The document discusses the growing issue of mobile security as more employees work remotely. It addresses common myths about mobile security, including that existing security programs are sufficient, do-it-yourself security is better than outsourcing, and in-house staff are always up to date on threats. It argues organizations need visibility into all endpoints, policies to protect sensitive data, and expertise from outsourcing providers to address this increasing challenge.
The document discusses how hybrid IT, which combines mobile devices, cloud computing, and on-premises systems, is transforming enterprise productivity. It describes the "three-legged stool" model of hybrid IT, with mobility, cloud, and traditional IT as the three legs supporting today's knowledge workers. The rise of mobile devices, cloud computing adoption, and the need to access all types of applications and data from any location has led to widespread use of hybrid IT. However, managing security risks from the distributed hybrid IT environment poses challenges for organizations. With the right security tools, hybrid IT can be implemented securely to improve productivity while mitigating risks.
The Essential Ingredient for Today's EnterpriseReadWrite
The innovation that comes with the mobile enterprise are immense but problems come with this new world of devices. Namely the huge security concerns that arise. Devices can carry so much important information. How do you control it?
This paper from CIO Custom Solutions Group examines the mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy.
The Internet of Things (IoT) promises to change the way enterprises connect, communicate, operate, and compete. At the same time, the IoT has left enterprise networks and IoT devices extremely vulnerable to security breaches. Current IoT devices and infrastructures are simply not equipped to tackle today’s sophisticated attack methods. Vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures.
Securing mobile devices_in_the_business_environmentK Singh
This document discusses securing mobile devices in the business environment. It notes that mobile devices are increasingly being used for both personal and work purposes. While this brings advantages like increased productivity, it also poses security risks if not properly addressed. The document outlines various security threats to mobile devices like loss/theft, malware, spam, phishing, and issues with Bluetooth/Wi-Fi. It recommends developing a mobile security strategy that addresses data access, platform support, management, and best practices. The strategy should apply controls across identity/access, data protection, applications, and other areas based on IBM's security framework.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
IDC: Top Five Considerations for Cloud-Based Securityarms8586
The document discusses considerations for enterprises moving to cloud-based web security solutions. It addresses key drivers like the dissolution of network perimeters and rise of mobile/BYOD usage. Challenges include enforcing consistent social media policies and securing unmanaged devices. Cloud solutions can provide ubiquitous security without on-device agents. Hybrid models combining on-premise and cloud are also discussed.
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
Wayne Peterson, the CISO of Kroll Associates, believes that the first priority for any organization should be to identify and shut down attacks before they threaten the business. Peterson's first action as CISO was to build out an incident response team to enable early detection and quick response to any incidents. Peterson notes that in the past, organizations focused on building firewalls and perimeter security, but today the greatest vulnerability is at the endpoint level due to remote and mobile workers. Effective endpoint security solutions can provide greater visibility into true threats and help organizations make smarter security decisions. Peterson advises starting any security strategy with a focus on solid endpoint protection rather than trying to purchase one's way into complete security.
The document discusses how hybrid IT, which combines mobile devices, cloud computing, and on-premises systems, is transforming enterprise productivity. It describes the "three-legged stool" model of hybrid IT, with mobility, cloud, and traditional IT as the three legs supporting today's knowledge workers. The rise of mobile devices, cloud computing adoption, and the need to access all types of applications and data from any location has led to widespread use of hybrid IT. However, managing security risks from the distributed hybrid IT environment poses challenges for organizations. With the right security tools, hybrid IT can be implemented securely to improve productivity while mitigating risks.
The Essential Ingredient for Today's EnterpriseReadWrite
The innovation that comes with the mobile enterprise are immense but problems come with this new world of devices. Namely the huge security concerns that arise. Devices can carry so much important information. How do you control it?
This paper from CIO Custom Solutions Group examines the mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy.
The Internet of Things (IoT) promises to change the way enterprises connect, communicate, operate, and compete. At the same time, the IoT has left enterprise networks and IoT devices extremely vulnerable to security breaches. Current IoT devices and infrastructures are simply not equipped to tackle today’s sophisticated attack methods. Vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures.
