Inside the Briefcase






Briefcase Highlights


SECURITY

Scale-Out NAS: Best Practices to Implement Tomorrow’s Storage Today

April 29, 2016 No Comments

by Stefan Bernbo, CompuverdeAs the data deluge continues on unabated, vertically scaling legacy approaches to storage are falling short. Organizations need to find a way to store high volumes of data without busting the budget, all while maintaining high levels of performance… Read More >>>

Gartner MQ on Disaster Recovery as a Service

April 29, 2016 No Comments

Among providers of disaster recovery as a service there is wide variance in experience and service quality, together with other key differentiating factors. Data center managers should use this Magic Quadrant to help them evaluate providers of DRaaS services.

IT Briefcase Exclusive Interview: The rise of cloud application control technology

April 26, 2016 No Comments

with Ed Macnair, CEO, CensorNetIn this interview, Ed Macnair, CEO of CensorNet, speaks with IT Briefcase on how security technologies needs to evolve to meet the challenge and opportunities of cloud computing.Read More >>>

Next-Gen Security Operations Center in Action: Eyewitness Account of a Bank’s Incident Response

April 25, 2016 No Comments

This blog contains an eyewitness account we received from one of our U.S. bank customers following a security incident. Names and details have been withheld for confidentiality purposes.

Data Classification: Security From the Inside Out

April 25, 2016 No Comments

Protecting data has become a priority for many organizations, but it’s becoming increasingly difficult for IT and data security departments to keep sensitive information from moving outside the network perimeter. This is due primarily to the proliferation of data-sharing tools, such as email, social media, mobile device access and cloud storage media. The reality is that the data security perimeter is forever changed as data is accessed and stored in multiple locations. With workers uploading data to a wide array of unsecured data sharing services, the people you have working inside your organization pose one of the biggest data security threats.

How to Thwart Software Piracy

April 22, 2016 No Comments

Software piracy continues to be a growing threat to software producers’ revenue and reputation as many have unknowingly left their products exposed, including market leaders like Microsoft®. How can you thwart digital theft? One of the most effective approaches is by leveraging the power of cloud licensing servers.

Executive Insight: 3 Ways to Strengthen Payment Security in a Dog-Eat-Dog World

April 18, 2016 No Comments

In a recent and highly publicized quarrel, Apple fought against the U.S. government’s request to create a workaround that would allow the FBI to break into an iPhone, essentially hacking into their own device. Without taking a deep dive into the implications of the situation, the FBI’s ability to work with a third party to crack that iPhone’s encryption gave many of us in the tech industry pause. At the same time, it proved a point that all of us who live, eat, and breathe security already know: no single security solution is infallible.

Security Hardening of Windows by Reducing Privileged Access

April 15, 2016 No Comments

As I tour the world helping Active Directory administrators, auditors and security professionals secure their Windows environment, I often get questions about privileged access. The questions usually are about how privileges are granted and how an organization can know if its privileges are correct. These are great questions considering the onset of so many attacks on Windows in the past five to seven years. It is important to see that privileged access is usually at the core of these attacks.

IT Briefcase Exclusive Interview: 10 IT Security Questions Every CISO Should Be Ready to Answer

April 4, 2016 No Comments

Company boards now recognize the growing cyberthreat and the havoc data breaches can wreak. CISOs need to be ready to answer some fundamental questions as their role earns a bigger seat at the boardroom table.

Payment Security Best Practices

March 31, 2016 No Comments

Accepting a variety of payment forms — including credit and debit cards, and mobile and Web-based payments — is beneficial to all business owners. Not only does payment flexibility give customers the right to choose how to pay, based on the size and nature of their purchase, it can level the playing field between small business owners and well-established competitors.

IT Forensics in the Cloud

March 31, 2016 No Comments

In 2013, 7 percent of U.S. based organizations reported a loss of $1 million or more, while 19 percent of organizations in the U.S. reported a loss of $50,000 or more, all stemming from the mishandling of computer network information either intentionally by cyber criminals or inadvertently by unsuspecting employees. When this happens, IT security, managers and department staff are then left with the daunting task of locating the source of the problem, which is often time-consuming and costly, especially in instances where financial loss has occurred due to data breach or theft.

