Today, Java is part of nearly every organization’s ‘standard’ desktop image, often used for mission-critical business applications. And Java usage is prevalent beyond with the enterprise as well. Oracle claims more than 3 billion devices are running Java globally. That large target population is very attractive to hackers and can leave your IT environment exposed.
Java has a long history of security vulnerabilities and in 2014 alone there were 133 reported vulnerabilities, resulting in roughly 25 updates each for Java 7 and Java 8. Most of those updates were delivered in quarterly update packages, but several critical vulnerabilities required updating every few weeks to remain fully secure. This represents a major drag on your IT resources to keep pace.
What it took in the early days to keep pace with Java updates when they ran as standalone Java applets running directly on client operating systems, is very different today. Developers have shifted their focus to web-based applications built on the Java Runtime Environment (JRE) and run in a browser. These web-based Java applications share many similarities with standalone Java applets, but they must be packaged and delivered differently for the web. This results in a variety of compatibility and security issues caused by JRE incompatibilities from version to version and by unlimited threat vectors on the web. Despite these challenges, Java application development remains incredibly common within medium and large organizations.
In response, most information security organizations have pressed for regular internal updates to Java versions on end user PCs. This creates challenges for most organizations with change management processes and application compatibility. While these to challenges are often linked, they are distinct issues. Our new whitepaper Managing Java Security in the Enterprise will overview each challenge individually. In addition it will provide you with detailed guidance for managing Java security in your enterprise using a combination of sound security practices and Browsium’s browser management platform.
Learn more about this vital topic by downloading Managing Java Security in the Enterprise. We hope it helps you understand how to effectively deal with Java without compromising compatibility, security, or your change management process.