Half of organisations expect cloud to enable creativity and growth

London, 25th June 2010 – Half of organisations have said that what excites them most about the cloud aside from the acknowledged business benefits of cost saving and increased agility is that resources can be reassigned to focus more on creativity and growth rather than fire drills according to a poll by 360°IT - The IT Infrastructure Event, due to take place at London's Earls Court this coming September. A further 30% said that it was the ability to use familiar apps they used outside work in a work environment, and 14% thought that they would gain competitive advantage over non could adopters. Only 9% were too worried about security risks to get excited by the cloud. [Poll of 509 IT managers carried out in June 2010]

Peter Hinssen A leading lecturer and technology trends expert who blogs for 360°IT says that, far from being wary of cloud computing, businesses should actively embrace its benefits and accelerate the rate of adoption that the Internet-based computing and storage environment brings to firms of all sizes.

Hinssen says, "It is just a way of saying we are going to be increasingly thinking in terms of the network, and will be much less inclined to run all sorts of hardware and software locally ourselves."

"Of course, we have been moving steadily in that direction for years. Just look at telephony: we all used to have an answering machine at home for our landline, but now we just use our mobile voicemail `in the cloud'," he added.

According to Hinssen, who is a lecturer at the London Business School, many of us still have a certain nostalgic desire to hold on to a real device, as well as a need to be able to see our own data centre run with our own server and our own software.

If cloud evolution continues, he says, then a data centre is soon likely to become a collector's item. Many IT people today, he explains, find that hard to cope with.

"After all, we have grown up with the smell of computer hardware and we want to keep it as close to us as possible," he said, adding that the next generation of users sees things differently.

"Consider email. Generation Y finds it much more convenient to use Google's Gmail than their company email, and prefers the ease of MSN and Facebook to internal company systems for communicating with one another. Even storing and exchanging documents is a lot easier for them with Google Docs than using the company intranet," he explained.

As a result of this, Hinssen argues that the definition of work for a Generation Y user is: 'a short period of the day during which I have to use the old technology.'

And because of these issues, he concludes that today's IT managers should not try to put on the brakes.

"On the contrary, we need to show users the way to the proper applications in the cloud and the right way to use them. Attempting to block this would be completely wrong, but it does mean we need to do our own experimenting, testing and assessment," he said.

"The cloud is certainly more than just hype, but if we aren't careful it could become our greatest obstacle," he added.

If you want to read more from Peter Hinssen or comment on his 360°IT blog post visit: http://www.360itevent.com/page.cfm/action=Archive/ArchiveID=2/EntryID=65

For more on 360°IT the event that demonstrates how IT infrastructure solutions can help to achieve key business objectives such as improving service, reducing cost, managing risk and gaining competitive advantage and growth visit http://www.360itevent.com

360°IT is the event dedicated to the IT community addressing the needs of IT professionals responsible for the management and development of a flexible, secure and dynamic IT infrastructure.

With high level strategic content, product demonstrations and technical workshops, 360°IT will provide an essential road map of current and emerging technologies to deliver end to end solutions.

360°IT will facilitate vendor and end user collaboration to create the IT infrastructure necessary to achieve key business objectives - improving service, reducing cost and managing risk whilst gaining competitive advantage and growth.

Source: Eskenzi PR

EU Code paves way for ‘Data Centre 2.0’

Migration Solutions says next generation data centers will be greenest yet

London, June 2010: The agreement on a pan-European ‘green’ Code of Conduct for Data Centers now paves the way for a new generation of facilities which will raise the bar on power efficiency and use of renewable energy sources.

Speaking at this week’s Data Centers Europe conference Alex Rabbetts, Managing Director of Migration Solutions, says: ‘As we plan the first data centers under the new Code of Conduct we’re looking a new ways of doing things – this is ‘data center 2.0’, a leap forward in the way we use power and the efficiencies we deliver. The next generation will be the greenest data centers yet.’
The European Code of Conduct for Data Centers, which has been in place since the start of this year, has the support of ninety-six business participants and endorsers, of which Migration Solutions is one. The Code standardizes the measurement of power consumption, utility and efficiency in the data center and encourages best practice across the sector.

Migration Solutions has participated in the development of the Code of Practice since its inception and welcomes its deployment as a clear indication that the industry is ready to address the issue carbon emissions and power consumption, which can be fifty times greater in data centers than comparable office space.

Alex Rabbetts says: 'The greener data center is the key issue for the industry today. It is vital that we have our own house in order so we are ready to play a significant role in the development of the growing number of environmental ‘smart society’ projects, incorporating smart grid, smart cities and smart transportation projects, all of which rely on data processing and data centers for their success.’

Migration Solutions is the computer room and data centre specialist, providing independent, vendor-neutral services in Data Centre Build, Data Centre Consultancy, Data Centre Operations and Data Centre Migration. Additional information is available at www.migrationsolutions.com.

Source: NeonDrum Ltd.

Data storage and encryption specialist iStorage reveals new additions to innovative diskGenie range

New SSD format, 128-bit AES encryption and larger HDD capacity now available

iStorage has recently revealed a number of new additions to its unique range of award winning diskGenie portable storage devices that combine ATM style PIN code access and hardware encryption. The diskGenie is now available with a solid state drive (SSD) to enhance reliability; 128-bit AES encryption to cater for a wider range of business needs; and an increased HDD capacity of 750GB to keep pace with end user demand.

John Michael, Managing Director of iStorage commented, “By expanding the diskGenie range to include new encryption levels, platforms and capacities, iStorage aims to ensure that we cater for everyone’s security needs and make it easier to secure data. diskGenie is one of the best examples on the market today of secure portable hard drives and our expanding range is testimony to the product’s obvious appeal and growing success.”

Solid State Drive (SSD)

Solid State Drives do not have any moving parts and all the storage is handled by flash memory chips. This provides three distinct advantages for the diskGenie including less power usage, faster data access and greater reliability. Since a SSD diskGenie does not have to spin the drive platter or move drive heads, data can be read almost instantly and with fewer moving parts, the device is more damage resistant. SDD diskGenie’s are available in 30GB, 64GB and 128GB capacities.

128-bit AES encryption

Offering a cost-optimised solution to data security, 128-bit AES encryption is sufficient to address all commercial and personal data security requirements, as judged by NIST (National Institute of Standards and Technology). The Institute has stated that 128-bit AES encryption will provide adequate encryption until beyond 2031 and is a viable and credible alternative to iStorage’s flagship 256-bit hardware encrypted device.

New HDD capacity

A new 750GB HDD diskGenie is also now available, adding to 250GB, 320GB, 500GB and 640GB capacities. Both HDD and SDD versions are available with either 128-bit or 256-bit real time hardware encryption.

Prices start from £79 (ex. VAT and delivery). For more information please visit www.istorage-uk.com

iStorage provides high performance and ultra secure portable data storage and security products to users who need to protect their data held on PCs, Macs and portable devices. The founders of iStorage are pioneers in their field and hold several patents, both granted and pending, on a range of related data storage and security products. With a strong belief in careful product selection and unrivalled customer service, iStorage continues to deliver market leading innovations in portable data storage and digital encryption technology. Further information can be found on www.istorage-uk.com

Source: Media Safari

Data storage and encryption specialist iStorage reveals new additions to innovative diskGenie range

New SSD format, 128-bit AES encryption and larger HDD capacity now available

iStorage has recently revealed a number of new additions to its unique range of award winning diskGenie portable storage devices that combine ATM style PIN code access and hardware encryption. The diskGenie is now available with a solid state drive (SSD) to enhance reliability; 128-bit AES encryption to cater for a wider range of business needs; and an increased HDD capacity of 750GB to keep pace with end user demand.