Factors to Consider When You Are Developing a Mobile Business Strategy

March 29, 2016 No Comments

Mobile communication is playing a bigger role in modern businesses. However, many business owners are still coming to terms with this relatively new technology. Before you rush in and implement a new mobile business strategy, there are important factors you should consider first.

4 Ways to Protect the Information on Your Cell Phone

March 23, 2016 No Comments

Cell phones are so much more than an easy way to keep in touch with loved ones. Smart phones are a pocket-sized computer that’s capable of everything from browsing the internet, to finding your location through GPS, and even helping you complete business-related tasks from a distance. Unfortunately, as convenient as the cell phone is, it’s all rife with possible security risks – particularly in regards to your personal data.

KnowBe4 Cautions to Guard against Targeted Hybrid Ransomware

March 23, 2016 No Comments

KnowBe4 cautioned companies to heed new FBI and Microsoft alerts, warning of hybrid targeted ransomware attacks that attempt to encrypt an organization’s entire network. Criminal hackers have upped the ante. They are changing their approach and penetrate a network, wipe out all backups, infect all key machines with ransomware and then demand payment. The latest method uses a little-known strain of ransomware called “Samas”, first discovered in 2014. According to research reports by Microsoft, the majority of infections thus far have been detected in North America, with a few instances in Europe.

3 Insights about Enterprise Cloud Security in 2016

March 22, 2016 No Comments

The public’s perception of the Cloud seems to change constantly. In light of high-profile security breaches at Target (2013) and Home Depot (2014) and in the iCloud (2014), many users raised concerns about privacy and data security. Even with recent technological advances, thoughts on cloud security remain mixed. In fact, while 64 percent of medium and large enterprises believe cloud infrastructure is more secure than legacy systems, 31 percent also deem security the most prominent challenge they encountered in 2015, according to a study on the state of cloud security in the enterprise market.

Black Energy Security Report

March 22, 2016 No Comments

Black Energy, a notorious malware that we have been researching lately, has once again become the subject of talk in the cyber world. This celebrity status is mainly due to its involvement in the recent cyberattack on Ukraine’s power industry, which left around 80,000 customers of the electricity company without power for several hours, two days before Christmas.

Security and Compliance: How Utilities Meet NERC CIP v5 Requirements

March 22, 2016 No Comments

As soon as the global panic incited by the events of September 11, 2001 settled into public sector anti-terrorism initiatives, experts brought to light grave concerns about the security of the nation’s energy infrastructure. Even so, 15 years later, many energy organizations find themselves scrambling to meet the security measures set forth by NERC in their Critical Infrastructure Protection standards (CIP, Version 5). The new, much more comprehensive standards went into effect July 1, 2015, but the looming compliance deadline on July 1, 2016 is the real deal—an enforcement deadline that means auditors are on their way.

How-To-Guide for Recovering Hacked Sites on WordPress

March 17, 2016 No Comments

The downside of a website is that contains and publishes all your hard-done content is that it could get hacked. That doesn’t mean that websites developed on specific CMS platforms such as WordPress, Drupal, and Joomla are anymore or any less safe than regular HTML.

Rethinking the Nature of IT Security

March 16, 2016 No Comments

Understanding new threats and new technologies is central to optimizing IT security. But with their bring-your-own-device habits, tendency to job-hop, and simple human fallibility, IT users are the leading cause of security incidents.

IT Briefcase Exclusive Interview: Top Skills Needed to Manage Hybrid IT Environments

March 14, 2016 No Comments

with Kong Yang, SolarWindsIn this interview, Kong Yang, Head Geek and technical product manager at SolarWinds, speaks with IT Briefcase on how hybrid environments are changing the role of the IT professional. Read More >>>

SSH User Keys: Strategies for Taking Control

March 10, 2016 No Comments

A common misperception about SSH user key management concerns the need to find and control all the private keys in an environment. The idea here is that, since private keys are like passwords, it’s possible to manage them using the same methods. Once all the private keys are well controlled, safety has been achieved. What may initially seem like common sense does not hold up under inspection.

