Helping clients manage their technology for over 30 years.

IT Security in 2014: Challenges and More Challenges

Glass chess pieces

Information technology has become a business essential. We’ve reached the point where our ability to thrive and succeed depends on key software apps and the technology (wherever it may be) that runs them, our access-from-anywhere to the Internet, and our ability to gather and analyze troves of digitized data.

The easiest targets
So important are these capabilities that we often put them into use before we’ve figured out the myriad of ways they’re vulnerable to those with malicious intent. And while smaller enterprises used to be able to escape the worst of these vulnerabilities simply by slipping beneath cybercriminals’ radar, those days are gone.  Continue reading

Why cloud DR pays off in a mission-critical IT world

Shield on a cloud to illustrate Cloud Security

Not so long ago, the best way to assure your organization would survive a major disruption involved building — and continuously paying for — a dedicated recovery site. Like so many early-generation IT solutions, this one was unaffordable for most smaller businesses.

Happily, the very technologies that generate disruption-causing complexity (see my last post) also provide the kinds of cost-effective capabilities, such as real-time replication and managed disaster recovery services, that today’s heavily mission- and business-critical IT environments require. Continue reading

When It Comes to Security, Know Thyself

Data Security & Data Loss Prevention (DLP)

“If you don’t understand the risks, you don’t understand the costs,” security guru Bruce Schneier advised during a TED talk.

He was discussing security in the abstract — but it got me thinking about IT security in particular and the difficulty many executives face trying to determine if their organizations are safe from cyberattack.

The problem is that these conversations nearly always turn technical. Soon, a flurry of technology acronyms — confounding but apparently reassuring — begin flying around the room.

And, reports Schneier, it works. People, he says, will “respond to the feeling of security and not the reality.”

So what can a CEO do to understand the reality of security risk and grasp what the actual cost of security failure might do to the organization?  Continue reading

Look What’s Really Causing IT Disasters


According to one expert, U.S. enterprises lose $1.2 trillion each year from IT failures. Although this figure gets debated, everyone agrees it’s a whole lot of money.

These losses — and the downtime that triggers them — tend to be caused by the mundane rather than the spectacular, as recent Forrester/Disaster Recovery Journal research shows: Continue reading

Apps, Apps Everywhere — But How Secure Are Yours

Did you know that your applications are the most vulnerable part of your IT operations?

iPhone with lock to symbolize Cloud Security. Cloud in background

These days, problems with apps — many of them web-based apps — account for the majority of information security breaches. Over the last year or so, and going forward, application-level attacks have emerged as the preferred vector for gaining access to sensitive (and valuable) data. What’s more, the threats are becoming increasingly acute as complex web apps, as well as mobile apps, play ever greater roles in our business and personal activities.

App vulnerabilities for sale — cheap at the price? Continue reading

10 Information Security Best Practices You Can be Thankful For

Shield in front of folder. Illustrated the idea of Information Security provided by Quest

If you’ve gotten this far through 2013 without an information security breach, count yourself fortunate. According to a recent survey by PwC, CIO magazine, and CSO magazine, security incidents have increased 25% over the last year. The financial costs of these incidents have climbed, too — by 18%.

The PwC/CIO/CSO survey points to three culprits: new hacker strategies, the bring-your-own-device (BYOD) trend and cloud computing. And it warns that too many organizations have not changed their security stances, leaving themselves dangerously vulnerable to new kinds of threats.

Continue reading

CEOs in the Crosshairs

Writing hand in crosshairs

When it comes to security breaches, CEOs stand in the crosshairs. More than their IT staffs, it’s a CEO who’ll take heat for a breach that exposes customer data or endangers relationships with business partners.

So, unlike plenty of other IT issues that don’t require C-level attention, information security ranks right up there alongside financial issues as something with which CEOs need to be familiar. Yes, information security can be daunting, but so are financial statements — and CEOs have to sign off on those.

Where to start? Here are three questions every CEO should be able to answer: Do you know who your security expert is? Do you have a security policy? Do you understand how it’s implemented, managed, enforced, monitored?

Continue reading

Cloud Computing best practice: Backup your data!

Diagram drawn on chalkboard showing the connection of Cloud Computing to laptops, tablets, desktops, etc.

If you’ve ever suffered a data loss, you know how critically important data backup and retrieval capabilities are.

I’m here to remind you that this importance does not diminish when your data (or apps) reside in a Cloud. Nor should you simply assume your Cloud provider automatically backs up your data and apps.

Continue reading

Cloud Computing best practice: Understand available Cloud capabilities

Various cloud icons - cloud in center surrounded by monitors, laptops, etc

I’ve posted before about Cloud computing best practices, and I’m doing it again now (and for the next several posts) for a couple of reasons:

  1. Cloud computing continues to (quickly) evolve, and while some Cloud best practices stay more or less constant, others must be adapted to keep pace,
  2. Cloud success depends on adhering to best practices — so there’s no such thing as talking too much about them or the order in which they should be applied.

Continue reading