Trilight Zone

[tricore]

Security has been the bugaboo of information technology for years—certainly since the advent of the Web in the mid-1990s. And the risks have risen as technology has made workers more mobile and businesses more able to communicate using their computer systems. Can I secure my data? It's a question that has robbed many technologists of sleep.

In this report, Baseline offers a snapshot of five up-and-coming technologies whose security implications are crucial to your business.

>>VISTA

The Technology
Microsoft's latest Windows operating system.

Deployment and Use
Just starting. Many large companies, especially those that skipped Windows XP, will start rolling out Vista by mid-year, according to Manny Novoa, a security strategist at Hewlett-Packard. Departments such as engineering, where employees are comfortable using computers, will get Vista first, although some information-technology teams may mix in less technical users to get a better idea of how Vista will work across the company.

Microsoft says Vista is its most secure operating system ever, but at least one new security feature in Vista will make it harder to manage. Companies using BitLocker, a feature that encrypts the hard drives on laptops and PCs, will need to keep track of decryption keys—a non-trivial task.

The Vulnerability
Because they are ubiquitous, Microsoft operating systems have always been prime targets. Vista is no exception. Security researchers have been banging away at it for months. Serious hackers—the ones who attack for profit—probably won't bother with Vista until enough people are using it so "the time is right financially," says HP's Novoa.

ADVERTISEMENT

Vista's holes are offset by some new security features, including more controls for administrators over what users can do in the operating system. Deployed correctly, Vista is expected to make Windows safer from malicious attacks than it was before.

What To Do
Operating-system security is less a problem to be solved than a process to be continuously addressed. Indeed, as they start adding Vista systems, information-technology teams shouldn't relax their efforts to secure legacy versions of Windows and Office.

With Vista, Novoa says, companies should be using extra antivirus software, intrusion detection software, and personal firewalls for employees who plug their laptops into hotel networks. Smart cards can prevent anyone but a computer's owner from booting it, so using them may make sense as well.

>>WEB APPLICATIONS

The Technology
Software that lets companies create more interactive applications. This includes Ajax (Asynchronous JavaScript and eXtensible Markup Language, or XML), which lets Web applications perform faster; and Adobe Flash, which allows for the creation of sophisticated graphics.

Deployment and Use
Growing quickly. By October 2006, nearly 90% of companies surveyed by Forrester Research were using Microsoft's Internet Explorer browser, and 65% were using Adobe Flash. Java was installed at just about every company.

The Vulnerability
By their very nature, Web apps carry the risk of making personal information visible. Indeed, hundreds of flaws in Web applications are found and reported each week, according to The SANS Institute, a leading source of security information. Not all are dangerous, but those that are allow hackers to trick applications into handing over highly sensitive data such as passwords.

Flaws in Microsoft's Windows operating system are an even bigger problem for organizations, according to Bob Zarazowski, a senior I.T. director at the University of Pennsylvania's Wharton School. "We're putting more and more important applications on the Web," he says. "It used to be behind corporate firewalls."

What To Do
Make sure your applications are well designed. At Wharton, code is reviewed by programmers who are not working on that particular project because they bring fresh perspectives. Programmers also rely on templates for security and other common routines so they can take advantage of best practices.