Home – Lured in by cutting-edge technology? Learn before you leap

Lured in by cutting-edge technology? Learn before you leap


Edited by Kristin Casler featuring insights from DAVID LINGENFELTER Information Security Officer at Fiberlink, an IBM Company, maker of MaaS360 software--


As companies embrace new technologies, they can’t help but think about the associated security risks. News of the latest company to fall victim to a breach has become all too common. Whether you operate from a data center or the cloud, or both, are in research or retail, you must be proactive. Experts agree that companies require a multi-pronged, company-wide security strategy. One component of that strategy should be the use of the most reliable security to counteract the threats posed by your use of technology.


Threats are everywhere when you go mobile


Not to be an alarmist, but with attackers continually and creatively ratcheting up their game, you never know where the next attack will come from. That said, the mobile device threats typically come from one of two directions , said David Lingenfelter, information security officer for MaaS 360 at Fiberlink, an IBM Company.


  • From the outside——hacked apps and malware, particularly on the more-global Android™ systems, steal information. These programs are downloaded and maliciously find their way into your most vulnerable and valuable areas. Lingenfelter said Compromised apps are prolific in third-party markets. Rogue marketplaces and unsecured WiFi network access also are sources for data risk.

  • From inside——mobile devices in general are dangerous because the loss of a phone, laptop or tablet with corporate access can jeopardize vital data. A Symantec® study of purposely lost smartphones showed 83 percent had attempts to access business apps, 89 percent had attempts to access personal apps and 96 percent had attempts to access at least some type of data. Additionally, data can be jeopardized by poorly written applications and device vulnerabilities.


“Businesses should not consider mobile devices to be business as usual when it comes to security and where to focus security efforts,” according to the Cloud Security Alliance’s Security Guidance for Critical Areas of Mobile Computing. “Most of these threats are either new to the IT landscape or enhanced by mobile devices.”


Security technology


To counteract these threats, Lingenfelter said companies that build their own security systems can use wrapping technology. Wrapping adds a layer of authentication and security to the user. So, if a device is lost or stolen, additional passwords and verification are required to access critical areas.


For those dangerous apps, the industry is making a concerted effort to refine its search for malware and hacked apps. More and more, technology will focus on looking at apps and giving them an approval rating for security.


The real key, though, is to compartmentalize data using mobility management, so that there is no outside access to important information and processes. By installing software that has a “container”—a technology that has been on the market for about two years — Lingenfelter said companies can keep employees’ personal activity, such as email, apps and photos, separate from business systems.


On a phone with no security, a dirty app or malware can drop an important file into a sharing application and then use the owner’s private email to send it wherever the user wants. With container software, Lingenfelter said malware and hacked apps can’t get in. They may try to access contacts and email, but they can’t breach the container wall.


Companies of all sizes can and should consider this as an option,” he said. We’re seeing more buy-in from larger companies because they have more concern and more employees. Smaller companies may trust employees, but from a corporate liability perspective, container software is extremely helpful.


Cloud computing is not all white and fluffy


One of the fastest growing technologies for businesses is cloud computing. Companies favor it because it provides broad access, continuity and collaboration for employees and cost-effective fluidity and growth potential for companies. What’s not to like?


The cloud is not inherently less secure than traditional on-premises environments, according to Alert Logic’s The State of Cloud Security Report. A study of users showed attack frequency has increased in both on-premises and cloud-hosting provider (CHP) environments. As more enterprise workloads move into cloud-hosted infrastructure, traditional on-premises infrastructure threats follow, the Report said.


In other words, organizations cannot rely on legacy approaches to security to support their cloud infrastructure. They must find solutions that deliver protection specifically for the cloud.


Before making the leap to cloud computing, you should consider the types of threats targeting cloud-computing environments, and whether your traditional security technologies can perform effectively there.


Lingenfelter said that just like with a data center, companies need to know where their cloud data is and what it is exposed to. His company, is a data-management service—it doesn’t store a company’s data in the cloud. You need to ask questions of your cloud provider, he said. Where is the data being stored? In one or more countries? Is it partially in a data center and partially in a cloud drive? Is there a backup? Is it encrypted? With cloud, you have to ask those questions and make sure you maintain some level of control.


The Alert Logic Report noted that it is an absolute necessity that companies educate themselves on their business and application requirements for security and compliance, map these requirements to the right CHPs, and source the right products and build the right processes to manage events, incidents and ongoing security in the cloud. 


No device left unprotected


Hackers are relentless, sophisticated and diverse. They attack from multiple angles and with ever-newer tactics, putting company strategies, products and customer data at risk.


Some corporate counsel might not give much thought to security, relying on an aggressive IT department to run a tight ship. But counsel often gets the brunt of the work when security goes wrong. It behooves them to set the organization’s security posture, ensuring every new technology is protected with the latest, most reliable security.