Business Issues: Page (1) of 1 - 04/22/12

The Gaping Hole in Your Data Security: The Web Browser

By Laurie Coffin

Organizations are deploying enterprise web applications, SaaS and cloud services in an effort to provide anytime, anywhere access to information. Data compliance regulations are increasing and the Bring Your Own Device (BYOD) trend introduces new risks of costly data breaches. In addition, Web 2.0 and social media applications are producing financially motivated, targeted threats to exploit security gaps. Investments in web-based efficiencies means that the volume of sensitive data delivered by the browser and accessed by a variety of devices is only increasing.

There are many advantages to allowing employees to use their personal devices for work, but potential unintended consequences-such as data leakage and malware-reinforce the need to secure company data. Organizations must control the data after it's delivered to the endpoint device in order to prevent accidental or intentional loss by end users. Users are also installing a variety of games and social networking apps on their mobile devices that are potentially malicious and put data at risk. It's no surprise that the volume of mobile malware is increasing.

 

The endpoint browser continues to be the weakest part of any network, as one wrong click of the mouse can open an organization's most sensitive data to significant threats. As companies of all sizes increasingly use browsers as the primary platform for delivering information, they have become the primary point of theft or data leakage. Malware and keyloggers can compromise web sessions after the data has been decrypted, stealing sensitive information or account credentials and transparently redirecting users to hostile sites and mining session content. Cyberthieves and hackers are always looking for ways to obtain sensitive information, and data can remain in the browser cache in clear text format and easily extracted by either malware or users, even after the web session has ended. This also means that stored user names and passwords from browser sessions remain available in the authentication cache and vulnerable to malware.

As we've seen now many times, with headline after headline of data breaches, companies are not aware of the gaping hole that the browser represents to high-value data. Not knowing the security state of the endpoint is a critical security gap for a website or web application owner.

It's time for organizations to stop making a distinction between managed and unmanaged devices, authorized and unauthorized users, and focus instead on protecting sensitive data. Organizations need to go beyond traditional endpoint protection and user education, recognize that the browser is a key part of the security value chain, and establish a strong security strategy to embrace this model in a suitable manner. This means securing information from storage through transport to delivery in the browser at the endpoint to prevent potential data loss.

This also means better compartmentalizing access to sensitive information, better audit logging and log analysis, and deploying security solutions that are designed to support today's multiple device, browser-based information world, such as those that can control the unauthorized use and replication of your data by malware and end users.

Laurie Coffin is VP, Quarri Technologies. Quarri Technologies, Inc. is a security software company that empowers organizations to keep their sensitive data secure. The company's products defend against both external and internal attacks and prevent unauthorized use and replication of confidential data by controlling both malicious and careless end-user behavior. Quarri's products allow users to remain productive and have a seamless online experience, while also enabling organizational compliance with industry standards and government mandates. Quarri is a privately held, investor-backed corporation based in Austin, Texas, with clients throughout North America and Europe.

www.quarri.com



Related Keywords:Cyberthieves, Cybersecurity, Malware, SaaS, Cloud Services

Source:Digital Media Online. All Rights Reserved

DMO TEXT LINKS
(Click here to place a textlink on this site)

Get 10 days of free unlimited access to lynda.com.
What do you want to learn today? Online video tutorials to help you learn software, creative, and business skills.
Click Here!


@ Copyright, 2014 Digital Media Online, All Rights Reserved

Webmaster
Privacy.