Business Challenges Around Security


The overwhelming adoption of Internet- and network-centric applications and services offered unlimited opportunities for businesses and organizations to offer customers, partners, and employees convenient access to the information they need. The result has been increased efficiency, mobility, and collaborationall at a reduced cost. However, this innovative action has opened the door to malicious activities, exploits, and attacks by hackers, disgruntled employees, and cyber criminals. Businesses and organizations are now facing a growing number of security threats and vulnerabilitiesboth internally and externallyand there are, unfortunately, no easy answers or solutions. The causes of today's increasing vulnerability of businesses are primarily related to the current methods of meeting business challenges and their ineffectiveness in implementing security.

The key factors that contribute to the ineffectiveness of current methods of meeting business challenges are as follows:

  • Security as an add-on: Applying security features is often considered as the last effort of the deployment phase in a typical software development cycle. This is the result of a failure to adopt proactive approaches in the design phase. When security is an afterthought, the system remains unprotected from many threats and associated risks.

  • Architectural inefficiencies: The failure to analyze security risks and trade-offs during the architectural design process results in an inefficient system architecture that is vulnerable to more exploits and attacks than would be the case had security been considered during the design process.

  • Security patches and upgrades: The failure to install and configure security-related patches and upgrades leaves all of the existing security loopholes in place in the deployment infrastructure.

  • Proprietary solutions and compatibility: Adopting proprietary security solutions often results in compatibility issues that affect interoperability with other standards-based systems environments. This problem also affects further scalability and extensibility of the overall security infrastructure.

  • Poor infrastructure choices: Choosing a platform infrastructure that has known security bugs and flaws increases platform-specific threats and vulnerabilities.

  • Poor operational practices: Lack of audit and control over production operations leads to failures in detecting malicious activities and vulnerabilities.

  • Poor identification and verification processes: Lack of identification and verification processes in business applications leads to identity theft, impersonation, and identity fraud.

  • Poor configuration management: Improper security configuration and the failure to verify configuration parameters and settings affects operational efficiency and increases the likelihood of an attack.

  • Poor security policies and controls: Lack of security policies related to business applications and failure to exercise tighter access control impairs data confidentiality and can adversely affect the target data and its associated owners.

  • Lack of expertise: Most security administrators focus on network and infrastructure security and tend to ignore application-specific and content-level vulnerabilities. This leads to application and content-level attacks such as malicious code injection, cross-site scripting, XML attacks, and so on.

  • Awareness and training issues: Lack of security awareness among personnel leads to unintended disclosure of confidential data and processes. The failure to train business staff leads to accidental security issues and potential abuses of the infrastructure.

  • Lack of management priorities: Poor management focus on security matters and improper handling of security-related incidents adversely affects the business, causing it to incur losses because of its inappropriate choices and wrong directives.

In addition to the above challenges, there are still many technical and management issues that remain unaddressed. These issues will be the roadblocks in identifying the nature and degree of potential threats and implementing efficient safeguards against those threats and vulnerabilities.




Core Security Patterns. Best Practices and Strategies for J2EE, Web Services, and Identity Management
Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
ISBN: 0131463071
EAN: 2147483647
Year: 2005
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net