Proceed with caution
Why does mobile computing rank top in the 2010 threat landscape? Large organisations know how to secure their databases and internal networks — they lockdown the perimeter with hardware firewalls and run comprehensive internet security software solutions on their servers and workstations. But it’s a lot harder to protect the notebooks, smart phones and other mobile computing devices that are on the move. There is an increase in the number of data breaches, with the majority occurring through mobile devices being stolen, lost or compromised.
Suddenly the network perimeter becomes virtually boundless. That’s why so many organisations are budgeting to spend more on anti-virus, antimalware and firewall software for their mobile devices. They’re also investing in training services to educate their staff about online safety, how to select safe mobile applications, plus how to stay safe as they move about using home and public networks from their mobile computing tools.
Certainly social networking is happening big time right now. Organisations are rightfully concerned about the types of information being put out there via social networks, but unless someone is really, really stupid about what they divulge, it’s unlikely anyone is going to use social networking to actually break into an organisation’s network anytime soon.
IT security professionals are now looking more closely at cloud computing and are learning how it’s already being used by their organisation and how various business units are planning to increase its use. They are starting to realise the trust and security implications once the use of cloud computing services becomes even more widespread.
They are considering just how well they trust the security practices of the cloud services provider. Plus they are making sure they protect all of the PCs accessing cloud services with comprehensive, up-to-date internet security software protection against web-borne threats.
For some practical advice on how to deal with these issues, the Jericho Forum has developed a series of strategies that it believes companies should adopt when dealing with cloud computing providers. These strategies are encapsulated in what is known as the Jericho Forum's Cloud Cube Model, which discusses the key factors that companies should consider before entering into an agreement with a vendor or service provider, such as internally or externally located cloud, interoperability, file sharing constraints and architectural mindset.
Look the Cloud Cube Model up at www. opengroup.org/jericho/cloud_cube_ model_v1.0.pdf
Cloud computing cuts both ways. Just as organisations ask trust and security questions of cloud computing service providers, so can they expect their customers will begin to demand proof of improved and effective security as a condition of doing business with them.
What can we expect in 2011? Unabated growth and more big changes! At the end of 2009, Symantec reported that there were a total of 5.7 million malicious code signatures, with 51% having been created in 2009. McAfee reported in July 2010 that they had seen 10 million created in the first half of 2010.
The exponential growth rate continues with increased numbers of untargeted, mass attacks designed to steal data. That’s because organised cyber criminals are the source of most malware and the resulting security breaches. They’re making big money and reinvesting it in automated tools. Indeed, cyber criminals are the most highly sophisticated users of cloud computing technologies. Think about it. Every web page you visit is running untrusted code on your computer with a tunnel through the firewall. The bad guys know this and that’s why 99% of malicious threats are delivered via web attacks today.
We have 24% of people on Earth using the internet today. That’s 1.6 billion internet users. The next billion will come from developing countries — fresh targets for the cyber criminals who will use their cloud computing skills to harness the additional resources available to them and thus better target first world countries. In 2007, we had one internet connected device for every 10 people on Earth. In 2010 it will reach five devices per person and is expected to grow to 140 devices per person in 2013. Thus the security perimeter continues to expand rapidly.
In recent years we’ve also seen increased statesponsored cyber espionage, plus cyber terrorism. The industrial military complex is already lobbying governments around the world for more resources to deal with these problems.
It’s time for us all to think about the possible consequences of our organisations coming under such organised attacks.
In the end, it all comes down to educating users about security issues, ensuring you have comprehensive and up-to-date internet security protection measures in place, on all devices, while remembering to remain forever vigilant to the fastpaced change in today's security threats.