How to assure that your network and its data are being guarded by a trusted partner?
The collection of information generated from the online activities of citizens, by both private and public interests, has become so widespread and pervasive that it has prompted several social commentators to label today’s digital-defined culture as “The Surveillance Age.”
The fact that nearly every sovereign state with the means is conducting high-tech surveillance programs, a practice that is considered by most to be integral to national security and ensuring the safety of the state and its citizens. For many observers, the most disconcerting component of the recently exposed data-collection activities of the National Security Agency was tied to multiple U.S. companies may have cooperated in the surveillance activities.
The possibility that trusted businesses could be leaving digital backdoors through which sensitive information could slip has cast a chill across both consumer and professional market sectors. This issue is not for us to speculate here; however, given the interest it has attracted, it would be valuable to share some fundamental information about mobile security, as well as some guidance to assure that your network and its data are being guarded by a trusted partner.
A key element of security is encryption technology, which is critical to protecting the confidentiality and integrity of a digital transaction between two endpoints, such as a mobile device and a corporate server located behind a firewall. Providing an integrated approach to mobile security, in which data is encrypted while at rest (stored on a digital device) or in transit, is the best protection against the loss of data or a security breach that could impact the profitability, competitiveness, or reputation of an organization. Strong encryption guards against data integrity compromises in these environments, which are typically treated by network engineers or mobile security experts as hostile and untrustworthy
It’s important to note that encryption technologies differ significantly in the degrees of protection they offer. To gain a deeper understanding of encryption requires an introduction to a few esoteric cryptography terms. One of those terms is entropy, which plays a significant role in determining the effectiveness of a modern encryption system. At a very high level, entropy is a measure of how much randomness you have. Simply put, the more entropy you have the more effective your encryption can be. Consider the differences between seeking a needle in a haystack and looking for one hidden in an acre’s worth of haystacks. The procedures are essentially the same; it’s the level of difficulty and complexity that differs substantially between the two scenarios.
Any discussion related to digital intrusion or surveillance has to include spyware, which is a form of malware. Businesses or organizations using mobile devices that have open development platforms are especially susceptible to attempts to exploit users through spyware. It is also a favorite tool of cyber criminals, who are increasingly targeting mobile devices as access points into the confidential data of organizations for purposes that range from nuisance to nefarious.
Disguised within a consumer application, malware can be used to gain access to personal information, for anything from marketing to identity theft to compromising corporate data. This real and growing threat requires security solutions that properly safeguard the privacy of governments, enterprise workers, and individual users.
The fact that the number and utility of mobile devices will only increase means that the boundaries of the modern organization are being stretched to include hundreds or even thousands of mobile end points possessing access to the most precious assets, such as intellectual property and other sensitive information.
Security in this environment cannot be an afterthought. It must be built in at every layer -- hardware, software, and network infrastructure -- to ensure end-to-end protection. With the stakes so high in “The Surveillance Age,” it’s imperative that you demand "confidentiality & integrity" commitment from every partner you trust with your information.
The collection of information generated from the online activities of citizens, by both private and public interests, has become so widespread and pervasive that it has prompted several social commentators to label today’s digital-defined culture as “The Surveillance Age.”
The fact that nearly every sovereign state with the means is conducting high-tech surveillance programs, a practice that is considered by most to be integral to national security and ensuring the safety of the state and its citizens. For many observers, the most disconcerting component of the recently exposed data-collection activities of the National Security Agency was tied to multiple U.S. companies may have cooperated in the surveillance activities.
The possibility that trusted businesses could be leaving digital backdoors through which sensitive information could slip has cast a chill across both consumer and professional market sectors. This issue is not for us to speculate here; however, given the interest it has attracted, it would be valuable to share some fundamental information about mobile security, as well as some guidance to assure that your network and its data are being guarded by a trusted partner.
A key element of security is encryption technology, which is critical to protecting the confidentiality and integrity of a digital transaction between two endpoints, such as a mobile device and a corporate server located behind a firewall. Providing an integrated approach to mobile security, in which data is encrypted while at rest (stored on a digital device) or in transit, is the best protection against the loss of data or a security breach that could impact the profitability, competitiveness, or reputation of an organization. Strong encryption guards against data integrity compromises in these environments, which are typically treated by network engineers or mobile security experts as hostile and untrustworthy
It’s important to note that encryption technologies differ significantly in the degrees of protection they offer. To gain a deeper understanding of encryption requires an introduction to a few esoteric cryptography terms. One of those terms is entropy, which plays a significant role in determining the effectiveness of a modern encryption system. At a very high level, entropy is a measure of how much randomness you have. Simply put, the more entropy you have the more effective your encryption can be. Consider the differences between seeking a needle in a haystack and looking for one hidden in an acre’s worth of haystacks. The procedures are essentially the same; it’s the level of difficulty and complexity that differs substantially between the two scenarios.
Any discussion related to digital intrusion or surveillance has to include spyware, which is a form of malware. Businesses or organizations using mobile devices that have open development platforms are especially susceptible to attempts to exploit users through spyware. It is also a favorite tool of cyber criminals, who are increasingly targeting mobile devices as access points into the confidential data of organizations for purposes that range from nuisance to nefarious.
Disguised within a consumer application, malware can be used to gain access to personal information, for anything from marketing to identity theft to compromising corporate data. This real and growing threat requires security solutions that properly safeguard the privacy of governments, enterprise workers, and individual users.
The fact that the number and utility of mobile devices will only increase means that the boundaries of the modern organization are being stretched to include hundreds or even thousands of mobile end points possessing access to the most precious assets, such as intellectual property and other sensitive information.
Security in this environment cannot be an afterthought. It must be built in at every layer -- hardware, software, and network infrastructure -- to ensure end-to-end protection. With the stakes so high in “The Surveillance Age,” it’s imperative that you demand "confidentiality & integrity" commitment from every partner you trust with your information.
No comments:
Post a Comment