Subscribe to Email Updates

All about Virtualization and Cloud Security | Recent Articles:

Don’t let the Internet of Things Catch You by Surprise

Oct 30 by George V. Hulme

You can’t turn anywhere without hearing about the Internet of Things. But does all of the hullabaloo we hear about Internet connected automobiles, home thermostats, lighting, refrigerators, and even medical devices mean anything to enterprises, or is the Internet of Things (IoT) a consumer trend?

Does IoT mean anything to enterprises and their ability to produce and innovate in the years ahead? And if they embrace the IoT, what could it mean to privacy and security? It turns out that it probably means more to security than many IT and security professionals are considering.

Read More

Healthcare Industry: In Need of Security Medicine

Oct 24 by Robert Krauss

As part of an ongoing series, we’re examining the security and compliance needs and challenges in a variety of industries, and the implications for value-added resellers (VARs) and managed services providers (MSPs). In this post, we look at the healthcare sector.

Few industries (financial services being another), have been as scrutinized over data security and privacy issues as healthcare. With the advent of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, hospitals, clinics, private practices, health insurers and others in the industry have had to become super diligent about protecting patient information.

Read More

Financial Services: High-risk security, by the numbers

Oct 21 by Robert Krauss

Our latest addition to the industry-by-industry security analysis series is financial services.

Financial services companies in the U.S. lost an average of $23.6 million from cyber-security breaches in 2013, the highest average loss across 26 industries, according to a report from the Deloitte Center for Financial Services. The study by the consulting firm, entitled "Transforming Cybersecurity: New Approaches for an Evolving Threat Landscape", notes that the growth in cyber-crime has continued, if not accelerated, in the industry.

A huge majority (88%) of the cyber-security attacks against financial services firms are successful in less than one day, the report says. On the other hand, only 21% of the attacks are discovered within a day, and only 40% of the companies involved are able to restore their business within that one-day time frame.

Read More

SSL v3 vulnerability: this POODLE eats secure cookies

Oct 15 by Shaun Donaldson

What this is:

  • A method to compromise communication encrypted by SSL v3 (meaning: access secure cookies, thereby gaining access to session information)

What this is not:

  • A direct method of compromising endpoints

What is required:

  • A node capable of intercepting traffic between two nodes; a “bump on the wire”

  • The nodes at each end (client and server) are willing to fall-back to SSL v3

 

Original announcement

Original publication

Read More

SSL v3 Vulnerability - Remedies and What You Can Do

Oct 15 by Shaun Donaldson

 

If you are running systems that maintain SSL 3.0 compatibility, you are advised to define a Signaling Cipher Suite Value (SCSV) to prevent unintended protocol downgrades between clients and servers when both parties support a higher version of the protocol.

Disabling fallback to lower protocols is different from operating system to operating system. Here are some guidelines for the most frequently used webservers:

Read More

Shadow IT and Educational Moments

Oct 09 by George V. Hulme

One of the most serious security challenges for enterprises today is the ease with which users can sidestep IT for the apps and information services they need. The danger is especially high when these employees are also creating and accessing confidential or regulated information. It means this data is sprawling out to apps and clouds that may not have the necessary controls to keep all of this data safe.

What makes this condition worse is that many companies don’t even believe this is going on within their organizations until they are forced to actually see it happening. For instance, just a few weeks ago I was sitting in on a live demo of a network monitoring application at a local company. The CIO there was positive that there was not any “unsanctioned” cloud apps running on their network. I told him I found that hard to believe, but would be impressed if it was so.

Read More

Manufacturing: Big Industry, Big Security Challenges

Oct 08 by Robert Krauss

In this latest installment in our series of profiles on security and compliance issues and challenges in various industries, we take a look at the manufacturing sector.

This industry, particularly if we include consumer goods, presents a broad range of companies. And of course security threats can vary depending on what types of products a company makes.

But in general, companies that make goods and equipment are particularly prone to theft of information about how they produce things, especially for high-priced or high-demand items. Given the growth of business competition worldwide, manufacturers these days should expect to be the target of theft of trade secrets and intellectual property via corporate espionage.

For value-added resellers (VARs) and managed services providers (MSPs), the opportunities to assist clients in this sector are plentiful. For one thing, it’s a huge industry. For another, it has a host of information security concerns.

Read More

Managed Service Providers: drivers for competitive advantages? Part 2

Oct 02 by Madalin Dobre

This is a continuation of my previous blog post which aims to discuss the near future scenario of extreme competition among Managed Services Providers (MSPs).

Differentiation among MSPs will mostly circle around go-to-market areas like marketing, sales and strategic capabilities as technology advantages will not hold for long, given high speed of wide adoption of new technologies.

In Part 1 we covered the Marketing perspective and in this blog post we will cover the Sales perspective and the Strategic perspective.

 From a Sales perspective there is a huge difference between selling boxes and selling services. The second needs a consultative approach for convincing customers to sign a service contract. Consultative selling needs dedicated sales teams for each type of service (e.g. managed and cloud services). Acknowledging the different sales roles (e.g. farmers and hunters) is preferred when dealing with both up-selling and attracting new customers.

Read More