Category: cybersecurity

Posted on

Centralize and Secure Business Applications and Data

laptop drawingThe portable computer is an essential business tool for day’s mobile workforce, having the power and portability to meet the demands of executives and professionals working away from the office.  While executives and mobile professionals get the applications and data they need to keep productivity high, carrying business data on devices outside the network introduces significant business risk.

There are studies which estimate that as much as 80% of the data a small business owns (data like customer files, contracts, product information and financial data) is copied to or stored on portable computers.  When valuable business data is lost or stolen, the business can be exposed to a variety of problems – loss of revenue being just one. Losing track of business data can create legal issues, too. Customer privacy may be compromised, sensitive information could be exposed, or confidential plans might be made public if a business doesn’t take the right steps to secure its data.

It isn’t just the possibility of loss or theft which increases risk when data is copied to portable computers – the increased vulnerability of the information sits with the likelihood that the user will access unsecured networks, launch non-corporate applications, access private email accounts and perform other non-business related tasks with the computer because they have more access than with a fully secured corporate in-office desktop.  User behavior is often what puts corporate data and assets at risk, regardless of the policies that might define correct and acceptable procedures. It is very easy for workers to unknowingly lose and leak data, and when the data is present on the portable computer it gets even easier.

A 2014 study commissioned by Cisco Systems found that employees around the world continue to engage in “risky” behaviors that put business and personal information at risk:

  • The majority (70%) of surveyed IT pros believe that as many as half of their data loss incidents are due to authorized program installations
  • 44% of employees share work devices with others without supervision
  • 39% of IT professionals have dealt with employees trying to access unauthorized parts of the company’s network
  • Almost half of the employees admitted to copying data between work and personal computers when working from home
  • 18% (up to 25% in some regions) of employees shared passwords with their co-workers

Companies must not only protect their data for their financial well-being, but must recognize their legal obligation to protect much of the information, as well.  The risk extends beyond the walls of the enterprise, to vendors and customers and consumers whose information may be stored in the company data. Additionally, portable computers exposed to malware and virus attacks are likely to pass the bad code to other systems they come in contact with, introducing not just risk for the recipient but liability for the infected laptop owner.

Where mobile computing brings huge advantages to today’s business, owners would do well to consider the benefits of enabling mobility through the use of server-based and hosted computing models. Rather than installing software and copying data to PCs and mobile devices, workers should be able to access a central system where the applications actually run. IT management is more efficient and security is easier to enforce when applications and resources are contained exclusively within the corporate boundary, even if they are accessible from without.

Virtual desktop and remote application solutions offer features that address a variety of potential risk factors as well as enabling improved management and security of IT assets.  Centralizing and securing applications and data resources at the server allows businesses to deliver the mobility and functionality users need while enabling the information security and management the business demands. This is a foundation upon which remote desktop and remote application technologies were built, allowing users to have the real-time access to applications and data with full functionality and desktop modality, but without the requirement to install, manage and secure applications and data on the individual devices.

Make Sense?

J

Posted on

Big Data, Analysis and Business Intelligence

Big Data, Analysis and Business Intelligence

big dataThere is a lot of talk among IT professionals of “big data”, and discussions at many business conference tables center on how the organization might find greater benefit and advantage from the intelligence buried in the business systems and information.  It is a two-part problem, where the collection and the analysis each play essential roles in developing real business intelligence.

“So what’s getting ubiquitous and cheap? Data.

And what is complementary to data? Analysis. ..”

Hal Varian, Chief Economist at Google and emeritus professor at the University of California, Berkeley
“Hal Varian Answers Your Questions,” February 25, 2008 (http://www.freakonomics.com/2008/02/25/hal-varian-answers-your-questions/).  BUSINESS INTELLIGENCE AND ANALYTICS: FROM BIG DATA TO BIG IMPACT; MIS Quarterly Vol. 36 No. 4, pp. 1165-1188/December 2012

The information technology and systems in a business support the operation.  Software and computers help people do their jobs, and the information collected in and generated by those systems becomes the foundation for developing business “intelligence”.   Today, businesses must reach beyond their own direct operational support systems and consider the full realm of data to be collected, including IoT sensor data or social media data.

Business intelligence is gained from the analysis of the critical business data – analysis which helps owners and managers make better and more informed decisions which are based on an understanding of the business and market.   Business intelligence was a term popularized in the 1990s, but the key was the analytical component (business analytics), which gained focus in the late 2000s. Today it is big data and big data analytics, where organizations are working with massive data sets not previously even imagined.

“…one of the most significant challenges facing enterprise IT teams today is how to efficiently support and enable the “science” of big data, while providing the confidence and maturity of more traditional (and often better understood) infrastructure services.”

http://www.datacenterknowledge.com/archives/2015/05/26/hadoop-big-data-storage-challenge-overcoming-science-project/

The volume and velocity of information collection is ever-increasing even in the smallest of businesses, creating a great need for tools which can structure and correlate data so that it might render some insight.  Simply storing and managing these huge and growing data sets has become a challenge, and there isn’t one right way.

