Bring-your-own-device (BYOD) policies, cloud computing and the "Internet of Things" have enabled enterprises to revolutionize interconnectedness and collaboration, but cyber-criminals are increasingly taking advantage of the the resulting blurred line between work and personal lives.
It is no longer sufficient to secure endpoints, as mobile device connections in the cloud make information more widely accessible. While the Internet of Everything and machine-to-machine (M2M) connections fuel business intelligence by converging previously separate systems and enhancing visibility into the network, they also make enterprises more susceptible to a more devastating attack that affects the entire database,?as opposed to one application. John N. Stewart, senior vice president of Global Government and Corporate Security, stated that enterprises need to reconsider security policies and approaches, because hackers are beginning to capitalize on vulnerabilities due to internet dependency by embedding malware into popular destinations.
Search engines, retail websites and social media platforms now threaten not just the employee's device, but also the entire enterprise database. In fact, Cisco's report revealed that search engines are 27 times more likely to produce malicious content than a counterfeit software site. Chris Young, senior vice president of the Security and Government Group at Cisco, explained that the inevitability of the Internet of Everything means it will be imperative for security professionals to think more about locking down network boundaries instead of just securing endpoints.
"There?will be too many devices, too many?connections, and too many content?types and applications?and the?number will only keep growing," he said. "In this?new landscape, the network itself?becomes part of the security paradigm that allows enterprises to extend?policy and control over different?environments."
Security demands context
Trust has become a complicated concept in the digital landscape, and enterprises can no longer assume that employee activity is in line with company security policies. Simon Crosby, Wired contributor, argued that trust is specific to context, because when only relevant data to a particular situation's context is available, there is less of a risk of unauthorized use or compromised information. Young supported the proposition that security practices must become more context-aware.
"We need to know the identity or type of files and data that are traversing our networks, correlate that with what we know about users and applications, and bring all that information together on the same platform," he said.
Because the source of inbound information has become more convoluted with new channels, it has become more difficult to detect viruses, malware and infected links. Crosby asserted that enforcing a "need to know" basis of exchange between the operating system (OS) and applications will protect the OS when a particular application is attacked.?
This concept of "need to know" security restrictions is based in advanced identity management. No matter how strict an enterprise's security policies are, BYOD means that employee databases?cannot always be controlled, putting systems at risk. Young explained that the Internet of Everything means it will be essential for companies to be able to identify any and all devices connected to the network, and then assign user access IDs so that only pertinent information is accessible to that person, on that device and at that time. He was adamant that along with traditional security measures such as firewalls and virus protection, these technologies will offer heightened defenses to cyber-attacks in real-time.?Additionally, two-factor user authentication offers?basic assurance of mitigating unauthorized access and misuse.
Eric Savitz, Forbes contributor, agreed that identity security will be a primary focus in 2013 as a result of mobility's increasing role in business productivity. He predicted that IT departments will continue to adopt cloud-based strategies that accommodate mobile demands and allow employees to work more efficiently,?while securing personal clouds through mobile-device management.?
As new employee devices feed into enterprise systems and virtualization makes information more accessible, businesses will need to exercise more advanced, proactive identity management and access measures for data protection.
Costa Rica Earthquake sandra fluke kellie pickler costa rica kevin hart living social Earthquake Costa Rica
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.