Welcome!

Cloud Security Authors: Pat Romanski, Elizabeth White, Zakia Bouachraoui, Yeshim Deniz, Liz McMillan

Related Topics: Java IoT, Cloud Security

Java IoT: Article

Without Policy, "Security" Isn't Really Secure

Without Policy, "Security" Isn't Really Secure

p> In the world of open networks, where does flexibility end and security begin? For Java developers (and users), this question is especially relevant. According to a recent Forrester Research survey of Fortune 1000 companies, 62 percent of them already use Java and 42 percent expect that Java will play a major role in their future business activities. Security solution providers - tasked with helping those businesses define and fulfill their security needs - say that concerns about the openness of Java, especially "malicious" applets, is fast becoming their #1 security consideration. So, how secure is secure?

That depends on your definition. Currently, security needs fall into two broad areas: "should haves" and "must haves." "Must haves" are (1) organizations with a regulated or legislated responsibility to secure their information, such as government agencies, schools and medical facilities, and (2) businesses and organizations who recognize the adverse impact of a security compromise because they've already experienced it.

Most businesses operating in the cybersphere today qualify as "should haves." To varying degrees, these companies recognize the need for securing their networks, but they are conflicted by competing priorities. Securing their networks is something that they'll "get around to" after they've increased quarterly profits, reorganized the accounting system or hired more IT staff.

Regardless of your organization's function or need, the cornerstone of effective security is the design and implementation of strong security policy.

Step 1: Identification
Know your network - how it is configured, how it is used, by whom and for what purpose. This will tell you where your holes are, and the chances are high that they are there, even if you think they're not. Your goal should be a comprehensive blueprint of your network - a detailed description of the computing environments, support operations, end user support functions, monitoring systems and business management initiatives. This information is gathered through a site review that focuses on such critical issues as access controls, superuser privileges, password reviews, privacy reviews and virus detection, and should also include interviews with key individuals who are responsible for creating and enforcing the organization's security policy.

Step 2: Investment
Commit to realistic solutions. Once a determination has been made about where vulnerabilities exist - both internally and externally - a detailed assessment must be made of the costs and resources required to strengthen those weak areas. Weighing the pros and cons of all available alternatives will help you find the best solution for securing your network and, ultimately, your organization. Remember that security is more than just simply choosing a product.

Step 3: Implementation
The best-crafted plans can't protect you if all they do is sit on a shelf. In order for policies to be effective, education and training must accompany implementation to create "buy-in" and cooperation both up and down the organization tree. Every member of the organization - from the CEO to the administrative staff - should understand the implications that can result from failure to follow the established policy. Finally, a program of regular monitoring and evaluation will provide the necessary information and feedback to assess the overall effectiveness of your security program.

The Internet will be the vehicle for communications and commerce in the 21st century. Java's ability to deliver dynamic, interactive processing capabilities across the Internet, as well as its potential for on-line business-to-business communications, make it the language of choice on the Web. Therefore, it is important for Java developers to understand the security implications of Web commerce and communication from the perspective of the businesses and organizations who use it. With a better conception of how their products are employed and by whom, Java developers can play a significant role in ensuring security.

More Stories By Gary E. Brooks

Gary E. Brooks is the Marketing Director for DSN Technology, Inc., manufacturers and developers of fast and simple solutions for secured Internet/Intranet communications.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Never mind that we might not know what the future holds for cryptocurrencies and how much values will fluctuate or even how the process of mining a coin could cost as much as the value of the coin itself - cryptocurrency mining is a hot industry and shows no signs of slowing down. However, energy consumption to mine cryptocurrency is one of the biggest issues facing this industry. Burning huge amounts of electricity isn't incidental to cryptocurrency, it's basically embedded in the core of "mini...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
The term "digital transformation" (DX) is being used by everyone for just about any company initiative that involves technology, the web, ecommerce, software, or even customer experience. While the term has certainly turned into a buzzword with a lot of hype, the transition to a more connected, digital world is real and comes with real challenges. In his opening keynote, Four Essentials To Become DX Hero Status Now, Jonathan Hoppe, Co-Founder and CTO of Total Uptime Technologies, shared that ...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Where many organizations get into trouble, however, is that they try to have a broad and deep knowledge in each of these areas. This is a huge blow to an organization's productivity. By automating or outsourcing some of these pieces, such as databases, infrastructure, and networks, your team can instead focus on development, testing, and deployment. Further, organizations that focus their attention on these areas can eventually move to a test-driven development structure that condenses several l...
The graph represents a network of 1,329 Twitter users whose recent tweets contained "#DevOps", or who were replied to or mentioned in those tweets, taken from a data set limited to a maximum of 18,000 tweets. The network was obtained from Twitter on Thursday, 10 January 2019 at 23:50 UTC. The tweets in the network were tweeted over the 7-hour, 6-minute period from Thursday, 10 January 2019 at 16:29 UTC to Thursday, 10 January 2019 at 23:36 UTC. Additional tweets that were mentioned in this...