Helping clients manage their technology for over 30 years.

Security holes that’ll keep you up at night: Sensitive data in the cloud

Factors impacting Cloud Security

Cloud computing that involves processing sensitive or regulated data in shared environments needs extra scrutiny in terms of security (as well as codifying requirements, defining a cloud services contract, managing the transition from in-house to cloud, and overseeing the resulting mixed IT environment).

Cloud security is at risk when…

  • You don’t have an adequate cloud-oriented governance/risk/compliance framework,
  • The hypervisors in your virtualized infrastructure harbor vulnerabilities that can be exploited,
  • It’s possible to infer information about one virtual machine by observing the state of the shared system from another aspect of the underlying system — which might enable malicious code execution, or
  • When vulnerabilities are introduced by incorrect configuration of a hypervisor and/or its related tools.

Continue reading

Security holes that’ll keep you up at night: Insecure virtual machine deployment

Vulnerabilities of Virtualization

Rare is the information technology professional these days who doesn’t understand the prodigious efficiencies and savings that can be derived from virtualization. Yet, too often virtual machines are deployed insecurely. One Gartner analyst has estimated that 60% of virtualized servers will be less secure than the physical servers they replace.

That’s because too often virtualization projects tend to be developed and deployed without considering security. This can result in vulnerabilities that enable bad guys to compromise the hypervisor/ virtualization layer (e.g., DoS attacks), which can spread to all hosted workloads.

Continue reading

Security holes that’ll keep you up at night: Advanced persistent threats

Impact of Advanced Persistent Threats on IT Security

Malware comes in many flavors. I’m focusing now on one of the most pernicious, advanced persistent threats (APTs), because these frequently use the techniques of zero-day attacks  to remotely manipulate a system while remaining virtually invisible to standard defenses.

Continue reading

Security holes that’ll keep you up at night: Managing the use of social media

Managing the use of Social Media

The ever-richer user information on social media presents an irresistible opportunity for ‘fraudsters.’ Because it’s so easy to research a target online, attackers have developed very effective masquerading and social engineering tactics that can fool even the most sophisticated users.

Continue reading

Is server virtualization messing up your network’s performance?

Impact of Server Virtualization on Network Performance

Thanks to virtualization, network dynamics are changing — fast.

Server virtualization consolidates resources on fewer physical servers in ways that require distributed workloads to communicate with each other. This boosts utilization of servers, but it also increases — and changes the nature of — network traffic.

Continue reading

Isolating and resolving network problems

How to resolve Network Problems.

When it comes to keeping your IT network performing optimally, finding and fixing network faults certainly is crucial. But it’s just as crucial to sustain network operations while the issue gets resolved.

Which means that the first order of business is to ensure that your network has entered one of the failure modes you’ve designed for it so that remaining network resources are allocated according to your organization’s business priorities.

Continue reading

Prosperity in 2012: Best-performing organizations use cloud computing

I recently came across a cloud computing benefit/risk study conducted in the first half of 2011 by the IT Policy Compliance Group (ITPCG). It shows that best-performing organizations (which see higher profits and suffer fewer business disruptions and less data loss) use cloud computing significantly more than poor-performing organizations.

More than two-thirds of best performers use cloud computing — about half opting for private clouds, while 25% use hybrid clouds and another 25% use public clouds. By contrast, only 9% of worst performers use cloud computing.

Continue reading

All they want for Christmas is … Web 3.0?

Just when you were getting used to the idea of Web 2.0, along comes Web 3.0, which, according to a recent Booz & Co. report, “will offer an entirely new level of connectivity, communications, and information on customers.”

Search engines will be smarter, recommendation engines will know more about users’ habits and preferences, social media will continue to flower, and new kinds of services will make it all easy to manage. Booz calls this “the Transcendent Web” and notes it has four key elements:
Continue reading