An eye on security for 2009

There were several fundamental challenges in the security field last year, and this year will be no different, according to Websense's Phil Vasic.

There were several fundamental challenges in the security field last year and Essential Information Protection proved to be one of the most critical aspects.

Whether it's customer records or intellectual property, information is now the lifeblood of the modern enterprise, and data is available on demand to employees, customers, and partners. Broken business processes, employee error and gaps in security often put this data at risk - risk from regulatory and corporate compliance, customer and competitive pressures, and the rising cost and publicity of data leaks.

In addition, the fundamental shift of web content creation from trusted sources to anonymous and user-driven collaborations such as wikis, blogs and social networking sites has changed the threat landscape. Attackers are targeting 'trusted' websites with good reputations to circumvent traditional security measures and maximise attack effectiveness.

Moreover, converged email and Web threats fuelled by Web 2.0 technologies now employ surreptitious manoeuvres to circumvent traditional protections. This shift has changed the threat landscape and the way businesses need to think about security.

To ensure risk mitigation remains in step with the threat climate, enterprises must rethink their approaches to web, messaging, and data security. Instead of thinking about technologies, organisations must think about data. It's all about the data. How is it used? Who is using it? Who can get hold of it? Who can receive it? Which channels can safely send it? There's a lot to consider.

Today's workforce is more mobile and global than ever. Locking things down is not only unrealistic, it hinders business growth. Saying 'no' made sense in the old Web 1.0 world, but everything has changed.  Traditional approaches to security are inadequate in the Web 2.0 world, and the continued increase in spam volumes will make it increasingly costly and unpredictable to use traditional methods of spam filtering.