Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

New Year Will Put New Pressure On Security Services Decisions

Security, as many consumers have recently discovered, is a matter of perspective. Many consumers carefully lock their houses each night and turn off their computers. They keep their AV products up to date, their wireless connections encrypted, and their passwords in their heads.

Security, as many consumers have recently discovered, is a matter of perspective. Many consumers carefully lock their houses each night and turn off their computers. They keep their AV products up to date, their wireless connections encrypted, and their passwords in their heads.Then they find out some company has lost all of their data, and they are now prime candidates for identity theft.

Enterprises are in a similar situation. These days, many enterprises are careful to deploy their security patches, encrypt their portable hard drives, and update their firewalls. They run audits of their environments, and they carefully protect sensitive data to prevent leaks.

Then they implement cloud computing or other third-party services and realize they don't know where their data is -- or who might be accessing it.

Do you see what I mean? Security is a matter of perspective. If you stay in your home or inside your headquarters building, then you can fool yourself into thinking you've taken all of the necessary precautions to stay safe. But most people don't live inside their houses all the time, and most businesses don't operate in a cocoon. Operating out in the world means that sometimes you have to count on the security capabilities of those outside your own sphere of control.

Which leads us, inevitably, to the subject of security services.

In 2010, perhaps more than ever before, companies will have to begin trusting others to provide some elements of enterprise security. Cloud services will require a type of third-party trust that we haven't seen since the move from private networks to Internet-based communications. The proliferation of spam and malware will make ISP security and filtering services more critical and valuable than ever. And, of course, the ongoing need for compliance will necessitate the use of third-party penetration testers, compliance advisers, and external auditors.

I hesitate to call 2010 the Year of Security Services; I called 1988 the year of ISDN, and THAT still hasn't happened yet. Still, it's clear that as we move more and more into an Internet-based environment, it would be a bit naive to think any company can build a secure, defensible perimeter. Even if you could, it wouldn't prevent your data from being lost by a business partner, an insecure WiFi network, or a hole in a hypervisor. If we are going to be able to use cloud computing and other Internet-based services, then we're going to have to depend more than ever on the security of others.

What does all of this mean for the enterprise? It means that in 2010, companies are going to have to take a hard look not only at their own security, but the security delivered by their business partners, distributors, and service providers. It will mean evaluating not only the security of the two endpoints of any communication, but also at what happens in between. And it could mean a closer evaluation of service providers, both those that offer transport services and those that offer outsourced security capabilities.

This year, whether we're small consumers or large enterprises, we're going to need more than home security.

Tim Wilson is the editor of Dark Reading. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3142
PUBLISHED: 2021-01-28
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
CVE-2020-35124
PUBLISHED: 2021-01-28
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
CVE-2020-25782
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.
CVE-2020-25783
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.
CVE-2020-25784
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.