The siloed nature of traditional data center architectures has produced “you-can’t-get-there-from-here” IT environments. Too often applications, data, and storage devices don’t interact, resources are wasted (e.g., one workload per server), and complex management hassles often lead to risky administrative lapses that result in security vulnerabilities . 

The result: IT infrastructures that are too unwieldy, too expensive, and too slow at a time when agility and responsiveness are essential for success. 

More...

Over the last few weeks, I’ve taken a look at what you can do to boost your organization’s IT security. But it occurs to me that maybe I’ve put the cart before the horse.

So I’m going to spend the next few weeks delving into the sort of threats your business’s IT infrastructure faces. And I’m going to start with data breaches and the most recent big-headline example: Zappos (parent company is Amazon.com), which last month admitted it suffered a data breach that compromised 24 million customer accounts.

More...

For quite some time, small and midsized businesses dared to feel safe from most malicious attacks — thanks to their relative smallness. Over the last couple of years, that’s been changing, because larger firms are tightening defenses and, as I’ve said before, the bad guys exploit opportunity.

Which is why shoddy IT security is a wide open opportunity for hackers to rip you off. 

So I’m finishing our list with two elements easily overlooked as you face the hassles of keeping up with criminal creativity.

#9 Educate your employees about security

More...

It’s appropriate, I suppose, to think of Quest’s list of 10 ways to boost security as layers: Strategy and guiding principles first, then infrastructure basics you may not have considered much. And now a couple of layers that address some of what are sure to rank among 2012’s imminent threats …

#5 Deploy computer security incident response capabilities to better address advanced persistent threats. 

Too often, attacks and breaches take weeks, months, and even years to be uncovered.  According to Verizon’s 2011 Data Breach Investigations Report (which includes information from the U.S. Secret Service and the Dutch National High Tech Crime Unit as well as Verizon’s information), 38% of data breaches aren’t discovered for weeks, and 36% aren’t discovered for months.

More...

Anyone who visits here to check out my ramblings knows I tend to talk lists. This time I’m beginning a list of 10 ways a business can boost its IT security.

#1 Never forget: Your security is only as good as its weakest link, so build your defenses in-depth and ensure someone is watching your security devices and processes.

Given enough time and resources, an attacker can breach any defense. But attackers’ time and resources are limited — hence they choose easy targets over tough ones.

Your goal is to always be a tough target. Since any single defense has its limits, you want to layer your security and never forget the first rule of defense-in-depth: There is no such thing as total, complete security against threats. Layered security serves to hinder a threat’s progress until either it ceases to threaten or additional resources can be brought to bear. 

More...

I recently came across a cloud computing benefit/risk study conducted in the first half of 2011 by the IT Policy Compliance Group (ITPCG). It shows that best-performing organizations (which see higher profits and suffer fewer business disruptions and less data loss) use cloud computing significantly more than poor-performing organizations.

More than two-thirds of best performers use cloud computing — about half opting for private clouds, while 25% use hybrid clouds and another 25% use public clouds. By contrast, only 9% of worst performers use cloud computing.

Study findings also indicate that:

More...

Buying information technology is tricky. Too often, I've seen folks buy an expensive technology product only to discover it doesn't really deliver the functionality they need. If it's happened to you, don't despair — you can minimize your vulnerability.

Start by understanding that technology product sales reps are there to sell you — their goal is to escalate their product into the top spot on your list of IT projects. So if at the end of a sales presentation you find that your IT project list has been re-ordered so that now their product sits at the top of your list, stop and ask why.  

More...

In my experience, poor network performance can cause outages that cascade unpredictably through the business and cost you plenty. Are you experiencing any of these signs of trouble?

1. 1 Network-dependent applications have become sluggish — and your employees, customers, and suppliers are letting you know how unhappy they are.
More...