5 Places Security Vulnerabilities Lurk
Sanjay Mehta of Breach Security gazes into his crystal ball and predicts what technologies will take hold this year–and the security vulnerabilities they’ll expose.
By Cecilia Galvinalvin
It’s a Small World (After All), the Disney song about international harmony, might well be used today to describe a very different phenomenon: the leaner business arena, in which companies are turning to technology to help them do more with less.
“In 2009, the key word is consolidation,” says Sanjay Mehta, senior vice president of sales and marketing at Breach Security Inc., a provider of real-time Web application security and compliance solutions in Carlsbad, Calif. And while Mehta says that consolidation can help streamline the focus and function of employees and companies as well as improve overall efficiency, he cautions that “there are some areas that warrant particular attention” when it comes to security.
Here are Mehta’s predictions for the year, and the security vulnerabilities–and possible opportunities–they present:
1. Virtualization opens a security gap. There’s no denying that hardware costs will have to be reduced, and virtualization projects will begin in earnest. Because security for virtualized applications is not well understood, organizations will have to address the security gaps created by these applications.
2. Orphaned applications will increase. With mass layoffs, M&A activity, and more business being driven to the Web to curtail costs, IT departments will struggle with a hodgepodge of “orphaned” applications, many of which are custom and not well understood by the staff left to manage them. This will result in a surge of insecure online applications at a time when even more people turn to online shopping.
3. Must-have projects will take priority. IT and security teams will have to do more with less. Must-have projects for critical areas like compliance will take priority, and Web application security as a service will grow as a result.
4. Cybercrime will increase. Attackers will seek to take advantage of application defects to steal financial or identity information. They will deploy more mass generic automated attacks such as the “Asprox” Trojan and SQL injections.
5. Companies will take a proactive approach to compliance. In the wake of the PCI DSS, organizations now understand the complexity of compliance and will take a proactive approach to Web application security.
