Array

Internal security risks

Must Read

Student Loan Consolidation Rates Expected to Soar on July 1

Student loan consolidation is the way to go for college students and graduates who want to help ease the...

How to Borrow Money by Cashing Out Home Equity

Over the years, you have been a faithful steward of your mortgage. But the time may have come when...

Government Debt Relief Loans – Can Obama’s Federal Bailout Stimulus Programs Help Me?

The vast majority of Americans are experiencing the impact of the financial crisis that is currently choking the economy. ...

Location and Mapping

Windows Phone 7 physical devices contain features that allow the device to determine its geographical position in terms of...

The Ultimate Search Engine Optimization (SEO) Marketing Guide

SEO is a modern age Internet Marketing Science, which is the success story behind several online portals relating to...

Fun Board Games for College Students: The family of Carcassonne

The Carcassonne includes family games aboard the original Carcassonne, Carcassonne: The City Carcassonne: the Castle, The Kids of Carcassonne,...
Admin
test

If your business replaces its desktop software with webbased applications, or its internal firewall-protected servers with externally hosted systems, then they become more easily accessible over the internet, which is presumably what you want, but there are associated internal security risks whether they are cloud-based or not. Rogue employees are a danger to any business on any system, and ‘insider theft’ accounted for 16 per cent of reported data breaches in the United States in 2008 (ITRC, 2009); but here are three scenarios that relate to web-based systems in general:

  • Former employees or contractors may continue to have access to your intellectual property after they have stopped working for your organization if one or more of their user accounts have not been deactivated.
  • Users may have their user names and passwords stolen by keyboard sniffing technology or professional hackers who use various techniques.
  • If you use the same user name and password on multiple systems and one system is compromised, then those credentials may be used to access another system.

Now, mistakes happen, but there are ways to minimize the likelihood of internal security breaches, including internal processes, two-factor authentication and single sign-on.

Internal processes

Most businesses have checklists they use and processes they follow when employees take up or leave their employment;
but the deployment of new IT systems in public clouds can outpace the development of internal security processes, especially when they can be set up by non-IT staff. Thus, whenever a new cloud-based system is introduced, checklists must be modified immediately and existing user account management processes must be followed or, if necessary, extended to encompass them. You have to ensure through good internal processes that all ex-employees’ and ex-contractors’ user accounts are deactivated immediately to reduce the risk of these accounts being misused or confidential data passed on to competitors. You should also ensure that your employees use strong passwords when they access any of your systems, and that they use different passwords on different systems unless single sign-on
technology is implemented.

Two-factor authentication

User names and passwords can be guessed or stolen, along with other personal information such as your mother’s maiden name or your place of birth, and so on. Thus if you really want to secure access to your cloud-based systems
then two-factor authentication is a good solution. This means keeping your user name and password but adding another identifying element that is immune to online identity theft. Examples of two-factor authentication techniques are:

  • asking users (when they attempt to log on) to view a group of similar images and select the one that they chose or uploaded when they registered as a user on the system;
  • biometric techniques such as retinal scans or voice prints;
  • comparing the ‘typing rhythm’ of a user with recorded patterns for that user when they enter their user credentials;
  • one-time passwords generated by a small portable ‘token’ carried by users;
  • public-key infrastructure, which involves a public and a private cryptographic key pair that is obtained and shared through a ‘trusted authority’;
  • sending one-time passwords to users’ mobile phones for them to type in after they have entered their usual credentials;
  • smart cards that have on them a unique security grid which has characters in specific coordinates that the user can be quizzed on when logging in.

Two-factor authentication technologies are not new to cloud computing, they have been used to secure the virtual private networks of enterprises for some time, but the economies of scale afforded by public clouds have now made them affordable for small businesses.

Single sign-on

As discussed earlier, your employees may end up with user accounts on multiple cloud-based systems so password management becomes a problem, and the temptation is there to use the same password on different systems, which is a security risk. To deal with this issue of ‘cloud proliferation’ there are a number of commercially available federated identity (or single sign-on) services that enable users to log on to multiple clouds and internal IT systems through a single website; and some cloud service providers also allow users to log on to their systems using their credentials from other cloud services without a third party being involved.

Latest News

Digital Marketing for Beginners

Digital marketing for starter, Let to basic learning about connecting with your audience in the right place at the...

What are 7 things poor people do that the rich don’t?

1. poor people watch TV in which people read books how many hours you spend in front of the TV and when was the...

Top 18 best small business ideas for beginners starting

A small business can be frightening and requires plenty of careful planning there are many small business ideas which can be beneficial as well...

Summer that makes you happy

We saw were already here I've been thinking about some of the things. I used to do with my husband even though he had...

4 Point to helpful tips specifically for caregivers

What you need to take a vacation. I know it sounds impossible creative and try to make it work for you almost everyone needs...

More Articles Like This