Blog Archives

IT Disaster Recovery and Tech Trends

 

As we’ve seen in recent years, natural disasters can lead to long-term downtime for organizations. Because earthquakes, hurricanes, snow storms, or other events can put data centers and other corporate facilities out of commission for a while, it’s vital that companies have in place a comprehensive disaster recovery plan.

Disaster recovery (DR) is a subset of business continuity (BC), and like BC, it’s being influenced by some of the key trends in the IT industry, foremost among them:

  • Cloud services
  • Server and desktop virtualization
  • The proliferation of mobile devices in the workforce
  • The growing popularity of social networking as a business tool

These trends are forcing many organizations to rethink how they plan, test, and execute their DR strategies. CSO previously looked at how these trends are specifically affecting IT business continuity; as with BC, much of the impact they are having on DR is for the better. Still, IT and security executives need to consider how these developments can best be leveraged so that they improve, rather than complicate, DR efforts.

Source: 4 tech trends in IT disaster recovery | Data Center – InfoWorld.

Head over to the source and see how IT disaster recovery is being impacted by each of the four.

 

Advertisements

“Cybercrime moves to the cloud”

Proof that there is always risk with technology despite advances.

The same flexibility and freedom companies get from having their software and services hosted in the cloud is enabling cybercriminals to conduct highly automated online banking theft — without doing much of the necessary information processing on their victims’ own computers.Security and privacy experts have long worried that criminals would launch attacks on the servers storing the data in cloud environments. But, a report released this week from McAfee and Guardian Analytics shows that criminals are now using the cloud infrastructure itself to get more capability out of their campaigns.”They are leveraging the cloud,” Brian Contos, senior director of emerging markets at McAfee, said in an interview. “This is the first time we’ve ever seen this.”

Read all the details:  Cybercrime moves to the cloud | Security & Privacy – CNET News.

“The firewall threat you don’t know”

Are you placing active filters on data leaving?

Simulação da participação de um Firewall entre...

(Photo credit: Wikipedia)

The purpose of a firewall has been burned into the head of just about every person who uses the Internet, and the thought of functioning without protection from the bad people is sheer lunacy.

However, nearly all firewalls are unidirectional. They may protect you from nefarious pokes and prods from the nether regions of the Internet, but they’ll happily ship out any data you send from the inside. Only at the higher levels of enterprise IT do you see active filters for data leaving the network.

Paul Venezia makes a great point at the end:

As in so many facets of IT, to be forewarned is to be forearmed. The
quest for true network security and visibility is an ongoing struggle,
and even with all the notice in the world, there’s no winning this arms
race. But that doesn’t mean we can just quit. If you’re not watching
your outbound traffic now, plan on doing so as soon as possible. Whether
you start with something as “simple” as NTop or go for the big guns like the NIKSUN device, it’s a worthwhile investment of time and money — kinda like firewalls.

Read more at:  The firewall threat you don’t know | Data Center – InfoWorld.

New Network+ Exam Strengthens Objectives

It’s that time again where CompTIA updates its’ Network+ exam.

CompTIA released its updated CompTIA Network+ exam (English only, initially) on Dec. 1. The revised Network+ objectives address virtual networking and give increased attention to network security and coverage of the seven-layer OSI (Open System Interconnection) model. Click here to download a breakdown of exactly what is covered on the new exam.

Here’s what ComTIA’s research showed:

CompTIA research on US Small and Medium Businesses (SMBs) found that network efficiency and robustness were among the top items SMBs plan to address immediately, paving the way for other strategies such as cloud computing or unified communications.

Forty-eight percent of server technicians surveyed by CompTIA say that deeper networking knowledge is required when supporting servers in a cloud environment.

Among server technicians and managers of server technicians, 28% say that virtualization is a current focus, but 60% say that it is becoming a larger focus.

Enhanced by Zemanta

Dump IT assets and move to cloud?

An interesting prediction by Gartner.

Cloud computing will become so pervasive that by 2012, one out of five businesses will own no IT assets at all, the analyst firm Gartner is predicting.

The shift toward cloud services hosted outside the enterprise’s firewall will necessitate a major shift in the IT hardware markets, and shrink IT staff, Gartner said.

