Cloud Industry News Analysis & Insights on Ulitzer

Tim Negris

Subscribe to Tim Negris: eMailAlertsEmail Alerts
Get Tim Negris: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Security Journal, Mobile Enterprise Application Platforms, Secure Cloud Computing

Article

Cloud Usage and Worker Mobility Increase Need For Stronger Security Policies

Study Shows Remote Workers More Likely To Try Surfing Blocked and Compromised Sites

Symantec's just-released September 2010 MessageLabs Intelligence Report should give IT security managers increased concerns about telecommuters and mobile workers.  According to the report,

  • 35% of all workers exhibit potentially harmful web browsing habits when working remotely
  • Remote workers are as much as 500% more likely than office workers to visit inappropriate sites
  • Remote workers trigger six times more undetected malware attacks than office workers

As unsettling as those facts are, when combined with information posted by a Symantec security expert on her blog last June, they become even more worrisome.

"In the last two to three years, worryingly, attackers are increasingly shifting from creating new malicious websites and serving malware on them, to compromising legitimate sites.  In 2009, MessageLabs Intelligence estimated that 80% of malicious web attacks take place via legitimate, compromised sites -- sites the average user visits all the time...  In 2010 so far, using the same approach, the proportion of malicious domains that are legitimate has increased dramatically compared to last year - it's now about 90%."

In other words, when a remote worker (who is already five times more likely than his office-bound colleague to visit an inappropriate site) goes to a legitimate, but malware-compromised site (now the source of virtually all infections), his or her device is six times more likely to become infected than a desktop computer in the office.   The kinds of non-work sites that remote employees are most likely to visit compared to office workers are shown in this chart.

 

With ever more workers doing their jobs from outside the office and ever more corporate applications and infrastructure being delivered as web-based services in public clouds, the need has never been greater for IT management to sharpen the three prongs of their security pitchfork.

1.       Provision and maintain device-level and cloud-based policy-oriented security software

2.       Define and implement rigorous security policies governing allowable non-business sites

3.       Educate all employees in surfing security policies and the consequences of ignoring them

 

More Stories By Tim Negris

Tim Negris is SVP, Marketing & Sales at Yottamine Analytics, a pioneering Big Data machine learning software company. He occasionally authors software industry news analysis and insights on Ulitzer.com, is a 25-year technology industry veteran with expertise in software development, database, networking, social media, cloud computing, mobile apps, analytics, and other enabling technologies.

He is recognized for ability to rapidly translate complex technical information and concepts into compelling, actionable knowledge. He is also widely credited with coining the term and co-developing the concept of the “Thin Client” computing model while working for Larry Ellison in the early days of Oracle.

Tim has also held a variety of executive and consulting roles in a numerous start-ups, and several established companies, including Sybase, Oracle, HP, Dell, and IBM. He is a frequent contributor to a number of publications and sites, focusing on technologies and their applications, and has written a number of advanced software applications for social media, video streaming, and music education.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.