John Michael, Managing Director of iStorage commented, “By expanding the diskGenie range to include new encryption levels, platforms and capacities, iStorage aims to ensure that we cater for everyone’s security needs and make it easier to secure data. diskGenie is one of the best examples on the market today of secure portable hard drives and our expanding range is testimony to the product’s obvious appeal and growing success.”

Solid State Drive (SSD)

Solid State Drives do not have any moving parts and all the storage is handled by flash memory chips. This provides three distinct advantages for the diskGenie including less power usage, faster data access and greater reliability. Since a SSD diskGenie does not have to spin the drive platter or move drive heads, data can be read almost instantly and with fewer moving parts, the device is more damage resistant. SDD diskGenie’s are available in 30GB, 64GB and 128GB capacities.

128-bit AES encryption

Offering a cost-optimised solution to data security, 128-bit AES encryption is sufficient to address all commercial and personal data security requirements, as judged by NIST (National Institute of Standards and Technology). The Institute has stated that 128-bit AES encryption will provide adequate encryption until beyond 2031 and is a viable and credible alternative to iStorage’s flagship 256-bit hardware encrypted device.

New HDD capacity

A new 750GB HDD diskGenie is also now available, adding to 250GB, 320GB, 500GB and 640GB capacities. Both HDD and SDD versions are available with either 128-bit or 256-bit real time hardware encryption.

Prices start from £79 (ex. VAT and delivery). For more information please visit www.istorage-uk.com

iStorage provides high performance and ultra secure portable data storage and security products to users who need to protect their data held on PCs, Macs and portable devices. The founders of iStorage are pioneers in their field and hold several patents, both granted and pending, on a range of related data storage and security products. With a strong belief in careful product selection and unrivalled customer service, iStorage continues to deliver market leading innovations in portable data storage and digital encryption technology. Further information can be found on www.istorage-uk.com

Source: Media Safari

Proprietary software 'a waste of money', says EU commissioner

by Michael Smith (Veshengro)

EU commissioner slams the European public sector's use of proprietary software, saying government bodies must embrace open source

The European Union's Internet Commissioner, Neelie Kroes, has criticized European public sector organizations that spend buy licensed software systems when cheaper, open source alternatives are available. In fact, if no support required, Open Source is free, even for businesses and government.

Speaking at the Open Forum Europe conference, Neelie Kroes criticized governments' habitual purchase of proprietary technology. Instead, Kroes advised that public sector organizations instead consider "software that you can download from the website and that you can implement without restrictions".

Such free open source alternatives include operating systems distributed under the Linux banner and document and spreadsheet package OpenOffice.

"Many authorities have found themselves unintentionally locked into proprietary technology for decades and after a certain point that original choice becomes so ingrained that alternatives risk being systematically ignored," she told attendees. "That's a waste of public money that most public bodies can no longer afford."

Kroes added that public sector organizations which implemented proprietary software should have a "clear justification to do so".

In her previous role as the EU's antitrust chief, Kroes oversaw the investigation into Microsoft's practice of bundling in web browser software with its Windows operating system. The software giant was eventually fined hundreds of millions of dollars and forced to sell a browser-free alternative.

In the UK, both the previous Labour government and the current Conservative-Lib Dem coalition have endorsed the use of open source software in Whitehall.

This suggestion by the EU commissioner for the Internet is rather funny seeing that the EU websites, especially anything interactive, cannot, for instance, be used properly with browsers other than Microsoft's Internet Explorer.

It is time that they sorted that one out if they want to be true advocates of Open Source and not just want to sound good. They do say that actions speak louder than words and in the case of most of the EU ICT use they are still tied in to proprietary software and here, primarily, Microsoft.

However, it is true that Open Source software works, is free, and who wants to pay $100s to MS for an office suite when OpenOffice comes free and with basically everything that Microsoft Office has. I certainly don't.

I have been using OpenOffice for years now and would want to go back. It is just such a shame that some software is still written to only interact with MS Office, such as Avery's label making templates.

That is something else that need sorting out in the same way that encryption engines for hardware encrypted USB drives and such need to be made to work across all platforms, directly.

Even though many manufacturers state that their drives work on Linux and Mac so far I have found none, even of those claiming that they do, that actually do, and that includes Ironkey, unfortunately.

© 2010

Imperva CTO says Patch Tuesday only resolves disclosed vulnerabilities

London, June 2010 - Microsoft announced the other day that it was planning 10 patches the following next week, which by now will have arrived, with one of them addressing a vulnerability in Sharepoint. However, waiting for patch cycles to mitigate vulnerabilities will not protect enterprises.

Since April 12, Microsoft SharePoint users have been vulnerable to a web-based attack through their help.aspx page. The problem was made public on April 29, after which Microsoft has been working to produce a patch, due for Tuesday June 8.

“Many organizations have SharePoint servers accessible from the Internet, for partners and customers to access that may be unprotected. Having to wait almost two months for patching a vulnerability related to a very common attack vector (Cross Site Scripting) is just too long,” said Amichai Shulman, CTO, Imperva. “We are repeatedly reminded by such incidents that regardless of the amount of resources poured into SDLC applications still go out of the factory door with vulnerabilities in them. Some of them pop up as a side note on a patch and some as 0days.”

Shulman continues “We all rely on vendor patch cycles to keep us and our businesses secure, however as one vulnerability is patched, sooner or later another one will appear. Businesses need to ensure they are secure from all vulnerabilities whether notified or not.”

“The criminals do not need to wait for a vulnerability to be notified before they exploit it, so businesses with a public facing portal need to take a holistic approach to security and look at how they can protect their business at all times, especially between patch cycles, whether this is via a web application firewall (WAF) to mitigate vulnerabilities or other security tools. For those relying on Microsoft’s patch cycles the only mitigation possible in the short term is ‘virtual patching’ via a WAF,” Shulman adds.

For more on Microsofts Patch Tuesday - http://bit.ly/bc85JV

For more information on Imperva – http://bit.ly/aKrtxj

But it was not just a SharePoint vulnerability that was at issue; other systems were in danger too and on top of that there was and still is, by nigh on the end of June 2010 a serious problem with Adobe Acrobat and Adobe Reader.

The latter is, in my opinion, reason enough to consider migrating PDF reader and creator software over to Open Source programs.

While there are people, especially those in the industry that are, in some way or the other, tied in way too tightly with the people in Redmond, who speak against using Open Source, claiming greater vulnerability, I have found the opposite to be true with the programs I use.

Nitro PDF is a great replacement for the Adobe Reader and in fact much better as it allows annotations and notes being added to a PDF file and permits those “changes” and additions to be saved as well.

PDF Creator is a free PDF creator, as the title suggests, and OpenOffice has a PDF maker built in allowing one-click PDF creation. However, I would recommend the use of the PDF Creator instead as the latter seems to compress the file better than the built-in one on OpenOffice.