“The need for computing hardware, either in a data center or on an employee‘s desk, will not go away,” Gartner said. “However, if the ownership of hardware shifts to third parties, then there will be major shifts throughout every facet of the IT hardware industry. For example, enterprise IT budgets will either be shrunk or reallocated to more-strategic projects; enterprise IT staff will either be reduced or reskilled to meet new requirements, and/or hardware distribution will have to change radically to meet the requirements of the new IT hardware buying points.”

If Gartner is correct, the shift will have serious implications for IT professionals, but presumably many new jobs would be created in order to build the next wave of cloud services.

But it’s not just cloud computing that is driving a movement toward “decreased IT hardware assets,” in Gartner’s words. Virtualization and employees running personal desktops and laptops on corporate networks are also reducing the need for company-owned hardware. (Source: InfoWorld)

Check the source link above to see other Gartner predictions.

Reblog this post [with Zemanta]

Securing Gmail

Google Inc.
Image via Wikipedia

The best way may be encryption.

Well, if you want to take a significant step in keeping prying eyes away from your electronic correspondence, one good encryption technology that predates Google altogether is worth looking at. It’s called public key encryption, and I’m sharing some instructions on how to get it working if you want try it.

Unfortunately, better security typically goes hand in hand with increased inconvenience. But some human rights activists who used Gmail right now likely wish they’d put up with a little hardship to help keep hackers at bay. I’m not going so far as to recommend you use e-mail encryption, but I think this is a good time to take a close look at it.

Just be prepared for a major drawback.

Weighed against the encryption advantages of privacy and message signing is the fact that you’ll lose access to service you may like or depend on.

When you see an encrypted e-mail in the Web-based Gmail, it’s gibberish. Google doesn’t index it, so Gmail search doesn’t work. And the strong points of cloud computing–reading your e-mail from your mobile phone, your friend’s computer, a computer kiosk on the airport–isn’t possible. You’re once again anchored to your PC with the encryption software installed. (Source: CNET)

In the end it all depends on the importance of the data.

Reblog this post [with Zemanta]

Strong IT job outlook

It looks like the IT security field is the place to be for 2010 and beyond when it comes to the job market.

“Security is the place to be in 2010 and for the foreseeable future,” says David Foote, CEO of Foote Partners, an IT research firm in Vero Beach, Florida. At a time when the average values of most certifications are falling, security-related certifications have continually increased in average value and pay, he says.

Job growth in this area has also been driven by corporations separating operational security and strategic risk management tasks. “All of a sudden, you have to have IT people in the room when you’re talking about overall enterprise risk,” Foote says.

Robert Half Technology data suggests the starting salary range for an information systems security manager will be $96,500 to $130,750 in 2010. Foote’s data says the job is averaging $102,200 to $143,700.

Web/application development and network administration are going to be hot fields as well.

Application developers and Web developers will be in demand in 2010 as companies try to leverage social media and interactive Web sites.

Starting salaries for senior Web developers will be $78,000 to $109,500 in 2010, Robert Half Technology predicts. The hottest skills related to social media include: Microsoft Commerce Server, Java, SOAP, Python, Microsoft SharePoint, C, SQL and Sybase Adaptive Server, Foote says.

Social media initiatives also generate jobs for support technicians and help-desk pros, says Kathy Northamer, Robert Half Technology senior vice president. The staffing firm’s survey projects starting salaries of $28,500 to $39,000 for entry-level help-desk jobs, while Foote says the range will be $38,600 to $54,250.

Cloud computing, Voice over Internet Protocol (VoIP) and Software as a Service (SaaS) have significantly increased the complexity of networks. That trend will continue in 2010.

Chief information officers interviewed for the first-quarter Robert Half Technology IT Hiring Index and Skills Report cited network administration as the most in-demand skill set.

Network administrators can expect to see starting salaries ranging from $54,500 to $80,250 in 2010, Robert Half Technology predicts. (Source: 2010 IT Salary & Jobs Outlook – Monster.com)

Looks like there should be numerous opportunities once I finish the Bachelor degree in Information Systems Security in a few months.

Reblog this post [with Zemanta]

Security starts with infrastructure assessment

Interesting article on cloud computing security.

Security professionals are facing the difficult challenge of extending security requirements to take advantage of cloud computing and software-as-a-service applications.

Particularly difficult is finding ways to secure the new boundaries between the enterprise, the cloud service and the end user while managing dependencies on off-premise infrastructure and privileged operators. And they have to do all this without inhibiting flexibility and agility.

It’s a challenge that security professionals have to overcome when considering this.

