Subscribe to Email Updates

Subscribe

All about Virtualization and Cloud Security | Recent Articles:

When it comes to information security, not all industries are alike

Aug 28 by Robert Krauss

Saying all types of companies have the same information security concerns because they face common threats and vulnerabilities is like saying all cars are alike because they have four tires.

The security - as well as regulatory compliance - issues enterprises grapple with differ dramatically based on their industry. As we’ve seen in recent years, the types of attacks companies face and the sources of those attacks can vary depending on their line of business.

Sure, there are basic security commonalities among all types of businesses. Virtually all companies are vulnerable to computer viruses and other malware. Many verticals are seeing a rapid growth in the use of mobile devices and in the security threats they represent. And internal security breaches can happen at any organization, whether it sells shoes or builds rocket ships.

Read More

Don’t Trivialize “Small Business” IT and Security: They Probably Have It Harder than You

Aug 27 by Kathryn Schwab

I recently signed up a family member for extracurricular activities, and upon arriving at a small local business, ended up in a conversation with the owner. After a few pleasantries, the usual, “where do you work” question came up. I proudly answered, and the floodgates opened with the owner asking many questions about IT and security:

 Should I use two host service providers? One for internal access? One for external access? 

 How do I protect the business, given my IT environment?  

 Should I move certain services into the cloud? If so, how do I make sure my customers are protected?

 What is virtualization and how can it help me? Does it make sense for me?

Read More

Identity and Access Management as a Service (IDaaS) – mastering the fine art of juggling

Aug 22 by Denisa Dragomir

In my previous post I raised a flag around the importance of identity and access management (IAM), and how this should be embedded in your overall security planning.

What does identity and access governance stand for?

According to Gartner, it represents "a combination of administration and account provisioning, authentication and authorization, and reporting functions" which is either served from the cloud (IDaaS) as a utility, or implemented internally in a more silo’d approach.

Companies may choose to run a combination of the two in their hybrid environment, where they bring up a secondary IAM system to handle their hosted apps, while continuing to rely on standard IAM for internal applications.

Read More

VARs and MSPs: Keeping Up on the Changing Times

Aug 20 by Robert Krauss

The IT industry has long been characterized by change. You might remember the dominance of mainframes in the data center, the move to minicomputers, and the emergence of client/server architectures and network operating systems. Believe it or not, there was a time when businesses survived without the Internet, and hardly anyone could have imagined anything like a smart phone.

Lately it seems like things are shifting faster than ever. That’s largely because the key trends that are shaping the industry—cloud computing, mobile technology, social media and big data, to name a few—are causing an upheaval in the way vendors design, build and distribute their products and the way organizations use technology.

Read More

Like Many Businesses, Agriculture Needs to Centralize Security Too

Aug 14 by Kathryn Schwab

When we think of farming and agriculture, we tend to think of dirt, maybe some animals, and perhaps some large machinery. And when we think technology and agriculture, maybe our minds wander to a farmer using a mobile phone or some high tech tractor.

Others might think biotech or biometrics for plant or animal breeding, or other farm-related necessities. ITC in agriculture has made many advancements – some for the better, others would argue for the worse. And it shows no sign of slowing down.

For example, here is a fascinating 2014 story from Business Insider that goes into great depth about emerging technologies in agriculture. Another story in The Guardian points to how entrepreneurs are using their tech backgrounds to build unique agricultural operations and urban farms.

Read More

Who is Getting Cloudy?

Aug 13 by Shaun Donaldson

There are many questions about cloud; what is it, where is it, and who’s using it?

The answer to the last one is: “most everyone”. Analysts are a bit short on data because they too are still trying to figure-out this cloud stuff. The straightforward answer is that you are likely already using it.

Does your organization use a service provider for software-as-a-service, platform-as-a-service, or infrastructure-as-a-service? If your first answer is an absolute, “No”, you’re probably wrong.

If you’re a start-up, you’re likely using a Google or Microsoft service, perhaps a hosted customer relationship management system (Salesforce.com, for example), and myriad other cloud-based services.

Read More

Not Planning for SMAC? Maybe You Should Be

Aug 12 by Robert Krauss

As a managed services provider (MSP) or value-added reseller (VAR), you’re no doubt keenly aware of some of the hottest trends in IT today: the increasing popularity of social media, the growth of mobile technology in the enterprise, the rising emphasis on analytics and big data, and the continuing move to cloud services.

Each of these areas alone has the potential to have a huge impact on IT strategies at organizations. But these technologies don’t operate in a vacuum, and in fact some companies are beginning to look into the concept of creating SMAC (social, mobile, analytics and cloud) platforms.

While few vendors are yet offering such platforms, the idea is being talked about in IT circles and some forward-thinking CIOs are looking into SMAC strategies. Some of the large systems integrators and consulting firms are offering services in this area to help clients develop such strategies.

Read More

Pointers on Not Being an APT Statistic (or How I Learned to Love Bug)

Aug 07 by Horatiu Bandoiu

Several weeks ago we started a series dedicated to considering APTs (Advanced Persistent Threats) and possible ways to mitigate them. In the first post we strived to define and “contain”  the APT as category of threats as the term is abused, and today most all the sophisticated attacks are presented as APTs – the supreme evil.

Working from the definition, we now remain with two aspects:

#1:  Advanced – as APTs are sophisticated, out of the range even for organized crime networks – “we are sorry, no botnets or banking trojans allowed”.

#2:  Persistent – as we have seen and described, we are talking about organized attackers with myriad resources - the most important being time and patience, until they can reach their objective. A modern characteristic is that they prefer, with few exceptions, the “low and slow” approach; doing “the job” as silently as possible.

The thesis we don’t agree with is that APTs can pass over any antimalware technology. As a matter of fact, the majority of their components have been spotted-out as suspicious files prior to being investigated and detection being added.

Read More

Distributed Denial of Service in the Cloud or the ‘New Black’ of cyber-criminals

Aug 05 by Denisa Dragomir

Distributed Denial of Service (DDoS) attacks have started to grow in intensity and sophistication as more companies rely on web-based applications for their daily business operations. In the past few months, such attacks have become the weapon-of-choice for cyber criminals in every corner of the world because they hardly ever miss their target(s). Taking the analogy further, I would say that these insidious attacks are as precise and merciless as a DSR-50 riffle is for a trained sniper.

What makes DDoS attacks a bad dream for even the most experienced of IT admins is their distributed nature, as the very name suggests. This means that not only one, but a multitude of compromised systems (also known as botnets or bots) seize the target host with simultaneous requests through a breach in the system, which thereby becomes saturated and unavailable to user access.

Read More