Information Security Watch List for 2014

By Superior Blogger | Published February 19, 2014

Information Security concerns continues to grow, as security breach attempts are becoming more frequent and more damaging. With a growing number of remote workers, non-managed devices, external threats and even internal threats, the attention that needs to be paid to protecting a firm’s critical data needs to be significantly elevated. In this post, we take a look at some areas that need a greater level of security focus.

Security within business applications needs to be improved

Security within business applications needs a much greater level of focus. Information security standards should be developed to ensure that the Application Architecture, Databases and Application Processing are secure as possible. A secure application can help minimize the impact of a breach if the company network has been accessed in an unauthorized manner. While many organizations are increasing their focus on application security, the skills gap in this area remains a major concern. Application Packages and Out Sourced Development need to be reviewed thoroughly to ensure that security vulnerabilities do not exist within these applications prior to implementation. These types of application providers may not place the required priority on application security in order to minimize their costs of development. Building security into the application during its design and development phases reduces the longer term risk and eventually the overall cost of ownership.

Increased Audits on Networks

Companies need to audit their networks more frequently and on an on-going basis. Many times, due to network changes, networks that were once considered secure are exposed to significant vulnerabilities without detection. Companies need to be especially careful when integration customers and vendors into their network and should do penetration testing after each significant network change. Wireless network access should be audited on a regular basis and wireless access points should be minimized. Wireless Networks should never be implemented without intrusion detection and prevention. VPNs should only be implemented where security can be managed down to the device level, avoiding general access to the network.  

Outdated software & systems increase vulnerability

The difficulty in maintaining outdated and no longer supported systems often results in security practices being subverted for the sake of efficiency or simply because standard security practices are a genuine challenge for dated infrastructure. Scrubbing these systems for vulnerabilities is not often at the top of the priority list for the staff appointed to care of these systems. In addition, security updates to these systems run a risk of having unintended negative impacts to availability or performance. This creates a practical business disincentive to maintain appropriate security protocol. Businesses need to avoid this situation and look to keep their systems current. 

The leaders of Superior Technology are seasoned experts in business process management and information security. To learn more about how we can help your organization prepare for the year, please contact us at (845) 735-3555 or visit us online at www.superiortechnology.com.


Comments are closed.

Archive by Date