Linux has come a long way since its humble beginnings as Finnish student Linus Torvalds’ pet project. With over 27.8 million lines of code to its name and its rise as the OS of choice for servers, public cloud, and supercomputers, Linux has earned an unmistakable spot among the top operating systems in the world today. Not only that, but the world’s most popular mobile operating system, Android, also uses a Linux kernel.
In the workplace, Linux has long been developers’ go-to OS in the workplace and has fared better in the technical rather than the business environment. However, with most organizations now requiring an IT department and digitalization efforts pushing them to develop their own tools and applications often to serve their particular needs, many company networks now include computers running on Linux.
Add to this its cost-effectiveness – it is, after all, free – and what is considered increased security with zero effort, and it shouldn’t come as a surprise that many organizations are turning to Linux and its many distributions, from Debian, Centos, and Ubuntu to Red Hat’s Rhel and Microsoft’s CBL-Mariner. But while its status as one of the world’s biggest open-source projects is undeniable, its rumoured invulnerability is a misleading myth. Let’s look at what data security looks like on Linux and the often-exaggerated claims that accompany it.
- Because it’s open-source, Linux is more secure
The number of contributors to Linux’s source code is staggering: over 15,000 developers from approximately 1,500 companies have contributed to it since 2005. The assumption is that, with so many developers working on the code, the chance of vulnerabilities and bugs being detected is high. However, because Linux is a community-based project and all developers can contribute to it, it does not mean they are security experts or aware of the latest security issues to look out for.
This essentially means that the Linux system, like all OS, is not foolproof. With its millions of lines of code and numerous Linux distros, developers are likely to overlook security holes as much as any other programmers working on better-known operating systems. Thus, dismissing security concerns simply because your employees are Linux users can be a dangerous misstep. Therefore, it is important that organizations put advanced security measures in place for Linux as well.
- There are no Linux viruses and malware
Because of its relatively modest desktop market share, many believe Linux is free from the threat of viruses and malware that plague Windows and, to a lesser extent, Unix-based macOS. However, its popularity as an OS for web servers and supercomputers has drawn the attention of cybercriminals looking to do serious damage or deploy cryptocurrency miners on servers.
From the SpeakUp backdoor Trojan used to attack Chinese Linux servers earlier this year to the recurring plague of Mirai, there are enough threats to Linux security to call into question the myth of its invulnerability. Companies, therefore, need to ensure that their endpoints running Linux also have cybersecurity software such as antivirus solutions and firewalls installed and a clear plan of action in case of a cyberattack.
- Linux makes data protection a breeze
Due to the reduced risk of cyberattacks and the limited number of hackers willing to waste their time breaking into a Linux-running computer, data on them is believed to be more secure and, therefore, easier to protect.
As such, often, when it comes to data protection, the main problem is not so much the relentless attacks of outsiders but the negligence of insiders that puts sensitive information at risk. A third of all data loss, in fact, occurs because of careless employees. Essentially this means that data is vulnerable because of computers’ own authorized users rather than the operating system they are running on.
Everything from accidentally sent emails and forgotten USB drives to information copy-pasted onto public forums or uploaded onto insecure third-party cloud services can happen whether someone is a Linux, macOS, or Windows user. For this reason, companies must not neglect data loss prevention measures and look for products that support their Linux distribution of choice.
Data security is no longer optional
Nowadays, companies are advised to protect their customers’ sensitive data to avoid any reputation damage or bigger losses. Companies choosing Linux must therefore be aware that, despite the myths that paint Linux as an invulnerable operating system, it is, like all software, subject to vulnerabilities that outsiders and, more worryingly, can exploit, can easily fall victim to the biggest threat to data security of all: plain human error.
Authored Article by:
