Maria Korolov » Archive
Manage Those User Privileges
In most companies, too many employees have too many privileges. After all, they are quick to speak up when they need access to data or applications, but they tend not to be as quick to speak up when they no longer need that access. As a result, most companies see privilege creep. Employees are collecting access credentials and hoarding them, just in case they need them later. This can have serious consequences for a company. For example, employees who move to different jobs within the company may retain access rights associated with their previous role. This may allow them to bypass the company’s checks-and-balances system. Or an employee might leave the company altogether. It’s hard to turn off all access if you do not have an up-to-date list of things that the … Read more »
Fail-Safe for Clouds
Companies with backup systems in place kept their businesses running when a major outage at Amazon shut down websites. The Amazon Elastic Compute Cloud (EC2) outage that brought down a number of major Websites in mid-April, including social network sites Foursquare, HootSuite and Reddit, underscores the value of backup for cloud users—on traditional servers, another cloud or even another zone of their provider’s cloud. Amazon took the blame for the disruption, which involved the cloud’s Elastic … Read more »
When Employees Sneak Into Consumer Clouds
Many companies, both small and large, are wary of doing business with cloud providers because of concerns about outages, data loss, and privacy issues. These are all serious concerns, but addressing them is a straightforward process. For example, many cloud providers undergo security audits (the most famous of these is SAS 70), and many are compliant with SEC, HIPAA, and other regulations. Since cloud applications providers such as Salesforce.com focus on just one thing — providing that one application in a Web-based environment — they can typically focus many more resources on solving associated security problems than their typical customers. Few small and medium-sized firms, however, can afford to hire security PhDs or monitor network traffic around the clock. The big cloud service providers do just that, and they spend a great … Read more »
Putting IPads to Work
Spurred by enthusiastic senior executives and rank-and-file employees, companies are starting to roll out iPads in the enterprise, especially for board meetings and sales staff. New security features from Apple and additional security and management tools from third-party vendors are boosting that effort, but companies are wary of employees’ using their own iPads and putting sensitive customer data on the devices. Apple CFO Peter Oppenheimer noted that “employee demand for iPad in the corporate environment remains … Read more »
Cloud Containment
As cloud vendors mature, Web-based delivery of applications, storage and infrastructure is getting more secure and trustworthy. That doesn’t mean that the risks are gone–they’ve just migrated to a more difficult-to-manage form. Today, big-name cloud providers like Salesforce.com offer top-notch security, auditability and compliance. Even Google provides a compliant e-mail hosting solution for regulated industries such as healthcare and finance. Providers can now meet cor- porate needs, experts say, as long as companies do their security … Read more »
Four Keys to Locking Down Your iPad
Even though the iPad is designed primarily as a consumer device, salespeople are increasingly adopting it because of its ease of use, convenience, and coolness factor. Mobile security firm Good Technology Inc. reports that the iPad’s share of enterprise deployments went up 64 percent in the last quarter. According to Apple Inc. (Nasdaq: AAPL), more than 80 percent of the Fortune 100 have already deployed the iPad in the enterprise or are piloting it. Read full article at Internet Evolution. … Read more »
How to Keep Corporate Avatars Safe
Immersive virtual environments — the kind where you have an avatar walking around that looks like a cartoon version of you — are increasingly being used by companies for virtual meetings, training, and collaboration. The idea is that a virtual immersive meeting gives you the same sense of presence that you get with a telepresence setup, but without the six-figure price tag — or the airplane tickets and hotel bills of a face-to-face meeting. Read full article at Internet Evolution. … Read more »
Is It Safe In The Clouds?
Earlier this month, a hacker reportedly exploited a vulnerability in an Internet-based virtualization software platform that took down more than 100,000 Web sites and other applications. “That was an intrusion that was cloud-specific–it went through a virtualized vulnerability,” said Jim Reavis, founder of the Cloud Security Alliance, an industry group representing risk managers at financial and other firms. There haven’t been large scale reports of financial data losses due to cloud vulnerabilities, he said–but that’s because financial firms haven’t yet started using cloud computing for sensitive applications. The securities industry firms involved in the Cloud Security Alliance are considering using clouds–but not for regulated information, he said. “People are mostly in the architecture, pilot and strategy phase,” he said. Government agencies are also still in the … Read more »
Software as a Service as a Security Battleground
Article originally appeared in Securities Industry News. Salesforce.com reached a milestone last fall: 1 million people using the online software company to host their customer relationship management systems and other key business processes. Those users were at more than 1,600 financial services firms including ABN Amro, SunTrust Banks, Daiwa Securities and Bear Stearns–Merrill Lynch & Co. alone accounted for 25,000. That amounts to a big cultural shift. As recently as 2005, financial firms kept all their customer data close, behind corporate firewalls, in steel safes. Wall Street hardly seemed ready to entrust that data to a start-up. However, Salesforce.com challenged that thinking by proving, first to Merrill Lynch and then others, that its security was as good as a bank’s. With trust came respectability and customers, as well as unwanted attention … Read more »
The Web 2.0 Threat
This article originally appeared in Securities Industry News. As the Web 2.0 movement makes interactive applications and social networks such as Facebook ubiquitous on employees’ desktop computers, financial firms are facing the daunting task of monitoring these so-called greynets. Instant messaging security vendor FaceTime Communications estimates that there are more than 600 greynets worldwide, a number that will climb past 1,000 by the end of the year. These networks are called greynets because the peer-to-peer applications they are composed of operate in the shadows, without company authorization, and are difficult to police. According to a recent survey by FaceTime’s Security Labs research unit, 90 percent of IT managers have experienced a greynet-related security incident in the last six months–despite deploying firewalls and intrusion prevention systems. On average, IT managers spent $289,000 in … Read more »