October is National Cyber Security Awareness month (NCSAM), the time when businesses often audit their security strategy. With new security threats emerging daily, it is imperative for businesses large and small to be continuously evolving their security measures and standards. With proper planning and processes in place security doesn't have to be scary. Whether you are the CEO trying to ensure that your companies data is secure or a developer concerned about writing secure code, embedding security into the fundamental core of your daily workflow can help to minimize security threats. Below is a compilation of security topics to consider when revisiting your security posture, as well as solutions and resources to strengthen your overall security strategy.
Writing Secure Code
If your code isn't secure, then your applications won't be either. Studies show that 60% of all vulnerabilities are due to coding error, or bugs. And while not all developers need to be security experts, all developers do need to be aware of their responsibility in writing code that reduces the chance of exploitable vulnerabilities showing up in applications.
Ensuring that your development team build security into the infrastructure of their coding processes can vastly increase the chances of finding insecure code early on in the development cycle, thereby saving time and money. Regular training sessions can help ensure that developers are consistently in the know regarding the latest vulnerabilities and software available to help test for secure code.
To learn more on building secure code into the foundation of your process, or secure coding fundamentals in general visit the links below.
Encrypting Your Data
Ensuring that your data is secure is an important part of an overall security plan. CenturyLink and Server General have partnered together to make encryption fast and easy. Server General allows customers to encrypt a cloud database or file server quickly and easily using key management. Using this service, installing, configuring, and encrypting a database can take as little as 30 minutes. The service works with most database servers like MongoDB, CouchDB, MySQL, PostgreSQL, Apache, or Samba, including ones that store sensitive and regulated information.
To learn more about encrypting your sensitive data visit our Knowledge Base article.
Docker and Security
While Docker and container based technology continues to grow, so does the security risks behind utilizing them. While pushing to public Docker repositories can be convenient, it can also cause security issues.
Dealing with passwords, private keys, and API tokens in Docker containers can be tricky. Just a few wrong moves, and you'll accidentally expose private information in the Docker layers that make up a container. For more information on ways to securely use Docker, you might want to check out the tutorial below.
Securing Your Data
Getting hacked can negatively effect your business in various ways. It can cost your business money due to downtime, loss of secure data, legalities, and damage the reputation of the business. One way to secure your sensitive data is via strengthening authentication policies. By adding multi-layered authentication options that require user interaction before granting access, organizations have the ability to add significant levels of security to protect their data from hackers and prevent unauthorized access.
FlexSecure has integrated their authentication technology on the CenturyLink Cloud platform. FlexSecure is a context-based Authentication-as-a-Service API platform, providing passwordless and pin-based authentication. This enables organizations of all sizes to choose, or mix and match appropriate user authentication methods to protect and secure their data sources on their cloud, mobile, and IT infrastructures.
Watch this short video to learn how you can enhance your cyber security with FlexSecure.
There are many aspects to a robust security strategy. Even the most robust security plan needs to be reviewed and updated often. Training, sharing knowledge, implementing security into daily practices, and planning are all keys to a successful security future for your business. For more information on security, visit these resources.