How To Plug 5 Big Security Holes

Security has been the bugaboo of information technology for years—certainly since the advent of the Web in the mid-1990s. And the risks have risen as technology has made workers more mobile and businesses more able to communicate using their computer systems. Can I secure my data? It’s a question that has robbed many technologists of sleep.

In this report, Baseline offers a snapshot of five up-and-coming technologies whose security implications are crucial to your business.

>>VISTA

The Technology
Microsoft’s latest Windows operating system.

Deployment and Use
Just starting. Many large companies, especially those that skipped Windows XP, will start rolling out Vista by mid-year, according to Manny Novoa, a security strategist at Hewlett-Packard. Departments such as engineering, where employees are comfortable using computers, will get Vista first, although some information-technology teams may mix in less technical users to get a better idea of how Vista will work across the company.

Microsoft says Vista is its most secure operating system ever, but at least one new security feature in Vista will make it harder to manage. Companies using BitLocker, a feature that encrypts the hard drives on laptops and PCs, will need to keep track of decryption keys—a non-trivial task.

The Vulnerability
Because they are ubiquitous, Microsoft operating systems have always been prime targets. Vista is no exception. Security researchers have been banging away at it for months. Serious hackers—the ones who attack for profit—probably won’t bother with Vista until enough people are using it so “the time is right financially,” says HP’s Novoa.

Vista’s holes are offset by some new security features, including more controls for administrators over what users can do in the operating system. Deployed correctly, Vista is expected to make Windows safer from malicious attacks than it was before.

What To Do
Operating-system security is less a problem to be solved than a process to be continuously addressed. Indeed, as they start adding Vista systems, information-technology teams shouldn’t relax their efforts to secure legacy versions of Windows and Office.

With Vista, Novoa says, companies should be using extra antivirus software, intrusion detection software, and personal firewalls for employees who plug their laptops into hotel networks. Smart cards can prevent anyone but a computer’s owner from booting it, so using them may make sense as well.

Next page: Web Applications