Web services look set to be the next big risk

New waves of technology will render existing security measures obsolete and increase the exposure of new and legacy IT systems,...

New waves of technology will render existing security measures obsolete and increase the exposure of new and legacy IT systems, Gartner warned yesterday.

Web services are likely to create the next generation of vulnerabilities, according to Victor Wheatman, Gartner managing vice-president for security.

The introduction of new technologies and business practices will mean that organisations with their IT security battened down today will have to work hard to keep it that way, he said.

"Whenever new technology is introduced or business fundamentals change, management's focus in terms of funding and resource allocation shifts from the old to the new, creating a security gap," said Wheatman.

In recent years, each major development in technology has left businesses with new security gaps.

Network PCs eroded the gains companies had won securing individual desktops. The introduction of distributed applications, external networks and wireless networks created further waves of vulnerabilities.

"Each new wave of technology obliterates the security architecture appropriate to its predecessor, opening the enterprise up to an ever increasing raft of security risks," said Wheatman.

The next threat will come from the emergence of web services, which allow data to bypass firewalls, Wheatman said.

At the same time, IT departments will have to contend with a steady stream of new threats including viruses on personal digital assistants, spyware, vulnerabilities introduced by instant messaging and hybrid worms.

But loss of business confidence from cyberterrorism has peaked and, barring new physical attacks, will remain at current levels, according to Wheatman. Cyberterrorism hype causes more loss of confidence than actual attacks, he said.

"Continual scanning for new vulnerabilities and monitoring for new threats are critical and a much better investment than to passively sit back and wait to detect attacks. In security, the best defence is a good offence," said Wheatman.

Innovation as risk

  • PCs: Broke the security associated with mainframes
  • Internet: Exposed existing client/server architecture to external attack
  • Wireless: Devices often shipped with security defaults off; often installed outside view of IT department
  • Web services: Allows data to bypass firewalls raising new security problems



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...