Research firm IDC predicts that 76% of U.S. organizations will use at least one SaaS-delivered application for business use by the close of 2009. Cloud-based services adoption is being driven by the business performance benefits and realized cost efficiencies. This isn’t new for those of us in IT. Mission critical information already is handled in the cloud for companies that outsource email services or maintain customer information in CRM systems such as Salesforce.com. The challenge for security teams is to safely integrate extended cloud capabilities into corporate policies and procedures.

The best approach?

Forrester recommends the usual checklist of cloud security requirements that any enterprise would have for internally hosted applications. Authenticate users and control access to applications, tightly log and audit privileged operations, protect sensitive data to prevent loss and meet compliance mandates, and reduce risk with rigorous vulnerability management, according to Forrester. Take into account differences in the SaaS vendor’s infrastructure and business practices when evaluating the sensitivity to security. For instance, expect the cloud vendor to be replicating data between data centers for performance and business continuity and expect to have a degree of shared resources with virtualized application environments. (Source: Cloud security begins with infrastructure assessment – Search Security.com)

Click the source to read the whole thing.

Related articles by Zemanta
Reblog this post [with Zemanta]

Interesting technology articles …

Image representing FriendFeed as depicted in C...
Image via CrunchBase

highlighted on FriendFeed.

Israeli Government Sites Attacked in January (June 15, 2009) – http://www.sans.org/newslet…
Vuln: Apple Safari ‘parent/top’ Cross Domain Scripting Vulnerability – http://www.securityfocus.com/bid…
Vuln: WordPress Photoracer Plugin ‘id’ Parameter SQL Injection Vulnerability – http://www.securityfocus.com/bid…
NASA Heads Back to the Moon for First Time in Decade – http://www.foxnews.com/story…
Intel toots its research horn for chips–and more – http://news.cnet.com/8301-10…
A facelift for Facebook in-boxes, but is it enough? – http://news.cnet.com/8301-13…
Microsoft’s free antimalware beta on the way – http://news.cnet.com/8301-10…
Database monitoring, encryption vital in tight economy, Forrester says – http://searchsecurity.techtarget.com/news…
Virtual appliances boost flexibility, improve security – http://searchsecurity.techtarget.com/news…
Clocking Windows netbook performance – http://www.infoworld.com/d…
Vuln: Linux Kernel ‘/proc/iomem’ Sparc64 Local Denial of Service Vulnerability – http://www.securityfocus.com/bid…
Vuln: Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability – http://www.securityfocus.com/bid…
Legal Issues are Hazy for Cloud Computing – http://information-security-re…
MasterCard Beefs Up Security Requirements – http://www.cio.com/article…
No Virtualization Skills? Better Get Started – http://www.cio.com/article…
Spammers Cashing in on Twitter, Iran and New IPhone – http://www.cio.com/article…
Microsoft veteran launches Twitter search engine – http://news.cnet.com/8301-13…
Criminal network to trade botnets and malware uncovered – http://www.scmagazineus.com/Crimina…
Why did Amazon open-source its Kindle software? – http://www.infoworld.com/d…
Slowloris HTTP DoS – http://ha.ckers.org/blog…

Reblog this post [with Zemanta]

Organizations ignoring security …

as they move to cloud services.

Companies are under increased pressure to cut costs and are turning to a variety of Web-based services, from online collaboration tools to social networking platforms, without considering the increased risks they pose and in some cases failing to inform IT security.

Two studies released today from EMC‘s RSA security division address the increased risks posed by cloud-based services and social networking. The 2009 IDG Research Services survey, commissioned by RSA, surveyed 100 security executives at companies with revenues of $1 billion or more. It found that many organizations lack a security strategy to address the risks associated with cloud-based services.

Nearly half of those surveyed either have enterprise applications or business processes running in the cloud or are beginning migration in the next 12 months. Yet, two-thirds do not have a security strategy in place for cloud computing, the survey found.

“The rapid adoption of nascent Web, social and mobile technologies combined with the rising use of outsourcing is quickly dissolving what remains of the traditional boundaries around our organizations and information assets,” Art Coviello, executive vice president at EMC and president at RSA said in a statement.

It is the third study in recent months that address the risks associated with the growing use of Web-based services. (Source: RSA council addresses growing security risks in the cloud – Search Security)

Very troubling.  Read the whole thing.

Reblog this post [with Zemanta]
%d bloggers like this: