The Macrosite for News, Analysis and Opinion about the Future of the Internet
Kim Davis

Little Help From a Security Wish List

Written by Kim Davis
no ratings
DISCUSS     Email This

What's on your enterprise security budget for 2013? Some experts are keen to push suggestions your way, even though high summer seems a tad early for minds to turn to list-making.

A brain trust convened by the Information Security Media Group, featuring "security practitioners, regulators, academics, and thought-leaders," came up with an interesting inventory. I abbreviate for convenience:

  • Mobile security
  • Multifactor authentication
  • Behavioral analytics
  • Cloud technologies

Interesting, as I said, but primarily because it comes down to a no-brainer, followed by a series of fond wishes.

Tackling the easy one first: Yes, in the age of BYOD, any enterprise that isn't already developing a strategy to handle mobile security is taking big a very big risk. As we've discussed repeatedly here, the velocity with which the mobile space is evolving, together with employees' increasing comfort with mixing work and play on their own devices, and the tsunami of mobile malware, creates a perfect security storm.

Each enterprise needs to find its own best approach to mobile security -- starting with principles and policies -- but it's certainly worth looking at cloud management models, which can swiftly deploy solutions for the latest devices.

Speaking of cloud computing, I should have thought technologies for cloud security would be higher on the list. Enterprises migrating key functions or confidential data to the cloud need to take cloud vulnerabilities seriously. It's too easy to fall back on the assumption that cloud security must at least be better than internal security, which is too easily breached in any case.

In the light of NIST's troubling evaluation of cloud risks, enterprises need carefully to consider the security provisions in service agreements, and examine vendors on the protocols and technologies they have in place. Beyond technology, cloud customers should make sure they understand what data breach notification procedures are in place and what happens to data on termination of contract.

Understand, though, that diligence cannot eliminate cloud security risks.

One reason for this is that trusted identities in cyberspace remain a pipe-dream; which brings us to authentication and behavioral analytics. Even multi-factor identification -- e.g., something you know (a password), plus something you have (a token) -- is evidently not risk-free.

While behavioral analytics may provide the solution to trusted identities, it's an infant science. The idea, put simply, is that users are identified by how they interact with devices: the speed, pressure, and acceleration, for example, with which they execute a series of keystrokes.

This is an area of ongoing research. With due respect to vendors in the field, good luck to any enterprise that plans to bet the bank on it in 2013. It's easy to imagine conditions under which a valid user will be denied access to accounts (fatigue, injury, or variations produced by switching between devices).

Truthfully, despite the urgent attention demanded by the mobile revolution, enterprise security is in the same place it was last year, and the year before. Until it's possible to confirm the identities of users with consistent certainty, look out for the bumps in the road.

Related posts:

— Kim Davis Follow me on TwitterVisit my LinkedIn pageFriend me on Facebook, Community Editor, Internet Evolution
DISCUSS     Email This
Current display:       newest comments first       display in chronological order
Be the first to post a comment regarding this story.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
previous posts from Security Clan Editor's Blog
Kim Davis
Kim Davis   5/21/2013   13 comments
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
Kim Davis
Kim Davis   5/15/2013   11 comments
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
Kim Davis
Kim Davis   5/8/2013   14 comments
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Kim Davis
Kim Davis   5/1/2013   41 comments
If you were concerned about Twitter handing over your private data to the government, think again.
Kim Davis
Kim Davis   4/24/2013   18 comments
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
5
of
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Second Shooter
It's Not Tablets That Threaten the PC
2|13|13   |   2:21   |   8 comments

Blaming the PC's gloomy future on tablets is an oversimplification.
Second Shooter
Yahoo Needs Tech Leadership
10|15|12   |   2:18   |   6 comments

Marissa Mayer at Yahoo has come out with her strategy on turning the company around: culture, company, calibration, and compensation. But Yahoo needs to have a technical approach to the mobile cloud opportunity, not a management theory lesson.
Second Shooter
Software-Defined Networking on the Internet
8|21|12   |   2:14   |   4 comments

