Recommendations for improving the security posture of your organization |
 Typically organizations perform a “point in time” check of their security and compliance requirements and then fix whatever problems they find at that time. Innovative IT performs programmatic assessments that look at the processes and governance of your organization to determine if those “point in time” checks are being maintained throughout daily operations. Security Awareness Training is the number one recommendation for improving the security posture of your organization. Read Interview>>
|
How to monetize digital content |
 MonetizeDigital has several platforms that allow publishers to convert traffic into revenue. Our two premier solutions are The Spotlight Tool and The Content Locker. The Spotlight Tool presents website visitors with advertisements in-between pages that they can then interact with or bypass until arriving at the content of their choice. This is really great for targeting. The Content Locker is an alternative to a paywall or digital subscription, giving users a way to view premium content without paying a fee by instead interacting with a brief advertiser-sponsored survey, quiz or game before viewing the content. Read Interview>>
|
High-level approach CIOs and CSOs should take when it comes to social networks and mobile devices |
 Executives should consider that it is their responsibility to provide the tools needed by their employees including mobile devices and data plans. Social networks can be an invaluable resource for employees and companies to provide collaboration (think LinkedIN) as well as for information sharing with customers. As to allowing employees to update their Facebook and other status every 10 minutes at work…well that is an old problem. Goofing off and not doing work at work started a long time before Facebook. Read Interview>>
|
What CIOs and CSOs need to know about cloud based collaboration |
 From a management and protection perspective, cloud systems need at least the same processes and controls as traditional systems. On top of availability contingencies, like disaster recovery plans, they need strong authentication so that only the right people get access, they need strong authorization so that authenticated users have access to only the right resources, and actual access activity needs to be monitored and reportable. Content needs to be monitored to make sure that regulated content is stored appropriately and accessible to only the right users. Read Interview>>
|
What are the considerations an organization should look at before deciding to move to the public cloud |
 For many organizations, the essential questions about cloud security, compliance, visibility and end-to-end control of data remain unanswered. Organizations should start by looking at the sensitivity of the data involved. They need to define and systematically adhere to a sound data classification policy to determine the control mechanisms needed to protect sensitive data. While this principle also applies to on-premises systems, risks derived from having no data classification policy or one that is incorrect are greater in the cloud because data might not be afforded the appropriate protective measures. Read Interview>>
|
What auditors are looking for when they drill into the level of security risks of privilege creep |
 Whenever someone uses their administrative-level privileges, you should always know that and be able to track and report on how privileges are used. For example, when an administrator creates a policy or uses his privileges to create an account, there should be a corresponding audit log that tracks the administrator’s actions and activity. This way, audit teams gain a clear understanding of which privileges are being utilized by the IT team. During a corporate audit, it is critical to have the ability to identify the administrators who are enforcing your privilege policy rules. Read Interview>>
|
How individual Internet users can secure their online identity, including email, social media accounts, and more |
 Traditional authentication technologies have been costly to deploy, but this may not be the main barrier if the same identity and authentication token can be re-used across multiple devices and applications. To address this, the world needs a global open identity standard where the range of authentication technologies, on a competitive market, can be re-used across any number of services. An easy and secure way for individuals to get in control of their online identity and Internet passwords is to use a password manager supporting two-factor authentication. Read Interview>>
|
Misperceptions about the risk of mitigating cloud servers |
 The greatest barrier to managing security in the cloud is elasticity. Traditional security has never been designed to scale efficiently. Sure – it’s been designed to support large infrastructure; but it hasn’t been built to scale on-demand. Hence, traditional controls are not nearly as elastic as the cloud infrastructure, which presents a nightmare scenario for IT security professionals. Take the firewall, for example. In a traditional datacenter you might have 100 servers behind a single, perimeter firewall. In the cloud, however, there is no perimeter, so instead of managing a single perimeter firewall you’re managing the firewalls for all 100 servers. Read Interview>>
|
Why organizations should consider private wireless mesh infrastructure and access network solutions |
 Firetide has built a reputation as a leader in providing a reliable and secure wireless mesh infrastructure uniquely capable of meeting the demanding performance requirements of real-time video applications. While our mesh products are an excellent solution for environments where video surveillance is required, the mesh infrastructure is a foundation for additional network-based applications. This single infrastructure is used to support multiple applications simultaneously for homeland security and public safety; transportation; municipal services; and industrial applications. Read Interview>>
