Recent trends and developments, including usage of cloud storage, BYODs (Bring Your Own Devices) and insecurity of mobile devices present new challenges for security professionals.
As company data finds its way into greater numbers of platforms and channels, protection of intellectual property emerges as a primary concern for the field. In this post, we will look at the top challenges facing security professionals in the coming year, as outlined in a recent report released by the Georgia Institute of Technology.
Cloud Computing Requires Reliance on Third-Parties
“The Cloud”, a de-localized network of servers that offer ubiquitous storage for consumers and businesses, has seen increased use in the business community over the past few years. As many as 70% of organizations are aware of, and do little about, employee use of third-party cloud technologies for storage of business information. Due to its adoption and unproven security protocols, cloud computing should be a top concern for security professionals.
- Dependence upon third-party security protocols and personnel – Cloud storage companies (like Dropbox or Google Drive) design and maintain their own security standards outside the reach of in-house security teams.
- Threat of natural disasters to physical storage hardware – Storage media are susceptible to national disasters, leading to potential data loss.
- Un-moderated storage of business information on employee cloud storage – Solution necessitates security parameters designed to prevent loss of intellectual property in the event of a third-party security failure.
- Insecurity of unencrypted data vs. inconvenience of encryption – In-house encryption solutions provide added protection at the expense of cloud advantages while unencrypted data remains vulnerable.
Mobile Ecosystems Create Potential Intrusion Points
Use of unsecured mobile devices connected to company wireless networks present vulnerabilities for attack. Implementation of bring your own device (BYOD) practices further complicate this picture when privacy concerns take priority over information security. Measures should be taken to secure these platforms as criminals adapt intrusion methods accordingly.
- Malware – Infection levels remain low, but mobile malware intrusions are on the rise, frequently without knowledge of the infected party.
- Jailbroken cellular devices – Risk remains highest for jailbroken cellular devices due to open application marketplaces.
- App store security protocols – Apple’s “gated” marketplace has been proven by Georgia Tech researchers to possess sufficient security flaws as to allow malicious applications onto its marketplace.
Information Manipulation Threatens Legitimacy of Data
Reliance on digital records means the danger of information manipulation is high. Record forgery, profile and website infiltration, and information pollution permit manipulation of digital reputations, which is potentially damaging to businesses. Scrutiny in vetting vendors, advertisers, and contractors should guide security professionals in selecting technologies and personnel for implementation.
- Big Data analytics – Business reliance on large amounts of data in analytics creates vulnerabilities in decision-making processes.
- Search engine optimization – Search functions’ dependency on authentic meta-data creates potential for search ranking manipulation.
- Reputation poison or whitewashing – Personal profile or corporate website intrusion poses threats of reputation poisoning that may adversely affect commercial interests if not remedied. In addition, untrustworthy vendors and personnel may manipulate reputation data to clear their records.
Connected Devices Lack Capabilities for Needed Security
Unsecured platforms on Internet enabled devices pose risk of security intrusion. The “Internet of things“, which includes devices powered by software platforms incapable of executing appropriate security protocols, make detection of network intrusions more difficult. Security professionals should also consider the possibility of counterfeit devices utilizing their unique device context for entry into company networks.
- Primitive platforms – Internet enabled devices without prior design concern for security vulnerabilities and lacking requisite sophistication to execute security protocols pose intrusion risks to secured networks.
- Threat detection – Analysis of device traffic is still largely theoretical, rendering detection and identification of specific threats a distant goal.
- Supply chain corruption – Internet enabled devices subject to malware intrusions during production and then introduced to secure networks pose a considerable threat.
Security professionals will need to anticipate emerging threats in order to establish appropriate practices and infrastructure. In particular, professionals should consider the challenges of cloud computing, non-standard mobile devices, information manipulation, and un-securable connected devices when establishing security protocols. Each threat poses its own challenges that will require specialized accommodation to secure sensitive information as these threats arise.