Internet evolution has been stagnating both conceptually and in business model terms, and what is likely to bring us out of that is the concept of software-defined networking, not as it is today but in the form it will become.
Second Shooter
Cloud Spawns Mobile Ecosystem
7|12|12   |   2:09   |   6 comments

The Amazon smartphone rumor and the Apple mini-iPad rumor show that the mobile device giants think they have to be in all the device spaces to win. Why? Because the cloud can create an ecosystem where every device can cooperate to support the user, and if you don't supply all the devices you miss out on the total value.
Second Shooter
Firefox Opens Up Smartphones
7|6|12   |   2:10   |   2 comments

Mozilla's Firefox OS could be a major advance in building smartphones and tablets with a more cloud-friendly and open interface, but there are still questions of performance and security that will have to be managed.
Second Shooter
Apple's Handing Microsoft a Chance at Tablet
4|26|12   |   2:06   |   24 comments

Apple's numbers show that it may be giving Microsoft an opportunity to gain ground in tablets by failing to cement Mac, iPhone, and iPad lines together with an effective cloud strategy.
Sherry Swackhamer
Multnomah County: Update From the CIO
4|11|12   |   00:51   |   1 comment

Sherry Swackhamer, CIO of Multnomah County, gives her perspective on completing the Multco Commons project.
Second Shooter
A Glimpse of the New Internet!
3|16|12   |   2:07   |   8 comments

A combination of an announcement by DT and a Pew survey is showing us what the next-gen Internet may look like, and why. The demand for flexible services, created by rewired, iPhoned, social brains, combines with cloud and optical technology to create something totally new!
Second Shooter
Pricing Constraints With the 'New iPad'
3|8|12   |   02:08   |   No comments

The new iPad may not have an official name, but its mission is to make an appliance/cloud combo as good as a desktop. The question is whether the business model of wireless broadband can keep up with the technology capabilities of Apple.
IETV: the thinkerNet on film
5
of
Kim Davis
Big-Data Can’t Always Sell Wine
5|21|13   |   2:23   |   3 comments

Whole Foods Global Wine Purchaser Doug Bell told me about some of the constraints on using analytics in the US wine market.
Paul J. Fleuranges
Digital Signage Keeps NYC Subway Straphangers on Track
5|6|13   |   3:51   |   No comments

New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Mitch Wagner
Google Launches Its Most Depressing Service Yet
4|15|13   |   2:59   |   10 comments

Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
Second Shooter
Argument Over Top-Level Domains Is 'Stupid'
4|11|13   |   2:07   |   3 comments

The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Kim Davis
Ladies, Your Tablet Awaits
3|21|13   |   2:22   |   37 comments

ePad Femme is the world’s first tablet “made exclusively for women.”
Wisdom of the Big Chair
NFC Moves Into the Mainstream
3|20|13   |   2:16   |   No comments

While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Brian Baron
How Edmunds.com Uses Analytics to Customize Site
3|14|13   |   0:47   |   No comments

The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
an IBM information resource
sponsored content
big blue blog
Todd Watson
an IBM information resource
sponsored content
Expert Integrated Systems: Changing the Experience & Economics of IT
In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Internet Evolution – not for thickies
Keep Critical Data With a Knowledge Management System
Taimoor Zubair
Fortune 500 companies lose at least $31.5 billion a year by failing to share knowledge. A Knowledge Management System (KMS) can help companies significantly reduce these costs.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Smartphone Influx Stresses IT Help Desks
Paul Korzeniowski
The smartphone market reached a significant milestone, a breakthrough that may cause vendors to celebrate but could strain the capabilities of IT service desks.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Yahoo Needs to Break Tumblr in Order to Fix It
Joe Stanganelli
As Mitch Wagner discussed today, Yahoo is acquiring Tumblr. The big Internet debate at the moment is whether Tumblr will be good or bad for Yahoo. Regardless of their stances on the future of Yahoo itself, many claim that Yahoo will somehow ruin Tumblr.
CLICK FOR MORE