- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
The CIO-level business angle on the latest tech
I recently had the chance to talk to Eric Cole, an industry-recognized expert who performs leading-edge security consulting and works in research and development to advance the state of the art in information systems security. We talked about emerging security threats and new ways to address them.
Organizations spend a ton of money on security products but are frustrated because they are still getting compromised. The reason, Cole says, is that the types of threats we face have changed but our approaches to security haven't. He says it's time to look at problems differently and come up with solutions that actually work -- solutions that include prevention as well as early detection.
Here are four common problems and new approaches that Cole suggests might improve your security posture.
* Sources of evil: Let's start with what Cole calls the "sources of evil": Web browsers and email attachments. They are common vectors for allowing harmful malware into the corporate network. Cole says most companies address the problem by scanning and/or blocking email attachments and by whitelisting/blacklisting websites. These tactics are marginally effective and they are a hindrance to worker productivity.
A better way to address the problem, says Cole, is to run your Web browser and your email client in separate virtual machines on the local client. It's a twist on traditional virtualization that is more commonly used at the server level. By virtualizing the desktop environment, it's possible to operate the browser and email client in contained areas where users can click away on websites and freely open email attachments. If there is an infection, it can be contained and the damage to the wider network is controlled.
* Trusted enclaves on the network: Many organizations put a lot of effort into perimeter security to prevent attackers from getting into the network. That's all well and good -- until someone does penetrate the perimeter. Most networks are fairly flat, meaning once an attacker is in, access to information is pretty straightforward.
Cole suggests segmenting the architecture into separate trusted enclaves. In this way, you don't just have your DMZ separated but you also have your high-risk clients on separate segments. Moving from traditional perimeter security to new boundary defenses allows you to limit the exposure if a system does get compromised.
* Bring legal to BYOD: There's no doubt that BYOD (bring your own device) is opening a Pandora's Box full of security issues, and Cole says you need to involve your legal department. Two things happen when someone brings their personal device to work and downloads company data to it, Cole says. One, ownership of the information gets transferred to the person by virtue of the fact that they own and control the device. Two, the company still has all the liability for the security of the data.
Cole recommends getting an attorney to help you set your BYOD policies and documentation, and to get people to sign off explicitly on data ownership and liability. The policy should state that the organization has the right to go into the device at any time -- even after a person has been terminated -- to delete or modify the data that's on the personal device.