'

Belt-tightening may affect security, warn experts

At the RSA Conference Europe 2008, experts warned that cost-cutting may force some companies to implement tech that does not have 'security maturity'

Companies that pursue new IT strategies to cost cuts in the economic downturn could put their corporate security at risk, experts have warned.

Speaking at a press event at the RSA Conference Europe 2008 in London on Monday, the conference's chief security strategist, Tim Mather, warned businesses about the use of untested technologies.

"Some companies will be pushed to implement insecure technologies to lower costs," Mather said.

Microsoft's UK security adviser, Ed Gibson, also appearing at the event, said that "security will suffer if people take their eye off the ball".

Mather noted that relatively new technologies do not have "security maturity". He mentioned technologies such as VoIP between enterprises, virtualisation and cloud computing, which, he said, increase the risk of systems compromise. "VoIP has been widely implemented, but within the enterprise, not between enterprises," Mather noted.

Mather highlighted the new parameters that need to be considered with virtualisation. "There's a question of how you can assume the security of virtual systems", he said.

Another speaker, Ben Jun, vice president of technology at Cryptography Research, said that, while the technologies may be fairly well established, the security around them had not been fully tested.

"It's a maturity effort," said Jun. "We're not there yet, in spite of virtualisation not being new."

Jun said that virtualisation companies were addressing the issue, and cited VMware launching its VMsafe API earlier this year as an example. VMsafe allows accredited third parties to develop applications which interact with VMware software.

"While VMware has launched VMsafe, the security maturity of virtualisation is not as high as we would like it to be," said Jun.

However, VMware denied the security of virtualisation was immature.

"Virtualisation is a fundamentally more secure way of doing IT," said Martin Niemer, VMware's European group product marketing manager. "From an architectural standpoint our stripped-down, bare-metal hypervisor is incredibly secure, and likewise all the virtual machines running on the hypervisor are completely encapsulated, which further enhances security."

Niemar claimed VMsafe-enabled technologies will be able to detect malicious code at the same privileged level as the hypervisor, blocking threats before they can compromise IT systems.