Source: Eskenzi PR with additional writing by Michael Smith (Veshengro)

Unencrypted removable storage devices pose company risk

Unencrypted removable storage devices pose company risk say Origin Storage

Research just released in the US claims to show that three quarters of workers are now saving corporate data on unencrypted USB sticks – a percentage that poses a severe risk to firms on the data leakage front, says Andy Cordial, managing director of Origin Storage, the storage systems integration specialist.

"If the results of this survey from Applied Research-West (http://bit.ly/c5Axps) are extrapolated to the UK, the potential consequences are horrendous, especially with the massive new penalties for breaches of the Data Protection Act that start on April 6," he
said.

"And when you break down the figures to show that 25 per cent of saved USB stick data covers customer records, 17 per cent financial information and 15 per cent company business plans, you start to realise the real risk that companies are running with unencrypted mobile data," he added.

According to Cordial, whilst full disk encryption on laptops is an option that many organisations are exploring, this can be overkill for most situations, especially where the employee is using the portable device to take work home or out into the field.

A far more effective solution is to store the confidential information on a portable encrypted drive in the office environment, and then, when the need to take the data away from the office, the portable unit is easily transportable.

And, the Origin Storage MD went on to say, as the just-reported Barnet Council data loss incident (http://bit.ly/8Y0Hw0) - in which the data records of 9,000 school children have been stolen in an unencrypted format - clearly shows, there is a definite need for encrypted portable storage in most organisations.

"Devices such as our own Data Locker Pro series (http://bit.ly/2vb6y9) which protects information on an encrypted portable drive, and is further defended using PIN security, are an ideal solution that meets all regulatory needs," he said.

"And since they are highly secure, they can integrate well with company security policies when it comes to securing data against prying eyes," he added.

For more on Origin Storage: www.originstorage.com

Founded in 2001 and based in Hampshire, UK, Origin Storage Ltd. is fast becoming one of Europe's leading IT storage manufacturers. Its wide-ranging product portfolio includes branded hard disk drive solutions, RAID solutions and OEM parts.

Origin Storage is a main supplier for all Tier one manufacturers, providing matched storage upgrades and has held a Pan European Agreement with Dell™ for the past five years. The business has grown year on year and now supplies to main distribution and reseller partners across EMEA.

In January 2006 Origin Storage acquired the brand and assets of Amacom and began to manufacture the Amacom range of portable storage solutions including the Flip2disk, IOdisk and Portable Optical solutions. It is also a distributor for some of the most respected storage enclosure manufacturers and offers a full range of rack, desktop and RAID products and accessories.

The company’s emphasis on superior customer service, UK-based assembly and stock-holding that delivers competitive pricing and unbeatable turn-around times makes Origin Storage the ideal partner for all storage management needs.

Source: Eskenzi PR

Critical Adobe flaw about

by Michael Smith (Veshengro)

Adobe Flash, as well as Adobe Acrobat and Adobe Reader have been affected by a dangerous bug. This bug can be used to cause the applications to crash. It may also be possible to inject malicious code into the affected machine or even to take over the system.

Adobe is aware of the issue and has been putting out patches by now. Affected are Adobe Flash Player 10.0.45.2 and older version that run under Windows, Linux, Solaris and Mac OS. The "authplay.dll" that is included in Adobe Acrobat and Adobe Reader is also affected in some ways so that users of those two programs are also in danger.

No such problems seem to exist with open source programs, as far as PDF readers and makers are concerned, such as Nitro PDF Reader, which must be one of the best free PDF readers available, and PDF Creator for the making of PDF files.

It is, as we can see again and again, not always a case of “you get what you pay for” as often, it would appear, open source software is much better designed than proprietary one.

Meanwhile a new version of Adobe Flash Player is available and it is highly recommended that this be downloaded at the earliest opportunity.

I am not, as yet, aware of any patches for Adobe Acrobat and Adobe Reader and maybe, just maybe, people should consider, at least for the time being, to make use of some of the available open source programs for those purposes.

© 2010

Imperva applauds IIA plans to quarantine zombie-infected Internet connections

London, June 2010 – Data security leader specialist has backed the Australian Internet Industry Association (IIA) initiative in encouraging ISPs nationwide to adopt a new voluntary code of conduct on cyber security.

Along with educating and better protection customers, ISPs are also being asked to temporarily quarantine those users whose computers are infected by zombie malware and is generated spam.

"This move is to be applauded and while it’s certain to generate an outcry from some quarters, will only temporarily block an infected users' ability to generate spam. It won't affect their ability to surf the Internet or access a Webmail account,” said Amichai Shulman, chief technology officer with Imperva.

He added: "The IIA says the code of conduct will give customers greater levels of confidence in the security of their Internet connections, as well as helping to reduce the levels of zombie infections actively connected to the Internet."

According to Shulman, the introduction of the new code of conduct will encourage Australian ISPs to introduce network activity detection on their platforms, so allowing to identify abnormal traffic patterns from a subscriber's IP address, and take appropriate action.

If, as seems likely, the code of conduct is adopted by Australia's ISPs, then it will almost certainly reduce the number and effects of zombie infections, which the Imperva CTO says, are usually the result of a user clicking on an email link routing to an infected Web site.

According to Shulman, his company revealed last month that hackers had started infecting Web servers with a denial of service application that effectively transformed them into zombie drones.

"As I said at the time, these servers are controlled using a simple Web application, consisting of just 90 lines of PHP code, making them highly effective for the cybercriminals, since they offer criminals more horsepower and - typically - fatter pipes for throwing out spurious traffic," he said.

"If, however, the ISPs are able to quarantine an IP address generating this type of spurious traffic, then the effects of a server-infection denial of service attack can be negated. It is to be hoped that, if Australia's ISPs adopt this code of conduct, then it makes its way up to the ISPs in the northern hemisphere."

For more on the Australian ISP code of conduct: http://bit.ly/9P2AIG

For more on Imperva: www.imperva.com

Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organisations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognised for its overall ease of management and deployment.

For more information, visit www.imperva.com and follow them on Twitter @Imperva.

Source: Eskenzi PR

New ISACA guide helps enterprises create an effective business case for IT investments

New ISACA Guide Helps Enterprises Create an Effective Business Case for IT-related Business Investments

Rolling Meadows, IL, USA: More than 60 percent of organizations will invest the same or slightly fewer resources on IT projects related to compliance and risk management in 2010, according to an ISACA survey of more than 2,000 IT professionals in North America. This makes it even more important to create strong business cases for IT-enabled investments. To help professionals initiate projects with the greatest ROI, ISACA has released a new publication titled The Business Case Guide: Using Val IT 2.0.

The Val IT framework enables organizations to evaluate and manage investments in business change and innovation. It can help increase the value of technology and lead to business growth. For example, Val IT can greatly reduce the costs from inefficiencies by giving executives the tools for evaluating projects much as a skilled investor manages an investment portfolio. Both The Val IT Framework 2.0 and The Business Case Guide: Using Val IT 2.0 are available as free downloads from www.isaca.org/valit.

Building on the first edition, published in 2006, the updated Business Case Guide is fully aligned with Val IT 2.0 and provides how-to tips, maturity models and examples for using a business case as a powerful tool. The guide covers the process from initial selection and implementation, to ongoing operation, to retirement.

