New security threats from every which way
As virtualization, SOA and mobility projects proliferate and converge, they open the enterprise to a rash of troublesome network security problems.
By
Deb Radcliff
,
Network World
, 03/17/2008
- Share/Email
- Tweet This
- Print
As enterprises seek out ways to reduce IT costs, optimize resources and improve operational efficiencies, three technology
trends have started to dominate: virtualization, service-oriented architecture and mobility (see "Exploits on all fronts," below). More promising yet is the intertwining of these unique technologies.
Some examples: Mercy Medical Center, in Baltimore, is piloting virtual desktops rolled out on encrypted USB devices to its
mobile doctors and residents. RedRoller, an online-shopping comparison service in Stamford, Conn., created an SOA to connect
its small-and-midsize business (SMB) customers to best pricing at shipping carriers -- a system that's likely to go virtual down the road. Delaware Electric,
in Greenwood, gives field workers with tablet PCs access to an SOA infrastructure.
What does this mean from a security perspective? It means myriad new layers of risk being created along the stack -- all of
which must be securely deployed and managed. "We're talking layers and layers you need to pay attention to, both in isolation
and also where they're mixing up with unexpected interactions," says Dennis Moreau, CTO of Configuresoft, a configuration management company.
Take the virtual machine environment. This environment comprises a virtual machine manager (VMM) or hypervisor that's shimmed
between the kernel and the host operating system to create a layer of layers, or as some call it, a "virtual stack." In that
stack are the hypervisor and guest layers that call among themselves and cannot be monitored by most of today's tools.
"There's a whole series of security dilemmas IT professionals are facing with these new technologies," says M. Victor Janulaitis,
CEO of Janco Associates, an IT and business analysis firm. "The most prevalent problems are change management and version
control, all the way to the cellular phones," he says.
Best practices, standards and tools are emerging, but they're mostly piecemeal, open to interpretation and incomplete in their
coverage. Today that makes comprehensive management of any of these technologies problematic.
Partner Content
www.bmc.com
Gartner 2009 Magic Quadrant for Job Scheduling
Gartner has positioned BMC CONTROL-M in the Leaders Quadrant of their "2009 Magic Quadrant for Job Scheduling." The report assesses the ability to execute and completeness of vision of key vendors in the marketplace. Read a full copy today, courtesy of BMC Software.
Download whitepaper
Dell's SMART Approach to Workload Automation
Read a compelling case study by EMA, Inc. to learn how Dell uses BMC CONTROL-M to cut cost and increase productivity with workload automation.
Download whitepaper
Workload Automation Cost Savings 2 Minute Video
A major computer manufacturer uses BMC CONTROL-M and just four people to schedule and run over 85,000 jobs every month. By switching to BMC CONTROL-M, they more than quadrupled the workload without adding a single staff member. See how in this 2-minute video overview.
Go to video
Comment