Skip Links

Security roundup for Nov. 4: virtualization is key to public cloud security; China, Russia accused of cyber-espionage; More Duqu for you

The greatest tech arguments and Baking security into chips

By , Network World
November 04, 2011 01:30 PM ET

Network World - Ever been in an argumentative mood? Well, last week we were, with editors here coming up with 33 red-hot arguments, such as open source vs. proprietary, or which browser is better.

We got argumentative on security topics, too. We asked whether you should share data-breach information, with one side arguing against it unless you're forced to, and the other saying it will help the community as a whole to stop cybercrime. We're asking readers to vote their opinions online, and interestingly, about three-quarters spoke out in favor of sharing breach information.

More on security: The Security All-Stars

In a story on the "bring your own device" (BYOD) phenomenon, we focused on the question of whether corporations should say "yes" to employees wanting to use their personal iPhones, Android devices, iPads or any mobile device they own for business use on the corporate network.

Out of those who voted, about 28% said "Yes, but it is not my choice to do so," about 38% said "Yes, but I must review the devices first," and about a third said, "No way. I have seen too many viruses."

The BYOD debate story shows some businesses with close association to the federal government are contractually restricted from allowing employee-owned devices, and that the U.S. government is not a BYOD workplace at all. Former White House cybersecurity adviser Richard Clarke says the BYOD question is among the most important enterprise security questions today.

Virtualization holds a key to public-cloud security

While conventional wisdom says virtualized environments and public clouds create massive security headaches, the godfather of Xen, Simon Crosby, says virtualization actually holds a key to better security. Isolation -- the ability to restrict what computing goes on in a given context -- is a fundamental characteristic of virtualization that can be exploited to improve trustworthiness of processes on a physical system even if other processes have been compromised, says Crosby, a creator of the open source hypervisor and a founder of startup Bromium, which is looking to use Xen features to boost security.

China blasting

In further efforts to confront cyber-espionage from nation states, the U.S. government last week issued a report blasting China and Russia for stealing information for economic gain.

"Chinese actors are the world's most active and persistent perpetrators of economic espionage," the report from the office of the National Counterintelligence Executive said. The report said China's intelligence agencies often leverage people who have inside access to corporate networks to gain trade secrets and copy them to removable media.

Last week, Enterprise Strategy Group, in a survey of 244 security professionals, found that the majority of them believe they have been hit by the kind of stealthy infiltration to steal information of economic or military value. Many today call this the "advanced persistent threat," and the survey also found that APT concerns are leading to an increase in security budgets and more involvement from the executive management in the doings of the IT and security department.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News