February 18, 2016

Securing A Mid-Sized Enterprise

Why the confusion? Security is a combination of education with the usual people, process and technology equation. For the medium size enterprise this can be a tough equation to solve given limited resources and budget. With the demand for security engineers increasing by 74% over the last three years and 30%-40% of security projects ending up in failed implementations, demonstrating no value to the enterprise, it is easy to see why. So, how do security managers succeed with the odds seemingly stacked against them? There are two forces crossing in the industry, which if leveraged appropriately, can help enterprises close their security gap. First, from a technology perspective we are at a point where products have matured to the point where consolidation is possible without the loss of protection.


Patch now to eliminate glibc remote access security risk

The glibc flaw could also enable a hacker to compromise apps and gain control of systems that access a hacker-controlled domain name system(DNS) used to translate domain names to actual machine IP addresses, either directly or through a man-in-the-middle attack, according to Patrick Carey of Black Duck, which helps organisations to secure and manage open-source software. Now that the bug has been reported publicly, Carey said the race is on between development teams and those who would try to exploit the vulnerability. “As soon as your operating system distro has a patch, get it,” said Paul Ducklin, senior technologist at Sophos. Red Hat is reportedly one of the first Linux distributions to release a patch for the flaw in glibc 2.9 and later in collaboration with Google. Other Linux distros are expected to follow.


How CIOs Become Invaluable In the Age of SaaS

Whether you agree with the Gartner prediction or not, it’s fair to say it’s stirred up a debate about the viability of the CIO in the age of SaaS and XaaS. There just might be a plus side here: Maybe all this back and forth has started what is actually ahealthy discussion about the role of CIOs in this evolving tech space. Longevity is possible, though, if CIOs can re-hone their focus on leveraging their skills to developing robust infrastructure to support company scale, securing complex networks and creating a tech environment where company employees can thrive in productivity; hardly an easy task.


Cyber-Security: The Best Plan Of Action To Keep Your Data Safe

"What we need is a mechanism for situational awareness," Song said. Once something is spotted that breaks the pattern of normal usage, the IT manager can respond by containing the threat. Here, Song falls back on biology to provide an analogy. The response would be no different than antibodies fighting an infection. ... Cyber-security gets especially tricky when one considers the "insider threat" -- the disgruntled employee who has access to your data. "How do you create a defense in depth and create vigilance without destroying a culture of trust?" Powers said. At Deloitte, the cyber risk team works hand-in-hand with a human capital team, using behavioral psychologists to figure out what constitutes normal corporate behavior, and what does not. The challenge is to spot those workers who are acting


Robot restaurants and sci-fi kitchens: How tech is changing the way we eat

Still in its early stages, the system has three basic inputs users can control: selecting a choice of ingredient, a particular country's cuisine, and a type of dish. Once the parameters are set, the system will offer up tens of potential suggestions for dishes, which can then be narrowed down according to preference — more surprising dishes could be bumped up the list, or dishes that are less surprising, but have a higher chance of tasting good, could be selected. Eventually, the system could one day be packaged up and offered to home cooks as an app, able to take information from the user's Instagram feed or their grocery list, and customise its results accordingly to make meal suggestions. Does every smartphone snap show you're ordering a burrito?


Don't Design For Mobile, Design for Mobility

Technology has been gaining awareness of what we do, where we go and who we relate to. For a while, it seemed like mobile phones would be the single point of contact for technology to learn about our context, for they were the only “smart” device we were carrying with us. This, of course, is no longer true; smartwatches, fitness wristbands and other wearables possess sensors (like heart-rate monitors and pedometers) that wouldn’t make sense for a mobile phone. So in reality, how much of our context an app or platform can capture doesn’t depend on a single device, but rather a combination of several touchpoints—think about how Facebook determines if you are logging in from an “unusual” location. We need to consider how much we can know about a user’s environment given all the devices that they might have available at a given time.


Why IT is Needed to Simplify Information Governance

In fact, that quick-fix approach has the potential to do more harm than good. Outdated and irrelevant documents take up space and make important documents much harder to find, creating inefficiencies within an organization. Additionally, the more data stored, the greater the potential for damage from an eventual breach. With this data deluge, it’s important for organizations to get IT on board with IG by participating in the implementation of an IG plan. Central to that plan may be automation technology. Currently, IG relies heavily on employees for the most crucial tasks, making it harder for them to focus on their jobs and more difficult to ensure accuracy and compliance. IG needs automation. There are new technologies that can automate key governance activities, enabling organizations to better protect and manage information in all its forms – paper and digital.


White-hat hackers key to securing connected cars

McSweeny says that she is a frequent visitor to security conferences, where researchers often demonstrate tactics for hacking into a vehicle's system. ..."The auto industry, in my view, would be well-served by following the lead of the information technology industry, which has developed ways to work with hackers, rather than against them. For years, technology companies fought a losing battle in security by threatening hackers, and now many firms have established bounty programs and conferences where researchers are invited to find and report flaws in programs and products. They recognize that bringing researchers to the table and crowdsourcing solutions can be an effective way of staying ahead of cyberthreats," she says.


Implementing better compliance programs

One of the biggest challenges facing firms today is how to implement new compliance programs without interrupting normal business functions. As investment in the sector increases, many are looking for ways to measure returns to make sure that compliance efforts are meeting regulatory requirements and enhancing business functions. While it can be challenging to measure ROI on compliance, new technologies and analytics can help officers demonstrate the importance of increasing transparency and offer valuable insights into how businesses are running, said Vincent Walden, partner at Ernst & Young, and the Fraud Investigation and Dispute Services In this third of three series on compliance, panelists discuss the challenges of valuing compliance efforts and the ways firms can help quantify their investments.


When all smartphones are identical and nearly free, only services matter

There will be significant opportunities for third party suppliers for this sort of thing, because this is the crux of where the value add from Apple and Google comes from today and why they continue to be attractive to consumers. All of these services from Apple and Google will have drop-in replacements. True, they might not necessarily be as polished or as mature, or as seamlessly integrated, but for a fraction of the cost, many consumers in many markets will be willing to use them. The key word here is "partnerships". Partnerships between carriers and cloud service providers, partnerships between service providers and SaaS and content providers, partnerships between drop-in OS vendors and all of the above, et cetera.



Quote for the day:


"A leader has the vision and conviction that a dream can be achieved.He inspires the power and energy to get it done." -- Ralph Nader