Once the business has the data, then it must find a way to analyze the data, which generally involves also applying visualization tools. Many IT departments are feeling pressured in the development of new skills and capabilities around data collection and management, yet it is more frequently the business user who provides the analysis and applies visualization tools to the task.

“Data collected by the Aberdeen Group, found that employees in organizations that used visual data discovery were more likely to find the information they need, when they need it. These same companies were able to scale their use of scarce IT skills more effectively.”

http://www.tableau.com/learn/whitepapers/visualization-set-your-analytics-users-free#0vXrkWZbizxyutw

The use of business intelligence and advanced analytics continues to grow in every segment of the market – from small business to enterprise – and plays an increasingly important role in supporting business success.

Until this point, most businesses didn’t have the technology or the data to enable significant quality or business transformation, but the times are changing and deployments of data collection, analysis and visualization software and tools are expanding with it. This is a fundamental aspect of business digital transformation and fuels the next step, where intelligence is applied to conditions revealed in the data and activities are automatically performed guided by that intelligence.

jmbunnyfeetMake Sense?

J

Posted on

Mobility and the Cloud – Managing “Bring Your Own Device” and Securing Company Resources

There are lots of reasons why businesses are adopting cloud and Internet technologies in great number, and supporting mobile workers is one of the big ones.  In order for traveling sales people or workers in remote offices to have access to business applications and data, many organizations are turning to hosted and cloud solutions to centralize systems and make enterprise-wide access easier to deliver and manage.

What many businesses are just now realizing, however, is that allowing individuals to use their own mobile devices to access corporate data is exposing the enterprise to new (and often unknown) risk with each and every device and app that gets used.

Most businesses recognize the need to secure corporate systems while allowing users to remotely access resources from home or mobile computers.

Many CIOs and IT managers are failing to address the vulnerabilities introduced through the proliferation of tablets and smartphones in the business. Some enterprises initially embraced the concept of “bring your own device” [BYOD], as it tended to encourage users to work from home or while on the road, increasing employee productivity and keeping workers more “attached” to their jobs – all without the business having to pay for the device.

With growing numbers of reported “rogue apps” and apps that secretly collect and pass data, the potential benefits of allowing workers to use their own devices is rapidly being overshadowed by the risks involved.

Earlier this year, Apple, Facebook, Yelp and several other firms were sued for privacy-infringing apps that, among other things, pillaged users’ address books. …but what if the app uploads a sales representatives’ contact list and the developer then sells it to a competitor? That’s a new type of data leakage that most organizations aren’t ready for.

http://www.cio.com/article/716368/Free_Mobile_Apps_Put_Your_BYOD_Strategies_at_Risk  

Phones, in particular, have not traditionally been viewed by most business owners as a primary platform for information theft or damage – other than when an employee uses one to tell someone something they shouldn’t.  But in terms of intrusion, data theft, application hacking and things like that… not so much.

But that was before phones got really smart.

Phones that most folks carry around now are actually computers with a great deal of processing and storage capacity, and as such are just as capable of running bad programs and being vulnerable to attack as their more obvious portable computer counterparts.  Perhaps they are even more vulnerable because of the “connected” nature of the device, because by its very nature it is geared towards communication of information, not just processing it.

It’s not that hackers and developers of exploits (or just bad code) are necessarily focusing on stealing your business data (well, OK, a lot of them are).  Maybe someone just got lucky one day, when they first realized that the employee phone was the “camel’s nose under the tent” which would get them inside, far enough to deliver access to confidential corporate information and data someone would pay for.  People tend to be the weakest element in the security chain, and exploiting vulnerabilities under the guise of “making things easier” for the user has been a highly successful approach (would you like to sign in with your Facebook account?).

..because attacks that target employees may well end up targeting the employer as well, even if the employer wasn’t the original target.

Whether it is intentional or not, the risk is very present, and every business and enterprise has a responsibility to recognize the vulnerabilities introduced with mobile device use and to do what it can to mitigate that risk.  It is also important to recognize that the risk is not a purely personal one, either.

Since the information held by most businesses also includes the information of others – customers, vendors, partners, etc. – it is essential that the business not expose itself to unnecessary problems (litigation, fines or penalties, or simply lost opportunity) caused by accidental leakage of confidential information belonging to 3rd parties.

For some businesses, the best answer may be to only allow use of devices the business provides, along with clearly written use policies and guidelines.  This approach allows the organization to determine which applications may be installed and to dictate how the device is to be used for business needs.

There are even solutions available which can assist businesses in managing the expenses related to mobile devices in the enterprise, addressing not only security and privacy concerns but also helping to optimize expenditures on mobile devices by monitoring contracts and usage, identifying underused agreements or overage charges, or even identifying contracts still in force which should have been cancelled.