“Many organizations view the business case as a necessary evil or a bureaucratic hurdle that must be overcome, but a well-developed business case for a business change program is one of the most valuable tools available to management,” said Peter Harrison, CGEIT, a co-author of the guide and leader of value management at IBM. “The quality of the business case and the processes involved in its creation has an enormous impact on the success of the project.”

The Business Case Guide: Using Val IT 2.0 is applicable to all enterprises, regardless of size, sector and location. The content of the easy-to-follow guide is relevant to all types of investment in business change. A print edition can be purchased from the ISACA Bookstore (www.isaca.org/bookstore).

With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.

Source: Eskenzi PR

Top Five Social Media Risks for Business: New ISACA White Paper

Social media governance” needed for managing risk without sacrificing opportunity

Rolling Meadows, Ill., US: ISACA today named the top five social media risks for business and recommended solutions to help businesses address security, customer service and corporate reputation risks raised by their employees’ use of social media – on the job and off.

In a complimentary new white paper titled “Social Media: Business Benefits With Security, Governance and Assurance Perspectives,” ISACA, a leading global association for enterprise governance of information technology (IT), urges organizations to actively address the following potential risks:

  • Viruses/malware

  • Brand hijacking

  • Lack of control over content

  • Unrealistic customer expectations of “Internet-speed” service

  • Non-compliance with record management regulations

Developed by a team of global ISACA experts, the white paper goes beyond the traditional look at social media in the workplace to address employees’ use of social media outside of work. It also provides detailed how-to tips for effective social media governance. A free copy can be downloaded at www.isaca.org/research.

“Historically, organizations tried to control risk by denying access to cyberspace, but that won’t work with social media,” said Robert Stroud, CGEIT, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Technologies. “Companies should embrace it, not block it. But they also need to empower their employees with knowledge to implement sound social media governance.”

Since tools like Facebook and Twitter don’t require new hardware or software from the IT department, they can be introduced by a business unit, marketing team or individual employees, bypassing the normal safeguards and risk assessment provided by IT, HR and Legal. This issue is reflected in IT department attitudes—62% of respondents to the 2010 ISACA IT Risk/Reward Barometer rated the risk posed by employees visiting social networking sites or checking personal e-mail as medium or high.

When Employees Get Social

Organizations need to consider employee behavior when developing their approach to social media policies and practices. There are four significant risks created when employees use social media, whether they are on the job or off:

Although social media provides a new entry point for technology risks such as malware and viruses, these risks are increased primarily due to lack of employee understanding of “risky behavior.” The white paper notes that any strategy to address the potential risks of social media usage should first focus on user behavior.

“The greatest risks posed by social media are all tied to violation of trust,” said ISACA Certification Committee member John Pironti, CISM, CRISC, and president of IP Architects LLC. “Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost to companies and everyday users. That is why ongoing education is critical.”

“Social Media: Business Benefits With Security, Governance and Assurance Perspectives” is an ISACA Emerging Technology white paper that examines the security, governance and assurance concerns with employee and business use of social networking and media. Reviewed by a team of ISACA members holding IT or risk management positions, the white paper addresses the benefits, risks and privacy issues surrounding social media and provides guidance on implementing controls, managing usage, maximizing value and minimizing risk. To download a free copy, visit www.isaca.org/research.

With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.

Source: Eskenzi PR

Introducing FalconStor® Continuous Data Protector for Backup Appliance for SMB and ROBO Markets in Europe

FalconStor EMEA Targets Outmoded Traditional Backup Methods with Integrated Hardware/Software Appliance That Delivers Instant Recovery

London, UK: FalconStor Software, Inc. (NASDAQ: FALC), the provider of TOTALLY Open™ data protection solutions, has announced FalconStor® Continuous Data Protector (CDP) for Backup, a hardware/software appliance designed to meet the particular needs of the small and-medium-size business (SMB) and remote office/branch office (ROBO) markets in Europe. FalconStor CDP for Backup provides simultaneous backup and data protection capabilities and addresses the serious deficiencies of traditional backup applications and outdated practices.

FalconStor CDP combines local and remote protection into a cost-effective, unified, disk-based solution that enables the recovery of data - and business operations - back to the most recent transaction. This is achieved by a process of continuous and simultaneous backup of all servers and applications. The concept of continuous backup to disk completely eliminates the anachronism of the backup window and dramatically increases the number of recovery points available, virtually eliminating the risk of data loss. There is a common management interface for the entire environment, and there are no removable media to manage.

The result is that the FalconStor CDP for Backup appliance makes backup simple, fast, affordable and reliable. It is also, in effect, a combined backup and disaster recovery (DR) solution that delivers instant recovery. For example, accidentally deleted or corrupted files can be retrieved in less than two minutes, a system recovered in just 10 minutes and entire remote DR sites can be brought on line in just half an hour.

"The reality is that traditional backup software is an outmoded concept that only performs a single task - and not very well," said Guillaume Imberti, vice president and general manager, EMEA operations, FalconStor. "Traditional backup techniques involve too many points of failure, too much opportunity for data loss and, in the SMB environment in particular, too much scope for human error."

"FalconStor CDP for Backup addresses the backup requirements of SMBs, especially those with remote or branch offices, more effectively and - crucially - more simply than any other solution. Through the unique combination of capabilities, flexibility, simplicity and effectiveness, we aim to overcome the natural hesitation that often stops companies from commissioning a robust, modern, fit-for-purpose backup solution," Imberti explains.

FalconStor® Continuous Data Protector (CDP) technology reinvents how data is backed up and recovered. Moving far beyond failure-prone once-a-day tape backup models, FalconStor CDP combines local and remote protection into a cost-effective, unified, disk-based solution that enables the recovery of data back to the most recent transaction. Recovery point objectives (RPO) shrink to mere seconds.

But protection is only part of the solution. FalconStor CDP for Backup delivers fast, reliable recovery, bringing business back online sooner. Using a wealth of sophisticated technologies - including application integration, physical-to-virtual recovery, and WAN-optimized replication - entire systems can be restored in under 10 minutes. Lost files can be recovered in two minutes. And all of this can occur without the need to touch backup software or run a "restore job." Data is protected in its native format and instantly accessible. Recovery time objectives (RTO) change from hours to minutes, minimizing system downtime and economic impact.

FalconStor Software, Inc. (NASDAQ: FALC) is the market leader in disk-based data protection. FalconStor delivers proven, comprehensive data protection solutions that facilitate the continuous availability of business-critical data with speed, integrity and simplicity. The Company's TOTALLY Open™ technology solutions, built upon the award-winning IPStor® platform, include the industry leading Virtual Tape Library (VTL) with deduplication, Continuous Data Protector (CDP), File-interface Deduplication System (FDS), and Network Storage Server (NSS), each enabled with WAN-optimized replication for disaster recovery and remote office protection, and the HyperFS™ file system. FalconStor products are available as OEM or branded solutions from industry leaders, including Acer, Data Direct Networks, Dynamic Solutions International, EMC, Huawei, Pillar Data Systems, SGI, SeaChange and Spectra Logic and are deployed by thousands of customers worldwide, from small businesses to Fortune 1000 enterprises.

FalconStor is headquartered in Melville, N.Y., with offices throughout Europe and the Asia Pacific region. FalconStor is an active member of the Storage Networking Industry Association (SNIA). For more information, visit www.falconstor.com.

Source: Rose Ross

Survey reveals that 1 in 10 IT professionals admit to cheating on an IT audit!

