Editor’s Note: Secure new platforms

Besides contending with an evolving cast of new viruses, malware, and other threats, you have to secure new platforms and new technologies.

Lafe Low

The security “threatscape” is constantly changing and evolving, with new viruses, new malware, and new threat vectors hackers can follow in their incessant attempts to compromise your systems. As if that wasn’t enough, sweeping infrastructure changes have altered how you have to approach security. The old security techniques and tactics won’t work as well on newer technologies such as mobile devices, cloud computing and virtual infrastructure.

Securing the cloud is a challenge simply because of where data is stored, how often it moves and who will have access to it. You have to ensure data is secured at all stages—when it’s in use, in transit and at rest. Choose your provider carefully. Choose one who will work with you to ensure the level of security you need in order to sleep at night, and one who will share the liability should something go wrong.

The openness of cloud infrastructures and collaboration platforms such as SharePoint makes them attractive targets for data thieves. “To understand the risks to your content, it helps to think like an attacker,” says Dan Sullivan in this month’s feature, “Secure SharePoint content.” He goes on to describe several attack vectors, including browser cache mining, endpoint malware, and careless or malicious employees.

Securing mobile devices brings up a whole handful of new and expanded security concerns. You have to grapple with remote ID management to ensure users logging into the corporate network are indeed who they claim to be; apply corporate policies to bring your own device (BYOD) devices; and maintain a schedule of OS and antivirus updates. There will be certain occasions when you simply can’t apply corporate policy to a remote device that doesn’t belong to the company. Remote wipe is a perfect example. If your star salesman loses his gilded smartphone, you can’t apply a remote wipe. What about all his personal contacts and personal data?

Securing virtual systems brings up another new model for ensuring security. Certainly the process of applying new policies and patches is simplified. You can have them applied as needed whenever a registered user fires up his system at the beginning of the day. You can also start off each day with a clean system, thereby ensuring no virus or malware can linger.

So certain aspects of securing the expanding universe of devices have gotten easier, while other aspects have become a profound challenge. Keeping one step ahead of the changing security landscape is the best way to avoid those sleepless nights and late-night texts and phone calls.

Sleep well

Do you sleep well as an IT guy these days? If you do, that’s probably the best sign that you have a firm grip on your organization’s infrastructure. If you’re tossing and turning, what is it that’s keeping you up at night? What are you missing? What’s your current focus?

Is there anything we can do with TechNet Magazine to help you get a good night’s sleep? Let us know what you need, and we’ll help you get the most out of your Microsoft technology investments. Sign up for our LinkedIn group, send us an e-mail at <tnmag.microsoft.com> or e-mail me directly.

Lafe Low is the editor in chief of TechNet Magazine. A veteran technology journalist, he’s also the former executive editor of 1105 Media’s Redmond magazine.