Home Security and the Internet of Things

March 10, 2016 No Comments

The future, it seems, is one of connectivity — not only between people from across the globe thanks to things like social media and wireless technology, but between devices too. It’s no longer just our phones or computers that access the internet, but our light bulbs, coffee-machines, refrigerators, and microwaves. As a community, we’re welcoming the “Internet of Things” into our lives — encouraging a world of constant connection to each other, and the internet. As a result, estimates suggest that by 2020, the sum of IoT (Internet of Things) devices will reach 25 to 30 billion.

Overcoming the IoT’s Security Challenges

March 9, 2016 No Comments

Governments, utilities and businesses from every sector are embracing the possibilities of the Internet of Things (IoT). This interconnected environment promises safer public parks, more efficient factories, better healthcare – imagination seems to be the only limit when it comes to applying the IoT to today’s needs. However, for the positive action of all these improvements to work and life, there is at least an equal negative reaction. Gartner analysts recently revealed that by 2020, firms will have increased annual security budgets by 20 percent (up from less than one percent in 2015) in order to address security compromises in the IoT.

DROWN Vulnerability: A Breakdown of the Threat and How to Avoid the Next One

March 3, 2016 No Comments

Understanding open source vulnerabilities is a daunting challenge. Most companies do not have a good handle on where open source software is being used across their organizations. As a result, when vulnerabilities in open source (e.g., Heartbleed, Shellshock, Ghost, Freak and now DROWN) come to light, companies are not able to quickly assess their exposure and take action to remediate that exposure.

Understanding Cloud Desktop and its Many Benefits

February 29, 2016 No Comments

A majority of businesses are moving critical applications from physical personal computers to the virtual environment. A 2015 IT priorities survey confirms this where 76% of the IT decision makers surveyed indicated their preference for cloud bases productivity applications. About 57% stated they would roll out enterprise file sharing and synching services on the cloud.

Is IT Prepared for the Changes in Enterprise Mobility?

February 29, 2016 No Comments

Mobile devices are quickly becoming the primary devices among enterprises. Their great user experience, increased computing capabilities, explosion of apps, and always-on connectivity combined with agility, make them ideal replacements for PCs. Mobility these days, is not just a tool enabling employees access to email and a handful of corporate applications, but rather a tool to improve employee productivity and ease of working by enabling them with real-time connectivity to customers, partners, suppliers and workers.

Are You Prepared for the Top Three Compliance Issues?

February 26, 2016 No Comments

by Fouad Khalil, SSH Communications SecurityNo matter what an enterprise’s major market is, it is probably subject to regulatory compliance requirements, such as PCI, SOX, FISMA and HIPAA. PCI requirements in particular demand a high level of auditability and controls. Read More >>>

Data Liability: Understanding Your PHI Responsibility

February 24, 2016 No Comments

Traditionally, information regarding health is closely guarded, available only to the immediate healthcare providers and patients involved. However, as electronic records become normal, and people allow health applications to track their fitness and everyday activities, the lines demarking what is Protected Health Information (PHI) and what isn’t are blurring. Essential, commonplace items like smartphones and office computers are playing a role in the unauthorized loss or disclosure of patients’ sensitive medical data. It’s important to make sure you and your practice are not at risk.

Board of Directors’ Playbook

February 24, 2016 No Comments

When it comes to dealing with data breaches, there is no one-size-fits-all guide. Every incident and organization is different. Even so, preparing for the evitable breach is worth the time, effort, and expense given the millions of dollars a breach could cost an organization in terms of lost data, business, and reputation. This playbook is a starting point to help an organization’s board of directors create an action plan.

Rising Rates of Cyber Shoplifting Causing Innocent E-tailers to Lose Their Bank Approval

February 23, 2016 No Comments

While technology has benefited retailers in many ways, it has also contributed to growing levels of fraud. Although EMV and other developments are helping to curb identity theft fraud and unauthorized transactions, “chargeback fraud” remains a major threat to eCommerce merchants. As the technology of electronic payment processing becomes nearly ubiquitous in the business world, online shopping is rapidly overtaking in-store sales for many items. But with any fast-evolving system, scammers find loopholes that can eat deeply into profits.

ADVERTISEMENT

Women in Technology Summit San Jose

TDWI Orlando 2015

Gartner Identity & Access Management Summit

Gartner Data Center Las Vegas

ITBriefcase Comparison Report

Cyber Security Exchange