Virtualization and Cloud Security Hub

Home Depot, Target, and the business of being owned

Posted by Shaun Donaldson

Sep 10, 2014 11:52:02 AM

Follow us on Spiceworks Spice IT

There has recently been some interesting news. It seems that The Home Depot, both in the US and Canada, has experienced a breach. Recall that Target also suffered a breach not long ago

This begs the question; from a security perspective, does being compliant matter?

There are reports that the malware discovered on Home Depot systems is similar to that discovered on systems at Target. What is striking is that, according to Krebs on Security (who broke the Home Depot story), “On Tuesday, KrebsOnSecurity broke the news that Home Depot was working with law enforcement to investigate “unusual activity” after multiple banks said they’d traced a pattern of card fraud back to debit and credit cards that had all been used at Home Depot locations since May of this year.”

Read More

Topics: Enterprise Security, Compliance

Retail Industry Ramps Up Efforts to Boost Security - and How the Channel Can Play a Role

Posted by Shaun Donaldson

Sep 10, 2014 9:44:00 AM

Follow us on Spiceworks Spice IT

As we mentioned in the last post, over the coming months we’ll be looking at the unique security and compliance challenges for a variety of industries. For the first entry in this series we’re examining the retail sector.

It’s no secret that the retail industry has endured some high-profile information security breaches in recent months. In December 2013, Target was hit with a data breach that resulted in the theft of millions of customers’ credit card data, including payment information, names, phone numbers and email addresses. The incident has had a huge financial impact on the retailer, with Target announcing in August 2014 that its second quarter financial results were expected to include gross expenses of $148 million, partially offset by a $38 million insurance receivable, related to the data breach.

Read More

Topics: Service Provider, Reseller, Compliance, Vertical Series

When Moving to DevOps, Security Can Enhance the Ride

Posted by George V. Hulme

Sep 8, 2014 11:00:00 AM

Follow us on Spiceworks Spice IT

DevOps and continuous integration and deployment efforts boost productivity and agility, but it’s crucial that security moves along with the journey.

DevOps and continuous integration and continuous deployment methodologies are taking hold in enterprises everywhere – and those that do so are clearly more effective and efficient. If you’re not convinced of that, have a look at Puppet Labs’ State of DevOps survey for this year, and last, which found that DevOps organizations are deploying code 30 times faster and with half as many failures as non-DevOps enterprises.

Those DevOps outcomes, because of their focus on steady improvement through continuous collaboration and rapid iterations, are exactly what organizations are hoping to achieve. And from that, they reap a more agile and competitive enterprise.

Read More

Topics: Compliance, DevOps

Sex, Photos, and the Shared Security Model

Posted by Shaun Donaldson

Sep 5, 2014 12:46:00 PM

Follow us on Spiceworks Spice IT

Recently, there has been quite a bit of media coverage about some sensitive, private pictures of celebrities stolen and published. While we have seen similar incidents in the past (from celebrities to British royals’ mobiles being compromised), this incident is focused around consumer-centric cloud offerings from heavyweight companies.

When incidents like this happen, the popular knee-jerk reaction tends to be to find someone to blame. In this case, the candidates are:

   1. The attackers

   2. Consumer-centric cloud services providers (used on iOS, Android, Windows Mobile, for example)

   3. The celebrities themselves

Of course, the attackers are ultimately responsible, but it is interesting to see the service provider and the end-users sharing a piece of blame assigned by some (the Internet provides a forum for everyone who wishes to share their opinion, for better or worse).

Read More

Topics: Public Cloud, Cloud Security, Service Provider

The State of Endpoint Security in Virtual Environments

Posted by Dave Shackleford

Sep 3, 2014 11:56:43 AM

Follow us on Spiceworks Spice IT

There’s no question that the majority of organizations are virtualizing servers, and increasingly, desktops within their environments. With this shift comes a plethora of new risks. We’re getting better at porting network security platforms to a virtual format, primarily firewalls and intrusion detection and prevention systems. Encryption for virtual and cloud environments is also slowly improving. Another area that seems to be evolving is endpoint security.

