Archived CEO Blogs

The majority of developers are not security experts, and secure coding is historically not identified as a priority. Oftentimes, the arduous task of vulnerability identification and remediation cannot be successfully addressed by limited IT security resources.

Look for an app development services provider who offers a time-saving solution for all types of security testing — outsourced, individual, and enterprise-wide analysis — and for all types of users, including application developers, build managers, Quality Assurance (QA) teams, penetration testers, security auditors, and senior management.

Last time , I looked at some of the security issues related to employee mobility, which focused mainly on devices like smartphones and tablets and how people use them.

But smartphones and tablets aren’t the only mobile devices business leaders need to worry about. Consider:

USB malware is gaining momentum — so flash drives and other USB-connected devices can become malware vectors.
Hackable RFID and radio frequency channels create voicemail vulnerabilities and enable call interception.
RAM scraping exploits moments when sensitive encrypted data is unencrypted in browsers, smartphones, point-of-sale system memory, etc.

Late last year, market researcher IDC reported that by 2015 more U.S. Internet users will access the Internet through mobile devices than through PCs or other wireline devices. Judging by the eager embrace of smartphone and tablets since then, I’d guess their prediction may be conservative.

And unquestionably, this kind of mobility in business is a game-changer both in terms of how we do business and how we do information security.

Cloud computing gets immense attention these days as a profound agent of change affecting how IT serves the business. In particular, Cloud computing has begun the untethering of employees from their desks and their offices. Because the mobility of today’s, and tomorrow’s workforce cannot happen without the Cloud.

Yet worries about Cloud security abound, and for good reason: Cloud computing that involves processing sensitive or regulated data in shared environments needs extra scrutiny in terms of security (as well as codifying requirements, defining a cloud services contract, managing the transition from in-house to cloud, and overseeing the resulting mixed IT environment).

Odds are your IT environment is somehow engaged in virtualization — either directly in your data center or indirectly via the service providers you’ve engaged.

But how much have you — or your IT people — thought about virtualization security? This matters more than you may think. One Gartner analyst has estimated that 60% of virtualized servers will be less secure than the physical servers they’ve replaced.