Get the lowest-cost and the best server colocation service in the business. Learn more.
Contact Us          Submit a News Story          News Archives          Home

E-Commerce News

How to improve internet security on software

February 19, 2014

Click here to order the best dedicated server and at a great price.

Share on Twitter.

The topic of internet security has been getting a lot of attention lately, and for good reason. After all, there's not a single week that goes by that we don't read about a new security vulnerability, a new spoofing attack, or worse: millions of internet users that got their credit cards stolen over the Web.

And that's a real shame, since a bit of prevention can go a long way at protecting yourself from many online risks, if only a few guidelines and some basic common sense is used.

At its very core, the basic concept of internet security is a simple one-- extend computing and data-processing capability to the physical world around us.

And the earliest manifestations of this are starting to be seen already in the growth of smart devices-- TVs, automobiles, appliances, electronic hydro meters, etc.

You can imagine numerous scenarios in which our businesses can be streamlined through strategic application of this concept-- dynamic inventory management; self-diagnostic capability for appliances; better logistics; increased efficiencies resulting from better telemetry and so forth.

These advantages promise rapid and prolific adoption as implementation comes to fruition, but there are also serious ramifications for security and privacy.

For example, about 51.3 percent of respondents to a recent global survey planned to capitalize on the so called Internet of Things and about 45.1 percent believed that it had already impacted their businesses.

The top governance-level concerns were related to security and privacy. Specifically, increased security threats were cited by 38 percent of respondents, followed by data privacy, which was a top concern of 28 percent of respondents to the ISACA 2013 IT Risk/Reward Barometer.

Still, there have been IP-connected, closed architecture, specialized devices in the scope of many security programs for quite a long time. Consider the role of PoS (point-of-sale) devices in retail, diagnostic modalities in healthcare (MRI machines and the like), and industrial control systems in energy and manufacturing.

While wildly different in functionality and implementation, these devices have common aspects that can help shed light on the security challenges ahead as more IP-connected and purpose-built devices come online.

Those historical challenges can serve as a touchstone to prepare for the emergence of the Internet of Things. We can't solve all of them now but anticipating today what capabilities we might need as smart devices become more prevalent has a few advantages.

It can give us a leg up if businesses ramp up quickly, as it is likely to, and also help insulate organizations against risks during early adoption, when guidance and standards are still emerging.

Although securing the web is a work in progress, there are a few security capabilities to develop if they're already in place in order to prepare. These are elements you can do today that have benefits right away but that also will be critical as the internet develops more and when smart devices really start to proliferate everywhere.

Purpose-built devices, no matter what they are, have security vulnerabilities to the same degree that everything else does on the Web. Device makers may not have the same kind of vulnerability reporting and response channels as, say, an operating system or application vendor would.

Those devices are often closed architecture with a non transparent and often proprietary code base. There will be varying degrees of transparency when it comes to security vulnerability reporting.

For example, some manufacturers may initially downplay the impact of vulnerabilities or be slow in reporting them. Having internal analysts with their ear to the ground for vulnerabilities in these devices and a process for rapidly reporting what they find can really help expose such weaknesses earlier than if the sole alerting mechanism is manufacturer notification.

Likewise, tracking the tactics of attackers will help expose attempts to actively exploit these devices. As most security professionals know from cloud and virtualization efforts, retroactively creating inventories of a rapidly expanding technology footprint is challenging, to say the very least.

As previously unconnected dumb devices start to come up with built-in network and computing capabilities, knowing what and where those devices are will be very important.

And it's a good idea to start tracking what they are and where they are, where they live and just who's responsible for them. It's easier to start now while the issue is small than it is to wait and retroactively attempt discovery once usage proliferates.

If you're a manufacturer producing a smart device, you need to minimize the number of issues you have to fix once its in customers' hands. Likewise, if you're a consumer, it's helpful to understand the underlying protocols these devices use to interact and work with each other.

Both require expertise in understanding how applications operate and interact-- like how the protocols operate; how security defects or misconfigurations arise; how other components are likely to impact the applications running on these devices; etc.

If, like many businesses, you've underinvested in this area in the past, starting to build some strength here might be a smart move for the long term, something that will clearly provide you with worthwhile dividends down the road.

Though it might not seem immediately apparent, securing the supply chain can be particularly critical when it comes to securing purpose-built software, and there are a few good reasons. The practices of manufacturers (for example, their ability to build a hardened product) play a role.

Implementers and VARs (value added resellers) can leave configuration or other errors in deployment. Then, maintenance and support teams may require granting access to external parties so they can troubleshoot and provide that support.

Building a capability to assess these external parties in the supply chain can offer you some transparency and help you assess the level of risk that these situations might introduce.

However, and this is important to note, all of the above capabilities require one central and crucial element to be truly effective-- the utmost knowledge of how an organization is employing the Web as part of its broader strategy.

To get this, you need some knowledge about what the business is doing and, ideally, as rapidly as possible. Being out of touch with business efforts has never been a good way to manage, but it's particularly risky now more than ever.

Business people might not think to come to information technology when making purchasing decisions about previously unconnected devices that now host both networking and computing capability, but that's how it's done nowadays. Get with the flow.


Get your fully dedicated Plesk Linux server with a free Plesk control panel, a $40 per month value.

Get a great Ubuntu Linux dedicated server for less than $3 a day!

Share on Twitter

This article was featured on the Business 5.0 portal. Click here to visit the site.     This article was featured on Business 5.0.

Advertise on E-Commerce News

Advertise on E-Commerce News and increase your site's visibility while boosting your sales.

If you have a product or service that deals with the ecommerce or ebusiness field, advertising on E-Commerce News can bring you new sales leads and close new marketing channels. This news portal is read by over 25,000 people a week.

Businessmen and woman that either own an ecommerce website, an ebusiness franchise, a B2B commercial exchange or by people in all walks of life that need to keep abreast of this fast-changing field. For more information on the many advantages of advertising on our news portal or to request pricing information, please send us an email and a marketing representative will be glad to answer you promptly.

Contact | Submit News | News Archives | Home

Copyright E-Commerce News. All rights reserved.

Avantex offers professional Web hosting services at wholesale-only prices. Get the best Linux or Windows hosting package for your eCommerce website. Learn more by clicking here.