Economic conditions are forcing IT to postpone new projects and delay infrastructure upgrades, but studies have found that the sales force is usually the first to rebound in high-tech companies looking for a direct path to revenue.
Now is the time for security teams to start planning and budgeting on new approaches to secure the corporation's digital assets as the dynamics of the workforce shrinks or grows with the economy in 2010. Security teams in high-tech organizations can plan for increases in the number of remote sales users before the company adds new office workers and upgrades facilities.
There are a few technologies that security should be investigating for gradual deployments in the coming year to help mitigate the heightened risk of business disruption and data loss from a larger workforce of remote and mobile users in 2010.
Plan to ride the investments in new employee laptops to put Microsoft Windows 7 to the test. The shift from Windows XP to Windows 7 is inevitable for IT, so the organization may as well enlist the support of remote users to gain experience with Windows 7 security features. Windows 7 appears to provide a significantly stronger platform for applications than XP that may result in reducing the security burden. Understand the security features of Windows 7, trial secure configurations with remote workers and be prepared to use the knowledge gained to transition the rest of the workforce off XP when economic conditions allow.
Remote user virtual workspaces will protect browsers and VPN agents from malware on home computers and less secure public networks, such as those found in hotels and cafes. The sharp uptick in recognized attack volume reported in threat reports is significantly driven by malware disguised in browser active code, browser plug-ins and browser toolbar plug-ins. The best protection against these attacks is to isolate the business access software from the underlying operating system and applications. Enhancing the security of remote connectivity software should yield fewer calls to the IT service desk and fewer chances to lose regulated data. A compromise solution would be to re-examine Microsoft IE 8, which has some nice security enhancements for remote users.
Unified communications and collaboration (UCC) technology over the Web can keep a distributed team in touch while also shaving travel and telephone bill expenses. Security capabilities exist to assure that UCC communications are held with strongly authenticated users, conducted over secure sessions, and audited for compliance with security policies. Showing the corporation how UCC can be secured can lead to cost savings and improved responsiveness to remote users.
The demands on corporate security are going to increase as businesses come out of the economic doldrums, and the demands will start with remote users. Strong authentication, transparent data encryption and secure communications to corporate applications are the basics of securing a distributed workforce. Security teams should also be using this planning time to prepare for Windows 7 migrations and also perhaps enhance operations for remote users with virtual workspaces and UCC capability.
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.