Helping clients manage their technology for over 30 years.

Corporate data loss: How bad is it? (Part 1 of 2)

Loss of Sensitive Corporate Data

In the wrong hands, the sensitive data your business depends on becomes a weapon wielded against it. And it’s happening more often every day.

Reports of intellectual property theft and hacktivism abound, and 2011 has been widely described as “the year of the data breach.”

It’s not hard to see why.

In 2011 alone, according to the nonprofit Online Trust Alliance, 126 million data records were compromised in the United States.

Continue reading

Security holes that’ll keep you up at night: Sensitive data in the cloud

Factors impacting Cloud Security

Cloud computing that involves processing sensitive or regulated data in shared environments needs extra scrutiny in terms of security (as well as codifying requirements, defining a cloud services contract, managing the transition from in-house to cloud, and overseeing the resulting mixed IT environment).

Cloud security is at risk when…

  • You don’t have an adequate cloud-oriented governance/risk/compliance framework,
  • The hypervisors in your virtualized infrastructure harbor vulnerabilities that can be exploited,
  • It’s possible to infer information about one virtual machine by observing the state of the shared system from another aspect of the underlying system — which might enable malicious code execution, or
  • When vulnerabilities are introduced by incorrect configuration of a hypervisor and/or its related tools.

Continue reading

Security holes that’ll keep you up at night: Insecure virtual machine deployment

Vulnerabilities of Virtualization

Rare is the information technology professional these days who doesn’t understand the prodigious efficiencies and savings that can be derived from virtualization. Yet, too often virtual machines are deployed insecurely. One Gartner analyst has estimated that 60% of virtualized servers will be less secure than the physical servers they replace.

That’s because too often virtualization projects tend to be developed and deployed without considering security. This can result in vulnerabilities that enable bad guys to compromise the hypervisor/ virtualization layer (e.g., DoS attacks), which can spread to all hosted workloads.

Continue reading

Security holes that’ll keep you up at night: Advanced persistent threats

Impact of Advanced Persistent Threats on IT Security

Malware comes in many flavors. I’m focusing now on one of the most pernicious, advanced persistent threats (APTs), because these frequently use the techniques of zero-day attacks  to remotely manipulate a system while remaining virtually invisible to standard defenses.

Continue reading

Security holes that’ll keep you up at night: Managing the use of social media

Managing the use of Social Media

The ever-richer user information on social media presents an irresistible opportunity for ‘fraudsters.’ Because it’s so easy to research a target online, attackers have developed very effective masquerading and social engineering tactics that can fool even the most sophisticated users.

Continue reading

Security holes that’ll keep you up at night: Doing some data breach math

Data Breach Threats Faced By Business IT Infrastructure

Over the last few weeks, I’ve taken a look at what you can do to boost your organization’s IT security. But it occurs to me that maybe I’ve put the cart before the horse.

So I’m going to spend the next few weeks delving into the sort of threats your business’s IT infrastructure faces. And I’m going to start with data breaches and the most recent big-headline example: Zappos (parent company is Amazon.com), which last month admitted it suffered a data breach that compromised 24 million customer accounts.

Continue reading

Quest’s 10 ways to boost business IT security in 2012: #9 and #10

Ways to boost Business IT Security

For quite some time, small and midsized businesses dared to feel safe from most malicious attacks — thanks to their relative smallness. Over the last couple of years, that’s been changing, because larger firms are tightening defenses and, as I’ve said before, the bad guys exploit opportunity.

Which is why shoddy IT security is a wide open opportunity for hackers to rip you off.

So I’m finishing our list with two elements easily overlooked as you face the hassles of keeping up with criminal creativity.

#9 Educate your employees about security

Continue reading