Don’t fear cloud computing, mobility, says Citrix security lead

Cloud computing and mobility have been in the headlines recently, but not for showing how enterprises use them for making huge productivity gains.

Instead they’re signs for some of insecure systems thanks after attackers stole passwords from cloud storage services and revealed celebrity images from Apple’s iCloud.

For enterprises cloud computing and mobility represent a loss of control for IT, Kurt Roemer, Citrix Systems‘ chief security strategist, said in an interview in Toronto during the company’s one-day mobility conference for customers and partners.

“However, if you’re designing for mobile and cloud as your primary use cases and that loss of control, and you have the right security on top of it to give IT back the relevant control … you wind up with a better security infrastructure that can then be applied across the enterprise.”

And while cloud and mobility are a “fact of life” for organizations, they make a lot of sense as well, he added. Saves IT a lot of money, increases productivity, makes the organization more agile. But “we need to make sure we asking the right security questions.”

He praised security guidance for cloud provider offered by the Cloud Security Alliance. Apple, Samsung and Google also offer enterprises and individuals good advice on how to secure devices, he said. “It’s probably unfortunate most individuals don’t read those,” he added.

Looking at the number of data breaches reported in the last 12 months, he agreed that there could be despair about the state of IT security. But, he added, “it’s not all bad … its helping people understand where they shouldn’t be relying on just one set of technology, that they need to have a security solution that protects their use cases, that they have multiple levels of security where it makes sense.”

Serious threats come from SQL injection and cross-site scripting vulnerabilities, which he said “are preventable problems if you’re going though and sanitizing user input” like usernames and passwords and credit card numbers into form fields. From the Web application developer’s point of view they should be treated as untrusted and scrubbed to take out bad characters and key phrases. “But often times they’re not developed that way. If applications were developed perfectly we wouldn’t have most of these problems — most because attackers are always learning new attacks.”

The biggest mistake enterprises make is “not understanding how the applications or the network can be used and abused. If IT thinks more abut what people are using it for and how use cases evolve over years they will realize you have to tailor your security solution and constantly update it so that you’re hitting evolving use cases, protecting the app and also making sure you’re keeping up with the attacks as much as possible.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs