Welcome!

Cloud Security Authors: Liz McMillan, Pat Romanski, Elizabeth White, Yeshim Deniz, Terry Ray

Related Topics: Java IoT, Cloud Security

Java IoT: Article

Without Policy, "Security" Isn't Really Secure

Without Policy, "Security" Isn't Really Secure

p> In the world of open networks, where does flexibility end and security begin? For Java developers (and users), this question is especially relevant. According to a recent Forrester Research survey of Fortune 1000 companies, 62 percent of them already use Java and 42 percent expect that Java will play a major role in their future business activities. Security solution providers - tasked with helping those businesses define and fulfill their security needs - say that concerns about the openness of Java, especially "malicious" applets, is fast becoming their #1 security consideration. So, how secure is secure?

That depends on your definition. Currently, security needs fall into two broad areas: "should haves" and "must haves." "Must haves" are (1) organizations with a regulated or legislated responsibility to secure their information, such as government agencies, schools and medical facilities, and (2) businesses and organizations who recognize the adverse impact of a security compromise because they've already experienced it.

Most businesses operating in the cybersphere today qualify as "should haves." To varying degrees, these companies recognize the need for securing their networks, but they are conflicted by competing priorities. Securing their networks is something that they'll "get around to" after they've increased quarterly profits, reorganized the accounting system or hired more IT staff.

Regardless of your organization's function or need, the cornerstone of effective security is the design and implementation of strong security policy.

Step 1: Identification
Know your network - how it is configured, how it is used, by whom and for what purpose. This will tell you where your holes are, and the chances are high that they are there, even if you think they're not. Your goal should be a comprehensive blueprint of your network - a detailed description of the computing environments, support operations, end user support functions, monitoring systems and business management initiatives. This information is gathered through a site review that focuses on such critical issues as access controls, superuser privileges, password reviews, privacy reviews and virus detection, and should also include interviews with key individuals who are responsible for creating and enforcing the organization's security policy.

Step 2: Investment
Commit to realistic solutions. Once a determination has been made about where vulnerabilities exist - both internally and externally - a detailed assessment must be made of the costs and resources required to strengthen those weak areas. Weighing the pros and cons of all available alternatives will help you find the best solution for securing your network and, ultimately, your organization. Remember that security is more than just simply choosing a product.

Step 3: Implementation
The best-crafted plans can't protect you if all they do is sit on a shelf. In order for policies to be effective, education and training must accompany implementation to create "buy-in" and cooperation both up and down the organization tree. Every member of the organization - from the CEO to the administrative staff - should understand the implications that can result from failure to follow the established policy. Finally, a program of regular monitoring and evaluation will provide the necessary information and feedback to assess the overall effectiveness of your security program.

The Internet will be the vehicle for communications and commerce in the 21st century. Java's ability to deliver dynamic, interactive processing capabilities across the Internet, as well as its potential for on-line business-to-business communications, make it the language of choice on the Web. Therefore, it is important for Java developers to understand the security implications of Web commerce and communication from the perspective of the businesses and organizations who use it. With a better conception of how their products are employed and by whom, Java developers can play a significant role in ensuring security.

More Stories By Gary E. Brooks

Gary E. Brooks is the Marketing Director for DSN Technology, Inc., manufacturers and developers of fast and simple solutions for secured Internet/Intranet communications.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?
In this Women in Technology Power Panel at 15th Cloud Expo, moderated by Anne Plese, Senior Consultant, Cloud Product Marketing at Verizon Enterprise, Esmeralda Swartz, CMO at MetraTech; Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems; Seema Jethani, Director of Product Management at Basho Technologies; Victoria Livschitz, CEO of Qubell Inc.; Anne Hungate, Senior Director of Software Quality at DIRECTV, discussed what path they took to find their spot within the tec...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...