The proliferation of Web 2.0 applications is a boon for enterprise businesses seeking richer Internet experiences, but it is also a security headache as these new applications carry sophisticated risks that can surprise all but the most careful of organizations.
As enterprises head into 2011, those risks will likely multiply as more businesses migrate to Windows 7, increase their number of mobile workers, and expand their virtualization capabilities. The risks include drive-by downloads, blended attacks, and new variations on malware, phishing and Trojans.
"The industry is seeing a broader range of businesses realizing that security must be a more strategic part of their overall IT infrastructure than ever before and that protection must be applied with a layered approach," said Scott Emo, head of product marketing at CheckPoint Software Technologies.
He said such an approach enables businesses to proactively prevent threats from penetrating their network in the first place, versus applying protection like a Band-Aid.
Based on research and feedback from customers, he said CheckPoint projects businesses will see a few interesting shifts in the industry in 2011, notably:
Rich media and Web 2.0 applications will spur more drive-by downloads and blended attacks
For businesses facing a rise in the emergence and volume of new Internet threats, 2010 was no exception. Malware, phishing attacks, Trojans and key-loggers are still common and proliferate on Internet applications.
"However, the emergence of more rich-media capabilities in Web 2.0 applications and mobile devices will increase the number of drive-by-downloads, as well as a combination of sophisticated, blended attacks," said Emo.
"For example, embedded videos and links in social networking pages are becoming popular spots for hackers to embed malware. The more employees use rich media and Web 2.0 applications in the enterprise, the greater the chance of unknowingly exposing the enterprise to an attack without the right protections in place."
Windows 7 migrations will bring problems and opportunities
There could be an explosion of Windows 7 migrations over the next few years, according to data from a recent CheckPoint survey of more than 200 IT security executives worldwide. The survey found that 7 percent of organizations have already made the leap and 54 percent plan to do so in the next two years.
The survey also found that organizations are using an average of nine different vendors to secure their organizations infrastructure from the network to the endpoint. This creates difficulties in security management, loss in productivity and potential holes in between point products, said Emo.
"Businesses may find that Windows 7 migration will be an opportune time to reduce the number of security vendors they use and to consolidate endpoint security solutions," he said. "Just as Windows 7 is a clean slate for the OS, it can be a clean slate for security technology as well."
More businesses will leverage virtualization as a security defense
In its early stages, businesses mainly used virtualization to consolidate servers and IT resources for cost, space and energy- saving purposes. But, gradually, companies have found many more uses for the technology.
"Businesses are beginning to leverage virtualization technologies as an additional layer of security defense," said Emo. "With CheckPoint Abra or WebCheck, for example, organizations can protect their network and endpoints with unique browser virtualization technology that segregates and secures corporate data from the Internet -- allowing users the freedom to surf with full protection against drive-by-downloads, phishing attempts and malware."
Surge in mobile workers and consumerization of IT creates security risk
For most businesses, mobile computing is no longer a trend but a way of life. Fifty-four percent of organizations interviewed in CheckPoints recent survey said they anticipate their number of remote users will increase in 2011.
The growth of the mobile area is largely driven by employees demanding remote access to business applications, data and resources -- and their desire to connect to resources from both corporate and personally-owned devices.
"The majority of organizations are also concerned that growth in remote users will result in exposure to sensitive data -- among other security threats including unauthorized network access and user management complexity," said Emo.
In 2011, Emo said he expects attackers will identify new ways to obtain data from mobile devices.
"Enterprises will have to adopt new solutions that give employees secure mobile access to the corporate network, and work across a range of mobile devices running on Apple, Android, Symbian and Windows PC platforms," he said.
Data loss incidents will encourage businesses to implement a layered approach to security
If the ongoing WikiLeaks saga offers businesses any food for thought, its this: your network is not as impenetrable as you might have thought. A loose affiliation of global hackers (calling themselves Anonymous and supporting Operation Payback) apparently brought down MasterCards website for a while in early December.
In early December, the British Guardian
newspaper wrote: The website of MasterCard has been hacked and partially paralyzed in apparent revenge for the international credit card's decision to cease taking donations to WikiLeaks.
A group of online activists calling themselves Anonymous appear to have orchestrated a DDOS (distributed denial of service) attack on the site, bringing its service at www.mastercard.com to a halt for many users.'
The WikiLeaks incident is a potent reminder to businesses that a layered and holistic approach to security is important in order to move data loss from detection to prevention, said Emo.
In 2011, businesses will need to explore methods to protect all layers of their data -- data-at-rest, data-in-motion, and data-in-use, he said.
"One thing weve noticed from our research and customer feedback is that every organization today is at a different stage," said Emo.
Organizations of all sizes have different security needs and priorities and are looking for flexible solutions that enable them to create their own security portfolios, he said.
"In 2011, I expect to see more businesses adopting this security strategy, as many of the threats today -- such as data loss and sophisticated attacks -- are becoming board-level issues."