New Report Outlines Dangerous Security Threats Posed By Web-Based Desktop Search Products
Posted on: Wednesday, 31 October 2007, 06:00 CDT
Enterprise, government and consumers are embracing technology that moves data off the desktop and into 'the cloud' without considering the inherent privacy and security risks, according to a report released recently by homeland and national security experts, the Civitas Group.
In their report entitled, 'Managing the Technical, Business, and Legal Concerns with Sensitive Data in Enterprise and Federated Networks', the Civitas Group describes the issues associated with web-integrated desktop search applications and recommend the proactive steps CIOs can take to manage the risks of inadvertent disclosure of sensitive or legally protected data.
The integration of the web and desktop search products is creating a perimeter-less environment that unknowingly allows for third parties to gain full access to data on the desktop. In this environment, users must assume that every word typed and saved on their computer can be read and accessed by others.
This has potentially significant repercussions for government departments and agencies that host vast troves of privileged and legally protected information. For CIOs whose responsibility it is to guard proprietary, citizen, patient, or customer data, allowing staff to use web-based desktop search products may be a violation of federal, state and international privacy laws.
"CIOs must take immediate action. The adoption of web-based search products must be balanced with the correct stewardship of sensitive information. Products that integrate desktop search and web search can house vulnerabilities within their architecture that allow malicious websites access to documents on users' machines," said Rick Gordon, a Civitas Group Principal, and the main author of the report. "This is not something that can be patched up. The only remedy right now is to simply not use it."
The report includes a case study of one of the major commercially available applications that integrates web search with desktop search in which both desktop and internet results are displayed in a single, integrated findings page. The utility of this type of feature is outweighed by the security risks. Government agencies and other organizations such as colleges and universities or healthcare facilities that have a legal obligation to protect data privacy can be especially at risk of running afoul of the law and harming consumers should a breach occur.
As awareness of these risks grows, many government, healthcare and university CIOs around the world have already implemented policies that prohibit the use of such technologies.
The report calls for providers and users of web-integrated desktop search products to follow security best practices and provides guidelines for CIOs to follow. The full report is available by request by sending an email to: Carolyn.dealey@bm.com.
ABOUT THE CIVITAS GROUP:
Civitas Group llc is a strategic advisory and investment firm serving the homeland security market. Civitas clients include Fortune 100 firms, leading security services providers, major technology providers, early-stage companies with promising technologies, and private investment firms, as well as governments. In an increasingly solutions-driven homeland and national security industry, Civitas helps its clients develop strategies, find partners and capital, build service platforms, and grow their businesses. www.civitasgroup.com
ABOUT THE REPORT:
The report 'Managing the Technical, Business, and Legal Concerns with Sensitive Data in Enterprise and Federated Networks' was developed by the Civitas Group. The lead authors for the report were Richard Gordon, Principal, Justin Taft, Vice President, and Anup Ghosh, IT security expert and consultant to Civitas Group. Microsoft Corp. is among the many clients of the Civitas Group and helped support this research. However, the findings and conclusions in the report are those of the authors.
Source: Business Wire
Related Articles
- Cristie Data Products Wins Exclusive With NetEx for HyperIP High-Speed WAN Optimization Software
- RBS WorldPay Partners with Arsenal Security Group to Provide Merchants with a Comprehensive PCI DSS Compliance Program
- China Fire & Security Group Announces First Quarter 2009 Financial Results
- Independent Analyst Firm Recognises Finjan's Unified Secure Web Gateway Product as More Flexible, Efficient and Powerful Than Its Competitors' Solutions
- China Fire & Security Group Announces Fourth Quarter and Full Year 2008 Financial Results
- Amerex Data Products Now Available Through DTN's ProphetX Platform
- China Fire & Security Group, Inc. Appoints Four New Directors
- Verizon Business Adds Capabilities for Wholesale Customers Using Web-Based Tool to Manage Data Products
- WhereNet Forms Security Group Within Its Rapidly Growing Transportation, Distribution, and Logistics Business to Address National Maritime and Port Security Needs
- Best Data Products Completes Acquisition of Diamond Multimedia Brands and Assets
 |
 |
User Comments (0)
RSS Feeds