The initial reaction that any organization is going to have is going to try to drill down on whatever the precursor of that actual breach was. Whether that was somebody in accounting (who) left their password logged in and stepped away from the computer or there was an incorrect configuration of a firewall. The problem there is that we'll tend to get tunnel vision and try to focus on the issue that predicated that specific breach. Companies need to engage in a broader root cause analysis, how that particular breach event or that particular access point relates to the greater security profile. What are they not considering in the security profile? I hesitate to say it, but sometimes breaches can be a very valuable tool to reevaluate an overall security structure. Certainly, we don't advocate people breaking into an organization's systems to teach them a lesson, but a lot of people are under the impression that they're already covered and it's not often the case. By resolving the initial cause of that specific breach is one part of the process, but it has to be taken that next step further to evaluate the entire security profile for that organization to see what else may be at risk.
With so many companies moving to third-party management of their data, such as with cloud computing, what are some of the security issues that can arise with these types of data storage options?
Secure-hosted facilities or a professional hosting agency that is providing SaaS (Software as a Service) or remote data storage or remote administration, in many ways may be more secure and far more security conscious than an organization's internal data center could be. In larger organizations, you're going to see the same type of security procedures and protocols, but one of our positions as a provider of software is how many data centers in the general business have armed guards or access control systems on the magnitude of professional hosting services? I think there are a lot of misperceptions about the security of hosted or remote administered services that are pretty much unfounded. Generally, the same security issues that you would have internal to your organization would apply to a hosted situation and sometimes even less.
Do you think that we will see a push at some point in the corporate world away from PCs to Mac-based operating systems due to their lack of vulnerability to viruses and spyware?
I think you are seeing a move of people exploring different options. People are trying to mitigate risk in their organizations whatever way possible. The issue is going to become what application sets are available on what platforms. You look at the introduction of Linux into business systems and Mac OS into business systems, there's a lot of different options and the selection of those options is going to depend upon whether the business has access to the applications they need to run their operations. I think as more people start exploring different option we're going to see one of two things, either the adoption of a less vulnerable system such as a Mac or some other system or an increased effort on the part of traditional PC vendors to make a lot better effort at securing the systems that are already out there.
What do you think the future holds for IT security? Do you see attacks becoming even more frequent and how will people respond?
I do believe attacks will become more frequent. I also believe that as the reach of the Internet becomes more of a commodity in more places and more people have access to the potential of what the Internet means, certainly the best exploiters of any technology are the people that use it for ill gain. It is going to become more increased; you are going to see larger scale attacks like Kneber simply because there is money involved. If you look at the potential in Kneber's case to have a 75,000 asset botnet for hire that is a pretty dramatic representation of what that part of the technology is evolving into. This (problem includes) governments, hostile governments and corporate raiders; it comes from any real sector but its big business. I think it is going to force organizations to spend a lot more time and energy that they don't have to spare managing their security profile, which makes it even more important for them to have available to them automated tool sets, policy enforcement applications and access control management systems that can help take some of that manual overhead out of the picture.