Three IT problems you didn’t know you had
With so much change happening in enterprise IT with the proliferation of mobile devices, the introduction of BYOD and shifts towards cloud-based systems, there can be moments where the importance of security can take a back step in the name of expedience.
Here are three security issues you probably have that you need to consider now.
1. Multifunction printer/scanner/copier hard drives with your data
Practically every multifunction printer/scanner/copier released over the last two decades contains a hard drive where documents are spooled before being printed or distributed. When one of those devices is removed from your office with its drive intact, you’re potentially sending confidential documents out with it.
A recent story on the US version of 60 Minutes highlighted the severity of this issue. Journalists went to a warehouse sale of used devices and purchased a number by randomly selecting them from shelves. They recovered the drives from the units. One was from a hospital and contained confidential, personal information from patients whose records had been photocopied.
What can you do?
Make sure that the supply contract for your multifunction devices allows you to retain the drives so that you can securely destroy the data. If a device has to be sent out for service, remove the drive.
2. Leaky smartphones
Many smartphone apps give themselves access to data that they don’t need. For example, some games have access to your phone number, call logs, SIM card information and location data. In many cases, there’s no need for that data to be accessible to the app.
The trouble is that in most cases there’s no easy way to block this data access, as the user agreement requires the data for installation. So, if you say no, you lose the application. In a BYOD world, this can be a serious issue as control of user devices is far more limited than if you own the device.
What can you do?
If you’re in the iOS world, your options are very limited. With Android devices, it’s possible for developers to block access to data from apps. For example, NICTA, National ICT Australia, is developing an Android app that can intercept data requests from apps and either allow, block or deliver fake data to the app.
Otherwise, you need to educate your business and advise them so that they read user agreements carefully, particularly when it comes to data access.
3. The cloud is safe ... isn’t it?
You’d think that with all the assurances given by online infrastructure providers, putting systems into the cloud would aid reliability. However, as recent outages by Amazon have highlighted, services aren’t 100% reliable. Businesses putting their trust in the cloud need to come up with reliable backup and business continuity plans.
What can you do?
One option is the locally developed Yuruware (www.yuruware.com), which provides near-time replication between Amazon services. For example, if your main cloud data centre is in Sydney, you can use Yuruware to replicate your data and applications to another Amazon service in Singapore. It’s currently limited to Amazon with a Rackspace option under development and in early testing.
However, this isn’t a true backup in that you can’t go back to recover data from a specific point in time. It may fit into your business continuity and disaster recovery plans.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.