Don’t fear cloud computing, mobility, says Citrix security lead

Cloud computing and mobility have been in the headlines recently, but not for showing how enterprises use them for making huge productivity gains.

Instead they’re signs for some of insecure systems thanks after attackers stole passwords from cloud storage services and revealed celebrity images from Apple’s iCloud.

For enterprises cloud computing and mobility represent a loss of control for IT, Kurt Roemer, Citrix Systems‘ chief security strategist, said in an interview in Toronto during the company’s one-day mobility conference for customers and partners.

“However, if you’re designing for mobile and cloud as your primary use cases and that loss of control, and you have the right security on top of it to give IT back the relevant control … you wind up with a better security infrastructure that can then be applied across the enterprise.”

And while cloud and mobility are a “fact of life” for organizations, they make a lot of sense as well, he added. Saves IT a lot of money, increases productivity, makes the organization more agile. But “we need to make sure we asking the right security questions.”

He praised security guidance for cloud provider offered by the Cloud Security Alliance. Apple, Samsung and Google also offer enterprises and individuals good advice on how to secure devices, he said.  “It’s probably unfortunate most individuals don’t read those,” he added.

Looking at the number of data breaches reported in the last 12 months, he agreed that there could be despair about the state of IT security. But, he added, “it’s not all bad … its helping people understand where they shouldn’t be relying on just one set of technology, that they need to have a security solution that protects their use cases, that they have multiple levels of security where it makes sense.”

Serious threats come from SQL injection and cross-site scripting vulnerabilities, which he said “are preventable problems if you’re going though and sanitizing user input” like usernames and passwords and credit card numbers into form fields. From the Web application developer’s point of view they should be treated as untrusted and scrubbed to take out bad characters and key phrases. “But often times they’re not developed that way. If applications were developed perfectly we wouldn’t have most of these problems — most because attackers are always learning new attacks.”

The biggest mistake enterprises make is “not understanding how the applications or the network can be used and abused. If IT thinks more abut what people are using it for and how use cases evolve over years they will realize you have to tailor your security solution and constantly update it so that you’re hitting evolving use cases, protecting the app and also making sure you’re keeping up with the attacks as much as possible.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now