The Business-Technology Weave

May 10 2011   6:24AM GMT

The Web of Insecurity



Posted by: David Scott
Tags:
enterprise security
security awareness
security developer
security development
web applications
web management
web security

 

In some quarters, it’s being estimated that most enterprise web applications are insecure.

 

According to a study by Imperva, WhiteHat Security and the Ponemon Institute, 70% of respondents don’t believe web security is a strategy in their orgs, with appropriate budget targeted to web application security and associated risk.

 

This poses a major threat to the enterprise.  Most organizations today grant access to mission critical apps through their websites.  However, executive management doesn’t focus much on security – indeed, they may not even really understand it – and thus the proper emphasis and protections are not driven downward, into that bulk of managers and staff who actually do the doing in implementing security.

 

In all regards, security must be a central design element; in systems as well as human endeavors.  In other words, security must be inherent in functionality, and process must reinforce – even force – adherence to security.  In terms of human instruction, interactions, training, and use of systems, there must be the dissemination of appropriate protocols and refreshers and reminders for best security awareness.  And, of course, all necessary updates.

 

Most organizations lack a cohesive, coherent, monitoring system for intrusion detection/attempts.  Often, even simple event logs are not monitored, and logs are not synchronized across the enterprise in leveraging enhancing information, nor capturing an efficiency of review.

 

Unfortunately, security is a rather ho-hum endeavor.  The excitement and attraction is always the “next big thing,” with resultant mods of bells and whistles that further use and delivery; time and budget are precious, and developers are pointed forward.  They do not have time to look at the present lay of the land, in assessing or advancing security – until a breach forces them to, that is, by grabbing everyone’s attention by the throat.

 

It all starts with awareness.  Do your part as you can, within the limits of your power and authority:  Once the vulnerabilities are exposed (both systemic and organizational), the senior executive class understands that a breach can not only take some or all of business offline for some measure of time, it can result in the longer lasting liabilities in exposure of content, revenue loss, and compromise of reputation.

 

NP:  Rapid Shave – Shirley Scott / Stanley Turrentine, jazz24.org

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: