security tools

Google and IBM have a cloud deal

Mon, 12 May 2008 06:59:59 -0400

IBM and Google are teaming up to create what they hope will be the primary IT delivery model of the future--cloud computing. In the next year, the two companies intend to make available a network of servers for consumers and businesses to tap everything from online soccer schedules to advanced engineering applications.

The IBM-Google cloud runs on Linux-based machines using Xen virtualization and Apache Hadoop, an open source implementation of the Google File System. The companies see high business value, and their efforts are bound to be attractive to many CIOs. IBM is focusing on small and midsize companies around the world, which it says represent a $500 billion IT market.

Google and IBM could potentially supply business computer users with hosted offerings ranging from word processing software to management and security tools.

To read more about the future:
- see this InformationWeek article

Private corporate networks obsolete?

Mon, 10 Sep 2007 06:59:59 -0400

By the end of the decade, private corporate networks will become obsolete relics of the early information age. And so will the security technologies and procedures that are used to protect them. Robert Whiteley and Natalie Lambert, both analysts with Forrester Research, believe that traditional security is gone and that as mobile networks and the Internet become the primary connectivity method for businesses, organizations will have to completely re-think how they secure key information assets.

CIOs and their IT security staff will have to shift the bulk of their focus away from perimeter-based strategies designed to keep bad things out, and will instead concentrate on things like data encryption, managing risk at the endpoint and having strict data access controls. In short, security professionals will have to assume that malware and security penetrations happen routinely and must plan accordingly.

To learn more about tomorrow's security woes:
- read the article in eWeek

Cost of carelessness hits the CIO's budget

Tue, 04 Sep 2007 06:59:58 -0400

David Perry, global director of education for Trend Micro, tells Forbes that as many as one in five virus infections come from users who purposefully infect themselves out of curiosity. This is just one of the many practices that undermine information technology security due to varying combinations of naiveté and carelessness. This is why CIOs plan to spend 20 percent more on preventing data theft and intrusion during the next year, according to research by the market analysis firm InsightExpress. Analysts noted that about 30 percent of non-IT corporate employees violate the terms of security agreements that they sign. It's a phenomenon that appears to be global in nature, since the study included respondents from professionals in seven different countries.

A second study, commissioned by Cisco Systems and the National Cyber Security Alliance, also shows that more than 60 percent of employees sometimes use mobile devices without encrypted or password-protected data to connect to their organization's network, and more than a third sometimes work by piggybacking on strangers' wireless Internet connections. So while many employees are asked to stay connected at home or on weekends, they may be putting their networks at extreme risk by exposing all of their data on unsecured networks. Trend Micro released a report that says that U.S. and U.K. workers on corporate laptops are more than twice as likely to send confidential info via instant message, compared with desktop users. They are also a third more likely to send confidential data over webmail.

For all the details on security:
- read the article in Forbes

SaaS-based security gets some buzz

Thu, 23 Aug 2007 06:59:58 -0400

Executives are learning that security technologies delivered via the SaaS (software-as-a-service) business model are proving to be a big success. Imperial Chemical Industries--a London-based maker of paints and chemicals, which is in the process of being acquired by industrial conglomerate Akzo Nobel for $16 billion--is engaged In a focused effort to secure its assets and data. The company is using SaaS applications--like vulnerability scanning tools, email and spam filtering and Web filtering. "We're pushing the envelope in terms of what's out there with security SaaS, but so far, it's been a fantastic success," Paul Simmonds, global information security director at ICI, told Infoworld. Still, he says that not all security applications should be offered using a SaaS model, including security tools like NAC systems and endpoint-oriented products.

For more on delivering security tech through SaaS:
- read the article in Infoworld

Smart mobile security

Wed, 02 May 2007 20:01:38 -0400

Beyond the obvious ways of securing mobile technology and the corporate data that resides on it, some enterprises are going a step further, using a combination of smart card technology and public key infrastructure (PKI). Managed PKI services can help alleviate the administrative and financial burden for enterprises while delivering the level of security required. Combined with smart card technology, it's also an effective approach to securing remote access without having to incur infrastructure changes or high costs. And it comes in pocket-sized, fully encrypted devices. This technology, when combined with a managed PKI service, allows fully encrypted, secure access to enterprise networks from any location, without data ever leaving the boundaries of the corporate firewall. This level of security also allows much more freedom for remote functionality than ever before.

