEO of Movero Technology, which provides mobile device management services. High-end mobile phones and smartphones come and go, so companies used to three- to-five-year tech refresh cycles find themselves constantly behind when it comes to testing, procuring, and deploying new devices. The answer is simple but not easy: Find ways to compress product approval and testing, such as making sure new applications and upgrades don't harm the phone, operating system, and network connectivity. Plan for a six- to 12-month product cycle--and hop on the treadmill.

2. Application creep. The power of smartphones lies in their ability to run multiple applications, and certain employees will see that as an invitation to load their own. Ban unapproved apps all you want, but human nature says business users will snag them anyway. The better answer: a security protocol (such as Platform Security on the Symbian OS or Windows Mobile's Application Security) that assigns applications a "level of trust" and lets only preapproved ones access the operating system.

3. The taxicab factor. Smartphones are lost, stolen, and damaged even more than laptops. Plan to make real-time repairs, erase critical data, and replace devices. This is where a "managed mobility services" company such as Movero or Mformation can be worth the fees: If deploying significant numbers of devices, they almost always end up saving you money.

--Richard Martin

Virtualization Threats Ahead

If organizations keep expanding server virtualization without taking into account what makes virtual machines different from physical ones, they'll open new doors for intruders into the data center. We can't identify the precise nature of the threats, because they haven't yet materialized. But anyone who takes comfort in that fact hasn't been paying attention to information security the past couple of years.

The hypervisor software from VMware and open source XenSource represents a new layer of privileged software in the data center, similar to operating systems, with full access to other software resources. But it hasn't been vetted with the years of testing and review that operating systems have. Gartner estimates that 60% of virtual machines will be less secure than their physical counterparts through 2009. And if there's a security hole, access to a virtualized server's hypervisor gives an intruder access to all virtual machines under the hypervisor.

Many organizations secure virtual servers the same way they do physical servers. Only a few specialized tools have emerged to monitor and protect VMware's ESX hypervisor, such as Reflex Security's VSA and Blue Lane Technologies' VirtualShield. Security tools for Xen are more rudimentary.

InformationWeek Download

VMware notes that banks and the military use ESX Server, proof that it's a secure platform. But the operation of a hypervisor is different from that of an operating system on a physical server. It can be picked up and moved by VMware's VMotion tool and initiated on another physical server, leaving its former security environment behind, says Allwyn Sequeira, a senior VP at Blue Lane. "Before virtualization, firewalls, routers, and servers assumed a relatively static framework existed for security," Sequeira says. It's common for security policy to be focused on a given TCP/IP address. When VMotion moves the virtual machine to a new server and new TCP/IP address, the two sets of policies should remain in sync, but they often don't, he says.

It also can be difficult to track all virtual machines and keep them in view. One Blue Lane customer overlooked a virtual machine until it popped up on inspection as having been initiated about six months earlier. If an intruder stumbles across such a VM, it's higher risk because no administrator is tracking what it's doing, he says.

System management vendors such as BMC, CA, and Hewlett-Packard are building in more capabilities for virtual machine management. But it's still too easy for one to slip out of sight.

--Charles Babcock

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll