Browser as Attack Vector
For years, we groused about bug-ridden browsers while initiatives to harden them largely fell flat. Then one day, IT woke up to find that the browser is the new OS. Web 2.0 applications use browsers and the public Internet to create interactive interfaces and enable asynchronous collaboration, inside and outside the firewall. Google Chrome is promising to push Web-based operating systems forward, which could let businesses cut costs and infrastructure.
All types of companies are moving toward software as a service at a steady clip--55% of the strategic IT managers responding to our June InformationWeek Analytics Cloud Computing & IT Staffing Survey of 828 IT professionals are using SaaS or plan to. What all that means is, the browser is now your employees’ gateway out--and an attacker’s gateway in. IT must focus on protecting the browser from compromise without hindering functionality and derailing business initiatives in the process.
About the Author
Adam Ely is director of security for TiVo. As an InformationWeek Reports contributor, he has authored multiple research reports on data and code security. He previously led a software development group at Walt Disney Co., where he implemented secure coding standards and source code analysis processes.
Adam gained extensive experience with enterprise and cloud security while supporting applications and services for clients such as AmEx, Citi and Expedia as manager of information security with TRX. He has published numerous security vulnerabilities and papers and conducts security research with leading firms to advance threat analysis and protections.
Adam currently serves as a member of the Journal Editorial Review Committee for ISACA and sits on the advisory board for an information security consulting firm. Adam has released numerous application vulnerability advisories, authored and contributed to open source security applications, and is the co-author of the Center for Internet Security Tomcat Benchmark.
He holds an MBA from Florida State University; a BS in information technology from Capella University; and multiple certifications, including CISSP, CISA, NSA IAM and MCSE.
Be the first one to comment.