Shockingly almost a third of IT professionals only audit their firewalls once every 5 years

While our MPs are promising more transparency and honesty in politics perhaps the IT industry should follow suit. According to a survey, conducted by Tufin Technologies, of 242 IT professionals mainly from organisations employing 1000 to 5000+ employees, 1 in 10 admitted that either they or a colleague have cheated to get an IT audit passed. However it isn’t all bad news; compared to a similar survey conducted in 2009 the number of people admitting to cheating has halved in number.

Amongst those who have cheated lack of time and resources are cited as the main reasons, underlining the ever increasing pressure on today’s IT departments. With 25% responding that firewall audits take a week to conduct attempting to avoid this painful process is understandable if not excusable.

What’s more 30% of respondents only audit their firewalls once every 5 years and even more worrying 7% never even conduct an audit. With this in mind it’s less surprising to find out that 36% of IT professionals admit their firewall rule bases are a mess increasing their susceptibility to hackers, network crashes and compliance violations.

The survey also found that:

· 31% only audit their firewalls once a year

· 22% don’t know how long it takes to audit their firewalls

· Of those that admit their firewall rule base is a mess, 25% believe this makes their network susceptible to crashes and 38% susceptible to compliance violations

· 56% responded that automation tools would save them a lot of time

While companies pay a lot of attention to the firewalls selection process, and invest millions in acquiring it, much less attention and resources are invested in making sure the firewalls are optimized at all times for potential security risks and compliance breaches.

Michael Hamelin, Chief Security Architect at Tufin Technologies said: “It is a cause for concern that so many companies are only conducting audits sporadically and are admitting that their firewalls are in a mess. The consequences of a firewall with rules that are out of sync leave networks open to exploitation. Without the right automation tools, managing firewalls is complicated and time consuming making it very tempting for IT professionals to cheat to get their audit passed. But in the long run it will only cause more problems.”

IT still top priority in the boardroom

Despite our gloomy economic environment it is encouraging to see that IT has remained high on the budget priorities with 59% of companies revealing that they have not been forced to focus on cost savings at the expense of their company’s security. With malware at record highs and more and more compliance legislation businesses are clear that it is not in their interests to cut IT spend.

To view the survey statistics please visit http://www.tufin.com/downloads/infosecurity_uk_2010_survey_results.pdf

Tufin™ is the leading provider of Security Lifecycle Management solutions that enable companies to cost-effectively manage their network security policy, comply with regulatory standards, and minimize IT risk. With a combination of accuracy and simplicity, Tufin empowers security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Founded in 2005 by leading firewall and business systems experts, Tufin serves more than 500 customers in industries from telecom and financial services to energy, transportation and pharmaceuticals. For more information visit www.tufin.com, or follow Tufin on: Twitter at http://twitter.com/TufinTech, LinkedIn at http://www.linkedin.com/groupRegistration?gid=1968264, FaceBook at http://www.facebook.com/group.php?gid=84473097725, The Tufin Blog at http://tufintech.wordpress.com/, The Tufin Channel on YouTube at http://www.youtube.com/user/Tufintech

Source: Eskenzi PR

How the principles behind Lego can assist IT managers in their quest for better IT security

by Reuven Harrison, CTO of Tufin Technologies

As a boy, like many lads of my age, I loved Lego - I'd use the red, green, blue, yellow and white bricks that, in those days, came in just a few shapes, to construct houses, ships, cars and stairways that led absolutely nowhere.

Lego - for small boys - as it is today, is all about fun and imagination.

In mid-April, Tufin's team had the good fortune to attend Check Point's annual European customer and partner event, the Check Point Experience, in London.

At the event, which was attended by the great and the good in the world of IT security, we demonstrated our workflow technology.

Because of the high calibre of the professionals attending the event, it was a delight to meet industry colleagues both old and new, and explain how we see the changing IT security puzzle to the professionals at this event.

During the event I was struck how infosec has matured. Many companies are now approaching security as an integral part of IT which requires proper management and the business processes around it.

In many ways the approach to building models as a boy that Lego engendered is the approach that is needed in the modern world of IT security - a set of building blocks, in different shapes and colours, that can be combined to build an effective IT security process.

The `building block' principle is nothing new in the world of network computing. It's a similar approach that taken by developers of the `C' programming language back in the 1970s when Bell Labs came up with the then fledgling Unix programming language.

C's minimalist approach allowed early software developers to develop quite complex programs by taking a modular approach to program development.

Within a few years of C's release, libraries of simple C routines were developed that, like Lego bricks, could be combined to produce quite spectacular software capable of doing a great deal with quite limited memory and processor facilities.

Fast-forward 38 years to the Check Point Experience, and there are my team and I, explaining how a modular approach is the only way that security processes which differ so widely from one organization to another, can be supported by a generic workflow solution..

After a couple of year's detailing Tufin's IT security solutions to the great and the good, and not just at the Check Point event earlier this month, I have realised that there is no such thing as a standard process for managing changes to the security policy of an organisation.

For example, whilst one organisation starts off with an access request which is then approved by a line manager, another may first want to design the change and only then approve it.

If you extrapolate the Lego `building block' approach to the security policy issue in most organisations, it's clear that a modular methodology can pay dividends when the requirement to deviate from normal procedures is required.

As another example, some professionals want to allow requesters to specify the target firewalls, whilst others keep them strictly within the domain of the firewall operations group.

In an ideal world, it would be down to the IT professional to issue the dictum - "here's how you should be working" - and provide one ideal process for managers to implement.

As any IT professional will know, however, this ideal cannot work, as the principal of `one size fits all' does not work with IT security - every organisation has developed an often unique set of processes that match their needs, organisational structures and policies.

In addition, beyond the obvious technical constraints, it's clear that there are also social and political factors that have shaped these processes and these cannot be modified very easily.

But there is a solution - and once again the modular principals that millions of small boys the world over have adopted with Lego blocks also apply to the grown-up world of IT security.

And flexibility also comes into play here, as instead of a single rigid process, companies like ours have opted to provide its clients with a variety of small security building blocks that can be compiled into the organisational process.

These building blocks are designed around permissions and roles; users and groups; workflows composed of configurable steps; and forms that consist of configurable fields such as input fields and drop down lists.

Other `Lego blocks' include access flow descriptions that can change their appearance to match the needs of users with different roles; and dynamic but controllable workflows so that users have flexibility within a fixed framework.

This modular approach has been well received amongst the end user community, who appreciate the building block approach is highly effective in a variety of environments with differing processes, including those situations that management have not yet seen - or anticipated.

Now I'm back from the exhibition and conference, I'm back to playing with real Lego with my daughters - who enjoy their building blocks every bit as much as their male peers - and am building princesses and castles, rather than the cars and ships of my boyhood.

And just as Lego can be flexible enough to meet the disparate building needs of little boys and girls everywhere, so I've concluded that a `building block' approach to IT security and lifecycle management can help customers create their ideal security protection.

And just like my Lego analogy, by allowing IT professionals to create their unique set of IT security processes - and processes that are almost infinitely customisable - allows the rest of the organisation get on with its core business of making a profit.

As a small boy Lego taught me a lot. Now I'm a bit more grown up, the principles I've learned from Lego have helped shaped my professional approach to security.

