Guardian24’s Alarm Receiving Centre awarded BS8484... » Belfast, UK: Guardian24 has announced that their Alarm Receiving Centre, Community Safety Glasgow (C... NATO blasts Russia's 'hollow denials' over unwarra... » NATO Secretary General Anders Fogh Rasmussen Last week an extraordinary meeting of the NATO-Ukraine... UK ups threat-level from international terrorism » Home Office Secretary The Rt Hon Theresa May MP Home Secretary announces change from SUBSTANTI... Royal Navy rakes in £21 million during drug bust ... » Photo: MoD A Royal Navy warship has seized nearly 600 kilos of cocaine with a UK street value of ... Get serious about security or quit, Jonathan! » Agreed Nigeria has never been the most peaceful country in the world, but the current spate of insec... Gallagher wins again for innovative security produ... » The New Zealand Security Association (NZSA) has awarded Gallagher 'Innovative Security Product of th... Met launches multi-agency operation to tackle rou... » The Metropolitan Police is today, 29 August, targeting begging and rough-sleeping hotspots across Lo... NaviSite launches two additional UK Cloud Nodes » LONDON: NaviSite Europe Limited, a Time Warner Cable has announced that they have launched two new N... Tech Trailblazers Awards announce "Firestarter" bu... » London, UK: Tech Trailblazers Awards has announced a new bursary for early stage non VC backed start... Varonis keeps Emerson Industrial Automation secu... » Varonis Systems, Inc. has explained how its product suite has helped Emerson Industrial Automation r...

CLICK HERE TO

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

London: It’s that time of year again when the IT security industry looks at how the year has developed and predicts what is in store for the industry. Venafi CEO Jeff Hudson, the leading provider of enterprise key and certificate management (EKCM) solutions, suggests that 2013 should be the year when you take control of your IT systems with the explosion of BYOD and cloud computing.

 

1. Flame and Stuxnet-style malware attacks will continue

“Many pundits, leading media outlets and even some security experts are reporting that enterprises needn't be overly concerned about Flame and Stuxnet-style malware attacks, citing the fact that they were executed by well-funded espionage intelligence groups whose target was hostile nation states and not businesses,” said Jeff Hudson. “However, our view is that companies should be concerned, as unfortunately the tools and techniques for executing these types of attacks are now in the hands of common criminals and rogue entities. In the coming year, these types of attacks are likely to increase especially against enterprise organisations, and are likely to result in significant and costly public breaches and unplanned outages. Therefore, companies should protect themselves against the likes of Flame and Stuxnet-style malware attacks.”

2. The 4G explosion must be managed sensibly

Many would argue that with BYOD and cloud computing, the IT department has less control than ever over how and from where employees access their data. The notion of “perimeter-based security” is gone, and information must be protected wherever it is accessed. This will be exacerbated with the explosion of 4G in the UK giving users for the first time a near-desktop experience on their mobile devices, thanks to the higher connectivity speeds. More users accessing data from their portable devices and from more unsecure networks also means many more security certificates to manage for the IT professionals. This could be a huge headache for those companies that have no idea how many certificates and encryption keys they have, where these are, or whose responsibility the management of these certificates falls under. Hudson advises: “Organisations must mitigate risk and have control over who has access to sensitive information, which means managing trust instruments for all users across the entire network - including mobile devices. If not applied, then 4G could spell disaster for many companies, instead of it being truly liberating for many staff out in the field.”

3. ICO will impose its first cloud computing data protection fine

In September of this year (http://bit.ly/UNwRqQ) the ICO issued specific guidelines relating to cloud computing – advocating that companies going into the cloud need to have total control, auditability and use encryption with robust key management. The data protection regulator says that businesses will need to comply with the law and has published a guide, which seeks to act as a source of best practice for those organisations considering and/or using a cloud-computing environment.

Based on the ICO's previous track record, Venafi believes these guidelines are a polite pre-cursor to the imposition of financial penalties against organisations that fail to protect their cloud-based data.

Against a backdrop of a specific reference in the confidentiality section of the ICO's cloud computing guidelines - which asks the pertinent questions: “Is all communications in transit encrypted?”, “Is it appropriate to encrypt your data at rest?” and “What key management is in place?” - Venafi advises IT security professionals within UK organisations that, in order to answer these questions - and meet the required levels of governance – organisations will need to define, and implement, a robust key management process with sound access and audit controls.

Venafi also warns that the guidelines – which extend to a fairly sparse 21 page document – leave the issue of key management, which is an integral part of corporate IT security and governance, as a potentially grey area.

Companies looking for optimum advice on good key management governance in this regard can visit www.venafi.com/best-practices/.

4. Cybercriminals to go after highest-value targets – trust instruments at risk

The use of Public Key Infrastructure (PKI), digital certificates and SSH encryption keys is ingrained within the modern enterprise. These security instruments are critical for securing data in transit, protecting ecommerce and providing system and user authentication. Yet a series of security events that have taken place over the past couple of years have exposed that third-party trust providers are high-value targets for the hacker community. Certificate authority compromises are no longer hypothetical, and are likely on the rise. Venafi warns that organisations should have business continuity plans in place in case of compromise – to quickly and easily switch from one trust-instrument provider to another.

In most cases hackers compromise systems to steal data. Intellectual property, financial data and personal data can all be taken and use to gain financial reward, expose secrets, and to harm reputations. Most security is involved in protecting the data from compromise. If the bad guys are on the inside, how can the data be protected? The best answer is to encrypt the data whether it is at rest or in motion