Helping clients manage their technology for over 30 years.

How app dev puts business at risk — and what to do about it

In a recent survey, 43% of IT decision makers rated mobility — which is to say, mobile-friendly apps or sites — as the top business functionality or process that’s critical for applications. These days, the line between the web and mobility has blurred to the point of invisibility.

Trouble is, successfully achieving secure mobile application development and web application development is hard for a significant majority of organizations.
Continue reading

Giving Thanks During the Season of Patching

Abstract concept of patching

As the nights grow longer and colder, giving thanks for all that’s warm and light-filled makes wonderful sense. We are, in effect, expressing appreciation for feeling secure and safe.

In fact, this is a time of year when it’s a good idea to pay particular attention to security — especially data security. With the season of holiday gift-buying underway, opportunities for data thieves, hackers, and malware abound.

This isn’t only a concern for retailers and credit card firms. We’re all vulnerable and we all have to continually tend to the security of our businesses.  Continue reading

IT Security in 2014: Challenges and More Challenges

Glass chess pieces

Information technology has become a business essential. We’ve reached the point where our ability to thrive and succeed depends on key software apps and the technology (wherever it may be) that runs them, our access-from-anywhere to the Internet, and our ability to gather and analyze troves of digitized data.

The easiest targets
So important are these capabilities that we often put them into use before we’ve figured out the myriad of ways they’re vulnerable to those with malicious intent. And while smaller enterprises used to be able to escape the worst of these vulnerabilities simply by slipping beneath cybercriminals’ radar, those days are gone.  Continue reading

When It Comes to Security, Know Thyself

Data Security & Data Loss Prevention (DLP)

“If you don’t understand the risks, you don’t understand the costs,” security guru Bruce Schneier advised during a TED talk.

He was discussing security in the abstract — but it got me thinking about IT security in particular and the difficulty many executives face trying to determine if their organizations are safe from cyberattack.

The problem is that these conversations nearly always turn technical. Soon, a flurry of technology acronyms — confounding but apparently reassuring — begin flying around the room.

And, reports Schneier, it works. People, he says, will “respond to the feeling of security and not the reality.”

So what can a CEO do to understand the reality of security risk and grasp what the actual cost of security failure might do to the organization?  Continue reading

Why IT environments managed by service providers are more secure

Cloud with a lock and key to illustrate Cloud Security by Service Providers

For a while now, those of us who provide Cloud services have been saying that a properly run Cloud environment is inherently more secure than traditional on-premise IT environments.

Now a recent study from Alert Logic backs up that claim. The study compared security in traditional on-premise and service-provider-managed environments of 1,500 organizations with active investment in IT security.

Continue reading

The Dangers Confronting Data in Motion

visual depiction of data files flowing through a desktop computer

Last time, I looked at some of the security issues related to employee mobility, which focused mainly on devices like smartphones and tablets and how people use them.

But smartphones and tablets aren’t the only mobile devices business leaders need to worry about. Consider:

  • USB malware is gaining momentum — so flash drives and other USB-connected devices can become malware vectors.
  • Hackable RFID and radio frequency channels create voicemail vulnerabilities and enable call interception.
  • RAM scraping exploits moments when sensitive encrypted data is unencrypted in browsers, smartphones, point-of-sale system memory, etc.

Continue reading

Security holes that’ll keep you up at night: Advanced persistent threats

Impact of Advanced Persistent Threats on IT Security

Malware comes in many flavors. I’m focusing now on one of the most pernicious, advanced persistent threats (APTs), because these frequently use the techniques of zero-day attacks  to remotely manipulate a system while remaining virtually invisible to standard defenses.

Continue reading

Security holes that’ll keep you up at night: Managing the use of social media

Managing the use of Social Media

The ever-richer user information on social media presents an irresistible opportunity for ‘fraudsters.’ Because it’s so easy to research a target online, attackers have developed very effective masquerading and social engineering tactics that can fool even the most sophisticated users.

Continue reading