Reflections: Eric Hoh, Symantec
|
Q. What do you foresee as the No. 1 IT security issue in 2007?
In the coming year, Symantec expects to see threat activity emerge through the increased adoption of Web 2.0 applications in social networking Web sites and other technologies popular with individuals. As the adoption of Windows Vista increases, we also expect that there will be more threats that target this new operating system.
The technologies embraced by today's enterprises and individuals, such as instant messaging, text messaging and gaming, will likely become a new battleground for online threats. Multi-player online games have an escalating problem with threats that are specific to stealing gaming assets within the game community.
As adoption rates for Web 2.0 technologies such as Web services and syndicated content models increase, Symantec foresees a spike in security threats targeting these applications. For example, Perl.Santy was one of the first instances of malware to effectively leverage a Web service (Google Search) to locate vulnerable hosts, which it would then infect.
Web-based applications built on AJAX create content-rich user experiences. However, the potential amount of data that AJAX-based applications can store client-side has major privacy implications. Additionally, AJAX applications allow for greater code scrutiny by potential attackers who might seek vulnerabilities to leverage in a variety of attack types.
User-created content, through blogs and social networking sites, can also host browser exploits, unwanted ads (splogs) or links to malicious Web sites, as well as distribute malware/spywares.
What's the next big thing in IT, if any?
2006 saw an explosion of new technologies that changed the way people communicate with friends, family and colleagues. Online experiences now include more social interaction and collaboration. Businesses are sharing information across their extended enterprises and engaging in more complex e-commerce transactions. These new technologies are creating great opportunities but also introducing new security risks. Our options for online activities are expanding exponentially, yet paradoxically, in carrying out these transactions our confidence is diminishing.
Symantec sees today's threats as no longer being confined just to the hardware devices that we use--they are now focused on the information being exchanged and the interactions between users. Phishing, identity theft, malicious users and the threat of non-compliance are all risks that the man-in-the-street can fall prey to.
Symantec envisions the next big thing in IT to be a new generation of security that establishes trust and reputation, providing for the confidence we need to work and play in a connected world. Confidence is the critical component to making the connected world exciting for consumers and enterprises. Called 'Security 2.0', Symantec's vision is about building confidence and trust online for users. Security 2.0 is the move from software that is client-centric to software that resides on the internet or on a server and then delivered to the end customer. This shift is partly due to the evolving business models in a Web 2.0 world. Ultimately Security 2.0 is all about new business models and new delivery models, where the consumer is no longer necessarily the person who is paying for that security. Businesses will want to deliver security to the end consumer.
Name one issue that could put a damper on corporate IT budgets in 2007.
As of now, we don't see any issue that is likely to put a damper on corporate IT budgets. In fact, from our interactions with CIOs, IT managers and customers, the outlook for IT spending in 2007 is healthy, and they expect an increase in spending on security as well as business continuity. In addition, with increasing pressure on meeting compliance and regulatory standards like the Sarbanes-Oxley Act, many CIOs have indicated that their companies will continue to invest in technology at current levels, or perhaps even higher.