What CISOs must learn from Bitcoin and a research team at Georgia Tech
by Seth Hallem - Co-founder & CEO, Mobile Helix - Monday, 16 September 2013.
Employees access corporate systems with a broad variety of Android and iOS devices, and IT can neither upgrade the operating system on Android nor can it influence which apps are admitted to the Apple App Store. IT's only strategy for remediating vulnerabilities in the mobile ecosystem is to attempt to block access to corporate systems or to blacklist access to specific apps. Neither approach is attractive. Locking broad swaths of employees out of corporate systems is not a particularly productive answer, and attempting to maintain an accurate malware blacklist is destined for failure (see anti-virus).

ITís best (and only) strategy in a mobile enterprise is to retain control of the components of the mobile software stack that matter most. Encryption and access control are the building blocks of the mobile security infrastructure, and the software implementing these two operations must be as firmly in ITís control as feasible. In practice, this means that a software-only container, which includes its own full stack implementation of all cryptography functions and all secure network protocols (e.g., a full SSL/TLS stack), should be the only software trusted to handle sensitive corporate data and to authenticate corporate users. This strategy is not perfect because no software (including the container itself) is perfect, but it restores control to IT when vulnerabilities are discovered.

As IT quickly loses control of the endpoint devices that employees choose to access corporate systems and data, IT needs to consider carefully when it is essential to retain control and how to do so. A secure container plus device independent security must be in IT's control. Companies that fail to do so are risking their data, reputation and revenues.

Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //