Monthly Archives: August 2015

Blue Solutions GoTo logo

 

We are pleased to announce that we’ve expanded our team and have recently welcomed the following people to Blue Solutions:

  • Lee Walker has joined us as our LabTech Software Specialist. He is responsible for recruiting new LabTech Channel partners and managing the existing partners using the Remote Monitoring and Management solution.
  • Danni Sparkes has joined our team as a new Internal Sales Co-ordinator.  Her role will involve producing quotes for customers and responding to sales queries in a timely and effective manner.
  • Michael Smith and Zoe Hepper have both joined us as Business Development Executives, supporting new business revenue growth by recruiting new channel partners.

A big welcome to our new team members.

BD Banner for blog

Originally published on the Bitdefender website

No matter how valiant the efforts to secure their systems, or the amount of money spent on IT defenses – many of the same IT security challenges persist today as they always have.

Enterprises are behind in their ability to quickly detect data breaches. According to the 2015 Verizon Data Breach Investigations Report, the vast majority of organizations don’t detect breaches with days of occurring, no – the time to detect compromise is still too often measured in weeks, or months. And, depending on the study, security breaches can cost $100 per record and up.

As the sheer number of breaches, their duration, and their costs reveal in the past few years, enterprises can clearly do much better. But it’s not a matter of a quick fix. It’s not a single product deployment, or hiring to fill a few positions. There are, however, key areas that organizations can focus upon to close the gap between the ease in which attackers can exploit enterprise weaknesses and the ability for enterprises to defend their systems and data.

Here we go:

1. The security program informs the regulatory compliance program, not vice versa

Too many organizations today remain focused on maintaining their baseline security controls. They check their regulatory compliance check boxes and move on. Firewall: check. Network monitoring: check. Network segmentation: Should be in place, check. What lacks is a focus is making sure each of these functions is done right.

This needs to be flipped around. Enterprises need to build rugged security programs and build the reporting on top of those programs to feed into their regulatory compliance efforts.

2. Hire and cultivate the right security talent

In my interviews with CIOs and CISOs it’s clear, across the board, enterprises are hurting when it comes to finding skilled information security professionals. If you know device security, enterprise security architecture, are a pen tester, can manage or build a security program – you are not in want to job opportunities.

The challenge for enterprises is that technology and attack methods are moving so swiftly, that traditional education and corporate training programs don’t keep up. And, quite frankly, many HR departments in large enterprises don’t know how to hire well for information security positions. They rely too heavily on certifications and not enough of security problem solving skills. Traditional training doesn’t keep pace producing security skills needed with constant changes in mobility, cloud architectures, virtualization, containerization, Internet connected devices (IoT) and others.

Skilled security pros also tend to come from non-traditional backgrounds. They are liable to be the men and women with purple hair, lots of tattoos, and a scattered college history: but they know how to hack and many know how to help defend against hackers. But they are overlooked. This needs to change, and government and corporate enterprises need to rethink how they vet and view security talent. They need to consider training in-house talent that has an affinity to this field and wants to be trained.

3. Communicate in terms the business cares about

Today, too many security professionals think, and speak, in technical terms. Such as when they see a certain attack vector, they see a technical problem. And they are right, it is in fact a technical problem in most cases and can be remedied technically. But to business leaders and management it is a business risk. And business people want to understand things in business terms and business risks.

When most people suffer say, a car breakdown, they care more about losing the utility of the car than they care about the technical reason for the breakdown. When they ask technical questions about the nature of the mechanical failure, what is really going on in most people’s minds about the car is how the nature of that mechanical breakdown will impact the cost to fix. So that’s loss of utility and cost to get that utility back that matters to us most.

Business leaders, when it comes to IT, think no differently.
What is at stake with the risk, from a business perspective. How much will it cost to remedy. What is the cost of losing the utility? These are the terms more security people much speak in.

4. Shift some security focus to breach detection and response

With good reason, tens of billions of dollars have been invested by public agencies and private enterprise into traditional security defenses: the stuff geared to keep bad guys and things out. I’m not sure if enterprises have spent enough, or too much. That is certainly an interesting and debatable question. But I am sure we can’t count on it to work all of the time, every time.

Attackers are going to get through. There will be a misconfiguration they find, or there will be an employee who clicks on something they shouldn’t, or a trusted web site will serve malware and that breach will go undetected. Bad things are going to happen to enterprises that strive to protect themselves and do the right thing.

This is why more resources and effort needs to be focused on the ability to detect and respond to successful breaches. It makes sense to want to stop attacks. But like in American football, good defense wins games but it doesn’t win every game and even the best defenses are scored against.

Your information security defenses and efforts are no different.

Plan and put the resources in place to rapidly respond. It will mitigate the damage of successful breaches, and hopefully keep the costs of those breaches down, too.

5. Shift to data-driven security decisions

An important shift is one that has been widely talked about in security, but not always very pragmatically acted upon. Security pros need to stop working from a position of what they knew to work in the past, or their personal hunches, or providing the types of defenses the business thinks it needs.

To date, this hasn’t worked so well. We need to start making more data-driven decisions. If the business wants to invest in certain areas of security spending, perhaps that is the wisest move or perhaps it is not. Collecting the right data about the nature of the security controls in place, how well they are performing, as well as what has not been working well may provide better answers. Certainly the final decision about what spending will get done is up to the business, but by providing the right data you can help them make better decisions.

