Securing corporate data has become a top priority for management. Many CEOs realize that “security” can only be achieved, with a consistent company policy. This applies to your company building and the use of mobile devices, and the use of the cloud.
“Big companies know they have hijacked PCs in their operations.” Therefore, they also know they could be liable for data protection violations, as stipulated by the data protection law – with corresponding damage to the image. The attackers, who “phish” more and more specifically for information, also use smartphones and tablet PCs, which are particularly popular with executives, as a gateway into the company network.
“We have already discovered botnets on Android smartphones, which have the greatest security gaps.” Such hijacked bots can be misused in two ways: to smuggle in Trojans that prepare further actions, and secondly to send high-priced short messages (premium SMS) unnoticed.
IT Security: Mobile Security Makes Sense For Smartphones
Mobile security would therefore be advisable, but around 60% of smartphone users do not even know that appropriate antivirus software is available, let alone install it. This was the result of a current sample from the manufacturer Kaspersky Labs. Symantec wants to counteract this with both protective software and a platform: The Hydroid platform analyzes the 1.4 million Android apps, to which 3000 new ones are added every day, and wants to inform app users in real-time about the trustworthiness of an app in the future.
“Mobile security can also be ensured,” “that a company provides its employees with secure mobile devices.” With Deepsea, McAfee presents a hardware and software solution developed with Intel that protects mobile devices below the operating system level target.
Guidelines And Specifications For More IT Security
But companies are best protected by security and privacy policies and procedures. Unfortunately, such specifications are often switched off for the sake of productivity. Therefore, the trend is towards comprehensive and, above all, automated solutions. Such suites protect either the end-user across platforms or the company as a whole.
SIEM suites offer “Security Information” and “Event Management,” bringing together the information they receive from the network and the end devices and comparing them with company policy. This guideline can assess the risk of a covert attack or vulnerability based on assets (which values must a company protect first, such as license and copyrights?) Or based on risk (how expensive would the failure of specific IT services be?).
Another problem for children is cloud security. “Today, applications that were developed at a time when IT security was of much less importance are migrating to the cloud.” “These are, for example, in-house developments or adapted open-source software.” If this software is then not adapted, significant security risks will arise. The most effective antidotes are web application source code repair and guidelines.
The Cloud Is The Problem Child Of IT Security
This is where Symantec’s O3 offer comes in. “The O3 platform combines access control and data protection with governance, which ensures compliance with guidelines”. The access control includes proof of identity and authentication, data protection is guaranteed by DLP (Data Loss Prevention), and encryption. A third layer is to ensure governance so that all cloud-relevant security events are visible and audited. Data storage, backup, and recovery are increasingly provided in the cloud. “These are, for example, in-house developments or adapted open-source software.” If this software is then not adapted, significant security risks will arise. The most effective antidotes are web application source code repair and guidelines.