Are your apps secure?

Get Real!

The reality is that even the best software companies in the world still have bugs. Most bugs are rather benign, but others create huge security risks. Look at OpenSSH’s heart-bleed bug this year. And OpenSSH has been used by companies around the world as a “secure” communication package.

Even if you think your apps are secure, let me throw some startling numbers at you.

  • 37% of data breaches affected financial institutions
  • 24% occurred at retail outlets and restaurants
  • 92% perpetrated by outsiders of the affected organization
  • 76% exploited weak or stolen credentials
  • 52% used some form of hacking
  • 40% used malware
  • 54% compromised servers
  • 75% driven by financial motives
  • 66% took months to discover
  • 27 countries were targeted

How businesses can avoid breaches

The number one thing you can do is make sure security is a priority at the highest level. And by priority, I mean it must have a healthy budget. The former CEO of Target, and many others, has learned a valuable lesson about the priority of security. But security is not just a line item, it has multiple layers and is spread across the entire organization.

Here are some tips:

  • Conduct a thorough inventory of authorized and unauthorized devices and software
  • Secure configurations for hardware and software on laptops, workstations and servers
  • Constantly update malware defenses
  • Employ strong passwords with multiple layers of authentication
  • Ensure good data protection as part of Service level Agreement (SLA) with your cloud provider
  • Conduct a thorough inventory of authorized and unauthorized devices and software
  • Train employees to make sure mobile devices with sensitive data are properly secured and hard drives encrypted and locked down with a password
  • Conduct strong due diligence on third-party vendors
  • Set transaction limits and types

About Rob Rusher

In his role as Principal Consultant for On3, Rob leads an software development practice to help his clients build rich Internet applications for the desktop, browser, and mobile devices, and to rapidly increase their knowledge and skills to better support their organization's goals. Rob is an Adobe Certified Expert, Community Professional, and Certified Instructor. He has taught and mentored the technical teams at HP, Overstock, Paychex, SAS, the FedEx, and other Government and Fortune 100 organizations. Rob has co-authored four best-selling books on building secure, cutting-edge and rapidly developed applications using Adobe AIR, ColdFusion and Flex. He is very active in organizing and speaking at RIA, Adobe LiveCycle, mobile conferences, and user groups. In addition to growing his software consulting practice, On3, Rob has been building expertise in rich client application development on a wider variety of devices and platforms that extend the applications to change the way we all create and live.