Lenovo ThinkCentre M50 Summary of IDC white paper titled "The Coming of A - Page 1

Lenovo ThinkCentre M50 Manual

Get Lenovo ThinkCentre M50 PDF manuals and user guides View all Lenovo ThinkCentre M50 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 1 highlights

The Coming of Age of Client Security Technology The Need to Secure the Network's Point of Entry - the Desktop or Notebook Client - Becomes More Visible to Executive Management Analyst: Roger L. Kay A lthough security technology has progressed tremen- unknown proportions - the degree of penetration was dif- dously over time, awareness of the need for security on the ficult to assess - a hacker from St. Petersburg, the intel- part of people who use computers - both consumers and lectual seat of the old Soviet Union, broke into Microsoft's businesspeople - has not in general kept pace. Essen- network and absconded with a large number of important tially, there is plenty of technology on hand, but the under- files, including, purportedly, an unknown quantity of Win- standing of what it does and how to use it has lagged. dows source code files. Naturally, Microsoft never adver- However, much has changed since the attacks of Septem- tised the extent of the damage - if, indeed, it is actually ber 11th. CEOs and IT managers everywhere drew known. And if a company at the epicenter of the informa- lessons from the differing tion technology business is fates of companies that had vulnerable (and by infer- backup and restore procedures and those that didn't. Lunchtime Attacks ence should know better), truly, no company is safe Data recovery is, of course, The Microsoft intrusion was a so-called "lunchtime from attack. only one piece of the security pie, but as political tensions have increased on the macro level, this and other security concerns have risen in visibility with top managers. "To what degree is our data - and therefore our business - safe?" CEOs are now asking in ever greater numbers and with increasing vehemence. "Just where are we with security?" they want to know of their CIOs. attack," named for the archetypical scenario in which an employee goes out to lunch, leaving his or her computer on, and an intruder simply sits down at the absent worker's desk to feast on whatever privileges that user enjoys, including access to files, programs, and services. Without having to resort to social engineering, a lunchtime attack can be thwarted quite easily by a variety of authentication methods based on client-level hardware encryption. For example, the operating system can be set to lock out access after a short period of time if it receives no further input and be reactivated only via biometric recognition, a proximity badge, or both, eliminating the need for passwords, which can be forgotten or stolen. If the network had been able to interrogate the The security threat is growing in several dimensions at once. The amount of value flowing across the network - in the form of actual money, but also business plans, intellectual property, and strategic documents - is rising by leaps and bounds. And value is at risk in less obvious ways. A reputation can be damaged irreparably by an attack, business can be lost as a result of down time, and the This shift in attitude repre- remote client to find out whether or not it was autho- trust on which ebusiness is sents an evolution from the rized, Microsoft would likely have been able to prevent based can be destroyed pre-September 11th state, the attack. Had appropriate fail safes been in place, the permanently. Identity theft, which was characterized by hack would likely not have been successful. which has become a verita- a vague awareness of some ble cottage industry, must subset of security issues, be added to the growing list but a misunderstanding of the complete security picture of imaginative crimes. In addition, malicious hackers are and a widespread lack of adoption and deployment. getting more sophisticated. Malevolent programmers are not only figuring out more effective ways to harm busi- Now managers are beginning to assess their vulnerability nesses and individuals, but they are also publishing their and to ask what their alternatives are. tricks on Web sites for other less creative, but perhaps In most corporations, the security infrastructure is still more vindictive, people to find and use. inadequate and full of holes. Even the most sophisticated organizations are vulnerable. In one incident, widely reported in the press, that had an impact of major but In this environment, client security can be one of weakest links in the chain. Despite the availability of operating systems with improved security features, desk- 5 Speen Street • Framingham, MA 01701 • Phone (508)872-8200 • Fax (508)935-4015

  • 1
  • 2
5 Speen Street • Framingham, MA 01701 • Phone (508)872-8200 • Fax (508)935-4015
The Coming of Age of
Client Security Technology
The Need to Secure the Network's Point of Entry —
the Desktop or
Notebook Client — Becomes More Visible to Executive Management
Analyst: Roger L. Kay
lthough security technology has progressed tremen-
dously over time, awareness of the need for security on the
part of people who use computers — both consumers and
businesspeople — has not in general kept pace. Essen-
tially, there is plenty of technology on hand, but the under-
standing of what it does and how to use it has lagged.
However, much has changed since the attacks of Septem-
ber 11
th
. CEOs and IT managers everywhere drew
lessons from the differing
fates of companies that had
backup and restore proce-
dures and those that didn't.
Data recovery is, of course,
only one piece of the securi-
ty pie, but as political ten-
sions have increased on the
macro level, this and other
security concerns have risen
in visibility with top man-
agers.
"To what degree is
our data — and therefore
our business — safe?"
CEOs are now asking
in
ever greater numbers and
with increasing vehemence.
"Just where are we with
security?" they want to know
of their CIOs.
This shift in attitude repre-
sents an evolution from the
pre-September 11
th
state,
which was characterized by
a vague awareness of some
subset of security issues,
but a misunderstanding of the complete security picture
and a widespread lack of adoption and deployment.
Now managers are beginning to assess their vulnerability
and to ask what their alternatives are.
In most corporations, the security infrastructure is still
inadequate and full of holes. Even the most sophisticated
organizations are vulnerable. In one incident, widely
reported in the press, that had an impact of major but
unknown proportions — the degree of penetration was dif-
ficult to assess — a hacker from St. Petersburg, the intel-
lectual seat of the old Soviet Union, broke into Microsoft's
network and absconded with a large number of important
files, including, purportedly, an unknown quantity of Win-
dows source code files. Naturally, Microsoft never adver-
tised the extent of the damage — if, indeed, it is actually
known. And if a company at the epicenter of the informa-
tion technology business is
vulnerable (and by infer-
ence should know better),
truly, no company is safe
from attack.
The security threat is
growing in several dimen-
sions at once.
The amount
of value flowing across the
network — in the form of
actual money, but also busi-
ness plans, intellectual
property, and strategic doc-
uments — is rising by leaps
and bounds. And value is at
risk in less obvious ways. A
reputation can be damaged
irreparably by an attack,
business can be lost as a
result of down time, and the
trust on which ebusiness is
based can be destroyed
permanently. Identity theft,
which has become a verita-
ble cottage industry, must
be added to the growing list
of imaginative crimes. In addition, malicious hackers are
getting more sophisticated. Malevolent programmers are
not only figuring out more effective ways to harm busi-
nesses and individuals, but they are also publishing their
tricks on Web sites for other less creative, but perhaps
more vindictive, people to find and use.
In this environment, client security can be one of
weakest links in the chain.
Despite the availability of
operating systems with improved security features, desk-
Lunchtime Attacks
The Microsoft intrusion was a so-called "lunchtime
attack," named for the archetypical scenario in which an
employee goes out to lunch, leaving his or her computer
on, and an intruder simply sits down at the absent work-
er's desk to feast on whatever privileges that user
enjoys, including access to files, programs, and ser-
vices.
Without having to resort to social engineering, a
lunchtime attack can be thwarted quite easily by a vari-
ety of authentication methods based on client-level hard-
ware encryption. For example, the operating system can
be set to lock out access after a short period of time if it
receives no further input and be reactivated only via bio-
metric recognition, a proximity badge, or both, eliminat-
ing the need for passwords, which can be forgotten or
stolen. If the network had been able to interrogate the
remote client to find out whether or not it was autho-
rized, Microsoft would likely have been able to prevent
the attack. Had appropriate fail safes been in place, the
hack would likely not have been successful.
A