Encryption
We have seen an interesting turn of events in the Government’s stance on encryption. Lawmakers are stating that security is only possible if they have access to encryption keys and have backdoor access to operating systems. Edward Snowden’s revelations led us to make sure systems are encrypted and locked down, now we are being told the Government must have access to our systems. Unfortunately, there is no right answer to this problem.
Strictly from a security perspective, if there is a backdoor in our cellphones and computer systems someone will find and exploit it. What the Government is asking us to do is allow a security hole to remain open on all devices.
Amazon announced March 3, 2016 that it has removed device encryption on its tablets as of Fire OS version 5. Many of us conduct business on our devices, without encryption, what happens if we lose a device?
Those evaluating security for their enterprise should be mindful of lawmakers efforts to add backdoors and remove encryption.
Patching Software
Patching software is still a big problem. It appears on a whole, we have not learned how to safe guard our systems. The most exploited bug in 2014 was also the most exploited bug in 2015. Sadly, this bug is over 5 years old now. We all know that applying patches is not trivial in an enterprise environment. It can be a costly process especially if patching results in a broken system. Breaking things! This was the main excuse given when asked why systems are left vulnerable. A good patch testing process will help find any issues before it is rolled into production.
Keeping software up to date on all machines will make it a lot harder for the bad guys to gain access. A well patched environment with good Network Security Monitoring will take you very far down the road to security.