Reflections: Kurt Roemer, Citrix Systems

Kurt Roemer, Chief Security Officer, Citrix Systems
Written by Staff , Contributor

Kurt Roemer
Kurt Roemer, chief security officer, Citrix Systems, says business mobility will redefine IT departments

Q. What do you foresee as the No. 1 IT security issue in 2007?
Undoubtedly, it's managing the security of Web applications which have reshaped business for the better by making e-commerce, online banking, and highly customized customer and partner portals possible. By moving business-critical applications and services like sales, support and purchasing to the Web, organizations have extended the boundaries of the enterprise--opening it up to enhance interaction with customers, suppliers, partners and employees.

However, there is a serious drawback to increased reliance on Web applications--they are inherently unsecure and easy to exploit. Web applications not only put network systems and devices at much greater risk, they also offer a direct conduit to confidential customer data such as credit card numbers, account history and health records, as well as to sensitive corporate information.

Smart, professional hackers of today recognize that network-layer attacks are yesterday's news, and they are finding Web application weaknesses hard to resist. Gartner estimates that 75 percent of all attacks are now aimed at Web applications. Moving forward, companies will have no choice but to deploy technology that specifically secures these critical resources, and the sensitive information behind them, from attack. Network-layer defenses like firewalls and intrusion prevention systems don't protect at the application layer, which makes application firewalls the only viable option.

Take, for example, the credit card industry. Credit card information remains the number one target for information criminals. To protect confidential cardholder information and sensitive authentication data, the Payment Card Industry Data Security Standard (PCI DSS) has expanded its guidelines. The new version recognizes the unique security needs of Web applications and it came into full effect on Jan. 1, 2007. The PCI DSS v1.1 specification is mandating the implementation of an application-layer firewall in 2008 and recommending it as a best practice today. This is because the active protection offered by a Web Application Firewall prevents both known and unknown attacks and is proven to be the most time and cost-effective means for protecting custom web applications.

Web-application firewalls can enforce correct application behavior, block malicious activity, and help organizations ensure the safety of their sensitive information and systems. The next-generation security solutions offer protection from data theft, identity theft, and fraud by defending Web applications against malicious attacks. This yields a number of business benefits, such as protecting brand equity and aiding regulatory compliance.

What's the next big thing in IT?
In 2007, the IT industry will see robust investments in the areas of security and mobility, with more people around the world demanding the freedom to work from anywhere. The process of liberating users from the shackles of a desktop will redefine the IT department in the year to come where employees, customers and partners will place increasing value in a platform that delivers applications and critical business information whenever and wherever they want it in a highly secure and scalable manner. Businesses will face increasing pressure to tap talent where it lives while ensuring the safety of its workforce and the security of its intellectual property. Overall, the IT industry will be driven by five major forces that will shape the way in which enterprises are creating /rearranging their IT infrastructure:

  • Globalization--work is shifting to where the talent lives
  • Disruption--people risk being displaced by disasters of all kinds
  • Consolidation--industries and companies merging at record pace
  • Regulation--government agencies tightening controls on information
  • Echo Generation--the new workforce wanting total control of everything

Name one issue that could put a damper on corporate IT budgets in 2007.
One key macroeconomic factor that could dampen the corporate IT budgets in 2007 is the predicted slowdown of the US economy. And as the economies of many countries, including those in the Asia-Pacific region have a high dependence on the US, the IT budget balance might see a downward tilt in 2007. A weaker economic environment can lead to uncertainty and also slow down the adoption of new technologies amongst enterprises.

Editorial standards