Between 2013 and 2014, increase in recorded security incidents outpaced growth in smartphone users which is an alarming but not surprising trend. Given that the world has moved from isolated entities to collaborative ecosystems, security breaches are only expected to increase in the connected world. To counter this eventuality, we definitely need a robust enterprise security strategy in place. However, we must also remember that security will always be a trade-off between the need to run the business smoothly and the need to protect the business from threats – acceptable risk is a part of today’s business reality.
The world of SMAC has created a new arena of concern for all security specialists. Since all of these areas are still maturing and they have a significant exposure to the open source world, the threat quotient is multiplied. I have tried to list some high level areas of fallibility and would welcome your comments and suggests.
- Security and privacy implications are the most commonly cited reasons for not making greater use of public clouds albeit sometimes as an excuse. Security becomes a buyer driven imperative in the cloud and we need to ensure we have it right in terms of data confidentiality, service reliability and disaster recovery
- Applications and data are the main focus of modern cyberattacks and infrastructure to a much lesser extent. During the past two years, the attacks on mobile applications has expanded significantly. Enterprises that implement mobile solutions and bring your own device (BYOD) strategies are more vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing, risk assurance and protection
Infographic Source: http://www.bankinfosecurity.in – Economic impact of cyberattacks illustrated
- There is very little security enabled in all the new Big Data tools we use. As per an industry survey nearly 20% do not encrypt their DBs and a quarter of them do no security assessments. Ring fencing big data around physical perimeter will not work. Need to focus on the protection of the data – policies and tooling
- It is risky not to have a social media presence. However, it is equally risky for corporates to be exposed to social media without safeguards. Here is a disturbing piece of stat – Among 18 to 29-year-olds, 43 percent use the same password across multiple sites and 40 percent accept friend requests from complete strangers. In another survey, nearly 75% of those surveyed said they knew about Facebook’s privacy changes that automatically exposed their full profiles by default, 42 percent failed to make any changes to their settings. Need strong internet use and social media policies to work in tandem with other measures
The dawn of the age of Internet of Things will take the security threat perception into the stratosphere. However, it is a reality we must deal with and like everything else, a balance will be reached in this space as well.