Spending on cloud computing is growing faster than any other form of IT spending, with organisations of all sizes looking to reap the benefits of cost savings, flexibility, increased productivity and more. In particular, the use of software as a service (SaaS) is becoming mainstream. Where organisations are reluctant to embrace cloud services, the reason is often owing to concerns over security, especially since many SaaS offerings mean that an organisation’s data processing and storage, much of which is data sensitive to the organisation, is handed over to the service provider.
However, cloud computing models can actually provide a more robust and effective level of security than technology deployed and managed in-house. For example, mitigation against the latest threats can be pushed out to all users of the service simultaneously, removing the need for patches and updates to be deployed by IT administrators to all users of the service. This also provides the assurance that all devices connected to the service are up to date in terms of their security posture.
Beyond threat mitigation, cloud delivery is suitable for a wide range of security services, from basic needs, such as malware protection, to advanced security services such as vulnerability management, security monitoring, policy compliance, and application security and testing.
As well as accessing security services, organisations will also benefit from the service provider taking responsibility for many aspects of security as it must, itself, have developed a highly secure infrastructure in line with best practice and good governance objectives. These incorporate a wide range of security controls and can attest to the quality and security of its services through management reports and audit trails.
Fran Howarth has recently published a new report that examines how the use of cloud computing can actually improve security, as well as discussing the issues and challenges that remain, including liability, contracting and SLA terms and conditions, data centre infrastructure, auditing and certification, and the need for further standards development. Download the report: Best practices in cloud security.
It is predicted that by the end of 2012 there will be more mobile phones and smartphones than people in the world. Along with this trend is a trend for mobile platforms to be the preferred gateway to the Internet. A mobile smartphone, or a tablet, plus a wireless Internet interface has become the easiest and most cost effective way of getting online. It is being chosen by the young (no need for a fixed line), citizens of the emerging countries (where there are often no fixed lines) and people in the UK who have not been online yet (including many with disabilities).
To support the disabled users, 2012 is going to have to be the year when mobile app developers understand the need for accessibility and implement accessible solutions.
In 2011 Apple showed the way to an accessible platform with VoiceOver (text to speech), Siri (intelligent voice recognition), Assistive Touch (for people with limited hand control who cannot use the complex gesture support), along with a variety of other accessibility features. Android 4.0 (Ice Cream Sandwich), which is just coming on to the market, has a built in Screen Reader. Microsoft Windows 8, expected later this year, has been previewed with a whole set of accessibility features. So this year all the major platforms will have accessibility built in. More needs to be done on all these platforms, especially to support those who have little or no use of their hands.
Looking at existing apps, it is clear that accessibility is achievable but it is also unfortunately easy to develop apps that are totally inaccessible. As has been the case with accessibility on the web, the problem is not with the technology but with the lack of understanding, by the procurers and developers, of the issues and needs for accessible apps. For example, the UK Met Office created a weather app, which was a disaster when used with VoiceOver, however, a new version has recently been published and it is obvious that the need for accessibility had been recognised and, in the process, the usability for all users has been improved.
Peter Abrahams, Bloor’s Accessibility Practice Leader, is a prominent voice in the accessibility community and has stated that his vision for 2012, along with many other members of the accessibility community, is to:
- Ensure that procurers and developers recognise the requirement and make accessibility the norm whilst the apps market is still young.
- Keep pressure on the platform providers to ensure that accessibility features are provided to support all forms and levels of disabilities.
Nigel Stanley, Practice Leader for Security at Bloor Research has been heads down over the past couple of years completing an MSc in Information Security with the world famous Information Security Group at Royal Holloway, University of London. Along with his day job at Bloor and Incoming Thought where he runs a security consultancy and education business Nigel was spending 1 day per week at the campus in Egham, Surrey as a student - something rather unfamiliar to him. Nigel said, "It was tough to start with as I hadn't done such formal education for years. The MSc at Royal Holloway takes a lot of effort, especially if you have a day job." He added, "Lots of people ask me why I did the MSc. I suppose it was like mountain climbing – because it’s there!"
The Masters at Holloway is made up of 6 modules and a dissertation. 4 modules are compulsory and then you are allowed to choose two electives. All of these are examinable, and Nigel sat 4 exams the first year and 2 the second year. Nigel said, "I hadn't done an exam for 25 years, so it was a trial to start with." The results are still pending but Nigel is hopeful he has passed. The second year saw Nigel complete a dissertation. "This was more my thing, and I was looking forward to it", said Nigel. Choosing a topic was a challenge as the information security field is so wide, but Nigel focussed on his core interest which is smartphone security. "Orange R+D Labs are sponsors of the Smart Card Centre at Royal Holloway and they were able to support my research into comparative security of Google and Windows Phone 7 platforms", said Nigel. The dissertation took about 4 months to complete and ended up over 18,000 words – quite a large piece of work. "One challenge was understanding how to write and reference as an academic piece of work. The formal structures slow down the process but they add real rigour to the work."
At the Royal Holloway Smart Card Centre open day in September 2011 Nigel was surprised to receive the Crisp Telecom Prize. This is an annual award to the project voted as top for that year. "The competition was tough; not only was it MSc students there were a number of PhD students as well, with some very technical research, so it was even more surprising that my work was selected. I must thank the team at Orange and my supervisor Prof. Keith Mayes for steering me in the right direction to get a good project together," said Nigel.
Alongside Nigel’s studies he has also been working with a number of interesting clients, one of which is IHS Janes the world famous defence analysis company. IHS Janes invited Nigel to take part in four webinars covering cyber warfare, cybercrime and cyber terrorism. "I have been studying these areas for a number of years, and have done some interesting research around jihadist use of the internet and smartphones. I also work actively in cybercrime investigations, so could bring some real practical experience to the webinars," said Nigel. He added, "Corporate clients care about risk, and it is good to help them quantify risk about these areas rather than them feeling that the sky is falling in after reading so much doom and gloom in the press."
Nigel continues to research, study and consult in the areas of mobile security, cybercrime, cyber terrorism, cyber warfare and information security. For more information, or to contact Nigel, please click here.