For many businesses, however, allowing users to continue accessing business resources with their personal devices may be desirable for a variety of reasons, cost being only one of them.  If this is the case (as it is most often in small and growing businesses), it is important to make certain that users understand what is and is not appropriate device use, and to inform users on the policies relating to apps which may or may not be allowed and why.

Make sense?

J

Posted on

The Cloud Makes Time Travel Possible: Hosted applications can deliver immediate business benefits

The Cloud Makes Time Travel Possible: Hosted applications can deliver immediate business benefits

In an article published on CIO.com, author Kevin Fogarty describes how moving to a cloud IT approach proved to be a highly beneficial and strategic decision for an on-site diesel fuel distributor.  The focus of the article was on how existing software and processes were enabled by centralizing them in a cloud hosting environment, and not by replacing them with new subscription-based applications.

For many businesses, this is the secret that nobody’s talking about: you can have the benefits of “the cloud” without having to radically change everything you have and everything you do.  Retention of knowledge assets is critical to business continuity, and moving existing systems and process to platforms where they can be leveraged to greater business advantage is a way to do that.  With centralization of systems and services, information can be processed far more efficiently than before, eliminating delays and improving cash flows dramatically.  Time is money, and the cloud helps businesses spend less of both.

“A lot of the invoices have to go out every day by certain times, so third-party accounting companies can do their thing for the fleet owners.” The setup sounds like a classic for any overhyped business-process-automation system, but Daniel Abrams and other Diesel Direct managers weren’t interested in managing their business using sophisticated business systems that require more motivation, money and technical staff than Abrams was willing to use or pay for.”

The initial benefit is being able to use the products already in place, just from a more secure and redundant location, but when you begin to consider the positive ramifications of reducing the time between delivery and invoicing, billing and payment receipt, or customer demand and product supply, you rapidly realize that the cloud means much more to the business than just another way to run software.

“Those changes save Diesel Direct both money and time. Rather than running reports and invoices all night Tuesdays, for example, the additional capacity lets the company run those resource-intensive processes during the day rather than overnight. That gets critical work done faster and more accurately than a process left to complete itself unattended.”

In short, the cloud makes time travel possible, because the result is available almost immediately upon completion of the task.  It’s kind of like getting your expense check as you walk off the plane in your home town, because you reported all your expenses in real time as they were incurred (snap a picture of the receipt at the bar, and like that).

Yet most business owners and IT managers for small and mid-sized businesses are being told that the cloud is best applied when innovation is required, and should be reserved for NEW things, and not thought of as a way to improve the status quo with existing or legacy architecture.

“It’s not unusual for mid-sized companies to come to depend on cloud services, according to James Staten, vice president and principal analyst for Forrester’s Infrastructure and Operations practice.

It is unusual for them to be more concerned with infrastructure than with applications, he says.”

With affordable and secure application hosting services being widely available for small and medium businesses, owners and managers no longer have to look to new solutions just to enable mobility, remote access, and a fundamentally stronger and better-managed system.  Legacy applications can be hosted and delivered, extending their useful life as well as the value of the development and intellectual property, and giving customers capabilities not readily available with local implementations.

“Diesel Direct can’t accomplish anything if its minimal IT infrastructure is offline for any length of time.

Abrams, worried about storms taking out his business as well as the power, didn’t know what technical solution he wanted until Callow “described for him what an enterprise infrastructure looked like,” Callow says.

“They didn’t need one, didn’t want one, but they did want the security, the reliability of a redundant IT infrastructure,” he says. “The most effective way to get that at the lowest possible cost is the cloud.”

Among the greatest benefits of outsourcing application delivery to a cloud hosting provider are the increased monitoring and security, application of best practices, and high levels of system fault tolerance and recovery capabilities offered.  While business subscribers focus on features and functionality of the application, the real focus for hosting providers is the platform – and the management and security of it.  This behind the scenes work offers tremendous business benefit to subscribing customers, but is often not the focus when discussing overall benefits of a cloud computing approach in the context of Software-as-a-Service, which is where many smbs focus their investigations.  As an alternative, businesses who may seek to adopt hosted solutions for their existing applications and software frequently do so for reasons of security and redundancy, not recognizing that their business processes may likely experience significant improvement, as well.

“Enterprises might have the luxury of making strategic decisions about cloud or other technology,” Golden says. “In mid-sized companies things are very tactical. No cloud evangelist is going around the refueling industry saying ‘there are ways to solve this problem.’ “Companies make tactical decisions to solve their own problems and, five or 10 years later, we’ll all wake up and realize we’ve changed the way we do everything,” Golden says.”

Make Sense?

J

The company in the article could be just like yours.  You don’t have to adopt new software and systems to benefit from the cloud.  How could your business change, if you could remove the problems of time and distance?