Helping clients manage their technology for over 30 years.

When It Comes to Security, Know Thyself

Data Security & Data Loss Prevention (DLP)

“If you don’t understand the risks, you don’t understand the costs,” security guru Bruce Schneier advised during a TED talk.

He was discussing security in the abstract — but it got me thinking about IT security in particular and the difficulty many executives face trying to determine if their organizations are safe from cyberattack.

The problem is that these conversations nearly always turn technical. Soon, a flurry of technology acronyms — confounding but apparently reassuring — begin flying around the room.

And, reports Schneier, it works. People, he says, will “respond to the feeling of security and not the reality.”

So what can a CEO do to understand the reality of security risk and grasp what the actual cost of security failure might do to the organization?  Continue reading

Apps, Apps Everywhere — But How Secure Are Yours

Did you know that your applications are the most vulnerable part of your IT operations?

iPhone with lock to symbolize Cloud Security. Cloud in background

These days, problems with apps — many of them web-based apps — account for the majority of information security breaches. Over the last year or so, and going forward, application-level attacks have emerged as the preferred vector for gaining access to sensitive (and valuable) data. What’s more, the threats are becoming increasingly acute as complex web apps, as well as mobile apps, play ever greater roles in our business and personal activities.

App vulnerabilities for sale — cheap at the price? Continue reading

It’s Easy to Avoid Data Room Disaster

Data center services

I heard a story recently about the theft of servers from a data room.

The company had locks on all outside doors, but had neglected to install a lock on the server room door.

The thieves would probably have broken that lock, too. Yet the story reminds me how often data rooms get overlooked. The chief reason? Budget … more specifically, lack of budget.

Continue reading

Curing Those Security Blues

Are you suffering from security fatigue? Find yourself getting irritated when your IT folks bring up yet another security issue? You’re not alone. Lately I’ve been witnessing a good deal of security fatigue in the executive suite, and I’m not surprised.

Truth is, security remains a never-ending process. The easier we make it to move data, the more vulnerable it is to loss or theft. In fact, our Page 1 story this issue on Data Loss Prevention is all about how easy it is for too many employees to make off with sensitive, proprietary information.

Continue reading

Dangerously vulnerable: 3 quick (and scary) anecdotes

How secure are the data, applications, systems, and networks your business depends on? If you’re like too many of the executives I talk to, you may believe all is well — but only because you haven’t asked the right questions.

One executive told me recently, “We’re cool; we haven’t had to touch our firewalls in three years.”

Continue reading

Don’t let your firewall get burned by employees’ mobile devices

As more and more of your employees use mobile devices, these machines may start out behind your firewall — but they don’t stay there. They move around, to other networks with different firewall rules. Or no firewall at all.

When that mobile device returns to its trusted place behind your firewall, it may carry a cyber-infection that can attack your network from the inside.

The great firewall challenge lies in balancing the tradeoffs between degree of protection, usability, and cost. That balancing act starts with understanding what your firewall actually does.

Continue reading

Protecting the value of your business

I can’t emphasize this enough: All of the technology products and services an organization devotes to securing its data, applications, systems, and networks have but one aim — to protect the value of the business.

Conversely, every data breach reduces the value of the business — and there are more data breaches every year.
Continue reading

Infrastructure security and coping with cloud and social media: 9 key questions to ask

Our chief technical officer, Mike Dillon, estimates that the number of infected sites is growing by 20% to 25% a year. “If your company is shifting more toward cloud services and hasn’t addressed security, you will be attacked,” he says.

So here are the (non-technical) questions you need to ask and get answered to protect your business:
Continue reading