As security professionals, it's our responsibility to maintain awareness about the goings on within the security space. It might include doing our research and reading all the publications, or emails from friends, colleagues and even family. For those who fancy a bit more organization, maybe just crawling LinkedIn, Reddit, or Google Alert feeds on a daily basis. In any case, you're bound to come across a litany of articles about security vulnerabilities, strategies, and threats. The most recent collection of interesting tidbits are those relating to the backdoors identified in some of the top firewall technologies (Juniper, Fortinet, and possibly others). I found myself scrolling through my own LinkedIn feed while waiting on the tarmac returning from a recent trip, when I received another email about the latest backdoor issue. Since I had nowhere else to be for the next few hours, I decided this was a good time to try and wrap my head around it all and maybe discern more than just a little ammunition for the obligatory security small talk at the next industry event. So with the hum of jet engines and the faint glow of the overhead cabin lights, I went to work.
As cloud adoption and mobility efforts are rapidly rising, methods in which to access corporate resources and data (and the devices used to access them) have increased at an exponential rate. Left unchecked, this ubiquitous style of access can soon evolve to an unmanageable state and introduce far more risk due to the inherent complexity. When factoring in the Human Element, it is becoming more and more evident that people matter just as much as technology. If organizations are to successfully (and consistently) mitigate these risks across multiple planes, it is imperative that Security teams move beyond only focusing on the technological controls and begin to develop a culture of security-aware employees who can effectively act as an extension of your security program, rather than a threat to the organization.
The breaking news of the Stagefright vulnerability that could allow hackers to silently and completely take over any of the 950,000 Android devices on the market has got to give us, as enterprise IT and security professionals, pause to ask again how much we can trust even our own company’s employees.
After first learning of Soha nearly a year ago, I immediately began thinking about how they addressed many of the challenges I was currently facing in exposing internal (campus-type) applications to my BYOD Enterprise Users (e.g. Jira, Confluence, Dashboards, IM, etc.). As the months passed and “cloud” utilization conversations resumed to potentially include sensitive customer-facing applications/data, I frequently asked myself, “Would Soha work for this too?” As it turns out I was not the only one asking this question. When I finally circled back with Soha to see what was new, I was surprised to see just how much progress had been made against what I had hoped Soha would develop, and the speed in which it was brought to release.