|
Best way for enterprises to secure their networks with overall acceptance of a BYOD policy |
 There are a surprisingly small number of enterprises that have a mobile device policy or actively enforce it. Overlooking the need for a mobile security policy can lead to outrageous costs and damage to an enterprise resulting from data leakage. Just this week it has become public that Visa and MasterCard may have suffered a breach with over 10 million compromised card numbers. A professional cyber criminal will hack into IT systems, silently compromise data, and leave the enterprise oblivious that information is now for sale in the cybercrime marketplace. Read Interview>>
|
Brendan Ziolo gives security predictions for 2012 |
 As mobile malware continues to grow, Android malware will become more sophisticated, more dangerous and will begin to make money for the cybercrimnal as part of the underground economy. Rootkit technology will be used to conceal the malware and command and control (C&C) protocols will become more robust. This mobile malware will evolve so it can disable security features on the device and protect itself from removal. We’ll quite likely see the first Android malware that can exploit vulnerabilities in a network app to allow phone-to-phone infections via the Internet connection on Android devices in 2012. We’ll also see stealthier botnets next year too. This year, we saw the takedown of the largest botnet, DNSChanger, to date, but this was only the tip of the iceberg. In 2012, we will see more super-bots that spread silently using existing infection vectors, bury themselves using stealth rootkit techniques and make every effort to remain undetected. Read Interview>>
|
Social innovation, crowdsourcing, idea management, game mechanics, and collaboration |
 Companies which operate in highly commoditized markets, consumer packaged goods, pharma, and banking, for example, have begun to demonstrate they can really pull away from their competitors using social innovation tools. They’re the ones who understood first that crowds can help them in a way that their old-paradigm research and development functions couldn’t. Our observation is that most other industries have begun to follow their lead now that results are coming in. Not only does social innovation encourage engagement at scale it also gives the employees a sense of purpose which increases productivity. Read Interview>>
|
Zero-Day Attacks, Cybercrime and Advanced Persistent Threats |
 Signature and statistical-based security technologies, operating on assumptions of either a need for attack foreknowledge or using a narrow scope of analysis always will be chasing the attacker. Even so-called “malware protection systems” simply employ basic techniques to look for certain behavioral attributes in a sandbox and create IPS signatures, but they too miss many types of attacks. Security must be data-centric to be effective both today and in the next three years. All network-based security will operate from the perspective of full access to all network traffic and the ability to perform various types of real-time and specialized analysis. Read Interview>>
|
SaaS ERP and Premise ERP and staying at the forefront of technology and innovation |
 As companies continue to embrace cloud applications and cloud deployment strategies, the need to port their ERP systems from an on premise to an on demand environment quickly and without risk, will become increasingly important and a competitive differentiator in choosing an ERP provider. QAD is pleased to be the only company, we believe, to deliver both deployment independence and deployment portability. QAD Enterprise Applications’ scalability allows companies with as few as five users and as many as thousands to use the same applications and levels the playing field for local companies to operate the same as global organizations. Read Interview>>
|
Security threats, insider threats and data breaches, zero trust access controls, and the WikiLeaks incident |
 Insider threats are on the rise. Insider breaches are a result of an individual – usually a current or former employee, vendor or contractor – with improper access controls. The scary truth is many government agencies and organizations haven’t invested in adequate technology to manage insider threats. As a result, they’re falling victim to unnecessary breaches. WikiLeaks is a perfect example of a breach that could have been prevented with proper access controls. Access controls are critical to fighting insider threats. Least privilege and roll-based access controls, logging and policy enforcement technology all help detect malicious insider activity before it’s too late. Read Interview>>
|
Layered security and rise of “Social Authentication” and “Social Protection” |
 From providing certificates that put the trusted padlock on websites to patented technologies that lets internet users verify legitimate web content from faked content, Comodo empowers businesses and consumers to authenticate each other and protect their digital identities. Comodo provides a growing range of Identity and Trust Assurance encryption, verification and authentication services and security applications for business users, as well as for consumers. Comdo's solutions work across all platforms, including Linux. In addition, Comodo offers the only free online website identity assurance database (idAuthority) - maintained by a worldwide dedicated team of engineers at Comodo's Digital Trust Lab. Users can research any online business through Comodo. Read Interview>>
|
