@CloudExpo Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Zakia Bouachraoui, Pat Romanski

Related Topics: @CloudExpo, Wearables, Cloud Security

@CloudExpo: Article

Cloud Usage and Worker Mobility Increase Need For Stronger Security Policies

Study Shows Remote Workers More Likely To Try Surfing Blocked and Compromised Sites

Symantec's just-released September 2010 MessageLabs Intelligence Report should give IT security managers increased concerns about telecommuters and mobile workers.  According to the report,

  • 35% of all workers exhibit potentially harmful web browsing habits when working remotely
  • Remote workers are as much as 500% more likely than office workers to visit inappropriate sites
  • Remote workers trigger six times more undetected malware attacks than office workers

As unsettling as those facts are, when combined with information posted by a Symantec security expert on her blog last June, they become even more worrisome.

"In the last two to three years, worryingly, attackers are increasingly shifting from creating new malicious websites and serving malware on them, to compromising legitimate sites.  In 2009, MessageLabs Intelligence estimated that 80% of malicious web attacks take place via legitimate, compromised sites -- sites the average user visits all the time...  In 2010 so far, using the same approach, the proportion of malicious domains that are legitimate has increased dramatically compared to last year - it's now about 90%."

In other words, when a remote worker (who is already five times more likely than his office-bound colleague to visit an inappropriate site) goes to a legitimate, but malware-compromised site (now the source of virtually all infections), his or her device is six times more likely to become infected than a desktop computer in the office.   The kinds of non-work sites that remote employees are most likely to visit compared to office workers are shown in this chart.


With ever more workers doing their jobs from outside the office and ever more corporate applications and infrastructure being delivered as web-based services in public clouds, the need has never been greater for IT management to sharpen the three prongs of their security pitchfork.

1.       Provision and maintain device-level and cloud-based policy-oriented security software

2.       Define and implement rigorous security policies governing allowable non-business sites

3.       Educate all employees in surfing security policies and the consequences of ignoring them


More Stories By Tim Negris

Tim Negris is SVP, Marketing & Sales at Yottamine Analytics, a pioneering Big Data machine learning software company. He occasionally authors software industry news analysis and insights on Ulitzer.com, is a 25-year technology industry veteran with expertise in software development, database, networking, social media, cloud computing, mobile apps, analytics, and other enabling technologies.

He is recognized for ability to rapidly translate complex technical information and concepts into compelling, actionable knowledge. He is also widely credited with coining the term and co-developing the concept of the “Thin Client” computing model while working for Larry Ellison in the early days of Oracle.

Tim has also held a variety of executive and consulting roles in a numerous start-ups, and several established companies, including Sybase, Oracle, HP, Dell, and IBM. He is a frequent contributor to a number of publications and sites, focusing on technologies and their applications, and has written a number of advanced software applications for social media, video streaming, and music education.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buyers learn their thoughts on their experience.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at Dice, he takes a metrics-driven approach to management. His experience in building and managing high performance teams was built throughout his experience at Oracle, Sun Microsystems and SocialEkwity.
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the benefits of the cloud without losing performance as containers become the new paradigm.
Transformation Abstract Encryption and privacy in the cloud is a daunting yet essential task for both security practitioners and application developers, especially as applications continue moving to the cloud at an exponential rate. What are some best practices and processes for enterprises to follow that balance both security and ease of use requirements? What technologies are available to empower enterprises with code, data and key protection from cloud providers, system administrators, insiders, government compulsion, and network hackers? Join Ambuj Kumar (CEO, Fortanix) to discuss best practices and technologies for enterprises to securely transition to a multi-cloud hybrid world.