August 2010 Archives

When the cloud improves security

| No Comments | No TrackBacks
| More

Once considered a dirty word, no one today would doubt the importance of security. A decade ago, the world had a shock when the ILOVEYOU worm was unleashed by email, infecting an estimated 10% of computers worldwide. As such exploits became more common, organisations looked to implement controls for achieving email security and now the vast majority of organisations have such controls in place, at least in the form of anti-virus if not other protections.
Today, however, those controls are not sufficient. With hackers increasingly sophisticated and motivated by financial gain, it is harder to defend against them. The web is now the preferred vector of attack, generally in combination with another vector, such as email. According to the Anti-Phishing Working Group, 95% of attacks rely on HTML, the predominant markup language for webpages, as a delivery mechanism. However, while more than 99% of organisations use anti-virus applications, just 60% are using web or URL filtering technologies to protect themselves against malware picked up on websites.
For any organisation, a web presence is vital as is email as a communications tool. To shield themselves from brand or reputation damage resulting from those systems being attacked, which could lead to sensitive information being stolen, organisations need to beef up their controls. But, as vital as those systems are, many organisations find that implementing the controls in-house and ensuring that the protection offered by the controls are constantly up to date regarding the latest threats is a daunting task. Organisations need to assess the risks that they face to ensure that the investments that they make in security suit the needs of their particular organisation.
For many organisations, from small, resource-strapped firms to large, geographically dispersed multinationals, a better option than implementing email and web security controls in-house may be to outsource the services to a cloud-based service provider. Bloor Research has recently published a paper that discusses the availability of such services, the benefits that their use brings and the capabilities that the service provider must offer, including the provision of global threat intelligence services to identify new threats that have not been seen before in order to develop countermeasures that can be pushed to all customers. The paper is free to download here: Next generation email and web security.

The BBC puts Smartphone security on test

| 2 Comments | No TrackBacks
| More

BBC News has shown how straightforward it is to create a malicious application for a smartphone. Over a few weeks, the BBC put together a crude game for a smartphone that also spied on the owner of the handset.

The application was built using standard parts from the software toolkits that developers use to create programs for handsets.

More here including a video with Bloor Research adding some commentary. This project took a few weeks but it has been very interesting - happy to talk through the issues in more detail if anyone is interested.

Nigel Stanley
Practice Leader - Security
Bloor Research

UAE, Saudi and the Blackberry Security Conundrum

| No Comments | No TrackBacks
| More
News that the United Arab Emirates (UAE) and Saudi Arabia want to block the use of some Blackberry features rumbles on.

I was interviewed for my opinions on Aljazeera TV's Inside Story by presenter Teymoor Nabili, along with Thomas Shambler, the editor of Stuff Magazine Middle East and Ian Brown, a senior fellow at the Oxford Internet Institute.

This episode of Inside Story was aired on Monday, August 2, 2010.

Nigel Stanley
Practice Leader - Security
Bloor Research

Find recent content on the main index or look in the archives to find all content.

-- Advertisement --