Category : Enterprise Security

RADcube > Enterprise Security
15Feb
what-security-testing-tools-miss-showcase_image-1-w-720How Can You Maintain Application Security During the Software Development Life Cycle

How Can You Maintain Application Security During the Software Development Life Cycle

We all know how important it is to secure your organization’s Web, mobile and desktop applications, but how do you maintain critical application security during the software development life cycle (SDLC)?

Evolving State of Application Security

During the development process, a large amount of new code is added to applications being developed. Of course, all of us want to write the code as securely as we can. However, the problem is that most of us don’t have the skills and/or knowledge to really know what we are defending the applications from.

In addition, attackers’ techniques are constantly evolving, and there are many attack vectors that don’t directly target your code. Many attacks leverage weaknesses in your IT infrastructure or third-party components to reach your applications, databases or other valuable resources.

In cases like those, solely scanning your own code won’t provide you with the security coverage you need.

Making the Case for Application Security Testing on Cloud

There are many on-premises application security testing solutions on the market, and generally they do a great job. But for smaller organizations or special application security projects at larger organizations, on-premises solutions can be prohibitively expensive. Integrating an on-premises solution into your SDLC can also be complex and frequently requires specialized skills to configure properly.

In these specialized use cases, cloud solutions are the way to go since:

  • No specialized security expertise is required.
  • Configuration is usually straightforward.
  • Certain solutions provide an API that can be integrated into your build and deployment systems.
  • Cloud solutions can be less expensive than an on-premises licensing model.

Taking Your Application Security to Cloud Nine

Take, for example, IBM Application Security on Cloud. The configuration is very basic; you require no more than the website’s URL and access credentials if applicable. It provides an API that can be easily integrated into your deployment system. In addition to performing application security testing on your Web applications, you can conveniently scan mobile and desktop apps. It generates a detailed report that your development team can use to remediate vulnerabilities and report progress to key stakeholders.

By utilizing the API, you can trigger security scans in just a few lines of code. Additionally, through incorporating cloud technology, you can save lots of time and money while still maintaining application security during the SDLC. This is critical because the earlier you detect security vulnerabilities in the development process, the easier and less expensive it is to remediate them.

View Original Article Here

Read More
10Feb
iStock_mobilesecurity236309_b9tML7K.jpg.800x600_q96How new security solutions will be a major enabler of the mobile enterprise

How new security solutions will be a major enabler of the mobile enterprise

Within the past few months, we have seen numerous initiatives by enterprise mobility providers to support the growing number of mobile-empowered enterprises.

On January 5 AirWatch by VMware announced its collaboration with Intel Security. The reason for these two giants to team up was to address the most critical points in BYOD security management and empower enterprises to meet modern security requirements more effectively. By joining the Intel Security Innovation Alliance, VMware will provide its customers with the opportunity of sharing sophisticated mobility data via the key feature of Intel’s security system, McAfee Data Exchange Layer.

Alongside this, Intel Security has become a member of AirWatch Mobile Security Alliance in order to help companies focus on improving their mobility rather than dealing with its critical aspects like managing and securing mobile devices.

Given the skyrocketing development of security solutions, we can only conclude that enterprise mobility is in the process of reaching its full potential. More importantly, it will soon be accepted by a larger number of companies, regardless of the industry they are in.

Advanced security solutions as the base of enterprise mobility

One of the main problems mobile-enabled SMBs are coming across is BYOD management. Namely, with an increasing number of employees accessing company networks and sharing corporate data via private mobile devices, security risks rise as well.

This issue is exactly what the integration of AirWatch with Intel Security tries to address. Namely, this alliance solves three main aspects of mobile-empowered enterprise security:

  • Data protection. With Intel’s security solutions integrated with AirWatch, companies will manage to bring their security practices to a whole new level. Namely, they will be able to extend their mobile security across mobile devices, PCs, operating systems, various networks and the cloud.
  • Threat detection. These data protection solutions will also facilitate the mobile information flow into security management tools. This way, companies will be able to always detect the blind spot regarding their security, as well as encourage their security teams to better manage events across the plethora of devices.
  • Security management . Another important goal of this security solution is to protect data regardless of where it is so that users can access it more securely anytime and anywhere.

Regulated industries also expected to tighten security

While enterprises managed to handle security risks by implementing hybrid cloud storage solutions, businesses in regulated industries are still far behind the majority of sectors.

Given the strictness of their compliance requirements, organisations in finance, healthcare and government justifiably hesitated to make such radical decisions like integrating workload mobility and cloud with their IT infrastructure.

In addition to this, a recent study by SecureLink sees the healthcare industry as the strictest one in terms of IT infrastructure requirements. The report points out that the challenges here widely range from managing employee productivity apps, access and audit paradigms.

However, with the rise of new security solutions, the adoption of cloud applications among enterprises in regulated industries has jumped to 71%, according to a Bitglass survey. While industries such as education and communications show a surprising amount of initiative towards migrating to cloud, sectors in regulated industries are also opening up towards using this software.

Apart from the partnership between AirWatch and Intel Security, X-IO Technologies has also announced the addition of AES 256-bit key data-at-rest (DaR) encryption layer to its X-IO storage systems. When used as a part of a much wider data security strategy, this feature will encrypt data while it is stored, thus preventing the loss of sensitive customer data or compromising intellectual property.

The CIO in 2016

Even though every industry is different and the pace at which the companies within it adopt mobility solutions heavily depends on its technology cycle, the truth is that BYOD management has already become somewhat of a holy grail for all CIOs.

With a growing number of security solutions, mobile-empowered enterprises will finally manage to establish solid BYOD policies and control not only the device, but the transmission of data as well.

View Original Article Here

Read More