Helping clients manage their technology for over 30 years.

Giving Thanks During the Season of Patching

Abstract concept of patching

As the nights grow longer and colder, giving thanks for all that’s warm and light-filled makes wonderful sense. We are, in effect, expressing appreciation for feeling secure and safe.

In fact, this is a time of year when it’s a good idea to pay particular attention to security — especially data security. With the season of holiday gift-buying underway, opportunities for data thieves, hackers, and malware abound.

This isn’t only a concern for retailers and credit card firms. We’re all vulnerable and we all have to continually tend to the security of our businesses.  Continue reading

5 Capabilities That Your Wireless Network Needs Now

wireless network management

We can’t afford to ignore the myriad of mobile devices and apps currently saturating our attention and wireless connections.

In my last post, I laid out some of the industry’s eye-popping numbers. This time, I’m offering up just one graphic (from Cisco’s recent Global Mobile Data Traffic Forecast Update) showing why you must upgrade your network infrastructure. Pronto. Continue reading

Planning Your Hybrid Cloud: 6 Key Steps (in 2 parts)

Information Cloud

By some accounts, better than 50% of organizations are now deploying hybrid clouds — and for some very good reasons:

  • Improved security, because sensitive data can remain behind your private cloud firewall while less sensitive data can be permitted onto a public cloud.
  • Ability to specify where and under what terms and conditions your data is stored.
  • Effective workload balancing without breaking the bank, since using a public cloud to, say, handle peak loads can be far cheaper than keeping everything in-house or moving everything to a public cloud.

To get a hybrid cloud up and running, you need to begin with planning — specifically, a six-step planning process that, fortunately, you do not have to undertake alone. In this post, I’ll focus on the first two steps: Continue reading

IT Security in 2014: Challenges and More Challenges

Glass chess pieces

Information technology has become a business essential. We’ve reached the point where our ability to thrive and succeed depends on key software apps and the technology (wherever it may be) that runs them, our access-from-anywhere to the Internet, and our ability to gather and analyze troves of digitized data.

The easiest targets
So important are these capabilities that we often put them into use before we’ve figured out the myriad of ways they’re vulnerable to those with malicious intent. And while smaller enterprises used to be able to escape the worst of these vulnerabilities simply by slipping beneath cybercriminals’ radar, those days are gone.  Continue reading

98% of Apps are Insecure — Here’s How You Can Protect Yours

Mobile phone with password on screen to illustrate mobile security services

Sadly, one can make the argument that if software vendors did a better job of integrating security testing throughout the development lifecycle, our current struggles with application security might be less challenging.

In fact, however, software vendors are late to the party. Their security testing tends to be tacked on to the end of development lifecycles as an afterthought, which may account for one recent study’s startling conclusions that:

  • 98% of applications carry at least one application security risk (and each risk may signal the presence of multiple vulnerabilities)
  • 80% of applications showed more than five risks
  • The average application registered 22.4 risks

Continue reading

Apps, Apps Everywhere — But How Secure Are Yours

Did you know that your applications are the most vulnerable part of your IT operations?

iPhone with lock to symbolize Cloud Security. Cloud in background

These days, problems with apps — many of them web-based apps — account for the majority of information security breaches. Over the last year or so, and going forward, application-level attacks have emerged as the preferred vector for gaining access to sensitive (and valuable) data. What’s more, the threats are becoming increasingly acute as complex web apps, as well as mobile apps, play ever greater roles in our business and personal activities.

App vulnerabilities for sale — cheap at the price? Continue reading

Curing Those Security Blues

Are you suffering from security fatigue? Find yourself getting irritated when your IT folks bring up yet another security issue? You’re not alone. Lately I’ve been witnessing a good deal of security fatigue in the executive suite, and I’m not surprised.

Truth is, security remains a never-ending process. The easier we make it to move data, the more vulnerable it is to loss or theft. In fact, our Page 1 story this issue on Data Loss Prevention is all about how easy it is for too many employees to make off with sensitive, proprietary information.

Continue reading

Essential SLA Element #2: The devil’s in the details

I’ve already blogged about the importance of negotiating a service-level agreement that specifies the functionality of the managed and cloud services you engage.

Now I’m going to focus on Essential SLA Element #2: Including details about the system, network, and security infrastructure and standards to be maintained for your services by the provider.

Continue reading

Why a SAS 70 Type II audit matters

Since the arrival in 2002 of the Sarbanes-Oxley Act (SOX) as well as other more stringent financial accountability standards, the role of SAS 70 Type II audit and certification has grown. My company takes SAS 70 Type II audits very seriously.

That’s because both SOX and SAS 70 Type II use the same model of controls — so a SAS 70 Type II certification is the best way third parties (like our customers) can be assured of acceptable, SOX-compliant service organization controls.

Developed by the American Institute of Certified Public Accountants (AICPA), SAS 70 Type II audits mean an independent third-party has verified that a service organization’s policies and procedures were correctly designed and operating effectively enough to achieve the specified control objectives.

Continue reading