Helping clients manage their technology for over 30 years.

Staying secure in a dangerous age:
Beyond reactive cybersecurity solutions

Face-down Ransomware by Quest

In my recent posts, I’ve focused on some of the top security threats faced by anyone trying to keep their business data and systems safe.

Besides app attacks, web attacks, social engineering exploits, and ransomware, there’s plenty more to be concerned about – the challenges of trusting devices and sensors that are part of the Internet of Things (IoT), breaches that steal huge swaths of “big data,” and the frightening vulnerabilities of industrial control systems.
Continue reading

Application security: As apps proliferate, so do vulnerabilities

Application Security by Quest

These days, two-thirds of all applications rely on open-source components. While open source has many virtues, it also has a key vice: once an open source component is integrated into an application, that app inherits any vulnerabilities it contains.

Further, whenever that application is referenced by other software, the inheritance of the initial vulnerability persists. The 2014 Heartbleed bug occurred in this way, and some version of this issue is likely to keep happening because most vendors don’t list all the third-party components their software relies on.
Continue reading

What you need for successful customized app development

Customized App Development by Quest

These days, a successful app saves time and enables quick and easy access to its features. It’s available anywhere and at any time with relevant contextual experiences. It allows your customer to control the interaction and offers both flawless uptime and minimal power use.

And perhaps most critically, a successful app fits both your business and your customers like a glove — something that requires app customization.

As I delineated in my last post, the payoffs can — and should — be substantial. Customized mobile apps in particular lower costs, improve employee productivity, and significantly strengthen your relationship with your customers.

Get ready for the zettabyte networking era

network management & performance

Many new technologies hold promise for your business —mobile devices, cloud computing, virtualization, big data, the Internet of Things — but they also pose challenges to your enterprise network’s performance and your ability to conduct effective network performance monitoring.

Often this is because many enterprise networks are based on outmoded models that result in performance bottlenecks as network traffic increases. Continue reading

5 Capabilities That Your Wireless Network Needs Now

wireless network management

We can’t afford to ignore the myriad of mobile devices and apps currently saturating our attention and wireless connections.

In my last post, I laid out some of the industry’s eye-popping numbers. This time, I’m offering up just one graphic (from Cisco’s recent Global Mobile Data Traffic Forecast Update) showing why you must upgrade your network infrastructure. Pronto. Continue reading

When It Comes to Security, Know Thyself

Data Security & Data Loss Prevention (DLP)

“If you don’t understand the risks, you don’t understand the costs,” security guru Bruce Schneier advised during a TED talk.

He was discussing security in the abstract — but it got me thinking about IT security in particular and the difficulty many executives face trying to determine if their organizations are safe from cyberattack.

The problem is that these conversations nearly always turn technical. Soon, a flurry of technology acronyms — confounding but apparently reassuring — begin flying around the room.

And, reports Schneier, it works. People, he says, will “respond to the feeling of security and not the reality.”

So what can a CEO do to understand the reality of security risk and grasp what the actual cost of security failure might do to the organization?  Continue reading

98% of Apps are Insecure — Here’s How You Can Protect Yours

Mobile phone with password on screen to illustrate mobile security services

Sadly, one can make the argument that if software vendors did a better job of integrating security testing throughout the development lifecycle, our current struggles with application security might be less challenging.

In fact, however, software vendors are late to the party. Their security testing tends to be tacked on to the end of development lifecycles as an afterthought, which may account for one recent study’s startling conclusions that:

  • 98% of applications carry at least one application security risk (and each risk may signal the presence of multiple vulnerabilities)
  • 80% of applications showed more than five risks
  • The average application registered 22.4 risks

Continue reading

Apps, Apps Everywhere — But How Secure Are Yours

Did you know that your applications are the most vulnerable part of your IT operations?

iPhone with lock to symbolize Cloud Security. Cloud in background

These days, problems with apps — many of them web-based apps — account for the majority of information security breaches. Over the last year or so, and going forward, application-level attacks have emerged as the preferred vector for gaining access to sensitive (and valuable) data. What’s more, the threats are becoming increasingly acute as complex web apps, as well as mobile apps, play ever greater roles in our business and personal activities.

App vulnerabilities for sale — cheap at the price? Continue reading

A Glimpse of What’s on the 2014 Tech Horizon …

Four dice showing 2013. Last die is rotating from 3 to 4 for 2014

As 2013 comes to a close, it’s time to look ahead, and a good place to start is Gartner’s top ten strategic technology trends for 2014, which point to an accelerating velocity of change that we ignore at our peril:

Continue reading

Application vulnerabilities: Closer than you think

graph showing application vulnerabilities. small version has no labels.

Consider: Last year, according to Verizon, 54% of data breaches began as attacks on web applications, and for years one type of attack — SQL injection — has been the means by which 83% of stolen records were extracted. Meanwhile, says Gartner, 25% of all DDOS attacks this year will be application-based, and an increasing portion of these attacks may actually be diversions in which the bad guys use remotely accessible malware to target user accounts (for personal data or, in the case of financial institutions, for money).
Continue reading