The present and future of IT security

Heiser commented on new government guidelines which supported this new way of working. He mentioned new rules such as preventing the storage of data on magnetic and other storage media and instead accessing it remotely.

He says: “Properly done, it does reduce the exposure. It reduces the likelihood of leakage. Lots of wireless devices are robust and resilient to attack. What little data they have will wipe when you try and put the wrong password in too many times.

“That has a lot of advantages when compared to carrying around a laptop,” he added. “I think with the concerns with data privacy we’ll see smaller devices with less storage, and if they do use the storage it’ll be for their own personal mp3 collection rather than corporate data.”

The expert also described virtualisation as a double-edged sword. Although it has generally drawn the most attention on being a product mechanism which could improve the infrastructure of a business, Heiser said that it also had some major security benefits.

However he warned: “Certainly, there is the growing recognition that the operational use of virtualisation potentially introduces huge vulnerabilities. If you exploit the ability to update virtual machines you could own the keys to the kingdom. It would be very difficult to detect.”

Data breaches

Data theft, especially when it came to government data, has been a big issue in the UK for the last year. Heiser felt that there was a lot of hype stirred up in the media with the issue, and that business and public services in the main were still trying to figure out what the best practices were.

He said: “Data has gone missing as long as there has been data. As long as there have been backup tapes they’ve gone missing. It’s only lately that we’ve felt the need to tell somebody about it or publicly seek some form of forgiveness.”

“It puts the citizen in a very awkward position – just what are they supposed to do? What action are they supposed to take? – most of these data losses do not result in any negative impact.

“Most of the data that is being used for identity fraud has been stolen from people – it has not been inadvertently lost. My belief is that we will go to the routine use of encryption and it just won’t be an issue.”

Market consolidation

A recent trend for the companies in the security space today looked to be ‘consolidation’, with the latest example being McAfee’s purchase of Secure Computing, which was driven by business customers demanding personalised suites rather than a range of point products.

Heiser said that this pattern of bigger security vendors swallowing the smaller ones was set to continue and simply a wider trend for IT in general. He says: “The bigger a company, the less imagination it seems to have.

“The pattern in information security and high technology in general was that it was the smaller companies which would come up with the interesting ideas and when they’ve proven themselves would be sold to the bigger company. That’s the way the world works.”

Email to a friend

Print this page