Now where did I put that Meccano set?...

www.tufin.com

Courtesy: Eskenzi PR

Survey finds HMRC breach recommendations being ignored

Three years later and another ‘HMRC’ could happen

London, June 2010 : 24 months since the publication of the Poynter Report which was commissioned after the HMRC breach, and almost three years since the original misplaced discs came to light, and a similar breach could occur again. In a survey released today by Cyber-Ark, the leading global software provider for protecting critical information, applications and identities, has discovered that 19% of companies are still using couriers to send large or sensitive files, the insecure transfer method utilised originally by HMRC which left a disc containing child benefit information missing in London! The survey was carried out amongst 238 IT security professionals at Infosecurity Europe (London) in April.

The survey showed that some of the lessons had been heeded, with 82% of companies now having systems in place to allow them to transfer data. A further positive conversion is the decline in the use of email, from 35% in 2008 to just 16%, and a considerable increase in the adoption of secure email, up at 42%. However, it’s not all good news as a worrying 67% have now adopted File Transfer Protocol (FTP) as their preferred method to transfer sensitive data with a risky 28% trusting web based services.

Mark Fullbrook, UK Director for Cyber-Ark, explains why this strategy isn’t as secure as organisations may believe, “With FTP, and even encrypted FTP sessions, the problem arises after data has moved while it sits on the FTP or SFTP server in plain text. The nature of the beast means the service is directly connected to the internet leaving it open to violation, and as there is no audit trail, no record of who accessed the files. More alarmingly is those organisations that are using a web based offering – they may just as well stand on a street corner and give away their information as these services just weren’t designed with sensitive corporate data in mind.”

There are 10 security principles in the Poynter report, the 8th of which is that ‘Transfers of digital data involving physical media should be phased out completely’. However, our research has shown that instead of this method decreasing it would appear to be increasing. Initially 4% of respondents questioned in 2008 used the postal system to transfer large files, however this year that figure has increased to 11% as companies struggle to find simple and reliable ways to transfer large files.

Fullbrook added, “Last month Deputy Commissioner at the ICO, David Smith, said that although breach notification is currently voluntary, if he has his way there is every prospect that it would become a legal requirement. Additionally, it is well documented that the ICO has been arguing for prison sentences for those who 'con' information out of companies and sell on data. That’s on top of the £500K fines they can now impose. A secure, centralised platform for governing and managing business file-transfers, such as Cyber-Ark’s Inter-Business Vault® not only enables organisations to comply with the principles of the Data Protection Act satisfying the ICO, but adoption of this technology can also save time and money.”

From a compliance standpoint, centralising all file-transfers into a single secure, scalable governed file transfer platform enables organisations to comply with regulations such as PCI, SOX, HIPAA and Basel II by ensuring strong authentication, enforcing audit controls and providing tamper-proof audit logs.

Beyond guarding against breaches, automation enables companies, particularly those in highly-regulated sectors such as financial services and healthcare, to mitigate the business risk of sensitive data loss or exposure.

Fullbrook concluded, “It’s not just about security, it’s about the ability to ensure productivity and guarantee the integrity of business operations. Investing in the right technology and processes now will go a long way to getting ahead of the growing volume of data transfers while meeting the demand for providing a better, faster service at lower costs, securely.”

Cyber-Ark® Software is a global information security company that specialises in protecting and managing privileged users, applications and highly-sensitive information to improve compliance, productivity and protect organisations against insider threats. With its award-winning Privileged Identity Management (PIM) and Highly-Sensitive Information Management software, organisations can more effectively manage and govern application access while demonstrating returns on security investments. Cyber-Ark works with more than 600 global customers, including more than 35 percent of the Fortune 50. Headquartered in Newton, Mass., Cyber-Ark has offices and authorised partners in North America, Europe and Asia Pacific. For more information, visit www.cyber-ark.com.

Source: Eskenzi PR

UK cloud computing market 'to double by 2012'

by Michael Smith (Veshengro)

Analyst predicts that UK rate of spend on cloud computing to reach more than £1bn within next two years

UK spending on cloud computing services will double within the next two years to over £1.2 billion, one IT industry analyst has claimed.

According to TechMarketView, the cloud will become of increasing prominence between now and 2012 as more organisations consider the value of outsourcing IT assets to third-party vendors, which include the likes of Amazon Web Services and Google Apps.

"In the old days, big companies used to generate their own electricity. But they do not do that any more", TechMarketView senior analyst Philip Carnelley told BBC News. "Software is going the same way - let others do the processing. Carnelley added that he and other industry analysts were not "hyping up" the cloud, but that a "genuine shift" was taking place in the UK.

TechMarketView claims that cloud computing-based services currently account for about 7.5% of the UK's total software market.

The biggest obstacle to organisations adopting cloud computing has so far been risks surrounding information security, as confirmed in a recent survey published by IBM, which showed that 80% of CIOs reported security as their chief concern when moving into the cloud.

Even Nick Clegg of the LibDems suggested that the UK government data storage should be moved to the cloud. What a great idea - NOT! The security issues are so immense but still they suggest such stupidity.

I can just imagine putting all the data of this or that department in the cloud and then finding that, for some reason, they cannot get at it for a day or more or someone hacks into it and liberates the whole stuff.

Haven't we have had enough problems with unencrypted computers, CDs and USB sticks. Do we now want to have data somewhere where the ICT people are not in control over the data? I should not think so.

But then again, I do not like the idea of the cloud and that for more than one reason.

© 2010

Trusteer CEO says Google switch is not a recommended security practice for enterprise to fight targeted attacks

London, UK, June 2010 - Reports that Google are planning to drop the Microsoft operating system for security reasons following targeted attacks they've been suffering may lead other enterprises to follow this practice. Adopting this practice by enterprises will not improve their defences against targeted attacks, according to Trusteer the leading provider of secure browsing services.

“Enterprises that are considering shifting to an operating system like Mac or Linux should realize that although there are less malware programs available against these platforms, the shift will not solve the targeted attacks problem and may even make it worse," said Mickey Boodaei, Trusteer's CEO.

“Mac and Linux are not more secure than Windows. They're less targeted. There is a big difference. If you choose a less targeted platform then there is less of a chance of getting infected with standard viruses and Trojans that are not targeting you specifically. This could be an effective way of reducing infection rates for companies that suffer frequent infections”, he added.

However, when it comes to targeted attacks this approach offers little value and may even increase exposure.

“In a targeted attack where criminals decide to target a specific enterprise because they're interested in its data assets, they can very easily learn the type of platform used (for example Mac or Linux) and then build malware that attacks this platform and release it against the targeted enterprise,” said Boodaei.

According to Boodaei, ”The security community is years behind when it comes to security products for Mac and Linux. Therefore there is much less chance that any security product will be able to effectively detect and block this attack. By taking the action of that the enterprise increases its exposure to targeted attacks, not reducing it.”

For more on the response from Microsoft to Google visit http://ow.ly/1T2lX

For more on Trusteer visit http://www.trusteer.com/

Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables banks and online businesses to protect sensitive data such as account holder credentials from malware by locking down the browser and creating a tunnel for safe communication between the web site and customers’ machines. It also prevents phishing by validating site authenticity. Trusteer Flashlight allows remote, effective, and instant investigation of malware-related fraud incidents. Trusteer’s solutions are used by more than 60 leading financial organizations in North America and Europe and by more than 6.5 million of their customers. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. For more information visit www.trusteer.com.

