In the press: Infosecurity – Do you eat your own dog food?
January 17th, 2012
How many traffic policemen never exceed the speed limit when off duty?
How many vicars don’t swear? And how many IT security professionals practice what they preach? No, seriously, do you eat your own dog food? That’s the question Davey Winder has been asking of infosec professionals in an attempt to determine just how secure security experts really are away from the office?
An Inconvenient Truth
Surely, at home, the infosec professional will sometimes opt for convenience over absolute security? For example, what about mobile banking? It offers great convenience, but everyone in the security field knows there are risks attached.
Robert Rutherford is Chief Executive of IT consultancy QuoStar Solutions and was very honest when he admitted that he does risk analysis on the fly, telling us that “you just have to balance the impact of something happening against the likelihood of that something happening. If I need to connect a personal device to an unsecured wireless network while on holiday or in a hotel to do some internet banking, then I will, and I don’t think about it”.
That said, Rutherford also revealed that it’s unlikely he would access his internet banking at a shared cyber-café, due to the blatant risk of keyloggers, screen recorders and other spyware – so all is not lost.
“At the end of the day there is a risk in everything”, Rutherford concludes. “You can argue that nowhere is truly safe, but that’s life, and you can’t be paralyzed by fear. I don’t take unnecessary risks, of course, and do take sensible precautions. For example, I’ll VPN into work with two-factor authentication, nothing is stored locally on my devices unprotected, the devices are firewalled, encrypted, have protection systems in-place, and so on.”
John Knowles, MD of DMW Information Security, also admits to using online banking via a hardware token for authentication, which reduces the risk, but not completely. “I bank only from one device, which I don’t use for other purposes”, Knowles explains. “This reduces the risk again. I don’t keep any passwords or account details on a PC, instead I use a secure USB stick with Password Safe on it. I bank with a bank that has online banking guarantees, and I read my statements carefully”.
Knowles also makes a point of not using cloud services for primary storage of key stuff like photos or home videos, although his home backups are cloud-based and encrypted. “Backup is so essential”, Knowles warns. “The automation and the fact the data is out of the house even caters to the doomsday scenario of house fires.”
Being informed goes pretty much hand in hand with being mobile these days, to the point where we put it to our panel of experts that it isn’t really advisable, or even possible, to separate home from work when it comes to information security. Robert Rutherford was first to answer, responding that “you shouldn’t typically be using home devices to access corporate systems, neither should you allow others to use your corporate devices for personal use.”
He argues that the consumerization of IT is, as far as uncontrolled BYOD (bring your own device) is concerned, “typically madness”. After all, Rutherford says, “how do you enforce encryption from the corporate level on someone’s personal phone? How do you know that the home PC you are connecting into the business on isn’t riddled with trojans and spyware?” He concludes that “on virtually every level, it’s better to split home life and work.”
See the full original article here: Infosecurity.com
QuoStar launches Veeam cloud storage
QuoStar, one of the most established cloud providers in the UK market and one of the oldest Veeam partners, has launched a Veeam Cloud Storage platform. The platform allows any enterprise globally to backup and replicates key data, servers or entire infrastructures into QuoStar’s highly secure, highly resilient cloud platforms, hosted in some of the […]
What is a hybrid IT strategy?
A hybrid IT strategy is where neither 100% cloud nor 100% physical infrastructure is used. There is a mix of cloud services and in-house services being used within the IT environment. Hybrid IT strategy allows businesses to maintain a centralised approach whilst also utilising the benefits of cloud such as its’ scalability, performance and a […]
Where are we with Remote Access?
Remote access to internal IT systems is still a big enabler for any sized business. Business is no longer 9-5, and staff are no longer just sat in the office. The world has changed, so surely remote access has as well? Well, not as much as you’d think, but bandwidth has dramatically improved, as has […]