Another area that will require some thought from your security crew is the ubiquitous cell phone.
Today, cell phones do much more than place phone calls. Our phones perform the role of PDA, computer, email program and a variety of other tasks that have traditionally been the realm of laptops and desktops. The challenge is to start providing phones with protective mechanisms since malware coders are undeniably casting an eye toward these go-anywhere devices.
Imagine the damage to your network if infected phones and PDAs that run mobile operating systems like Windows Mobile 6, Blackberry and various mini-*nixes have a "chat" with a host. The fallout can even spread beyond the cell phone to other devices that have common, built-in OS-bases like Windows-based hardware appliances that are ubiquitous within some large networks. While employing these systems becomes easier due to an existing familiarity, it does make them susceptible to many of the same viruses, Trojans and other nasties that infect regular Windows systems.
As their popularity grows, virtualized infrastructures will become a tempting target. The same mechanisms that were used to protect their physical equivalents should also be used to protect these.
The biggest challenge for virtualization developers is how to include standard security practices into their underlying infrastructure. Part of this lies in the balance between hypervisors and hosted virtualized products.
So far, most hypervisors have been free of major security issues, but it is only a matter of time before vulnerabilities surface. As virtualization becomes more prolific -- or dare we dream, the norm -- we will begin to see more attempts to break the hypervisor.
The situation is compounded for hosted virtualization products. They not only have to deal with security for the virtualization platform, but also for the inherent issues of the host operating system. This is an area that needs to be better addressed by all virtualization vendors.
So don't fear dwindling IT budgets. You may discover that there is little need to spend more for newer, better protection.
However, it pays to be persistently vigilant for tried-and-true problems, not just the ones that pack the "wow" factor. It is often the simplest attacks -- not Hollywood-envisioned hacker footwork -- that punch holes in your network.
In the 8 years that I've been involved in computer and network security, the most effective way to ensure a safe environment is to change the way the individuals think about security and incorporate it into their day-to-day activities. Perhaps we don't need to focus entirely on shiny, fancy appliances and software.
Instead, this is an opportunity to solidify the foundations our IT environments and make them resistant to the whims of the bears and bulls on Wall Street.
This article was first published on EnterpriseITPlanet.com.