Page 53 - index
P. 53
Take Target’s 2014 data breach, for example, which was made possible via a small
heating, ventilation and air conditioning company tasked with remotely monitoring
energy consumption and temperatures at various Target stores. Hackers were able to
leverage the company’s access credentials to move about undetected on Target’s
network and upload malware. Ultimately, anticipating and planning for disaster means
operating under the assumption that someone is always watching your network, your
infrastructure and what passes through it, internal or external.
Additional considerations for developers working closely with an internal IT infrastructure
team or cloud provider include understanding what their SLA policies are, how often they
update them, how often they validate them and whether or not they use auditors. Equally
important is assessing what you know and don’t know about a vendor’s security history.
What is their response time if they or a customer detects a vulnerability? What have they
experienced before? They should have their own policy in place and have proof that it
works. Your app may be secure, but the information or platform it sits on may not be,
requiring a multi-faceted, layered security strategy.
With applications fast becoming the center of many organizations’ business strategies and data
breaches on the rise, placing a larger focus on enterprise security is paramount.
By keeping these three considerations top of mind, in conjunction with a ground-up approach to
app security design, you can be confident that you’re engaged in safe and secure app
development, hopefully resulting in fewer instances of data loss.
About the Author:
Mav Turner is responsible for the SolarWinds IT Security business and
product marketing team. He has been at the company since 2009, where he
joined as a senior sales engineer.
53 Cyber Warnings E-Magazine – June 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
