Ideas and suggestions are always welcome. Please let us know how we can improve your newsletter! We welcome your feedback.
LexisNexis® for Corporate Counsel
LexisNexis® Webinar Center
LexisNexis® Legal Newsroom
Live CLE Webinars | OnDemand Webinars
Edited by Kristin Casler featuring insights from DAVID LINGENFELTER Information Security Officer at Fiberlink, an IBM Company, maker of MaaS360 software--
As companies embrace new technologies, they can’t help but think about the associated security risks. News of the latest company to fall victim to a breach has become all too common. Whether you operate from a data center or the cloud, or both, are in research or retail, you must be proactive. Experts agree that companies require a multi-pronged, company-wide security strategy. One component of that strategy should be the use of the most reliable security to counteract the threats posed by your use of technology.
Threats are everywhere when you go mobile
Not to be an alarmist, but with attackers continually and creatively ratcheting up their game, you never know where the next attack will come from. That said, the mobile device threats typically come from one of two directions , said David Lingenfelter, information security officer for MaaS 360 at Fiberlink, an IBM Company.
“Businesses should not consider mobile devices to be business as usual when it comes to security and where to focus security efforts,” according to the Cloud Security Alliance’s Security Guidance for Critical Areas of Mobile Computing. “Most of these threats are either new to the IT landscape or enhanced by mobile devices.”
To counteract these threats, Lingenfelter said companies that build their own security systems can use wrapping technology. Wrapping adds a layer of authentication and security to the user. So, if a device is lost or stolen, additional passwords and verification are required to access critical areas.
For those dangerous apps, the industry is making a concerted effort to refine its search for malware and hacked apps. More and more, technology will focus on looking at apps and giving them an approval rating for security.
The real key, though, is to compartmentalize data using mobility management, so that there is no outside access to important information and processes. By installing software that has a “container”—a technology that has been on the market for about two years — Lingenfelter said companies can keep employees’ personal activity, such as email, apps and photos, separate from business systems.
On a phone with no security, a dirty app or malware can drop an important file into a sharing application and then use the owner’s private email to send it wherever the user wants. With container software, Lingenfelter said malware and hacked apps can’t get in. They may try to access contacts and email, but they can’t breach the container wall.
Companies of all sizes can and should consider this as an option,” he said. We’re seeing more buy-in from larger companies because they have more concern and more employees. Smaller companies may trust employees, but from a corporate liability perspective, container software is extremely helpful.
Cloud computing is not all white and fluffy
One of the fastest growing technologies for businesses is cloud computing. Companies favor it because it provides broad access, continuity and collaboration for employees and cost-effective fluidity and growth potential for companies. What’s not to like?
The cloud is not inherently less secure than traditional on-premises environments, according to Alert Logic’s The State of Cloud Security Report. A study of users showed attack frequency has increased in both on-premises and cloud-hosting provider (CHP) environments. As more enterprise workloads move into cloud-hosted infrastructure, traditional on-premises infrastructure threats follow, the Report said.
In other words, organizations cannot rely on legacy approaches to security to support their cloud infrastructure. They must find solutions that deliver protection specifically for the cloud.
Before making the leap to cloud computing, you should consider the types of threats targeting cloud-computing environments, and whether your traditional security technologies can perform effectively there.
Lingenfelter said that just like with a data center, companies need to know where their cloud data is and what it is exposed to. His company, is a data-management service—it doesn’t store a company’s data in the cloud. You need to ask questions of your cloud provider, he said. Where is the data being stored? In one or more countries? Is it partially in a data center and partially in a cloud drive? Is there a backup? Is it encrypted? With cloud, you have to ask those questions and make sure you maintain some level of control.
The Alert Logic Report noted that it is an absolute necessity that companies educate themselves on their business and application requirements for security and compliance, map these requirements to the right CHPs, and source the right products and build the right processes to manage events, incidents and ongoing security in the cloud.
No device left unprotected
Hackers are relentless, sophisticated and diverse. They attack from multiple angles and with ever-newer tactics, putting company strategies, products and customer data at risk.
Some corporate counsel might not give much thought to security, relying on an aggressive IT department to run a tight ship. But counsel often gets the brunt of the work when security goes wrong. It behooves them to set the organization’s security posture, ensuring every new technology is protected with the latest, most reliable security.