Securing mobile devices_in_the_business_environmentK Singh
This document discusses securing mobile devices in the business environment. It notes that mobile devices are increasingly being used for both personal and work purposes. While this brings advantages like increased productivity, it also poses security risks if not properly addressed. The document outlines various security threats to mobile devices like loss/theft, malware, spam, phishing, and issues with Bluetooth/Wi-Fi. It recommends developing a mobile security strategy that addresses data access, platform support, management, and best practices. The strategy should apply controls across identity/access, data protection, applications, and other areas based on IBM's security framework.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
IDC: Top Five Considerations for Cloud-Based Securityarms8586
The document discusses considerations for enterprises moving to cloud-based web security solutions. It addresses key drivers like the dissolution of network perimeters and rise of mobile/BYOD usage. Challenges include enforcing consistent social media policies and securing unmanaged devices. Cloud solutions can provide ubiquitous security without on-device agents. Hybrid models combining on-premise and cloud are also discussed.
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
Wayne Peterson, the CISO of Kroll Associates, believes that the first priority for any organization should be to identify and shut down attacks before they threaten the business. Peterson's first action as CISO was to build out an incident response team to enable early detection and quick response to any incidents. Peterson notes that in the past, organizations focused on building firewalls and perimeter security, but today the greatest vulnerability is at the endpoint level due to remote and mobile workers. Effective endpoint security solutions can provide greater visibility into true threats and help organizations make smarter security decisions. Peterson advises starting any security strategy with a focus on solid endpoint protection rather than trying to purchase one's way into complete security.
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
This document discusses mobile malware threats facing enterprises. It begins by providing background on the rise of BYOD policies and the security challenges they pose. It then discusses the growing risk of mobile malware, citing statistics on its rapid growth rate and prevalence in apps. The document outlines common types of mobile malware like adware, spyware, and phishing. It explains how these threats can compromise enterprise data and infect networks through BYOD devices. It emphasizes the need for enterprises to adopt comprehensive security solutions to protect corporate data on personal mobile devices.
This document discusses cyber security from past, present, and future perspectives. It notes that cyber security has evolved from an immature field to one that will become more scientific and technology-centric over time. The document outlines key cyber threats such as botnets, targeted attacks, and the underground economy that supports them. It also summarizes India's cyber security strategy, noting the importance of legal frameworks, incident response, capacity building, research and development, and international collaboration to enhance cyber security.
This document discusses cyber security issues, challenges, and risks. It begins by introducing the topic of cyber security and the importance of securely transferring information online. It then discusses some key challenges facing cyber security like advanced persistent threats, the evolution of ransomware, threats to IoT devices, and risks associated with cloud computing. The document also covers cyber security techniques to help address issues like access control, authentication, malware scanning, and using firewalls and antivirus software. It concludes by discussing systemic cyber risks related to scale, interdependency, and shared resources, as well as the importance of cyber ethics.
The document discusses information security and analyzes its importance. It describes key aspects of information security like confidentiality, integrity and availability. It also outlines some common threats to information security such as computer viruses, theft, sabotage and vandalism. The document then analyzes some challenges to effective information security, including employees being fooled by scams, issues with authentication, and the growing threat of phishing. It emphasizes the importance of addressing security concerns to build trust with customers and gain a competitive advantage.
First line of defense for cybersecurity : AIAhmed Banafa
The year 2017 wasn't a great year for cyber-security; we saw a large number of high-profile cyber attacks; including Uber, Deloitte, Equifax and the now infamous WannaCry ransomware attack, and 2018 started with a bang too with the hacking of Winter Olympics.
The frightening truth about increasingly cyber-attacks is that most businesses and the cybersecurity industry itself are not prepared. Despite the constant flow of security updates and patches, the number of attacks continues to rise.
This study surveyed 39 small businesses in Missouri to evaluate their network security practices. It found that while most businesses have some basic protections like antivirus software and firewalls, many were lacking in important areas. Over half only require employees to change passwords 1-4 times per year. Nearly two-thirds do not limit employee internet usage. The study aims to identify security gaps and make recommendations to help small businesses strengthen their network security.
