Web services look set to be the next big risk

New waves of technology will render existing security measures obsolete and increase the exposure of new and legacy IT systems,...

New waves of technology will render existing security measures obsolete and increase the exposure of new and legacy IT systems, Gartner warned yesterday.

Web services are likely to create the next generation of vulnerabilities, according to Victor Wheatman, Gartner managing vice-president for security.

The introduction of new technologies and business practices will mean that organisations with their IT security battened down today will have to work hard to keep it that way, he said.

"Whenever new technology is introduced or business fundamentals change, management's focus in terms of funding and resource allocation shifts from the old to the new, creating a security gap," said Wheatman.

In recent years, each major development in technology has left businesses with new security gaps.

Network PCs eroded the gains companies had won securing individual desktops. The introduction of distributed applications, external networks and wireless networks created further waves of vulnerabilities.

"Each new wave of technology obliterates the security architecture appropriate to its predecessor, opening the enterprise up to an ever increasing raft of security risks," said Wheatman.

The next threat will come from the emergence of web services, which allow data to bypass firewalls, Wheatman said.

At the same time, IT departments will have to contend with a steady stream of new threats including viruses on personal digital assistants, spyware, vulnerabilities introduced by instant messaging and hybrid worms.

But loss of business confidence from cyberterrorism has peaked and, barring new physical attacks, will remain at current levels, according to Wheatman. Cyberterrorism hype causes more loss of confidence than actual attacks, he said.

"Continual scanning for new vulnerabilities and monitoring for new threats are critical and a much better investment than to passively sit back and wait to detect attacks. In security, the best defence is a good offence," said Wheatman.

Innovation as risk

  • PCs: Broke the security associated with mainframes
  • Internet: Exposed existing client/server architecture to external attack
  • Wireless: Devices often shipped with security defaults off; often installed outside view of IT department
  • Web services: Allows data to bypass firewalls raising new security problems

Read more on IT risk management