IT professionals pushed to implement virtualisation and to use open source software to cut costs could introduce security risks into the business, according to a panel of industry experts.
After the financial meltdown, IT security practitioners and vendors need to "take a look in the mirror" and assess whether data integrity caused unnecessary risk problems, the panel told visitors to RSA's Europe Security Conference 2008.
More from RSA Europe
"Because we have tied ourselves so closely to risk management, it would be remiss of us if we didn't look at what went wrong and whether we are part of the problem," Tim Mather, chief RSA conference strategist said. "We need to look in the mirror and find out what went wrong."
"It is up to IT and to information security departments to ensure integrity of data and trace the lineage of data. IT professionals are responsible for when data comes into an organisation and when it leaves."
But the current economic climate is spurring firms to implement "immature" technologies in a drive to cut costs, such as open source, virtualisation, VoIP between enterprises and cloud computing projects.
These technologies could present serious security management issues for information security practitioners.
Questions remain around virtualisation on how to secure virtualised environments, how to assure auditors that information security is clean on virtual systems. There is pressure to move to virtualised machine environment in the name of cutting hardware costs, but it's hard to keep that level of assurance, said Mather.
Ben Jun, VP of technology, cryptography research, and RSA global advisory board member, said security is not top of mind for IT departments rolling out virtualisation. "They are looking at if AMD chips will work with Intel, that's the sort of questions that are being asked. We're talking about new technologies and security has to be dealt with very soon."
"We see voice over IP (VoIP) is already widely deployed within enterprises. What we could see is companies deploy VoIP between enterprises to reduce costs, even though it is not secure," said Mather.
What's more, security departments will also find their budgets cut, Mather said. Companies face more regulation, IT departments will be forced to do more security and risk assessments with tighter budgets, and implement new, untried technologies that could add complexity and risks.
Ed Gibson, chief cyber security advisor at Microsoft and a former FBI agent, said "security will suffer if people take their eye off the ball."