As consumer devices move into business, professionals who understand malware and data leakage are in the greatest demand. By Doug Bartholomew | October 2008
Although many companies are becoming cautious when it comes to hiring during the economic downturn, there are still niches where CIOs and IT managers are looking for new talent. One of these is IT security, and network security in particular. "In fact," observes Victor Janulaitis, chief executive of Janco Associates, an IT management consulting firm in Park City, Utah, "we've seen an increasing demand for IT security people over the last couple of years." [youtube] Janulaitis believes the pressure to increase IT security staff is likely to continue, especially given the current environment, with giants such as AIG failing and Merrill-Lynch being acquired by Bank of America. "There will be a tremendous impact on security as these large companies face the challenge of ensuring their business information stays proprietary and private," he says. Even the new parent companies face added security concerns, he adds, stemming from both the loss of the acquired firm's employees to and the need to ensure customer privacy as accounts are transferred. What's more, the influx of new consumer technologies into the workplace - the Apple iPhone comes to mind, as does the boom in social networking - is increasing demand for IT security staff. One reason IT security professionals have their hands full is the influx of new workers from "Generation Y," folks who grew up with Google, cell phones, Blackberrys, Skype, and Facebook. They're reluctant to check these new technologies at the door when they enter the office environment. Many companies find employees purchase the devices  themselves and put corporate data on them, including e-mail messages with attachments carrying corporate data. The security challenges posed by the rampant use of mobile devices, flash drives and social networking sites range from data leakage and the introduction of malware to corporate systems, to compliance concerns when employees access corporate information from Starbucks or use Bluetooth to send and receive instant messages while traveling. To meet such challenges, IT departments need to add a number IT security skills that are only likely to become even more in-demand as time moves on. Companies need a new cadre of IT security professionals who understand these new technologies and can install software packages to deal with them, or else adapt existing ones to provide the needed security measures. Some solutions to help curtail the likelihood of data leakage are secure virtual private networks (VPNs), data-leak prevention software, and network access controls. Other defensive measures include new technologies such as Workbook, a secure overlay for Facebook, and systems that expand corporate visibility into network activity and application infrastructure. One way to stop the use of iPods, game software, flash drives, and other unapproved technology is to install software that monitors and limits its use on company laptops. For example, SecureWave offers a device and application control software suite that distributes agents to monitor and track how modems, iPods, flash drives, and applications are used based on rules stored in Microsoft Active Directory. Another solution is to install a Web security gateway to keep malware and spyware out. The Boston Celtics installed Mi5 networks' Webgate security applicance, which sits  between the NBA team's corporate firewall and network. It detects and reports spyware, both inbound and outbound. Machines already infected are quarantined and have to becleaned of intrusive software by the team's IT staff. The system is a big help to Celtics vice president of technology Jay Wessel, who says his staff had been overwhelmed with requests to detect and remove spyware from employees' PCs. "We have a lot of machines on the road," he notes. "Our people would bring their laptops back to the office and the things they picked up would drag down our network." In sum, IT security professionals in the greatest demand are those who understand the threat of malware and data leakage, and who are familiar with the technologies that can reduce the risks they pose. Doug Bartholomew is a business writer based in Northern California.