February 14, 2014

Erasing SSDs: Security is an issue
The bright spot was encrypted SSDs, effectively deleting the encryption key makes the stored data useless. The one concern forwarded by the researchers is that there is no way to verify that the memory locations storing the encryption key data were sufficiently sanitized. The research team did not come out and say it, but reading between the lines has one believing there is no reliable way to sanitize SSDs other than physically destroying the device.

How to Optimize Your Enterprise Storage Solution
For enterprises that want their own internal data storage, it is best to start with network attached storage (NAS). A NAS filer is basically an extra server that connects to a network and rapidly adds extra storage to that network. However, at a certain point, too many NAS filers can overwork the local area network (LAN), affecting performance. When a NAS starts becoming too slow, creating a storage area network (SAN) is the next best step. A SAN is a collection of connected computers that are used solely for storing data.

Dozens of rogue self-signed SSL certificates used to impersonate high-profile sites
Such attacks involve intercepting the connections between targeted users and SSL-enabled services and re-encrypting the traffic with fake or forged certificates. Unless victims manually check the certificate details, which is not easy to do in mobile apps, they would have no idea that they're not communicating directly with the intended site. In order to pull-off man-in-the-middle attacks, hackers need to gain a position that would allow them to intercept traffic.

Cyberthreats: Know thy enemy in 2014
Defending a large network has never been harder. Expensive perimeter protection systems, complex host-based malware detection and even whitelisting systems have crumbled as attackers perfect an almost unbeatable pair of attacks: spear phishing and watering holes. Both attacks apply an age-old strategy: If a defense is too complex to beat head-on, bypass it. At the same time, social engineering, the Internet of Thingsand the combination of traditional Web applications, embedded applications and networked devices often with "versions" of Microsoft or Linux operating systems, present untold security challenges.

The Rise and Fall of Western Innovation
The main cause of this decline, according to Phelps, is corporatism—the inevitable tendency of businesses, workers, and other interests to band together to protect what they have. In modern economies, he says, corporations, unions, and other interests turn government into an agency for forestalling change and preserving the status quo. This problem has been worse in Europe than in the U.S., which is why productivity and per capita incomes in Europe have persistently lagged.

Workday: Linking technology design and user experience
We can hardly overstate the importance of software that users can easily adapt over time to changing business needs. Historically, it was difficult for users to change software rules and functionality in response to conditions such as a merger or new regulations. The software was inflexible, so these changes often required programmers to code customizations so the software could meet specific business requirements. A recent Gartner report explains the negative long-term impact of these customizations:

Mid-Level Leaders: Key Stakeholders, Agents of Change or Both?
It has come to my attention that a heightened focus on mid-level, or emerging, leaders has taken the industry by storm. However, I’m not just talking about the leadership development industry. This focus is being seen across many industries, pharmaceuticals and energy, in particular. Upon further reflection, it became clear why this is the case: both industries are facing major change initiatives, and mid-level leaders have been proven to be the most effective at managing change and ambiguity in the workplace.

Measuring the effectiveness of your security awareness program
Granted, measuring security effectiveness is not as straightforward as measuring a manufacturing process. There are many variables that are simply outside of one's direct control. In fact, a recent ISACA report conceded, "...security is contextual and not an isolated discipline; it depends on the organization and its operations. Furthermore, effective security must take into account the dynamically changing risk environment within which most organizations are expected to survive and thrive." All the more reason that improvements be addressed wherever possible!

Solving the Gordian Knot of Chronic Overcommittment in Development Organizations
There is no debate that the end result of these changes will be good for MegaRetail, but Claes already has hundreds of projects in various states of progress and the question remains whether there are enough people to staff these additional projects? There was no understanding or acceptance in the meeting that the IT department teams are already busy. In addition, the Marketing Director somewhat heavy handedly reminded Claes that business drives the company forward and IT is to be a supporting function and not a roadblock.

CEO Need-to-Know: Enterprise Cloud needs the SDDC
The vast majority of global enterprises today have in one way or another raised the prospect of a move to the Cloud. Yet fewer than 29 percent expect to be running the majority of their IT operations in the Cloud within the next 5 years[1]. Fact is that everyone’s talking about the Cloud, but few have defined it, much less created a strategy around it . Why? Because you can’t very well migrate well if you don’t know what to pack. Yet the promise of the Cloud is very real; the opportunities that a Cloud model presents can be significant for the enterprise that gets it right.

Quote for the day:

"I am not discouraged, because every wrong attempt discarded is another step forward." -- Thomas A. Edison