The document discusses the main cybersecurity challenges faced in social computing. It identifies several key challenges: (1) big data breaches as more personal data is collected and stored; (2) the expansion of AI which could help detect cyberattacks but also poses risks; and (3) limited IT resources making it difficult for organizations to adequately monitor and secure expanding networks and devices. Additional challenges discussed include threats posed by the growing number of internet-connected devices and vulnerabilities in serverless applications. Real-world examples are provided to illustrate incidents and the potential damage from successful cyberattacks.
The Cisco 2010 Midyear Security Report includes:
* Results and analysis from two new Cisco studies -- one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
* International trends in cyber-security and their potential impact on business
* Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
* An update on global spam trends since late 2009 and spam volume predictions for 2010
* Guidance from Cisco security experts to help businesses improve their enterprise security by 2011
This document discusses current and emerging cyber threats. It notes that the physical and digital worlds are converging through devices like CCTVs and medical devices. In 2010, common threats included botnets, exploits, and identity theft. For 2011, the document predicts tighter budgets, more sophisticated technology, and more innocent users coming online leading to more targets and accessibility for criminals. It emphasizes the need for security awareness programs and cautions that internal threats may be as significant as external ones.
Cyber threats are becoming more sophisticated and targeted attacks are harder to detect. Traditional security controls are no longer sufficient to defend against modern threats. Cyber intelligence provides total visibility into an organization's systems to detect emerging anomalies in real-time, before they become security incidents or crises. This intelligence-based approach uses adaptive technologies and skilled analysts to continuously learn, understand, and address developing issues. It aims to regain the advantage over attackers by enhancing visibility and informing timely decision-making.
Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Example of Hacking: Using password cracking algorithm to gain access to a system
Computers have become mandatory to run a successful businesses. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and hacking. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.
The document discusses security issues related to data stored on mobile devices outside the corporate network. It provides statistics on laptop theft and data breaches. It then introduces the Beyond Encryption solution, which uses encryption and remote management capabilities to protect data on devices, enable file retrieval, locking or destroying of data regardless of device location. Case studies are presented showing how various organizations have used Beyond Encryption to securely manage data on third-party and employee devices.
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
This document discusses threats to enterprise data security and recommends best practices for 360 degree protection. It examines three scenarios of common data security threats: 1) theft of a mobile computing device, 2) losing removable media containing confidential data, and 3) insider threats from unauthorized internal access. For each scenario, it describes how the threat could impact a business and recommends encryption solutions from Sophos to minimize risks and protect data, such as SafeGuard Easy, SafeGuard PDA, SafeGuard Data Exchange, SafeGuard RemovableMedia, and SafeGuard LAN Crypt. The document advocates a holistic approach to data security across endpoints, in transit, and during use to address evolving threats in today's mobile and networked business environment.
Open Source Governance in Highly Regulated Companiesiasaglobal
The document discusses the importance and risks of open source governance for highly regulated companies. It outlines that open source now represents an average of 29% of code deployed by IT and is used by 60-80% of technology innovators. However, uncontrolled use of open source can expose companies to technical, regulatory, security, legal and brand risks. The document advocates for formal open source governance processes to maximize the benefits of open source while minimizing risks.
The continued expansion of file-based, business-critical information within extended enterprises is changing the storage dynamic in a wide range of industries and organizations. In a series of interviews with U.S. and European enterprises, IDC found that companies are increasing their file-based storage by 40% to 120% a year and place a high priority on boosting the efficiency and reliability of their management processes for file-based information. IDC research indicates that unstructured, filebased data drove a majority of new storage capacity in all organizations' datacenters in 2008 and projects this growth to accelerate, in spite of current economic conditions. By 2012, over 75% of new storage capacity shipped will be dedicated to the storage, organization, and protection of files.
This document discusses cryptography and security implementations for Internet of Things (IoT) devices. It begins with an introduction to IoT and the need for security protocols as IoT devices collect and transmit large amounts of sensitive data. Challenges to IoT security include the diversity of devices which makes vulnerabilities complex, and limited computational resources. The document then explores using symmetric and public key cryptography algorithms as well as proposed lightweight cryptography solutions for IoT security. It concludes that while traditional security solutions are inadequate, lightweight cryptography protocols have the potential to help secure IoT communications and address current challenges if standardized for diverse IoT hardware.