All the data needed is out there: the nature of the adversarial threats, the technical vulnerabilities, the value of the business data and services provided by critical applications, as well as the goings-on within the network and applications. It’s time this information be better collected, analyzed, and put to use to make the best data driven decisions possible.

 

trend-micro

 

Originally published on the Trend Micro Blog

A recent Trend Micro report carried out by the Ponemon Institute uncovered an interesting new dynamic in the workplace. Increasing numbers of U.S. consumers are bringing wearable technology into the office.

This raises a difficult problem for enterprise IT managers keen on keeping IoT devices from swamping the workplace as the influx of BYOD devices did a few years ago. So what’s the best way to move forward?

Growth and risks

Let’s be clear, the use of IoT devices and wearables in the workplace is by no means soaring. According to our study – Privacy and Security in a Connected Life – just 25 percent of U.S. consumers said they even plan to use a fitness tracker. For Google Glass, this figure was an even lower 16 percent. Yet adoption is increasing, and as it does, these devices will inevitably find their way into the corporate world, just as the smartphone and tablet did before them. From smart watches to activity trackers and smart glasses, there’s a growing feeling that these devices can help our productivity and well-being. Given we spend the majority of our lives at work, it’s a no-brainer that employees will want to wear them in the office.

While they may support productivity, connected devices present risks for the IT department, especially those that could auto-sync corporate data, making them a potential target for hackers and thieves. Even data tracking the movements of mobile sales staff could tip off competitors about new leads. Many IT leaders will want to manage this risk by ensuring any workplace IoT devices are controlled with MDM, security tools and policies. However, according to our research, 50 percent of U.S. consumers do not believe their employer has the right to access personal data on their smart device, despite connecting to the corporate Wi-Fi.

Staff versus employer

This dilemma brings the usual arguments raised by BYOD, namely that sensitive corporate or customer data could be at risk if accessed or stored on an employee-owned device. Now if IT managers try to shackle devices with MDM or security tools, they could risk the wrath of users.

A recent court case highlights that such problems are no longer theoretical. A U.S. District Court in Texas heard the case of a staff member who sued his employer for loss under the Computer Fraud and Abuse Act. The former employee was forced to use his own iPhone for accessing customer emails at work since one was not provided. When he resigned, the company’s network administrator remotely wiped his phone, deleting not just work information, but also his personal data. In the end, the employer won, but it won’t be the last case of this kind as staff and their employers increasingly clash over BYOD.#
Best practice BYOD

So what can the under fire IT manager do to walk this fine line, protecting both enterprise data and staff expectations of personal privacy, while enabling staff productivity? Here are a few tips for starters:

  • If you haven’t already, classify enterprise data and perform a risk assessment to better understand what is at stake if it ends up in a competitor’s hands.
  • Find out how many personal smart devices are already being used at work.
  • Familiarize yourself with the operating systems, devices and security shortcomings of these devices.
  • Consider enforcing remote lock/wipe and password protection for all devices allowed to connect to the corporate network.
  • Utilize a ‘containerized’ security approach which keeps corporate and personal data separate on devices.
  • Apply policies so that the most sensitive corporate data is encrypted.
  • Assess any new IoT devices before they are allowed to connect to the network.

 

 

 

 

LabTech logo

 

Originally published on the LabTech Blog - Author Josh Preston

As an MSP, you have two choices. You can be your own boss, be passionate about the work you do and work hard for your success. Sound good? Option two is even better. With the right preparation and foundation, you can have a business that runs so smoothly and effortlessly that you can finally take a real vacation.

Running your business with an eye on growth means changing your mindset and your business focus. Continuous growth is the goal, since it means expanding profits and staying a step (or several) ahead of your competitors. The market changes fast, but the more proactive you can be, the more you’ll be able to offer your clients. The more they depend on your services, the faster you’ll see growth in your company and your bottom line.

Here are a few big game changers to help you jump start your business growth:

1. Stay Safe
Security continues to top the list of your clients’ biggest concerns, so find a strong security platform that keeps them protected without risk. Find the perfect balance between mitigating risk and hindering productivity.

2. User First
How many devices do you have? Chances are you’ve got more than one, and so does every end user you support. Enter the shift to by user management instead of by device. Make sure you’re staying ahead of the game by supporting multiple devices.

3. Connect Everything
Data, devices and people are quickly intertwining, giving MSPs the chance to offer a number of ‘smart’ devices and opportunities. The market opportunity for the Internet of Things (IoT) is huge, so watch this one grow in the next few years and see how you can get on the bandwagon.

4. One-Stop Access
In a nutshell, virtualization allows multiple operating systems to run on one physical piece of hardware. This cost-saving trend will easily catch clients’ attention, so be sure to stay informed of what it offers.

5. Keep Compliant
Regulation and compliance requirements are an important and challenging task for many organizations. Wrap your head around the details for a few relevant verticals, and start reaching out to offer this vital service to new and current compliance-reliant clients.

Keep a close eye on these trends as they come to life, and be ready to answer any questions your clients might have about them. The more you know, the faster you establish your place as a trusted advisor—and the more your clients will thank you.