Security Management Strategies for the CIOAccess "Editor's Desk: Google security needs HTTPS by default"
This article is part of the July/August 2009 issue of Why privileged account management is critical to today's data security
By MICHAEL S. MIMOSO Google's credo is "Do no evil." Some of the best security minds in the industry are imploring Google to do the right thing when it comes to the security and privacy of its free email and productivity application offerings. In case you missed it, 38 security thinkers and researchers wrote an 11-page letter to CEO Eric Schmidt asking him to enable HTTPS encryption on Gmail, Google Docs and Google calendar by default. That list of 38 is a roll call of security pioneers and current thought-leaders, everyone from Gene Spafford, Steve Bellovin, Bill Cheswick and Bruce Schneier to white hats RSnake, Joe Grand and Jeff Moss. They point out that Google's current insecure default settings put the privacy of its cloud-based services users at risk. "Anyone who uses these Google services from a public connection (such as open wireless networks in coffee shops, libraries, and schools) faces a very real risk of data theft and snooping, even by unsophisticated attackers. Tools to steal information are widely available on the Internet," the letter says. ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
ISP shutdown latest cat-and-mouse game with hackers
While the 3FN.Net shutdown had limited impact on cybercriminals, it signaled that the private sector and the government are serious about illegal activity.
-
DNSSEC deployments gain momentum since Kaminsky DNS bug
DNSSEC brings PKI to the Domain Name System and prevents dangerous cache poisoning attacks. Implementation difficulties and political battles, however, keep it from going mainstream.
-
ISP shutdown latest cat-and-mouse game with hackers
-
-
Privileged account management critical to data security
Regulatory requirements and economic realities are pressuring enterprises to secure their privileged accounts.
-
Unified threat management products gaining midmarket, enterprise foothold
Unified threat management (UTM) appliances offer consolidated security services in a single, manageable firewall/VPN appliance. But purchase and use only the security options you need. Otherwise you will pay too much for the appliance and for tools that won't make your business more secure
-
Privileged account management critical to data security
-
Columns
-
Editor's Desk: Google security needs HTTPS by default
Security's leading thinkers ask Google to turn on HTTPS by default for Gmail, Docs and Calendar.
-
Align your data protection efforts with GRC
Data protection and compliance teams battle for resources but need each other to succeed.
-
Editor's Desk: Google security needs HTTPS by default
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...