According to one expert, U.S. enterprises lose $1.2 trillion each year from IT failures. Although this figure gets debated, everyone agrees it’s a whole lot of money.
Sadly, one can make the argument that if software vendors did a better job of integrating security testing throughout the development lifecycle, our current struggles with application security might be less challenging.
In fact, however, software vendors are late to the party. Their security testing tends to be tacked on to the end of development lifecycles as an afterthought, which may account for one recent study’s startling conclusions that:
- 98% of applications carry at least one application security risk (and each risk may signal the presence of multiple vulnerabilities)
- 80% of applications showed more than five risks
- The average application registered 22.4 risks
Did you know that your applications are the most vulnerable part of your IT operations?
These days, problems with apps — many of them web-based apps — account for the majority of information security breaches. Over the last year or so, and going forward, application-level attacks have emerged as the preferred vector for gaining access to sensitive (and valuable) data. What’s more, the threats are becoming increasingly acute as complex web apps, as well as mobile apps, play ever greater roles in our business and personal activities.
App vulnerabilities for sale — cheap at the price? Continue reading
As I detailed in my last post, file sharing/syncing is quickly transforming how, where and when we work by making our apps and data available and usable on any Internet-connected device. Even if your organization doesn’t have an enterprise-grade file sharing/syncing capability in place, odds are your employees have attempted to make their lives easier by implementing their own consumer-grade alternatives. Continue reading
As we venture into 2014 expect to hear a lot more about file sharing/syncing. Not surprising given that 25% of information workers now use file sync and share services in their jobs, according to Forrester Research — up from just 5% in 2010.
Anywhere, Anytime, Anyone
And I believe those numbers will continue to climb. Despite sounding mundane, file sharing/syncing (thanks to the cloud and BYOD) has begun to significantly reshape how we work with each other. By making files, documents and application data available and usable on any device, file sharing/syncing empowers employees to work anywhere, anytime, with anyone — using whatever device is at hand.
Lest you decide to discourage such behavior, consider that BYOD provides more than eight hours of additional productivity per week as a BYODer normally works beyond the time-and-place parameters of the traditional office.
As 2013 comes to a close, it’s time to look ahead, and a good place to start is Gartner’s top ten strategic technology trends for 2014, which point to an accelerating velocity of change that we ignore at our peril:
If yours is like most businesses these days, many of your employees use their own smartphones, tablets and/or laptops to do their jobs — and the numbers are climbing fast as more people go mobile. Pew Research Center reports that as of May 2013, 56% of American adults have a smartphone and as of September 2013, 35% own a tablet.
If you’ve gotten this far through 2013 without an information security breach, count yourself fortunate. According to a recent survey by PwC, CIO magazine, and CSO magazine, security incidents have increased 25% over the last year. The financial costs of these incidents have climbed, too — by 18%.
The PwC/CIO/CSO survey points to three culprits: new hacker strategies, the bring-your-own-device (BYOD) trend and cloud computing. And it warns that too many organizations have not changed their security stances, leaving themselves dangerously vulnerable to new kinds of threats.
Late last month, LinkedIn launched a new service called Intro that, in a matter of days, has added plenty of fuel to the convenience vs. security-and-privacy fires.
You see, LinkedIn Intro dangles the carrot of public cloud convenience: By showing LinkedIn profiles in the iPhone/iPad Mail app, Intro instantly delivers up all manner of info about the unfamiliar name appearing in your inbox — what the sender looks like, what he does, where he’s based. And it works both ways — for mail received and sent.
As the virtues of cloud-based data backup and disaster recovery/business continuity become increasingly apparent, it’s important to remember that moving some or all of your backup and DR functionality to cloud services involves more than a quick signup.
Here are eight cloud DR best practices that can make the difference between success and failure: