Managing Mobile, Cloud and Social Media SecurityBy Bob Violino | Posted 2013-04-04 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
These popular technologies create unique security threats, which, if not addressed, can lead to serious problems for all types and sizes of organizations.
As mobile computing and cloud-enabled services become more pervasive, "hackers and fraudsters will begin to take advantage of any shortcomings they can to steal money, information or anything else of value they can monetize," LaRosa says. "We need to move toward newer technologies that provide hardware-based isolation, enabling dangerous tasks to be run with minimal access and privileges."
ADP is looking at how technologies such as micro-virtualization, which abstracts applications from hardware and runs them in isolated environments, can help it defend against the next generation of threats in the cloud and mobile environments.
Securing Mobile Devices
Also dealing with the security issues of mobility and the cloud is Loring Ward, a San Jose, Calif., provider of investment and business management services. "Because Loring Ward is a nationwide firm, the use of mobile technology is very important," says Randy Rudolph, vice president of corporate infrastructure. "Of paramount importance is the ability to secure the data on the mobile devices."
The firm recently initiated a bring-your-own-device (BYOD) policy, enabling employees to access the company's secure platform using their own smartphones and tablets. As part of this program, Loring Ward is using a mobile device management (MDM) platform from Fiberlink that lets it manage devices remotely and encrypt data that belongs to the firm, while not touching employees' personal data or applications.
"We have the ability to lock the device and perform geo-tracking and geo-fencing of the device, as well as [conducting] a device wipe or just [wiping] the firm's data contained on the device," Rudolph says.
Loring Ward has a private cloud, which it uses for critical internal systems and applications such as email and voice over IP communications, as well as for disaster recovery. Multiple departments in the company "use some type of cloud-based service that enables them to perform at a much higher level than before," Rudolph says.
To secure data in the cloud, Loring Ward uses the Box platform that provides a central repository for most of its data. It also includes security features such as single sign-on, data encryption, access controls and audit logs.
In addition, the company has established security guidelines "that exceed the regulatory guidelines we are to follow," Rudolph says. "Each in-house system, as well as those in development and all of the cloud applications, must adhere to these strict security guidelines. We will not employ cloud-based services that cannot match or exceed these stringent guidelines."
Clearly, it's critical for organizations to implement strategies, technologies and processes to deal with the security threats created by cloud, enterprise mobility and social media.