Helping clients manage their technology for over 30 years.

Are the applications you use endangering your business? A look at the problem

application security

With all the security your IT operations (should) have, you’d think this question would be moot — but it isn’t. The applications your business and your employees rely on could be time-bombs poised to destroy your ability to function.

That’s because the vast majority of applications used in business today are connected to the Internet, often in a variety of ways.

Continue reading

What Cloud Computing can deliver — Part 2, on better security and compliance

How Cloud Computing Delivers Improved Security and Compliance

The centralization of apps, data, and management that’s an essential part of well-conceived and well-managed Cloud environments also helps make them more secure. Why? Because security policy is easier to enforce, threats to apps and data are easier to detect and address.

Since Cloud data and apps are centralized in a data center, it’s actually easier (as compared to traditional siloed IT infrastructures) to establish effective security policy, monitor compliance, and intervene quickly and often preventatively when there are issues

Continue reading

When threats come from the inside

Eliminate the Risk of Internal Data Theft using DLP (Data Loss Prevention)

Don’t underestimate the threat to your business posed by insider data theft. The risk is real and you are not being paranoid if you worry about it.

Consider, for instance, these disturbing factoids from a Symantec-sponsored 2011 study ominously entitled Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall, which closely examined 50 insider thefts:

Continue reading

Beware of FUD

Combine Fear, Uncertainty, and Doubt — and you get FUD, which has been on my mind lately because it so often involves attempts to thwart adoption of newly-emerging, better solutions. Consider these two tales of FUD:

The first tale, from the late 1880s, is often referred to as the War of Currents. It’s about a powerful group of direct current (DC) supporters who fought fiercely against the new, more cost-effective alternating current (AC) with a range of FUD stunts, from electrocuting animals to building the first electric chair. DC’s supporters eventually lost — because FUD can slow, but not stop, real progress.

Continue reading

Corporate data loss: How bad is it? (Part 2 of 2)

Impact of Data Loss on Business Organizations

We have spent over 12 years building our reputation and trust; it is painful to see us take so many steps back due to a single incident.
—Tony Hsieh, CEO, Zappos, after the company suffered a data breach in which 24 million customer records were stolen

Continue reading

Corporate data loss: How bad is it? (Part 1 of 2)

Loss of Sensitive Corporate Data

In the wrong hands, the sensitive data your business depends on becomes a weapon wielded against it. And it’s happening more often every day.

Reports of intellectual property theft and hacktivism abound, and 2011 has been widely described as “the year of the data breach.”

It’s not hard to see why.

In 2011 alone, according to the nonprofit Online Trust Alliance, 126 million data records were compromised in the United States.

Continue reading

Security holes that’ll keep you up at night: Sensitive data in the cloud

Factors impacting Cloud Security

Cloud computing that involves processing sensitive or regulated data in shared environments needs extra scrutiny in terms of security (as well as codifying requirements, defining a cloud services contract, managing the transition from in-house to cloud, and overseeing the resulting mixed IT environment).

Cloud security is at risk when…

  • You don’t have an adequate cloud-oriented governance/risk/compliance framework,
  • The hypervisors in your virtualized infrastructure harbor vulnerabilities that can be exploited,
  • It’s possible to infer information about one virtual machine by observing the state of the shared system from another aspect of the underlying system — which might enable malicious code execution, or
  • When vulnerabilities are introduced by incorrect configuration of a hypervisor and/or its related tools.

Continue reading