Application Security — Features

Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.

Increasingly, businesses accept the idea that employees should be able to use their personal mobile devices, such as smartphones and tablets, for work. But debate is raging as to whether these employee-owned devices should be managed and secured exactly as corporate-owned devices might be.

Data security is always top of mind for CIOs and CSOs, and there is no shortage of challenges when it comes to picking the right tool for the job. With network and software vulnerabilities growing at a perpetual rate, good security software can help defend against many of the large-scale threats that occur locally and from all over the Internet. In this edition of 5 open source things to watch, we take a look at security products that will guard against threats without robbing your kitty.

Contributions from free and open software makers can be found throughout the tech world. From your datacenter to the desktop and everywhere in between; there's an open solution to your computing needs. This is no less true in information security. My focus in this article is the several outstanding information security desktop tools that personify the innovation and ingenuity of the FOSS (Free and Open Source Software) world. Please keep in mind that all of these applications (except one) are cross-platform so you can find appropriate versions on whatever you run (BSD, Mac OSX, Linux or Windows). The examples herein, however, will be catered to the largest install base (statistically): Microsoft Windows.

For both enterprises and consumers, one of the big draws of Windows 7 has been its tighter security features.

The hype around cloud computing would make you think mass adoption will happen tomorrow. But recent studies by a number of sources have shown that security is the biggest barrier to cloud adoption. The reality is cloud computing is simply another step in technology evolution following the path of mainframe, client server and Web applications, all of which had -- and still have -- their own security issues.

Many organizations are embracing SOA as a way to increase application flexibility, make integration more manageable, lower development costs, and better align technology systems to business processes. The appeal of SOA is that it divides an organization's IT infrastructure into services, each of which implements a business process consumable by users and services.

With spam hampering staff productivity and increasing helpdesk calls, Sydney-based plumbing suppliers company Plumbers' Supplies Co-operative Ltd has replaced an open source e-mail security solution with an network gateway appliance.

If you're one of the 63.7 million people playing the popular Farmville game on Facebook, you've probably noticed a change in how you earn points. FarmVille's parent company, Zynga, agreed last week to remove deceiving mobile subscriptions and "scammy" offers that lure players to register for services in exchange for game currency, which helps players to advance in the game.

Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.

IPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the handset's location via GPS.

It has been a week since hackers released software that could be used to attack a flaw in Windows Vista and Server 2008, but Microsoft and security companies say that criminals haven't done much with the attack.

Chris Hoff, one of the most respected voices on the topic of virtualization and cloud security, once told me in an interview that people should shut up about securing the cloud because, in his opinion, there's no such thing as cloud security.

While Google, Amazon and Salesforce have gotten the most attention as cloud service providers, Microsoft-with its 300 products and services delivered from its data centers-has a large cloud bank all its own.

Apparently the everpresent cloud computing marketing messages aren't working quite well enough: Tech buyers still have major concerns regarding cloud-based benefits and security issues, many of which have not eased during the past year.

CIOs and CSOs could do well to consider the monetisation cost and overall profitability of security risks when considering how to safe guard their organisations, according to the findings of a new report from IBM’s Internet Security Systems X-Force research and development team.

As fireworks boomed on the Fourth of July, thousands of compromised computers attacked U.S. government Web sites. A botnet of more than 200,000 computers, infected with a strain of 2004's MyDoom virus, attempted to deny legitimate access to sites such as those of the Federal Trade Commission and the White House. The assault was a bold reminder that botnets continue to be a massive problem.

Employers are increasingly putting the brakes on employee use of social networking sites on the job, according to a new survey. The research, released Wednesday by ScanSafe, a provider of SaaS Web security, said its data shows more employers are blocking sites such as Facebook and Twitter. The results run counter to a story published by CSO in March 2009 that cites research which found most employers do allow access to Web 2.0 in the office.

Security is not a reason to stay away from SOA. Although full SOA security maturity is yet to come, 30 percent of organizations now use SOA for external integration with customers and partners. For standard Web services using SOAP, WS-Security has achieved critical mass as a foundational standard. On the other hand, advanced SOA security - involving federation among partners, nonrepudiation, and propagation of user identities across multiple layers of service implementations - is in its early days.

While many companies are considering moving applications to the cloud, the security of the third-party services still leaves much to be desired, security experts warned attendees at last week's Black Hat Security Conference.