Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the hcaptcha-for-forms-and-more domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114
Security Measures That Must Be Considered
Monday, November 25, 2024

Trending Topics

HomeTechnologySecurity Measures That Must Be Considered

Security Measures That Must Be Considered

spot_img

Innovation Security Measures That Must Be Considered Oleh Svet Forbes Councils Member Forbes Technology Council COUNCIL POST Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based) Jun 10, 2022, 07:30am EDT | Share to Facebook Share to Twitter Share to Linkedin Oleh Svet, Chief Delivery Officer at Computools .

getty If we want to create a quality product, it’s essential to make it secure at its core. Most applications fall under the General Data Protection Regulation and Personal Data Protection Act, following country laws where the product is distributed. Security must be ensured from the very start of a project through to testing and release.

How Cloud Providers Deliver Security This is about hardware security and physical access protection. When someone buys a cloud service, they expect by default that the cloud provider will be responsible for maintaining its infrastructure and security. However, there isn’t a way to block hacking attacks 100% of the time.

In many cases, a cloud provider can ensure performance. Therefore, a particular cloud provider deals with the security of its own cloud, which means the provider is only responsible for making sure its hardware functions properly and updates are performed as needed. From a technical point of view, the provider ensures the two main parameters of the cloud: stability and performance.

In terms of information security, the provider can confirm the quality of its security management processes with a certificate of compliance, which is advisable to verify and study before signing a contract on the provision and use of services. How Cloud Providers And Development Teams Collaborate When It Comes To Security The domain of security is wide and involves many departments and professionals. DevOps, together with the service provider, must pay attention to protocol protection, private and public network configuration and VPN for remote access to critical resources.

They should use SSL for secured communications on the public network to ensure that the communication channel is secure. Key and storage security is accomplished through the use of a key manager. It’s best to store access data in septal storage.

DevOps and the provider also work together to protect against DDoS attacks and flooding. MORE FOR YOU Google Issues Warning For 2 Billion Chrome Users Forget The MacBook Pro, Apple Has Bigger Plans Google Discounts Pixel 6, Nest & Pixel Buds In Limited-Time Sale Event The development team handles app security by creating authentication, authorization and permission flow protection—for instance, protection against ID/token matching, protection against unauthorized operations, CSF protection, protection against SQL and XSS injections, and protection against KSRF attacks. The backup system needs client-side protection, among other things.

This can be accomplished by storing data for a finite period of seven years and in more than two sources. It’s a good idea to use asymmetric cryptography to encrypt the data. How Security Is Carried Out By DevOps And Dev DevOps is responsible for the general time reference, using a synchronized time service protocol (e.

g. , NTP). AWS services for data storage are recommended, and Kubernetes and Docker for DevOps flow configuration security.

Security at the code level is apparent (performed by DevOps and headed by the technical director of the developer company) by automatically inspecting the code in the CI/CD flow and then reviewing it. The development team has to be concerned about protecting users’ credentials. The best way is to store the passwords in two salt and hash formats.

The hashing function converts passwords into a chaotic set of characters and numbers that should not be reversible back into a password. To ensure the protection of user sessions, the team must use server-side tokens with a trusted source in private network storage. I recommend using tokens with a limited validity time, storing the date that the token was created and tracking changes.

The security of the user/administrator rights system is also the team’s responsibility. Only the required capabilities for each role should be provided here. The flow’s login requirements for users/administrators should be confidential (e.

g. , the amount of money in wallets and additional permissions). To secure a system’s service access rights using private network access for internal services, system access tokens in the internal network for inter-service communication and SSL in the private network are standard practices.

Storing sensitive data in a separate repository is recommended. For instance, store financial transaction data using the event search method—encryption for critical data. The team is responsible for collecting and storing logs to the essential system points.

Log-based notification systems need to be used in this case. Developers and DevOps engineers are also responsible for the choice of software, setting up up-to-date versions without security loopholes and monitoring information about possible security issues as well as needs for updates. How To Increase Staff Awareness On Security Measures To build protection at the UX level, you need to educate users and make them aware of social engineering schemes such as phishing.

Teach them not to click on unknown email links and to always double-check the URL domain before entering login details. Nondisclosure agreements between the performing team and the client are highly recommended as well as an NDA between the implementer and the implementer’s staff. Also, the smart decision is to make sure everyone involved is acquainted with the security policy and that all of its clauses are understood.

Digital security is at the heart of any digital business. It must be ensured at all levels and on three sides: cloud providers, team and customers. Always read service contracts carefully and demand compliance.

Instruct your employees about the importance of following all security rules. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify? Follow me on LinkedIn .

Check out my website . Oleh Svet Editorial Standards Print Reprints & Permissions.


From: forbes
URL: https://www.forbes.com/sites/forbestechcouncil/2022/06/10/security-measures-that-must-be-considered/

DTN
DTN
Dubai Tech News is the leading source of information for people working in the technology industry. We provide daily news coverage, keeping you abreast of the latest trends and developments in this exciting and rapidly growing sector.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

Must Read

Related News