How to improve internet security on software

How to improve internet security on software

millions of internet users that got their credit cards stolen over the Web.

And that's a real shame, since a bit of prevention can go a long way at protecting yourself from many online risks, if only a few guidelines and some basic common sense is used.

At its very core, the basic concept of internet security is a simple one-- extend computing and data-processing capability to the physical world around us.

And the earliest manifestations of this are starting to be seen already in the growth of smart devices-- TVs, automobiles, appliances, electronic hydro meters, etc.

You can imagine numerous scenarios in which our businesses can be streamlined through strategic application of this concept-- dynamic inventory management; self-diagnostic capability for appliances; better logistics; increased efficiencies resulting from better telemetry and so forth.

These advantages promise rapid and prolific adoption as implementation comes to fruition, but there are also serious ramifications for security and privacy.

The top governance-level concerns were related to security and privacy. Specifically, increased security threats were cited by 38 percent of respondents, followed by data privacy, which was a top concern of 28 percent of respondents to the ISACA 2013 IT Risk/Reward Barometer.

Still, there have been IP-connected, closed architecture, specialized devices in the scope of many security programs for quite a long time. Consider the role of PoS (point-of-sale) devices in retail, diagnostic modalities in healthcare (MRI machines and the like), and industrial control systems in energy and manufacturing.

While wildly different in functionality and implementation, these devices have common aspects that can help shed light on the security challenges ahead as more IP-connected and purpose-built devices come online. Those historical challenges can serve as a touchstone to prepare for the emergence of the Internet of Things.

we can't solve all of them now but anticipating today what capabilities we might need as smart devices become more prevalent has a few advantages. It can give us a leg up if businesses ramp up quickly, as it is likely to, and also help insulate organizations against risks during early adoption, when guidance and standards are still emerging.

Although securing the web is a work in progress, there are a few security capabilities to develop if they're already in place in order to prepare. These are elements you can do today that have benefits right away but that also will be critical as the internet develops more and when smart devices really start to proliferate everywhere.

Purpose-built devices, no matter what they are, have security vulnerabilities to the same degree that everything else does on the Web. Device makers may not have the same kind of vulnerability reporting and response channels as, say, an operating system or application vendor would.

Those devices are often closed architecture with a non transparent and often proprietary code base. There will be varying degrees of transparency when it comes to security vulnerability reporting. As previously unconnected dumb devices start to come up with built-in network and computing capabilities, knowing what and where those devices are will be very important.

And it's a good idea to start tracking what they are and where they are, where they live and just who's responsible for them. It's easier to start now while the issue is small than it is to wait and retroactively attempt discovery once usage proliferates.

If you're a manufacturer producing a smart device, you need to minimize the number of issues you have to fix once its in customers' hands. Likewise, if you're a consumer, it's helpful to understand the underlying protocols these devices use to interact and work with each other.

Both require expertise in understanding how applications operate and interact-- like how the protocols operate; how security defects or misconfigurations arise; how other components are likely to impact the applications running on these devices; etc.

If, like many businesses, you've underinvested in this area in the past, starting to build some strength here might be a smart move for the long term, something that will clearly provide you with worthwhile dividends down the road.

Business people might not think to come to information technology when making purchasing decisions about previously unconnected devices that now host both networking and computing capability, but that's how it's done nowadays. Get with the flow