Cloud application is a highly scalable application deployed on public cloud (shared environment) and can be accessed remotely by end users over the internet. The cloud application benefits from the inherent features of cloud computing like scalability, elasticity, shared resources etc.
The need for data protection has seen a surge in the recent past and organizations are finding themselves subject to an increasing number of data protection requirements that obligate them to protect employee, consumer and customer personal data against threats and hazards from within and outside of their organizations. In addition to protecting regulated data, many organizations are looking to protect intellectual property and other sensitive data within the organization that may pose a greater threat to the enterprise.
Organizations struggle with information security management due to lack of diligence, skill, and resources. Garter analyst Jay Heiser in his presentation at Gartner Security & Risk Management Summit held in National Harbor, Md. estimates that the information security spend is close to 5% of the IT budget. Now try to imagine having to prop up the organizations defenses using just a part of that budget; as a large part of the budget is lost to internal compliance and assurance activities.
Siddharth Aggarwal, Lead Consultant, Information Risk Advisory Services
We are in the age of renaissance as far as information security is concerned. In the ages past, akin to iron and middle ages, we worked by protecting information with basic user logins, access control systems, firewalls, perimeter security technology, etc. In today’s scenario however, we are shifting focus on to what is key, the information itself, and slowly moving towards a data or information-centric world where we are beginning to associate access and privilege of users within or around the information itself.
This article discusses in detail the lesser known art of Pen-Testing Java Applets/Thick Client apps. Here I have explained in detail the process of Pen-Testing Java applets starting from how to go about intercepting data between an Applet and the remote server.
As new technologies are coming up day by day, we tend to ignore the older ones. Taking advantage of this, attackers always try to make you a victim by getting access to the older technologies. Modem is one of these old age technologies, so beware!
Vulnerability Assessment is more or less a standard activity across organization and across the globe for all large, small and medium enterprises. It is hygiene, compliance requirements or simple risk based approach to identify vulnerabilities both internet facing and internal systems and applications and patch them. The vulnerabilities generally arise out of inappropriate configurations, missing patches or inappropriate SDLC practices. The vulnerability management market has gone beyond simple tools to identify missing patches to complex Application Security Assessment including business logic review and software code review.
The phrase data protection conjures up all kinds of TLAs like DLP (Data Leakage Prevention) or DRM/IRM (Digital/Information Rights Management) or the newest DAM (Database Access Monitoring). What will annoy the reader more is that I am referring to all the above three letter acronyms and much more. I am referring to data protection as a state of mind rather than technology! Let me make myself clearer.
Getting Business Buy-in for Security Projects is Difficult