Broadband Improves Performance Of Both Apps And Malware
Allied Cash's database administrator Christian Alvarez has been working to secure the company's new Web-based user interface in recent months.
Securing the data that can be accessed via Allied Cash's new Web-based user interface has been the most pressing security concern for company database administrator Christian Alvarez during the past several months.
"We've gone from dial-up connections to a broadband solution for employees accessing Allied Cash applications," Alvarez told InformationWeek. Now the company's nearly 500 employees in about 250 locations across the country have speedy access to the hosted applications that let the company offer customers cash advances against their paychecks. "This gives employees more ability to roam on the Internet," he said. And of course, more roaming means a greater exposure of Allied Cash's IT systems to the Web's more malicious elements.
These sorts of concerns are consistent with those expressed in InformationWeek Research's latest annual Global Information Security survey, conducted with consulting firm Accenture. Of the companies feeling more vulnerable to attack today, 70% cite the increased sophistication of threats, including SQL injections, while 58% worry about the growth in the number of ways to attack corporate networks, including wireless networks. About half of the U.S. respondents are concerned with the increased volume of attacks, while little more than one-third worry about the malicious intent of their peers using the Web.
To counteract these threats, Allied Cash uses SurfControl's WebDefense Web-filtering application, "which has different sites broken down by categories, like gaming sites or dating sites, that we have locked down," Alvarez said. "These are sites that could have malicious software on them and that employees shouldn't be using from work. We found that our users were going to non-work-related sites, and we were getting a lot of requests because their PCs were going down," Alvarez said. That's when the company decided to implement WebDefense.
With broadband access to the Internet, employees are more open to malicious Web content while they're using the Web to access software used to record customer transactions, including payment, marketing materials, and collection calls. "We deal with financial information about our customers, so you have to go beyond simple antivirus software for security," Alvarez said. "If employees are doing anything not work-related, they run the risk of downloading malware such as a keylogger that can be used to steal login information."
To control this, Allied Cash's point-of-sale system is IP-address-controlled at the network firewall, Alvarez said. Allied Cash only allows users to access its applications if they're coming from an approved IP address. "If someone tries to log into our site from an unauthorized IP address, they wouldn't be able to get in, even if they have a valid user name and password," he said.
Alvarez acknowledged that securing a business has gotten more complex as new offerings have hit the market. "People say security is complicated because of the different avenues they can take to protect themselves," he said. "But the best way for people to protect themselves is to start by limiting everything -- what you're going to allow out, and what you're going to allow in."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.