SMAC and the Security Stack

New technologies are opening more doors for information leakage, so CIOs need to re-visit their security policies regularly, have more stringent controls over access rights and re-define authentication mechanisms

Networks are getting increasingly complex thanks to the growing usage of what’s termed as the SMAC stack, short for Social Networking, Mobile, Analytics, and Cloud.

Besides offering benefits, the SMAC stack also poses a potential information security risk for organizations, as they just open more doors for hackers to enter and cause damage.

It’s not very difficult to figure out how. Employees could post sensitive company information on social media by mistake (or intentionally). Since there’s growing usage of personal mobile devices in most offices (and outside), critical information can be leaked easily. Even if information is not leaked, chances of data loss due to device theft are always there. Analytics is all about analyzing huge volumes of data, and could become a serious risk if compromised. Likewise, cloud computing has always been under the scanner for security related concerns.

We’ll not get into the details of all the security risks posed by SMAC technologies, as there would be enough material to create a complete online portal (or books) out of it!

Instead, it’s important for CIOs to focus on preparing an overall security strategy for SMAC. The first step to this would be to identify the data that’s critical to your organization, which if stolen could jeopardize the entire business. This could be customer data, sales leads, transactional data, etc. If your company’s entire business depends upon it, then you need to take all measures to protect it.

Next look at how this critical data could be leaked over the SMAC stack. One way to prevent this leakage is to have more stringent access privileges across the organization. So study the access privileges keeping the SMAC technologies in mind and then re-align them accordingly.

Well defined access privileges would be useless if you don’t have proper password policies and authentication mechanisms. The 1.2 billion passwords that were stolen by a Russian Cyber-crime group recently from 420,000 websites is a clear indication of this sad truth. If some of those user names and passwords belong to IT admins and other key stake holders of an organization (which in all probability they do), then it would be a cake walk for hackers to steal critical company information. This problem gets aggravated further because people tend to use the same password across different online applications. This opens further doors for hackers.

Lastly, continuously review your security policies. It’s no longer sufficient to follow the earlier ‘reactive’ approach to information security. With SMAC, CIOs have to always stay on their toes to identify potential loop holes to plug.

To know more about how to frame a proper information security strategy, read our special feature in this issue on information security, where CIOs, CISOs, and industry experts talk about the relevance of information security for different industries.