cioinsight.com
Home > RSS Feeds > Security
  • The intensifying debate over digital privacy demonstrates the vast complexities of this issue. On one hand, users appreciate the advantages of having one-on-one purchasing experiences with companies. That's how, through alerts and other techniques, they quickly find what they need online and save money on the transaction. On the other hand, analytics empowers businesses to collect and use consumer data in ways that were unimaginable just a few years ago. Such dynamics are creating a perfect storm when it comes to consumer privacy, with a broad range of developing conflicts, trends and ethical challenges. To provide some insight, Constellation Research has published "Privacy Enters Adolescence: The State of Digital Safety and Privacy in 2015." The report, which has a list price of $995, includes big-picture themes that IT professionals and executives should consider—and even debate. We've adapted the following list of privacy themes based on the report, along with some best practices for enterprises trying to strike the right balance between business-benefiting innovation and respect for customers' personal information. "The digital world brings opportunities and risks that are without precedent in the history of commerce and society," according to the report's author, Steve Wilson. "Information paradoxically is both a commodity and, in the hands of analytics wizards, a great treasure. … Society's critical dependence on ubiquitous connectivity and frictionless access to data contrasts with traditional security and privacy practices, which unfortunately regard these very properties as a problem."

  • The Savannah River National Lab is turning to network fingerprinting technology to detect changes in power consumption that can indicate a security breach.

  • Cyber-security has emerged as a major challenge for businesses large and small. It increasingly impacts e-commerce, data management, employee collaboration, and a variety of other tasks and processes. In the end, it affects company growth and bottom-line results. A recently released study conducted by research firm Vanson Bourne and sponsored by CA Technologies, "8 Steps to Modernize Security for the Application Economy," examines security in the emerging app economy, including how companies are adapting to an explosion of Internet-enabled devices. Among other things, the survey found that protections must extend beyond internal systems and employees and out to business partners and consumers. There's also a need to shift away from extensive restrictions and use enabling technologies, such as application programming interfaces (APIs), two-factor authentication and bring-your-own-identity approaches. These tools, according to the report, are critical to achieving innovation and tapping into opportunities. Here are some of the key findings from the survey of 1,425 senior IT and business leaders, including CSOs and CISOs.

  • It's probably time to rethink this whole notion of work-life balance. With huge numbers of workers saying that they're using their work devices for personal business and using their personal devices to do work, the line between work and personal business is no longer just blurry. It's virtually nonexistent, and IT security teams must pay attention. That's the key takeaway from a recent survey conducted by MSI Research on behalf of Intel Security. MSI interviewed 2,500 professionals in 12 countries to gauge their attitudes about online data protection in the era of mobile business. What they found is that employees are increasingly using their work and personal devices interchangeably, placing the onus on their employers to adequately protect both. "Working wherever and whenever has rapidly become the norm, as employees and employers strive for increased productivity, collaboration and responsiveness," said Candace Worley, a senior vice president at Intel Security. "This can pose significant security risks for organizations, as employees often use whatever network is available to them whether they are sure it's secure or not." In other words, you're letting your mobile employees roam outside of your network unchecked at your own risk.

  • One of the unfortunate realities of the digital age is that it's impossible to escape the threat of malware. Emails, Websites, and other tools and technologies all too often carry potentially dangerous payloads that can damage or cripple an enterprise. Most recently, Sony Pictures Entertainment discovered just how destructive malware can be and how it can wreck a company's reputation and cause enormous financial losses. Yet, while it's critical to protect against these threats, a new report, "The Cost of Malware Containment in 2015," from Ponemon Institute and malware detection vendor Damballa, reveals that major organizations spend an average of $1.3 million annually responding to erroneous and inaccurate malware alerts. This adds up to about 21,000 hours in wasted time and effort across all systems and devices. The report also provides insights into how enterprises cope with legitimate threats, as well as false positives. The upshot? While the frequency and severity of attacks are growing, IT and security teams must take a more strategic and coordinated approach. "Significant money and time can be saved if organizations have actionable intelligence to prioritize the threats posed by malware," points out Larry Ponemon, chairman and founder of the Ponemon Institute, a research think tank dedicated to advancing privacy and data protection practices.

  • The Caribbean Credit Bureau,  a leading provider of credit services in the Caribbean region, turns to a cloud solution to ring up business and IT gains.

  • It's hard to secure what you don't know is there. A recent survey from the Cloud Security Alliance indicates that while organizations are clearly concerned about the security of data residing in cloud services, they also have surprisingly little insight into how much unknown exposure they have on this front. The lack of awareness of shadow IT use of cloud services—which occurs outside of IT's control—and the associated security vulnerabilities appear to be impeding adoption of the cloud. There are indications, however, that organizations are moving to change this paradigm. "As companies move data to the cloud, they are looking to put in place policies and processes so that employees can take advantage of cloud services that drive business growth without compromising the security, compliance and governance of corporate data," says Jim Reavis, CEO of the not-for-profit CSA, which surveyed more than 200 IT, IT security, compliance and audit professionals from around the globe. Rajiv Gupta, CEO of cloud security firm Skyhigh Networks, which sponsored the survey, adds that "This survey illustrates that companies are aware of the consumerization of IT, but have room to more proactively address the security concerns of cloud adoption."

  • The congressman, who heads the new House Information Technology Subcommittee, talks about cyber-security and how business and government can protect themselves.

  • Nearly half of organizations surveyed have at least one worker-installed dating app on mobile devices that are used to access confidential business information.

  • One reason security software is not used to the fullest extent is that IT doesn't have the time or staff required to implement software solutions properly.

  • In an era of device and data sprawl, concerns around IT governance are building. A recent survey from Forrester Research, commissioned by data governance vendor Druva, suggests that organizations will increase their focus on governance over the next two years as they try to get a handle on the growing use of mobile devices and cloud applications. Change is expected to occur all over: Mobile devices, apps and content will be looked at more closely; governance models and technologies will be beefed up; and, naturally, costs will increase. Given that other research from Forrester indicates that 20 percent of CIOs will lose their jobs by 2016 for failing to successfully implement information governance, it's no surprise that governance is getting more attention. "With the rise of the mobile workforce, organizations must establish strategies to govern not only corporate and employee-owned mobile devices, but also the multiple channels that are now required to make data available anywhere on any device," said Chandar Venkataraman, chief product officer at Druva. "The increase in complexity is staggering." The survey includes input from more than 200 IT and legal professionals from enterprises with at least 2,000 employees.