Trend Micro: encryption & authentication are "sadly lacking" as open source rises in 2014

Have you had enough of 2014 technology predictions yet?

We thought you probably hadn’t, so we spoke to Rik Ferguson in his position as vice president of security research at Trend Micro to get some insight into where open source robustness might (or might not) be headed next year.

rik-ferguson-2013.jpg

Ferguson is of the opinion that open source will “solidify” in it traditional areas (one imagines he means server, increasingly cloud and some desktop use) but also now stake its claim on new ground, particularly in the datacentre.

“Technologies like OpenStack and OpenShift will move into the mainstream, NoSQL will move out of the shadow of Hadoop and become a contender also in big data analytics as both technologies bolt on enterprise grade features,” he said.

Encryption and authentication sadly lacking

“Security in design of these technologies continues to be an afterthought with technologies such as encryption and authentication sadly lacking. So as they are adopted in the enterprise, they will become rich seams for attackers to mine for sensitive data unless properly protected externally.”

Ferguson also says that additionally, the push for “open source first” in areas such as government IT may mean that technologies are implanted “features-first” and then handed off to the security team to make watertight.

No headlong rush

“A lack of familiarity with implementations, or a lack of official technical support channels could also hamper security efforts. While there are many benefits, both functional and economical in adopting open source technologies, it should not be a headlong rush, instead preferring the best tool for the job at hand,” he added.

Rik Ferguson writes his own company blog which he colours with his natural hard rock energy, enthusiasm and drive.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close