Balancing Productivity Gains Against Security Concerns

Michael Vizard

The fundamental reason we invest in IT is to increase productivity. Accomplishing that goal these days is pretty much defined by how much integration we can achieve between disparate sets of data. Essentially, the sum of multiple applications is much greater than the individual parts because of the collective insight we gain.

Right now, the two biggest areas of focus in terms of integration are software-as-a-service and unified communications. The general expectation is that by bringing more applications together under a common framework, we will see major gains in productivity. And given the current state of the economy, boosting the productivity of the existing workforce is a primary mission of IT departments everywhere.

But integration is also the enemy of security. The more integrated things become, the easier it is to spread malware throughout the system. Some security experts, for example, are predicting doomsday scenarios because of all the integration afforded by cloud computing. This computing model, they argue, fosters increasing amounts of application integration. But it then only takes one weak link in a cloud computing ecosystem to compromise hundreds of applications used by thousands of users. Some think, for example, that the rogue Conficker virus could prove to be the mechanism of our collective undoing.

Supporters of software-as-a-service application and cloud computing argue that they have access to the best security professionals armed with the latest security technologies. But as we've seen of late, we're losing the security war so it may only be a matter of time before we see a major security debacle exacerbated by cloud computing, which is a concern shared by many IT professionals in the enterprise.

Closer to the home of the average IT professional, we now have a huge amount of interest in unified communications, which brings voice, video, messaging and productivity applications together under a common framework. With the number of fake and legitimate Web sites that are infected by malware growing exponentially every day, unified communications makes it a whole lot easier to spread malware through the entire enterprise. In fact, now that Jessica Biel has replaced Brad Pitt as the most dangerous person on the Internet, IT organizations can get a sense of what they are really up against just by doing a search to discover how many sites mention Jessica Biel. Chances are that way more than 50 percent of them are infected with malware.

One company trying to step into this unified communications morass is Sipera Systems, which makes a security appliance designed specifically for unified communications environments. The appliance does deep packet inspection within unified communications system by relying on a 16-core processor to manage encryption, access control, policy enforcement and threat mitigation. As we've seen nothing is absolute when it comes to security, but right now most of our existing network-level security systems are blind to anything happening at the application layer where all the unified communications activity takes place.

We can't ignore the potential productivity gains brought on by software-as-a-service and unified communications. But clearly, there remains a lot of security work to be done before these platforms can be considered relatively safe.

The question is whether your organization is going to wait to develop a real security framework before adopting these applications or are we going to wait for the inevitable to strike first?

Add Comment      Leave a comment on this blog post
Sep 8, 2009 9:27 AM Miles Technologies Miles Technologies  says:

"The question is whether your organization is going to wait to develop a real security framework before adopting these applications or are we going to wait for the inevitable to strike first?" - No organization should wait to develop a real security framework.  A comprehensive information security assessment can be effective in identifying potential vulnerabilities in order to set the foundation for an organization's security policy.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.