As we’ve seen in recent years, natural disasters can lead to long-term downtime for organizations. Because earthquakes, hurricanes, snow storms, or other events can put data centers and other corporate facilities out of commission for a while, it’s vital that companies have in place a comprehensive disaster recovery plan.
Disaster recovery (DR) is a subset of business continuity (BC), and like BC, it’s being influenced by some of the key trends in the IT industry, foremost among them:
- Cloud services
- Server and desktop virtualization
- The proliferation of mobile devices in the workforce
- The growing popularity of social networking as a business tool
These trends are forcing many organizations to rethink how they plan, test, and execute their DR strategies. CSO previously looked at how these trends are specifically affecting IT business continuity; as with BC, much of the impact they are having on DR is for the better. Still, IT and security executives need to consider how these developments can best be leveraged so that they improve, rather than complicate, DR efforts.
Head over to the source and see how IT disaster recovery is being impacted by each of the four.
- 33 Cloud Service Providers Join Zerto Cloud Disaster Recovery Ecosystem (sys-con.com)
- Symantec and Microsoft team for disaster-recovery service (techworld.com.au)
- Colocation’s role in Disaster Recovery & Business Continuity (cashzilla.wordpress.com)
Proof that there is always risk with technology despite advances.
The same flexibility and freedom companies get from having their software and services hosted in the cloud is enabling cybercriminals to conduct highly automated online banking theft — without doing much of the necessary information processing on their victims’ own computers.Security and privacy experts have long worried that criminals would launch attacks on the servers storing the data in cloud environments. But, a report released this week from McAfee and Guardian Analytics shows that criminals are now using the cloud infrastructure itself to get more capability out of their campaigns.”They are leveraging the cloud,” Brian Contos, senior director of emerging markets at McAfee, said in an interview. “This is the first time we’ve ever seen this.”
Read all the details: Cybercrime moves to the cloud | Security & Privacy – CNET News.
- Q&A of the Week: ‘The current state of the cybercrime ecosystem’ featuring Mikko Hypponen (zdnet.com)
- Debunking cybercrime myths (lightbluetouchpaper.org)
- Cybercriminals build massive banking fraud system in the cloud (pcadvisor.co.uk)
Are you placing active filters on data leaving?
The purpose of a firewall has been burned into the head of just about every person who uses the Internet, and the thought of functioning without protection from the bad people is sheer lunacy.
However, nearly all firewalls are unidirectional. They may protect you from nefarious pokes and prods from the nether regions of the Internet, but they’ll happily ship out any data you send from the inside. Only at the higher levels of enterprise IT do you see active filters for data leaving the network.
Paul Venezia makes a great point at the end:
As in so many facets of IT, to be forewarned is to be forearmed. The
quest for true network security and visibility is an ongoing struggle,
and even with all the notice in the world, there’s no winning this arms
race. But that doesn’t mean we can just quit. If you’re not watching
your outbound traffic now, plan on doing so as soon as possible. Whether
you start with something as “simple” as NTop or go for the big guns like the NIKSUN device, it’s a worthwhile investment of time and money — kinda like firewalls.
Read more at: The firewall threat you don’t know | Data Center – InfoWorld.
- Firewall Management 201: Firewall Policies are not a Black or White Decision (algosec.com)
- Stupid security mistakes: Things you missed while doing the hard stuff (infoworld.com)
- Beyond the Firewall: What You Need to Know About Threats and Security in 2012 (thesecuritysamurai.com)
It’s that time again where CompTIA updates its’ Network+ exam.
CompTIA released its updated CompTIA Network+ exam (English only, initially) on Dec. 1. The revised Network+ objectives address virtual networking and give increased attention to network security and coverage of the seven-layer OSI (Open System Interconnection) model. Click here to download a breakdown of exactly what is covered on the new exam.
Here’s what ComTIA’s research showed:
CompTIA research on US Small and Medium Businesses (SMBs) found that network efficiency and robustness were among the top items SMBs plan to address immediately, paving the way for other strategies such as cloud computing or unified communications.