I must say that I find it amazing that so many supposed security experts keep running down Mac and Linux in favour of Microsoft Windows, whether for operating system on computers or on servers.

The great majority of servers that run websites are Apache, which is Linux, and Mac and Linux, as OS for personal computers are much safer against viruses, malware and also direct hacks – Linux especially – than Windows will ever be.

However, then again, where would all those security vendors and consultants be would it not be for Windows and its vulnerabilities and holes.

So, I guess, one can understand their anti-Linux and -Mac stance.

Source: Eskenzi PR with additional writing by Michael Smith (Veshengro)

The Guardian’s Classroom Innovation - in association with Asus …

… The Story Continues

From the opening of its doors in May this year, The Guardian’s Classroom Innovation, in association with Asus, has already generated traffic, comment and activity not just across the site but also into the social networking environments, notably Twitter.

Engaging with teachers and parents alike, the site has asked a host of questions, generated a number of responses and been on top of breaking news within the education and ICT sector.

Eco considerations and cost saving tips have been aired, the demise of Becta and the questions that this currently leaves unanswered have been asked alongside tips on revision and the potency of mobile learning.

During a time of change, the Classroom Innovation survey asks the question “Save Our Technology – What to Cut and What to Keep in Schools?” - watch out later this month for the results of the survey to be announced. Of real currency is the present stat from the survey where teachers, who have participated in the poll, have voted Becta as the most valuable organisation among a list of six national bodies.

In addition, this week will see the introduction of a new competition to win a stunning and slick ASUS Eee Top ET2010 multi-touch all-in-one PC and, as importantly, the winners of the first competition will be announced this Friday afternoon (4th June).

Join in and engage with a new blog from Tristan Ashman exploring issues around the education environment’s perceived over-reliance on technology... is this really the case or is it more a question of effective usage of and understanding of the potency of the technology.

To learn more, log onto: www.guardian.co.uk/classroom-innovation

ASUS is a leading company in the new digital era, with a broad product portfolio that includes notebooks, netbooks, motherboards, graphics cards, displays, desktop PCs, servers, wireless solutions, mobile phones and networking devices.

Driven by innovation and committed to quality, ASUS designs and manufactures products that perfectly meet the needs of today’s home and office users. ASUS won 3,268 awards in 2009, and is widely credited with revolutionizing the PC industry with the Eee PC™.

With a global staff of more than 10,000 and a world-class R&D design team, the company’s revenue for 2009 was US$7.5 billion. ASUS ranks among BusinessWeek’s InfoTech 100, and has been on the listing for 12 consecutive years.

Source: Tru PR

Keylogger sophistication rising as criminals look for new sources of card fraud revenue

Keylogger sophistication rising as criminals look for new sources of card fraud revenue says Trusteer

Payment card servicing firm Visa has issued an alert (http://bit.ly/a6ovul) to its transaction processing members and their clients - retailers of all sizes - that trojan-driven keylogger incidents are on the rise. According to Trusteer, the rising number of keylogger attacks on retailers' till terminals is due to the fact that many units are Windows-driven and therefore susceptible to the same type of malware infections as office and home PCs.

"Trojan-driven keylogger attacks have been on the rise for home and office PC users for some time, but companies and home users are getting wise to the problem and are installing IT security software on their machines," said Mickey Boodaei, CEO of the browser security and fraud prevention specialist.

"For retailers, however, the problem is more complex, as many of their terminals are subject to leasing and maintenance contracts, meaning that they tend to rely on the supplier/maintained for their IT security protection," he added.

However, Boodaei advises retailers not to be afraid of checking with their till terminal supplier about issues such as IT security, as with significant new penalties (http://bit.ly/5byF1f) from the Information Commissioner's Office (ICO) regarding data leaks and breaches, retailers accepting card payments from their customers need to aware of their options.

Consumers should also take precautions against keyloggers, the Trusteer CEO went on to say, as criminals are increasingly targeting payment card information on the Internet.

Many malware variants collect card data as customers type it in while making a purchase online, he explained, adding that more sophisticated malware can also change payment pages on Web sites asking for additional card and personal information.

"Our research team have also come across malware variants that steal card information when you log onto your bank account. They frequently change the login page to request your card information and then send this information on to the criminals," he said.

According to Boodaei, the increasing sophistication of cybercriminals looking to rip retailers and their card-carrying customers off is a problem that will not go away because, as existing avenues of card fraud are closed off, cybercriminals will attempt to open new ones up.

"Unfortunately, keyloggers are an ideal vehicle for card fraud, as they allow fraudsters to radiate trojans out via sophisticated bulk emailers and sit back for unwary recipients to click on the links and unwittingly install the keylogging malware on their Windows-driven machines," he said.

"Consumers can do their part by installing a browser add-in such as Trusteer's Rapport software (http://bit.ly/aRw8sj), which is offered as a free download by banks such as HSBC, RBS/NatWest and the Santander Group. Retailers, meanwhile, should contact their till terminal supplier for advice on their own IT security options," he added.

For more on Trusteer: www.trusteer.com

Trusteer enables online businesses to secure communications with their customers over the Internet and protect personally identifiable information (PII) from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Unlike conventional approaches to Web security, Rapport protects customers’ PII from malware including Trojans, keyloggers, and pharming and phishing attacks. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit www.trusteer.com.

Source: Eskenzi PR

IT Professionals Are Hacking Their Own Enterprises To Keep Intruders Out

Survey also finds 31% of companies have fallen foul of hackers

London, 2nd June 2010 : A survey of IT security professionals has discovered that 83% consider commercial applications, the ones you buy off the shelf, to be riddled with code flaws and vulnerabilities. That’s the discovery of a survey conducted by Fortify Software, a leader in Software Security Assurance (SSA) solutions, who found that 56% believe these flaws could allow hackers to exploit these software vulnerabilities. As a result, security professionals are making heavy investments in penetration and code testing, combined with application scanning, to try and build security into the software. Half of the IT security professionals also admitted to hacking, with 73% of these respondents doing so to test the strength of their own network’s defences, 13% for fun or out of curiosity, and 3% targeting their efforts at the competition.

Compiled at this year’s Infosecurity Europe 2010, the survey also unearthed that, amongst the 300 IT security professionals interviewed (with the majority taken from companies employing 1,000 plus employees), 31% admitted to being victims of hacking. More interestingly, with 29% replying ‘don’t know’, this figure could be substantially higher! The majority of respondents cited the application layer to be the hackers’ main target.

57% of the IT security profession also confer that the best way to check that their software applications are free of vulnerabilities and secure is to combine all available techniques and solutions, including code and static analysis, web application firewalls, application scanners and pen testing. Only 5% of the survey respondents we spoke to said their organisations didn’t employ technology for software security.

Commenting on these results, Barmak Meftah, Chief Products Officer at Fortify Software said, “It would appear organisations are frustrated with insecure off the shelf solutions, with many obviously feeling there are few alternatives, as they still purchase them. Given that companies have to make a huge investment in applications, whether off-the-shelf, outsourced or built in-house, it is paramount that they use proper procedures (as well as automatic software solutions) to test and strengthen these applications before deployment. On the subject of whether hackers can ever be described as having ‘good’ intentions, I’d rather be on the side of a hacker working to bring security vulnerabilities to my attention so that I can fix them before deploying an application that exposes my business to risk.”

