Securing a platform – it’s a three-way approach0
The opening up of enterprise IT due to the effects of consumerization is resulting in ever increasing complexity of the infrastructure with a myriad of devices and applications crowded together. Gartner predicts that by 2017, half of employers will require their employees to bring their own devices to the office. This will benefit organizations and employees alike, however, it also creates many challenges for the IT department. In addition to considerations around interoperability and performance, worries about how to keep the crowded infrastructure secure are rife.
Adding security protection to the back-office offers a multitude of benefits. The need to implement security measures for each individual device or program remains unchanged. The goal is to prevent a security attack on data and credentials centralized on server platforms, putting the entire corporate system at risk.
Platform attacks are generally focused on three areas – the design, development and operations levels. Protecting the platform begins in the R&D stage and needs to consider all three of these potential flaws:
– Design: here, attacks are targeted at the platform’s actual architecture. A number of measures can be taken to protect this level. These include picking the right authentication mechanism suited to what the platform will be used for, transaction flows as well as time-stamping
– Development: at this level, exploits will try to find a way to sneak in through the ‘back doors’ of your environment. To avoid leaving any gaps in protection, the right coding practices are crucial, with stringent testing and ongoing amends necessary to ensure all eventualities are covered
– Operations: attacks at this stage are targeted at vulnerabilities in the way that the system works, for example through launching a DDoS attack (which are said to be increasing). Things to consider here are organizational security policies, the monitoring procedure for flaws and attacks as well as the authentication method for access to the platform
The challenge is to create and put in place a system that is secure and robust on the one hand, but also convenient for employees to handle. Organizations are very different in terms of needs, culture and structure, which will determine the type of security system required. However, choosing the right partner that is able meet the right criteria in terms of design, development and operations is crucial to building comprehensive protection for the platform.