Helping clients manage their technology for over 30 years.

What is the role of security in application development?

Unlock the Keys to Application Development

The majority of developers are not security experts, and secure coding is historically not identified as a priority. Oftentimes, the arduous task of vulnerability identification and remediation cannot be successfully addressed by limited IT security resources.

Look for an app development services provider who offers a time-saving solution for all types of security testing — outsourced, individual, and enterprise-wide analysis — and for all types of users, including application developers, build managers, Quality Assurance (QA) teams, penetration testers, security auditors, and senior management.

Continue reading

The Dangers Confronting Data in Motion

visual depiction of data files flowing through a desktop computer

Last time, I looked at some of the security issues related to employee mobility, which focused mainly on devices like smartphones and tablets and how people use them.

But smartphones and tablets aren’t the only mobile devices business leaders need to worry about. Consider:

  • USB malware is gaining momentum — so flash drives and other USB-connected devices can become malware vectors.
  • Hackable RFID and radio frequency channels create voicemail vulnerabilities and enable call interception.
  • RAM scraping exploits moments when sensitive encrypted data is unencrypted in browsers, smartphones, point-of-sale system memory, etc.

Continue reading

The Dark Side of Employee Mobility

Closeup of woman entering information on her mobile phone.

Late last year, market researcher IDC reported that by 2015 more U.S. Internet users will access the Internet through mobile devices than through PCs or other wireline devices. Judging by the eager embrace of smartphone and tablets since then, I’d guess their prediction may be conservative.

And unquestionably, this kind of mobility in business is a game-changer both in terms of how we do business and how we do information security.

Continue reading

Security in the cloud: What you need to know

Cloud icon with a lock to represent Cloud computing security

Cloud computing gets immense attention these days as a profound agent of change affecting how IT serves the business. In particular, Cloud computing has begun the untethering of employees from their desks and their offices. Because the mobility of today’s, and tomorrow’s workforce cannot happen without the Cloud.

Yet worries about Cloud security abound, and for good reason: Cloud computing that involves processing sensitive or regulated data in shared environments needs extra scrutiny in terms of security (as well as codifying requirements, defining a cloud services contract, managing the transition from in-house to cloud, and overseeing the resulting mixed IT environment).

Continue reading

Securing your virtual environment

Securing Virtual Cloud Environment

Odds are your IT environment is somehow engaged in virtualization — either directly in your data center or indirectly via the service providers you’ve engaged.

But how much have you — or your IT people — thought about virtualization security? This matters more than you may think. One Gartner analyst has estimated that 60% of virtualized servers will be less secure than the physical servers they’ve replaced.

Continue reading

Think it can’t happen to you? Think again

Target with a cluster of bullet holes around the bulls eye.

Two kinds of security threats have emerged of late that need special attention, even if you’re running a small enterprise: Targeted zero-day attacks and advanced persistent threats.

Targeted zero-day attacks
Microsoft’s recent Internet Explorer security flaw (see my last blog post) is a fine example of a zero-day attack. The attackers got their edge from speed, since reactive countermeasures that depend on threat signatures — such as patching and tools like antivirus software and intrusion prevention — couldn’t be updated fast enough to halt the flaw.

Continue reading

The importance of IT security vigilance

Importance of Managed IT Security

Last September 18th, Germany’s Federal Office for Information Security warned that nation’s population not to use Internet Explorer because of an IE security flaw “is already being used for targeted attacks” designed to lure users to an infected website which, when visited, allows hackers to take control of the user’s computer. Soon after, the Swedish government issued a similar warning.

Even worse, Microsoft was not immediately able to fix the problem. First came a temporary patch, said to be less that complete.

Continue reading

How to get the precise Cloud capabilities you need — affordably

Customized Cloud Computing Services

When you find a Cloud services provider who’s able to precisely design and customize Cloud capabilities to address your organization’s unique needs, you can begin down the path to achieving the flexibility, scalability, cost reductions, efficiencies, redundancy, and disaster recovery protections you need. And you can do it without overspending on overcapacity.

In particular, a services provider who will customize your Cloud services can address your security concerns with an over-arching services contract and service-level agreement (SLA) that’s explicitly written for your business.

Continue reading

5 DaaS FAQs — and the answers worth noting

FAQs on Desktops as a Service (DaaS)

These are some of the most common questions I get asked about Desktop-as-a-Service — and here are my answers.

  • Q. What end-user devices can we use to access our virtual desktops?
    A. Quest’s DaaS lets you use just about all of them: Any Wintel or Mac computer or laptop, iPhones, iPads, Android phones, and Android tablets. It even works on a Kindle Fire.
  • Continue reading

Do you need DaaS? 5 hints to look out for

5 Capabilities To Look Out for in a DaaS Solution

I saw a sign recently with these six words: Change, of any sort, requires courage.

Change can be so difficult that sometimes we’d prefer to convince ourselves that it’s unnecessary. If it ain’t broke, don’t fix it, right?

But how do you know it ain’t broke? Complex systems and (infra)structures often fool us with their own forms of what amounts to landscape amnesia: By inches, conditions deteriorate, and this happens so slowly and in such small increments that we do not notice.

Continue reading