Home > RSS Feeds > Security
  • Despite clear concerns about their abilities to secure infrastructures in a public cloud, companies continue to forge ahead with plans to run their applications in infrastructure-as-a-service (IaaS) environments. Such are the findings of a recent survey of 363 information security and infrastructure professionals conducted by security policy-management vendor AlgoSec. The survey makes it clear that the migration of applications to public cloud infrastructures presents new challenges for the IT and security professionals and executives charged with protecting applications and data—challenges that will have to be overcome with more frequency."Network security in public IaaS is fundamentally different compared to traditional on-premise data centers, which results in the myriad of operational, security and compliance challenges highlighted in this survey," says Nimmy Reichenberg, vice president of marketing and strategy at AlgoSec. "As organizations look to strategically adopt public IaaS, they must ensure they have holistic visibility and a platform that can manage their network security policy consistently across their entire environment."

  • Balancing productivity and security is a growing minefield for organizations, particularly as the consumerization of IT accelerates and BYOD (bring your own device) reaches deeper into the fabric of companies. A recent report, "Security in the New Mobile Ecosystem," examines the impact of mobile devices, mobile apps and the mobile workforce—essentially the mobile ecosystem—on the overall security outlook of organizations in the United States. The report, commissioned by Raytheon and independently conducted by the Ponemon Institute, found that while most companies are implementing mobile security measures, practices aren't keeping up with the rapidly changing marketplace and the proliferation of mobile devices. "Despite the increasingly high levels of cyber-security risks with mobile devices, the top two methods being used today—Mobile Device Management (MDM) and secure containers—are not sufficient," explains Ashok Sankar, senior director of product management and strategy at Raytheon Cyber Products. In addition, "Companies need to alleviate employee fears by ensuring that their user experience does not change, and their private data is not compromised, viewed or removed from their devices at the discretion of the company." The Ponemon Institute surveyed 618 technology and IT security professionals.

  • One of the biggest business and technology challenges facing enterprises that are attempting to batten down the security hatches is the ongoing peril of insider threats. In some cases, these breaches occur inadvertently, when employees engage in risky or negligent behavior without realizing the damage it can cause. But threats also take place due to intentional fraud, hacking or intellectual property (IP) theft. And the nature of insider threats—an authorized person misusing or abusing access to systems and data—makes it extremely difficult to detect such attacks and protect against them. A recent survey of 355 security professionals conducted by mobile software firm Spectorsoft offers insights into the problem, which, according to industry estimates, amounts to approximately $40 billion a year in losses in the United States alone and about $2.9 trillion globally. Among other things, the survey found that while executives across a wide swath of industries acknowledge the problem and the risks, companies are largely unable to deter insider threats—and the problem is getting worse.

  • Given the potential that mobility has to significantly affect enterprise operations and security, you would probably expect that more organizations would adopt comprehensive policies supporting their bring-your-own-device (BYOD) initiatives. Surprisingly, the opposite is true, according to a recent TEKsystems survey of technology workers. In fact, significantly fewer survey respondents said their company maintains and enforces such policies. The vast majority feel that this puts sensitive enterprise data at risk. "The growing deficiency of BYOD policy … is astonishing, especially given the heightened threats of cyber-crime and mobile security attacks," says Jason Hayman, market research manager at TEKsystems. "The degree of exposure to risk is amplified by the fact that IT professionals and other employees are always connected, and are working from multiple devices from just about any location. Companies have become completely overwhelmed by the process of instituting and upholding BYOD controls, don't feel that there is a legitimate threat, or have made the dangerous assumption that their tech-savvy workforce doesn't need direction regarding safe use of personal devices." Meanwhile, workers are feeling less control over their personal lives, as the ubiquitous quality of mobile connectivity makes them feel as if they're always working. More than 300 IT professionals in North America took part in the research.

  • An identity and access management system enables the Susan G. Komen organization to streamline access to cloud applications, while safeguarding sensitive data.