Helping clients manage their technology for over 30 years.

When It Comes to Security, Know Thyself

Data Security & Data Loss Prevention (DLP)

“If you don’t understand the risks, you don’t understand the costs,” security guru Bruce Schneier advised during a TED talk.

He was discussing security in the abstract — but it got me thinking about IT security in particular and the difficulty many executives face trying to determine if their organizations are safe from cyberattack.

The problem is that these conversations nearly always turn technical. Soon, a flurry of technology acronyms — confounding but apparently reassuring — begin flying around the room.

And, reports Schneier, it works. People, he says, will “respond to the feeling of security and not the reality.”

So what can a CEO do to understand the reality of security risk and grasp what the actual cost of security failure might do to the organization?  Continue reading

CEOs in the Crosshairs

Writing hand in crosshairs

When it comes to security breaches, CEOs stand in the crosshairs. More than their IT staffs, it’s a CEO who’ll take heat for a breach that exposes customer data or endangers relationships with business partners.

So, unlike plenty of other IT issues that don’t require C-level attention, information security ranks right up there alongside financial issues as something with which CEOs need to be familiar. Yes, information security can be daunting, but so are financial statements — and CEOs have to sign off on those.

Where to start? Here are three questions every CEO should be able to answer: Do you know who your security expert is? Do you have a security policy? Do you understand how it’s implemented, managed, enforced, monitored?

Continue reading

Essentials to business disaster preparedness — #2: Use data loss prevention technology

Data Loss Prevention Solutions

If you don’t know much about your data, backing it up can be a challenge. Important data can be missed if it’s been squirreled away in some obscure location. And corrupted and/or hacked data can be taken as legitimate, backed up, and given an opportunity to re-infect other data and apps.

Fortunately, it’s a challenge that can be met with data loss prevention solutions that…

Continue reading

Curing Those Security Blues

Are you suffering from security fatigue? Find yourself getting irritated when your IT folks bring up yet another security issue? You’re not alone. Lately I’ve been witnessing a good deal of security fatigue in the executive suite, and I’m not surprised.

Truth is, security remains a never-ending process. The easier we make it to move data, the more vulnerable it is to loss or theft. In fact, our Page 1 story this issue on Data Loss Prevention is all about how easy it is for too many employees to make off with sensitive, proprietary information.

Continue reading

Quest’s 10 ways to boost business IT security in 2012: #9 and #10

Ways to boost Business IT Security

For quite some time, small and midsized businesses dared to feel safe from most malicious attacks — thanks to their relative smallness. Over the last couple of years, that’s been changing, because larger firms are tightening defenses and, as I’ve said before, the bad guys exploit opportunity.

Which is why shoddy IT security is a wide open opportunity for hackers to rip you off.

So I’m finishing our list with two elements easily overlooked as you face the hassles of keeping up with criminal creativity.

#9 Educate your employees about security

Continue reading

Essential SLA Elements #3 and #4: Monitoring, enforcement, and change mechanisms

A good service-level agreement looks simple — but that’s because it’s been conscientiously negotiated to meet the buyer’s needs. Of the five essential SLA elements that every managed and cloud services customer should focus on, I’ve described two — specifying service functionality and describing the infrastructure and standards to be maintained by the provider.

Essential SLA Elements #3 concerns SLA changes. Your SLA should include a mechanism by which you can regularly tune it in response to changing business conditions or new technologies. You’ll benefit from building in a formal review of your SLA (at least annually) in order to use experience and new information to revise it.

Continue reading

2 tricks that can deliver the right service provider treats

It’s a 21st-century truth that even small businesses need complex information technology infrastructures to thrive. Which is why so many enterprises, both large and small, depend on the expertise of independent providers of managed and cloud services.

But using managed and cloud services can be risky, too. How reliable is the service? Where’s your data? And what about security?

Continue reading

On the menu: Networking, dinner, and the scoop about cloud computing

Cloud Computing has been defined by the National Institute of Standards and Technology (NIST) as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

No wonder the Sacramento chapter of Financial Executives International (FEI), the leading organization for senior-level financial executives, wants to hear about it.

Continue reading

Dangerously vulnerable: 3 quick (and scary) anecdotes

How secure are the data, applications, systems, and networks your business depends on? If you’re like too many of the executives I talk to, you may believe all is well — but only because you haven’t asked the right questions.

One executive told me recently, “We’re cool; we haven’t had to touch our firewalls in three years.”

Continue reading