Java IoT Authors: Liz McMillan, Pat Romanski, Elizabeth White, Yeshim Deniz, Zakia Bouachraoui

Related Topics: Java IoT, Cloud Security

Java IoT: Article

Without Policy, "Security" Isn't Really Secure

Without Policy, "Security" Isn't Really Secure

p> In the world of open networks, where does flexibility end and security begin? For Java developers (and users), this question is especially relevant. According to a recent Forrester Research survey of Fortune 1000 companies, 62 percent of them already use Java and 42 percent expect that Java will play a major role in their future business activities. Security solution providers - tasked with helping those businesses define and fulfill their security needs - say that concerns about the openness of Java, especially "malicious" applets, is fast becoming their #1 security consideration. So, how secure is secure?

That depends on your definition. Currently, security needs fall into two broad areas: "should haves" and "must haves." "Must haves" are (1) organizations with a regulated or legislated responsibility to secure their information, such as government agencies, schools and medical facilities, and (2) businesses and organizations who recognize the adverse impact of a security compromise because they've already experienced it.

Most businesses operating in the cybersphere today qualify as "should haves." To varying degrees, these companies recognize the need for securing their networks, but they are conflicted by competing priorities. Securing their networks is something that they'll "get around to" after they've increased quarterly profits, reorganized the accounting system or hired more IT staff.

Regardless of your organization's function or need, the cornerstone of effective security is the design and implementation of strong security policy.

Step 1: Identification
Know your network - how it is configured, how it is used, by whom and for what purpose. This will tell you where your holes are, and the chances are high that they are there, even if you think they're not. Your goal should be a comprehensive blueprint of your network - a detailed description of the computing environments, support operations, end user support functions, monitoring systems and business management initiatives. This information is gathered through a site review that focuses on such critical issues as access controls, superuser privileges, password reviews, privacy reviews and virus detection, and should also include interviews with key individuals who are responsible for creating and enforcing the organization's security policy.

Step 2: Investment
Commit to realistic solutions. Once a determination has been made about where vulnerabilities exist - both internally and externally - a detailed assessment must be made of the costs and resources required to strengthen those weak areas. Weighing the pros and cons of all available alternatives will help you find the best solution for securing your network and, ultimately, your organization. Remember that security is more than just simply choosing a product.

Step 3: Implementation
The best-crafted plans can't protect you if all they do is sit on a shelf. In order for policies to be effective, education and training must accompany implementation to create "buy-in" and cooperation both up and down the organization tree. Every member of the organization - from the CEO to the administrative staff - should understand the implications that can result from failure to follow the established policy. Finally, a program of regular monitoring and evaluation will provide the necessary information and feedback to assess the overall effectiveness of your security program.

The Internet will be the vehicle for communications and commerce in the 21st century. Java's ability to deliver dynamic, interactive processing capabilities across the Internet, as well as its potential for on-line business-to-business communications, make it the language of choice on the Web. Therefore, it is important for Java developers to understand the security implications of Web commerce and communication from the perspective of the businesses and organizations who use it. With a better conception of how their products are employed and by whom, Java developers can play a significant role in ensuring security.

More Stories By Gary E. Brooks

Gary E. Brooks is the Marketing Director for DSN Technology, Inc., manufacturers and developers of fast and simple solutions for secured Internet/Intranet communications.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER gives detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPOalso offers sp...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...