Forty-eight percent of server technicians surveyed by CompTIA say that deeper networking knowledge is required when supporting servers in a cloud environment.
Among server technicians and managers of server technicians, 28% say that virtualization is a current focus, but 60% say that it is becoming a larger focus.
An interesting prediction by Gartner.
“The need for computing hardware, either in a data center or on an employee‘s desk, will not go away,” Gartner said. “However, if the ownership of hardware shifts to third parties, then there will be major shifts throughout every facet of the IT hardware industry. For example, enterprise IT budgets will either be shrunk or reallocated to more-strategic projects; enterprise IT staff will either be reduced or reskilled to meet new requirements, and/or hardware distribution will have to change radically to meet the requirements of the new IT hardware buying points.”
If Gartner is correct, the shift will have serious implications for IT professionals, but presumably many new jobs would be created in order to build the next wave of cloud services.
But it’s not just cloud computing that is driving a movement toward “decreased IT hardware assets,” in Gartner’s words. Virtualization and employees running personal desktops and laptops on corporate networks are also reducing the need for company-owned hardware. (Source: InfoWorld)
Check the source link above to see other Gartner predictions.
Related articles by Zemanta
- Gartner issues its own 2012 prediction: end of IT as we know it (blogs.zdnet.com)
- 5 must-have IT management technologies for 2010 (computerworld.com)
- Microsoft, HP push businesses to clouds (news.cnet.com)
- Gartner predicts: Mobile Web overtakes PCs, Facebook wins, more outsourcing (seattletimes.nwsource.com)
The best way may be encryption.
Well, if you want to take a significant step in keeping prying eyes away from your electronic correspondence, one good encryption technology that predates Google altogether is worth looking at. It’s called public key encryption, and I’m sharing some instructions on how to get it working if you want try it.
Unfortunately, better security typically goes hand in hand with increased inconvenience. But some human rights activists who used Gmail right now likely wish they’d put up with a little hardship to help keep hackers at bay. I’m not going so far as to recommend you use e-mail encryption, but I think this is a good time to take a close look at it.
Just be prepared for a major drawback.
Weighed against the encryption advantages of privacy and message signing is the fact that you’ll lose access to service you may like or depend on.
When you see an encrypted e-mail in the Web-based Gmail, it’s gibberish. Google doesn’t index it, so Gmail search doesn’t work. And the strong points of cloud computing–reading your e-mail from your mobile phone, your friend’s computer, a computer kiosk on the airport–isn’t possible. You’re once again anchored to your PC with the encryption software installed. (Source: CNET)
In the end it all depends on the importance of the data.
Related articles by Zemanta
- Want really secure Gmail? Try GPG encryption (news.cnet.com)
- Google Turns on Gmail Encryption to Protect Wi-Fi Users (wired.com)
- The Lock That Says ‘Pick Me’ (nytimes.com)
Security professionals are facing the difficult challenge of extending security requirements to take advantage of cloud computing and software-as-a-service applications.
Particularly difficult is finding ways to secure the new boundaries between the enterprise, the cloud service and the end user while managing dependencies on off-premise infrastructure and privileged operators. And they have to do all this without inhibiting flexibility and agility.
It’s a challenge that security professionals have to overcome when considering this.
Research firm IDC predicts that 76% of U.S. organizations will use at least one SaaS-delivered application for business use by the close of 2009. Cloud-based services adoption is being driven by the business performance benefits and realized cost efficiencies. This isn’t new for those of us in IT. Mission critical information already is handled in the cloud for companies that outsource email services or maintain customer information in CRM systems such as Salesforce.com. The challenge for security teams is to safely integrate extended cloud capabilities into corporate policies and procedures.
The best approach?
Forrester recommends the usual checklist of cloud security requirements that any enterprise would have for internally hosted applications. Authenticate users and control access to applications, tightly log and audit privileged operations, protect sensitive data to prevent loss and meet compliance mandates, and reduce risk with rigorous vulnerability management, according to Forrester. Take into account differences in the SaaS vendor’s infrastructure and business practices when evaluating the sensitivity to security. For instance, expect the cloud vendor to be replicating data between data centers for performance and business continuity and expect to have a degree of shared resources with virtualized application environments. (Source: Cloud security begins with infrastructure assessment – Search Security.com)
Click the source to read the whole thing.
