Boston Networks design, deliver and maintain Intel... » Regarded as the world’s most prestigious team golf event, Boston Networks delivers a full turnkey so... British Parliament tells Teeside University to sta... » Ground-breaking research at Teesside University which has been described as the “holy grail” of crim... Army Officer wins engineering Modern Day Visionary... » Source: MoD AIRCRAFT Engineering Officer Major Oli Morgan has been named as the 2014 Modern Day V... Electronic I.D. Card project in Nigeria: How not t... » President Goodluck Jonathan recently launched a MasterCard-branded Nigerian National Electronic I.D ... Do you know which smartphone is the most popular s... » Surprisingly, it’s not the iPhone, LG, Huawei or HTC and Windows Phone hardly gets a look in. Even t... Auditors stresses importance of CHD Discovery » PCIQ2PCIQ3 Despite the fact that over 76% of QSAs and ISAs consider card holder data (CHD) discover... BSIA makes case for private security industry » With Conference season upon us, the British Security Industry Association (BSIA), has been busy cham... Perforce and Polarion in joint partnership to tigh... » WOKINGHAM, UK. and STUTTGART, Germany/SAN FRANCISCO: Perforce Software and Polarion Software have an... Computacenter expert receives highest VMware desig... » Computacenter has revealed a member of its staff has received the highest level of certification fr... S2 Security launches S2 Mobile Security Officer Re... » Framingham, Mass.: S2 Security physical security systems has introduced S2 Mobile Security OfficerTM...

CLICK HERE TO

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

London: It’s that time of year again when the IT security industry looks at how the year has developed and predicts what is in store for the industry. Venafi CEO Jeff Hudson, the leading provider of enterprise key and certificate management (EKCM) solutions, suggests that 2013 should be the year when you take control of your IT systems with the explosion of BYOD and cloud computing.

 

1. Flame and Stuxnet-style malware attacks will continue

“Many pundits, leading media outlets and even some security experts are reporting that enterprises needn't be overly concerned about Flame and Stuxnet-style malware attacks, citing the fact that they were executed by well-funded espionage intelligence groups whose target was hostile nation states and not businesses,” said Jeff Hudson. “However, our view is that companies should be concerned, as unfortunately the tools and techniques for executing these types of attacks are now in the hands of common criminals and rogue entities. In the coming year, these types of attacks are likely to increase especially against enterprise organisations, and are likely to result in significant and costly public breaches and unplanned outages. Therefore, companies should protect themselves against the likes of Flame and Stuxnet-style malware attacks.”

2. The 4G explosion must be managed sensibly

Many would argue that with BYOD and cloud computing, the IT department has less control than ever over how and from where employees access their data. The notion of “perimeter-based security” is gone, and information must be protected wherever it is accessed. This will be exacerbated with the explosion of 4G in the UK giving users for the first time a near-desktop experience on their mobile devices, thanks to the higher connectivity speeds. More users accessing data from their portable devices and from more unsecure networks also means many more security certificates to manage for the IT professionals. This could be a huge headache for those companies that have no idea how many certificates and encryption keys they have, where these are, or whose responsibility the management of these certificates falls under. Hudson advises: “Organisations must mitigate risk and have control over who has access to sensitive information, which means managing trust instruments for all users across the entire network - including mobile devices. If not applied, then 4G could spell disaster for many companies, instead of it being truly liberating for many staff out in the field.”

3. ICO will impose its first cloud computing data protection fine

In September of this year (http://bit.ly/UNwRqQ) the ICO issued specific guidelines relating to cloud computing – advocating that companies going into the cloud need to have total control, auditability and use encryption with robust key management. The data protection regulator says that businesses will need to comply with the law and has published a guide, which seeks to act as a source of best practice for those organisations considering and/or using a cloud-computing environment.

Based on the ICO's previous track record, Venafi believes these guidelines are a polite pre-cursor to the imposition of financial penalties against organisations that fail to protect their cloud-based data.

Against a backdrop of a specific reference in the confidentiality section of the ICO's cloud computing guidelines - which asks the pertinent questions: “Is all communications in transit encrypted?”, “Is it appropriate to encrypt your data at rest?” and “What key management is in place?” - Venafi advises IT security professionals within UK organisations that, in order to answer these questions - and meet the required levels of governance – organisations will need to define, and implement, a robust key management process with sound access and audit controls.

Venafi also warns that the guidelines – which extend to a fairly sparse 21 page document – leave the issue of key management, which is an integral part of corporate IT security and governance, as a potentially grey area.

Companies looking for optimum advice on good key management governance in this regard can visit www.venafi.com/best-practices/.

4. Cybercriminals to go after highest-value targets – trust instruments at risk

The use of Public Key Infrastructure (PKI), digital certificates and SSH encryption keys is ingrained within the modern enterprise. These security instruments are critical for securing data in transit, protecting ecommerce and providing system and user authentication. Yet a series of security events that have taken place over the past couple of years have exposed that third-party trust providers are high-value targets for the hacker community. Certificate authority compromises are no longer hypothetical, and are likely on the rise. Venafi warns that organisations should have business continuity plans in place in case of compromise – to quickly and easily switch from one trust-instrument provider to another.

In most cases hackers compromise systems to steal data. Intellectual property, financial data and personal data can all be taken and use to gain financial reward, expose secrets, and to harm reputations. Most security is involved in protecting the data from compromise. If the bad guys are on the inside, how can the data be protected? The best answer is to encrypt the data whether it is at rest or in motion