IBMSaaSAssist

SaaS & Security
Using SaaS security software to gain an advantage
Top Votes
Guy Clapperton
What can an ISV do to reassure prospects of the security of their code? (ISVs welcome to comment!)
[+] Show Hidden Comments
[-]
PeterJopling
look a secure deops, designer malware is platform specific
[-]
PeterJopling
finding bugs as you write code saves time and money at the preproduction phase
[-]
PeterJopling
you also need to secure the app binary against advanced malware
[-]
Guy Clapperton
Useful thoughts. Are these specific to the cloud or were they issues before, with on-premise?
[-]
PeterJopling
designer malware targets mobile devices primarily
[-]
Jim Adam
Developing an app with security in mind applies to both
Guy Clapperton
What are your concerns regarding EU General Data Protection Regulation and the Cloud?
[+] Show Hidden Comments
[-]
Mike Spradbery @ IBM
isn't this a case for UK to stay in EU??
[-]
PeterJopling
cross border and sovereignty need to be accommodated
[-]
Guy Clapperton
@MikeSpradbery (GETS POPCORN, PULLS UP CHAIR)
[-]
PeterJopling
make sure you have a Data Controller in place as they're accountable for your data
[-]
Jim Adam
@MikeSpradbery Please expand...
[-]
Mike Spradbery @ IBM
@The_SaaSsist regulation more simple across borders? businesses say stay http://www.itv.com/n... @itv
[-]
Guy Clapperton
@MikeSpradbery So does the President of the USA - there are certain controversies about this, so I understand.
[-]
Mike Spradbery @ IBM
yes... just a thought, not necessarily my position! but will impact Cloud & regulation I think
Guy Clapperton
What are the security considerations of using Public Cloud Platforms?
[+] Show Hidden Comments
[-]
Mike Spradbery @ IBM
who owns data, where is it stored, how backed-up, who can access, who can audit...
[-]
PeterJopling
makes sure the service is legitimate and not a bogus site
[-]
Mike Spradbery @ IBM
are mobile apps secure, is data in transit secure, privileges, data retention...
[-]
PeterJopling
look at the T&Cs regarding the data, you may loose control
[-]
Guy Clapperton
Also the SLAs and exit agreements seem important to me. Remember 2E2 going belly-up a few years back?
[-]
Guy Clapperton
...you do need to know what happens when a company ceases to exist - that's true of private and hybrid, too.
[-]
PeterJopling
where's the site hosted. There maybe local legal issues to data retention /access by 3rd parties
[-]
Guy Clapperton
@PeterJopling Yes. The US Patriot Act is well known but are there other examples?
[-]
PeterJopling
ensure the site complies with the regulations for your business
[-]
PeterJopling
PCI compliance for retail
[-]
Jim Adam
Here's a perspective http://ibm.biz/CldSe...
Guy Clapperton
The Internet of Things will have its effect on security as objects can be hacked. Has anyone come up against this yet?
[+] Show Hidden Comments
[-]
Mike Spradbery @ IBM
yes; interesting, esp where safety is more important than security
[-]
Mike Spradbery @ IBM
also, some #IOT devices have very long life, 10+ yrs. Makes future-proofing hard
[-]
Jim Adam
@MikeSpradbery Cars seem an immediate concern http://fortune.com/2...
[-]
Guy Clapperton
@The_SaaSsist Imagine being able to hack the emergency services' vehicles. But is there substance to this or is it panic?
Guy Clapperton
What are your concerns regarding the Cloud threats from malware/Zeroday attacks?
[+] Show Hidden Comments
[-]
PeterJopling
detecting zero day needs advanced heuristics and analystics
[-]
PeterJopling
threat actors are constantly changing the malware to evade signature based detection
[-]
Mike Spradbery @ IBM
who is likely to have better protection, your org or the cloud provider?
[-]
PeterJopling
ensure the service utilises horizon based detection and real time update service
PeterJopling
Most legacy IOT devices, ie process control, were never designed to be IP enabled/secured
[+] Show Hidden Comments
PeterJopling
Look at the 3rd party compliance to Security and what's the DR plan
[+] Show Hidden Comments
[-]
Guy Clapperton
DR meaning disaster recovery - a good point.
Guy Clapperton
The crowd has been relatively quiet but I hope the insights on offer have been valuable. The entire chat will be available online afterwards.
[+] Show Hidden Comments
Mike Spradbery @ IBM
MEAP - mobile enterprise application platform, provides security and much more
[+] Show Hidden Comments
[-]
Guy Clapperton
Thanks.
Guy Clapperton
What can third parties do to reassure people about the security of their mobile solutions?
[+] Show Hidden Comments
[-]
Mike Spradbery @ IBM
use a MEAP to detect hacked apps, block jailbroken devices, provide encryption...
[-]
Guy Clapperton
Let's pretend I don't know stuff...what's a MEAP?
[-]
Jim Adam
You'll need measures at app, data and device level
[-]
PeterJopling
BYOD adds greater flexibility to the organisation, beware of Jailbroken and older OS on devices
[-]
Guy Clapperton
@PeterJopling I know very few tech support people who really welcome BYOD all that enthusiastically.
[-]
PeterJopling
@MikeSpradbery MDM is critical for BYoD
[-]
Jim Adam
@PeterJopling Mobile Device Management
[-]
Mike Spradbery @ IBM
https://en.wikipedia... ;-)
[-]
Jim Adam
@PeterJopling What can you do with MDM to protect yourself?
[-]
PeterJopling
thats because they may not understand that technology can reduce the risk considerably
[-]
Mike Spradbery @ IBM
@PeterJopling yes, but often not welcome. Has to be low-touch & low-impact to users
[-]
Guy Clapperton
@MikeSpradbery Even if something's high impact, they'll accept it if someone has explained it properly. It's the "unexplained complex upgrade" that causes most of the friction, I find.
[-]
PeterJopling
@The_SaaSsist make sure the OS is uptodate , and be aware of free wifi hotspots!