Related articles by Zemanta
- There’s no escaping the cloud (theregister.co.uk)
- Developing Guidelines For Cloud Usage, Lessons From Social Media Gaffes (cloudave.com)
- Unisys Looks to Safely Move Business Apps to the Cloud (techcrunchit.com)
- Way beyond the edge and de-perimeterization (deurainfosec.com)
highlighted on FriendFeed.
Israeli Government Sites Attacked in January (June 15, 2009) – http://www.sans.org/newslet…
Vuln: Apple Safari ‘parent/top’ Cross Domain Scripting Vulnerability – http://www.securityfocus.com/bid…
Vuln: WordPress Photoracer Plugin ‘id’ Parameter SQL Injection Vulnerability – http://www.securityfocus.com/bid…
NASA Heads Back to the Moon for First Time in Decade – http://www.foxnews.com/story…
Intel toots its research horn for chips–and more – http://news.cnet.com/8301-10…
A facelift for Facebook in-boxes, but is it enough? – http://news.cnet.com/8301-13…
Microsoft’s free antimalware beta on the way – http://news.cnet.com/8301-10…
Database monitoring, encryption vital in tight economy, Forrester says – http://searchsecurity.techtarget.com/news…
Virtual appliances boost flexibility, improve security – http://searchsecurity.techtarget.com/news…
Clocking Windows netbook performance – http://www.infoworld.com/d…
Vuln: Linux Kernel ‘/proc/iomem’ Sparc64 Local Denial of Service Vulnerability – http://www.securityfocus.com/bid…
Vuln: Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability – http://www.securityfocus.com/bid…
Legal Issues are Hazy for Cloud Computing – http://information-security-re…
MasterCard Beefs Up Security Requirements – http://www.cio.com/article…
No Virtualization Skills? Better Get Started – http://www.cio.com/article…
Spammers Cashing in on Twitter, Iran and New IPhone – http://www.cio.com/article…
Microsoft veteran launches Twitter search engine – http://news.cnet.com/8301-13…
Criminal network to trade botnets and malware uncovered – http://www.scmagazineus.com/Crimina…
Why did Amazon open-source its Kindle software? – http://www.infoworld.com/d…
Slowloris HTTP DoS – http://ha.ckers.org/blog…
as they move to cloud services.
Companies are under increased pressure to cut costs and are turning to a variety of Web-based services, from online collaboration tools to social networking platforms, without considering the increased risks they pose and in some cases failing to inform IT security.
Two studies released today from EMC‘s RSA security division address the increased risks posed by cloud-based services and social networking. The 2009 IDG Research Services survey, commissioned by RSA, surveyed 100 security executives at companies with revenues of $1 billion or more. It found that many organizations lack a security strategy to address the risks associated with cloud-based services.
Nearly half of those surveyed either have enterprise applications or business processes running in the cloud or are beginning migration in the next 12 months. Yet, two-thirds do not have a security strategy in place for cloud computing, the survey found.
“The rapid adoption of nascent Web, social and mobile technologies combined with the rising use of outsourcing is quickly dissolving what remains of the traditional boundaries around our organizations and information assets,” Art Coviello, executive vice president at EMC and president at RSA said in a statement.
It is the third study in recent months that address the risks associated with the growing use of Web-based services. (Source: RSA council addresses growing security risks in the cloud – Search Security)
Very troubling. Read the whole thing.
Related articles by Zemanta
- If In Doubt, Choose an Emotive Headline (cloudave.com)
- Cloud Computing Security Framework May Nudge The Enterprises Towards Clouds (cloudave.com)
- Be careful putting your trust in the clouds (guardian.co.uk)
- Introducing the Cloud Security Alliance (not by ruv) (elasticvapor.com)