Read more about smart mobile security:
- read the article at CIO Canada

ALSO:
- read this on bolstering mobile security
- this on why mobile security is Job One
- this for best practices in managing mobile devices
- this on why a mobile security effort is a mandate
- this on balancing mobile functionality with security
- and this for mobile security tools for SMBs

Improving security on the cheap

Wed, 25 Apr 2007 20:01:36 -0400

Investing in expensive, complex security tools almost always pays off, but there are some much less expensive, common-sense steps you can take to improve security throughout the enterprise. First, periodically check for rogue wireless access points in corporate buildings. These access points give hackers an open door into the network. Second, enable Windows Update on all computers, but be sure to remember to verify that the systems are actually being patched. Third, don't allow HTML email through, because the text can open the door for security problems. Fourth, train users and IT staff on security procedures. Fifth, consider using Mozilla's Thunderbird and Firefox as possible alternatives to Outlook and Internet Explorer, because attackers tend to write malware for the latter software, not the former.

Read more security tips:
- read the article at InformationWeek

Laptop tracking is for SMBs, too

Wed, 18 Apr 2007 20:01:36 -0400

Many enterprises use laptop tracking software or third-party tracking companies to ensure the safety of employees' laptops, which tend to get stolen more than any other type of work tool. These products and services install a software agent on laptops that call in to a company's IT help desk via an Internet connection. If the laptop is reported stolen, the system can begin tracking down the laptop. The products also often include technology users can use to destroy data remotely if necessary. This laptop-tracking technology is used often in large companies because it's sold as a feature by manufacturers. Smaller companies are less aware of the tracing technology because they purchase products through resellers that are less likely to play up the feature as a selling point, experts said. Cost pressure is another inhibitor for smaller companies.

Read more about laptop tracking:
- read the article at Computer Weekly

ALSO:
- read this on mobile security tools for SMBs
- this about balancing mobile functionality with security
- this on the importance of mobile security
- and this on best practices in managing mobile devices

Mobility: Balancing functionality with security

Tue, 17 Apr 2007 20:01:36 -0400

Companies are beginning to swap traditional desktop configurations in favor of centralizing desktop applications in a secure datacenter, thanks to more reliable and robust security offerings. Security concerns over mobile data must be by far the primary concern. At the same time, information must be accessible to the point that employees have constant connectivity to critical information. When granting access to remote employees, it is critical for an enterprise to deploy quarantining technology to keep computers and laptops that violate network security policies from infecting the internal network when signing back in. But balance is key; ultimately, security and performance are codependent.

Read more about mobile security:
- read the article at TechNewsWorld

ALSO:
- read this about mobile security
- this on best practices in managing mobile devices
- and this on mobile security tools for SMBs

Removable media causes security concerns

Sun, 18 Mar 2007 20:01:38 -0400

The proliferation of portable media devices are increasing companies' security risks exponentially. In fact, endpoint security for laptops, PDAs and removable media is one of the most critical security issues facing companies today. USB drives, in particular, have a tremendous amount of private corporate content. To deal with the growing problems, CIOs must set up strict policies for how data on removable media is handled and where they can be taken and where they can't. Employees should also be monitored to some extent, ensuring that employees use removable media only for company-sponsored endeavors. It's also critical to make sure that the USB drives used by your company have appropriate encryption--not something that's standard on all USB drives. The same type of diligence should be applied to other mobile devices such as laptops.

Learn more about how to secure removable media:
- read the article at Dark Reading

ALSO:
- read this on the importance of mobile security
- and this on mobile security tools for SMBs
- and this on best practices in managing mobile devices

Spam fight prompts security market changes

Mon, 08 Jan 2007 19:01:35 -0500

The continuing quest to squelch spam, deter spyware and stop malware is causing more than a few waves within the email security industry. Big tech titans--from Cisco to Microsoft and everyone in between--are gobbling up specialized vendors in order to offer tools for better security protection. And while that leaves the smaller email security vendors a bit in the lurch, it's a good scenario for companies seeking an efficient, cost effective and centralized security approach.

For more on what's happening with email security tools:
- read the analysis at C/Net News.com