Of those in this survey that admitted to previous hacking knowledge and experience, 42% learnt in their twenties and 14% in their teens. Most people learnt to hack at work -- 29%; on the Internet, 26%; at University, 13%; and 8% gained their hacking skills whilst still at school and 8% used friends to help them hone their talent.

Fortify's Software Security Assurance products and services protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite—Fortify 360—drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com, or visit our blog at blog.fortify.com. Find Fortify on Twitter: @Fortify

Source: Eskenzi PR

Expert urges 'revolutionary' IT leaders to step up as public-sector faces deep cuts

London 1st June 2010 - As the IT industry digests the Chancellor of the Exchequer's plans to shave £6.25 billion from the expenditure spreadsheets of various government departments, a leading IT expert from the 360°IT Blog has warned that if IT is to maximise its potential to stave off the potentially devastating effects of the cuts, the sector needs the most resilient, persuasive, creative and revolutionary IT leaders the profession has ever seen.

According to Jim Mortleman, a leading IT industry commentator, there will be massive repercussions for IT in the sector as budget reductions are ramped up. While George Osborne's cut-backs include £95 million of IT savings, the pain doesn't stop there, as the Government has also mandated £1.15 billion in 'discretionary areas' such as consultancy and a further £1.7 billion through the scrapping or renegotiation of existing contracts. "Since IT is a big user of consultancy services and a big contributor to overall spending on third-party suppliers, it is likely to have to swallow a fair chunk of these cuts too," he said in his blog on the 360°IT Event website.

And, he warns, individual government departments facing large cuts may decide to make IT shoulder an even greater share of their burden. Inevitably, says Mortleman, there will be job cuts in public sector IT as a result, not forgetting the knock-on effect this will have on private-sector suppliers of IT products and services to government.

But, he argues, the big question is where Osborne and LibDem Chief Secretary to the Treasury David Laws will apply the paring knife next. "Over the course of this parliament, we've been told, cuts to tackle the deficit will need to be 10 times greater than last Monday's 'gentle introduction' to the coming austerity," he says.

So should IT leaders in the sector be bracing themselves for similarly exponential levels of budget reduction over the coming years?

Not necessarily, says Mortleman, but bold IT leaders must step up to the plate if their departments are to be seen as part of the solution rather than part of the problem. "I'd argue that if the public-sector needs to find £60 billion of cuts over the course of this parliament, and still maintain adequate service levels, IT will be key," he said, adding: "In almost every respect - from streamlining processes to automating manual tasks to driving innovation - IT is critical."

In addition, Mortleman notes IT will need to play a central role in delivering many other government commitments such as making departments more transparent and responsive to citizens, hitting energy efficiency targets, reducing bureaucracy and enabling collaboration among the wider public sector, private enterprise and social ventures.

He goes on to say it is vital IT leaders fight their corner with passion and conviction when it comes to continued investment and the imperative for innovation and transformational change. But, he argues, they will not have much of a case unless they deliver results fast - which means taking a radical approach.

They will, he says, need to wield the axe over inefficient systems, processes and infrastructure and reinvest in more flexible, nimbler and less costly alternatives. "They will need to rethink procurement processes, supplier management strategies and licensing arrangements - how can they reduce dependence on traditional vendors and open up to a wider range of smaller, more innovative partners? And they need to keep staff and teams motivated and engaged. It's a heady mix of technological, business, human and cultural challenges," he said.

So do they have the mettle for it? Mortleman, who has been researching and commenting on IT developments for almost two decades (in the trade and national press as well as online), says yes. And some would-be revolutionaries, he reports, are relishing the forthcoming battle since it will allow them to take a much-needed radical approach to rethinking how public-sector IT operates.

"To these people I say, your time has come - now make it so," he said.

If you want to read more from Jim Mortleman' or comment on his 360°IT blog post visit: http://bit.ly/aggHaC

The 360°IT Blog is part of the new 360°IT - The IT Infrastructure Event, taking place on 22-23 September 2010 in Earls Court, London. For more on 360°IT the event that demonstrates how IT infrastructure solutions can help to achieve key business objectives such as improving service, reducing cost, managing risk and gaining competitive advantage and growth visit http://www.360itevent.com

360°IT is the event dedicated to the IT community addressing the needs of IT professionals responsible for the management and development of a flexible, secure and dynamic IT infrastructure.

With high level strategic content, product demonstrations and technical workshops, 360°IT will provide an essential road map of current and emerging technologies to deliver end to end solutions.

360°IT will facilitate vendor and end user collaboration to create the IT infrastructure necessary to achieve key business objectives - improving service, reducing cost and managing risk whilst gaining competitive advantage and growth.

Source: Eskenzi PR

Experts warn about risks of multi-tasking on new iPhone 4.0 OS

Fortify Software warns companies to beware multi-tasking aspects of new iPhone 4.0 operating system

Following a rash of news reports about the latest revision to the popular iPhone's operating system - iPhone 4.0 (http://bit.ly/95MGpF) - Fortify Software has been advising companies to tread carefully with corporate usage of the Apple smart phone, owing to the multi-tasking aspects of the updated operating system.

The move to multi-tasking on the iPhone opens up all sorts of hacker and mischievous possibilities on the Apple handset, as users can be interacting with an app in the foreground, whilst the iPhone does all sorts of things in the background, says Richard Kirk, European director with the application security specialist.

"The addition of multi-tasking for the iPhone is clearly a major step forward for the Apple handset, and we fully expect to see the arrival of a number of corporate apps as a result in the coming months," he said.

"This is excellent news for business usage of the Apple smart phone, but company software teams should be aware of the need to carry out software security tests on all apps - regardless of source - before they are deployed, as they may turn out to harbour hidden problems in the program code," he added.

According to Kirk, the potential for such malware can clearly be seen with a new Windows Mobile game called `3D Anti-terrorist action,' which reportedly dials expensive international phone calls in the background, whilst the user plays the game on their smartphone.

This, he says, is a clever use of the fact that some international call destinations offer shared revenue to third parties, in much the same way that UK premium rate numbers offer call revenue to companies.

The Terdial trojan (http://bit.ly/aoR1cm), as it is known, is one of the first to take fraudulent advantage of the multi-tasking aspects of the Windows Mobile platform and Fortify fully expects to see other trojans plus malware used in future iPhone apps.

And, Kirk says, given the interest in the iPhone's new tablet cousin, the iPad, he also expects to see similar malware arriving on the new iPad, as its popularity continues to grow, and multi-tasking arrives on the computer.

It's against this backdrop that Fortify says that companies planning to roll third-party apps for use by staff in any shape or form, carefully check the source code of the app for any hidden problems.

This is especially important, he explained, as a growing number of iPhone users are unlocking their handsets from their cellular carrier and the Apple iTune store, to allow them to run third-party sourced software, which is not checked by Apple Computer for its provenance.

"It's important, therefore, for companies to implement software security testing to identify and remove any potential vulnerabilities from existing applications, as opposed to simply trying to block attacks on applications," he said.

"And IT staff also need to understand the need to test not only the app code that is developed in house, but code this is acquired from vendors, outsourcers and open source. The iPhone clearly has new and significant potential with the latest operating system update, but companies need to carry out their own security tests before embracing the obvious benefits of the handset," he added.

For more on Fortify: www.fortify.com

Source: Eskenzi PR