From The Editor-In-Chief
Online exchanges have become ubiquitous as organizations and individuals continue to release more information into cyberspace in the name of convenience and efficiency. Online collaboration, online shopping, e-mail, instant messaging, and social networks—all present limitless opportunities for users worldwide. But with great freedom comes great responsibility for all who enthusiastically embrace web centricity. This means greater awareness and vigilance by application developers, system architects, and the millions of users who log in expecting secure websites and private mail.
Application development is perhaps the ripest area for rethinking approaches to security. At present, an application’s life cycle has little room for the proactive decisions that answer the question, “How could this application be compromised?” Many developers believe that automated methods, such as scanning, are sufficient to address any concerns. Others cannot imagine and thus cannot anticipate the many ways that users can twist the application, and attackers count on such failures of imagination. Still others realize too late, often in response to an incident, that they should make security a priority, bolting on the necessary measures.
System architects have a different set of challenges that demand recognition of the web’s dynamic nature. As the number and power of mobile devices and applications grow almost concurrently, system builders must think more creatively about ways to secure an ever-changing enterprise perimeter. Chief information officers who prefer static application sets must recognize that collaborative projects are at the core of many enterprise operations and that anytime/anywhere access is an essential part of those efforts.
Finally, users must cope with the reality that they are partners in securing their communications and transactions. They must verify that they are using secure protocols and that they are managing passwords responsibly.
At Noblis, we believe that security should be addressed not only with new technologies and architectural insights, but also with a more disciplined use of the tools and best practices already available. In this edition, editor Richard Murphy and the other authors examine a range of topics—from a novel use of smartcards to the need for comprehensive management training. Underlying all the articles is the recognition that an enterprise demands confidentiality, integrity, availability, and accountability for its information and communications and that any technology or technique must come with effective policies and management practices. Security training and awareness-raising are essential elements in the battle to secure a web-centric environment.
In supporting our clients, we emphasize the need to design in security and move beyond the reliance on scanners and automated tools as a security quick fix. This issue identifies many practical steps that organizations can take to address security more comprehensively. As system complexity increases, security will have to occupy a larger part of the development cycle for both systems and applications. Having a process in place and being aware of the risk will put an enterprise that much further ahead.
H. Gilbert Miller, Ph.D.
Corporate Vice President and Chief Technology Officer
Noblis
hgmiller@noblis.org