Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Guest Blog // Selected Security Content Provided By Intel
What's This?
4/7/2014
12:00 AM
Malcolm Harkins
Malcolm Harkins
Guest Blogs
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

We Are the Perimeter

End users, not technology, define the boundaries of the enterprise. Security strategies must protect this new perimeter.

You and I, engineers and software developers, every single employee in your company are part of the collective “we,” and as such each of us has a critical role to play in fortifying our security perimeter and preserving privacy. That perimeter surrounds our direct enterprise and our data, as well as the products, services, and solutions we deliver to our customers. 

The world of computing is rapidly evolving. The traditional model, where desktop computers were essentially fixed in place and security and privacy efforts were primarily focused on protecting the network perimeter, is obsolete. So what replaces this model? 

With corporate laptops and tablets, and employees bringing their own devices, the security perimeter has shifted, and it is now swayed by the choices of each employee. This shift brings tremendous benefits, but not without a significant potential for risk. In today’s fast moving environment, the question becomes: Have you, and every employee within your company, stayed abreast of what it takes to protect your security perimeter?

Are you prepared to secure your company’s perimeter as the Internet of Things (IoT) expands at an accelerating rate?

This chart from Daily Infographic*, prepared by Xively.com*, shows the projected trajectory for the IoT, and underscores the need to ensure each and every one of us is prepared to embrace these advances with proper security and privacy precautions.


http://dailyinfographic.com/wp-content/uploads/2014/03/Xively_Infographic-2-1.jpg

To be clear, the Internet of Things should make our professional and personal lives easier; but it will not necessarily make them simpler – at least in the short term.

In conjunction with the incredible growth and opportunities ahead, we must identify early on the implications that emerging technologies will have on how data is collected, handled, stored, shared, managed, respected, and deleted.

When one careless choice can threaten an entire company’s security perimeter, what steps do each of us need to take?

The answer is as simple as it is daunting. Each of us needs to increase our knowledge of potential risks and apply it consistently as we make security choices.

It means fundamentally changing company culture. It is not enough to understand how technology works and connects; we must internalize the privacy and security implications of those tools and connections and create an environment that proactively and automatically takes the right actions.

It means educating others within our companies and communities about the opportunities and risks each person’s security choices entail, in a way that is easily understandable and compelling so people are both empowered and motivated to make the right choices. 

It means watching out for each other so when one person’s actions open a potential security or privacy gap, another person is right there to help prevent the risk. It’s the “if you see something, say something” concept, applied to security and privacy.

It means recognizing that technical controls alone cannot protect us from rapidly changing attack structures or the complexity of new technologies. It’s time to step up to the expanded role and be part of the solution — we are all a vital part of the security and privacy perimeter.

*Other names and brands may be claimed as the property of others.

Malcolm Harkins is the chief security and trust officer for Cymatic. He is responsible for enabling business growth through trusted infrastructure, systems, and business processes, including all aspects of information risk and security, as well as security and privacy policy. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JasonSachowski
50%
50%
JasonSachowski,
User Rank: Author
4/11/2014 | 12:38:07 PM
Re: We Are the Perimeter
If you go back to the Forrester report from 2012, "Prepare For Anywhere, Anytime, Any-Device Engagement With A Stateless Mobile Architecture," they discuss the concept of an "extended enterprise," where organizations must control access to critical resources regardless of the connecting device, networks being crossed, or data repository.

We must adapt to the current state of mobility or its subsequent evolutions by focusing security controls closer to data, not the network or device, exposing only what it required for employees to conduct business. Collapsing our security perimeter around the data sources as a data-at-rest control, we eliminate the anxiety of networks/devices and can turn our attention to data-in-transit controls.
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
CVE-2021-41156
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft ...
CVE-2021-42650
PUBLISHED: 2021-10-18
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
CVE-2021-41151
PUBLISHED: 2021-10-18
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a parti...