In some ways, the challenges of endpoint security are more complex than some others, for a few different reasons. First, endpoint security has to scale across a larger number of systems, in many cases. In addition, traditional endpoint security products are usually agent-based, and consume significant amounts of resources (disk, memory, and CPU). This can easily throttle a shared infrastructure environment.

Read More

Topics: Enterprise Security, Virtualization

Managed Service Providers: drivers for competitive advantages? Part 1

Posted by Madalin Dobre

Sep 2, 2014 3:34:00 PM

Follow us on Spiceworks Spice IT

As mentioned in my previous blog post, the market of IT services delivered by Managed Service Providers (MSPs) is expected to grow by almost 80% by 2018, compared to 2013.

Now, what effects will this growth have on the MSP market? Here are a few:

     Number of MSPs will increase. This will happen as current ‘box movers’ will start more and more to enter the services area,

     Prices will go down as commoditization will increase. Commoditization in MSP-type of services (help desk, security management, hosting) will increase much faster than in other types of services (e.g. application management for core functionalities), and

     Margins will be smaller and smaller

Read More

Topics: Service Provider

When it comes to information security, not all industries are alike

Posted by Robert Krauss

Aug 28, 2014 10:31:00 AM

Follow us on Spiceworks Spice IT

Saying all types of companies have the same information security concerns because they face common threats and vulnerabilities is like saying all cars are alike because they have four tires.

The security - as well as regulatory compliance - issues enterprises grapple with differ dramatically based on their industry. As we’ve seen in recent years, the types of attacks companies face and the sources of those attacks can vary depending on their line of business.

Sure, there are basic security commonalities among all types of businesses. Virtually all companies are vulnerable to computer viruses and other malware. Many verticals are seeing a rapid growth in the use of mobile devices and in the security threats they represent. And internal security breaches can happen at any organization, whether it sells shoes or builds rocket ships.

Read More

Topics: Service Provider, Reseller, Compliance, Vertical Series

Don’t trivialize “Small Business” IT and security: they probably have it harder than you

Posted by Kathryn Schwab

Aug 27, 2014 11:40:00 AM

Follow us on Spiceworks Spice IT

I recently signed up a family member for extracurricular activities, and upon arriving at a small local business, ended up in a conversation with the owner. After a few pleasantries, the usual, “where do you work” question came up. I proudly answered, and the floodgates opened with the owner asking many questions about IT and security:

 Should I use two host service providers? One for internal access? One for external access? 

 How do I protect the business, given my IT environment?  

 Should I move certain services into the cloud? If so, how do I make sure my customers are protected?

 What is virtualization and how can it help me? Does it make sense for me?

Read More

Topics: SMB Security, VMware, Virtualization

Identity and Access Management as a Service (IDaaS) – mastering the fine art of juggling

Posted by Denisa Dragomir

Aug 22, 2014 12:18:00 PM

Follow us on Spiceworks Spice IT

In my previous post I raised a flag around the importance of identity and access management (IAM), and how this should be embedded in your overall security planning.

What does identity and access governance stand for?

According to Gartner, it represents "a combination of administration and account provisioning, authentication and authorization, and reporting functions" which is either served from the cloud (IDaaS) as a utility, or implemented internally in a more silo’d approach.

Companies may choose to run a combination of the two in their hybrid environment, where they bring up a secondary IAM system to handle their hosted apps, while continuing to rely on standard IAM for internal applications.

Read More

Topics: Cloud Security, AWS, Amazon Web Services

VARs and MSPs: Keeping Up on the Changing Times

Posted by Robert Krauss

Aug 20, 2014 11:18:00 AM

Follow us on Spiceworks Spice IT

The IT industry has long been characterized by change. You might remember the dominance of mainframes in the data center, the move to minicomputers, and the emergence of client/server architectures and network operating systems. Believe it or not, there was a time when businesses survived without the Internet, and hardly anyone could have imagined anything like a smart phone.

Lately it seems like things are shifting faster than ever. That’s largely because the key trends that are shaping the industry—cloud computing, mobile technology, social media and big data, to name a few—are causing an upheaval in the way vendors design, build and distribute their products and the way organizations use technology.

Read More

Topics: Service Provider, Reseller

Subscribe to Email Updates

Connect with us