Feeds

Rethinking security

Just what are you trying to secure?

  • alert
  • submit to reddit

Top three mobile application threats

Workshop Ask any IT manager, business leader or regulator and they will tell you that IT security is important - that much goes without saying.

As the chart below shows, for many professionals the role of security in IT is now seen to be a fundamental part of delivering day to day IT service to users, wherever they are, whenever they need service and using whatever device is best suited to the task.

It is no longer a separate entity that only succeeds in adding complexity to an already difficult occupation. But as IT and networking technologies become more complex and as business demands for service flexibility grow is it time for IT professionals to rethink security?

A major challenge for everyone is keeping up with just how quickly the “security” landscape is changing. We know that the traditional drivers for raising the security bar, namely external regulation, concerns over “privacy” and the protection of corporate data along with increasing amounts of legislation still constitute a considerable challenge for many organisations. While these are matters of concern it has to be recognised that they amount to “known”, definable challenges.

These are now being supplemented by a raft of new security worries as user behaviour alters, especially around the use of mobile devices and equipment acquired outside of the standard procedures. There is also the social side of the behaviour equation.

We know from prior research that the ‘official’ use of social media is slowly taking off inside business processes. But Reg readers also tell us that the ‘unofficial’ use of social media tools is a bigger part of daily business life. With people becoming ever more cavalier about sharing information, especially younger workers who have grown up putting their life’s story on the Web, just how is the “security landscape” changing in your business?

Are there any new service areas, such as Unified Communications, instant messaging, screen sharing, Webinar services or other social media sites which you think will have a major impact on how you should treat security? Equally, do you think that they will lead to modifications in your security policies, and if so, when?

In most organisations security is still about securing computers, be they servers, desktops or laptops. But we know that the emphasis should really be on the services that users access rather than the details of the machine they sit at. So if security emphasis is still centred on computers, what about all the other stuff: services, data, information, interactions and virtual relationships?

This naturally raises the question of how to integrate security across systems where you do not have direct control. These include the use of external service providers, social cloud-based systems and collaboration solutions and even the personal devices employees use every day in their business processes. Do you still have a good idea of just what you are trying to secure?

As new threats and behaviours emerge, needing different solutions to secure systems without putting security barriers in the way of operations, it's likely that identity management and access control systems and protection, encryption and key management tools will grow in importance. The challenge is to make them effective without generating end-user resistance and avoidance. Perhaps the real issue is a need to raise the awareness of corporate security responsibility that every member of staff has. But how realistic is this when it is difficult enough to get them to remember their password without resorting to writing it down on a post-it note?

It is clearly hard to keep so many factors in focus, especially when the business demands more from IT every day without adding in the additional skilled manpower resources to lighten the load. We would like to know if you have found workable policies, procedures and tools that let you secure the ever-expanding range of information, interactions, processes and the social networking environments commonly accessed every day. Have you been asked to change the behaviours of your users? If you have succeeded please let us know how. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.