Quick Start Guide to IT Security for BusinessesCompTIA
IT security is constantly changing, which means it can be hard for businesses to keep up. This guide from CompTIA educates IT solution providers on the importance of providing clients with up-to-date IT security, identifies the risks of inadequate or poor security, and examines the technology shifts and factors affecting security in in the workplace.
Omlis Data Breaches Report - An Inside Perspective Omlis
The rise in digital and mobile financial services has introduced an onset of increased data breaches over the last few years. The digital revolution has undermined the traditional framework used to regulate financial institutions, which has led to areas of vulnerability within their security systems.
In the report, Data Breaches: An Inside Perspective, Omlis conducted in-depth interviews with experienced cyber security professionals to understand why TFIs (traditional financial institutions) aren't adequately addressing security weaknesses.
In our research, the discussions centered on the types of security systems employed by TFIs, personal and industry-wide attitudes to security, and the types of security measures used to prevent breaches.
The findings indicate that TFIs current preference towards technology creates an increasingly complex system with associated vulnerabilities and ultimately it requires greater manual input for maintenance and updates.
There are also issues related to the attitudes of employees and difficulties implementing comprehensive and in-depth incident strategies.
Taking this into account, the report suggests a new direction for TFI's security systems to provide secure, innovative solutions.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
Building the Anytime, Anywhere Network -
Mobile technologies are opening enormous new
business opportunities. Capitalizing on them takes
a new approach to networking. To learn more, visit Juniper Networks at: http://juni.pr/CMlpCMPss
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
This document discusses mobile malware threats facing enterprises. It begins by providing background on the rise of BYOD policies and the security challenges they pose. It then discusses the growing risk of mobile malware, citing statistics on its rapid growth rate and prevalence in apps. The document outlines common types of mobile malware like adware, spyware, and phishing. It explains how these threats can compromise enterprise data and infect networks through BYOD devices. It emphasizes the need for enterprises to adopt comprehensive security solutions to protect corporate data on personal mobile devices.
This document discusses cyber security from past, present, and future perspectives. It notes that cyber security has evolved from an immature field to one that will become more scientific and technology-centric over time. The document outlines key cyber threats such as botnets, targeted attacks, and the underground economy that supports them. It also summarizes India's cyber security strategy, noting the importance of legal frameworks, incident response, capacity building, research and development, and international collaboration to enhance cyber security.
This document discusses cyber security issues, challenges, and risks. It begins by introducing the topic of cyber security and the importance of securely transferring information online. It then discusses some key challenges facing cyber security like advanced persistent threats, the evolution of ransomware, threats to IoT devices, and risks associated with cloud computing. The document also covers cyber security techniques to help address issues like access control, authentication, malware scanning, and using firewalls and antivirus software. It concludes by discussing systemic cyber risks related to scale, interdependency, and shared resources, as well as the importance of cyber ethics.
The document discusses information security and analyzes its importance. It describes key aspects of information security like confidentiality, integrity and availability. It also outlines some common threats to information security such as computer viruses, theft, sabotage and vandalism. The document then analyzes some challenges to effective information security, including employees being fooled by scams, issues with authentication, and the growing threat of phishing. It emphasizes the importance of addressing security concerns to build trust with customers and gain a competitive advantage.
First line of defense for cybersecurity : AIAhmed Banafa
The year 2017 wasn't a great year for cyber-security; we saw a large number of high-profile cyber attacks; including Uber, Deloitte, Equifax and the now infamous WannaCry ransomware attack, and 2018 started with a bang too with the hacking of Winter Olympics.
The frightening truth about increasingly cyber-attacks is that most businesses and the cybersecurity industry itself are not prepared. Despite the constant flow of security updates and patches, the number of attacks continues to rise.
This study surveyed 39 small businesses in Missouri to evaluate their network security practices. It found that while most businesses have some basic protections like antivirus software and firewalls, many were lacking in important areas. Over half only require employees to change passwords 1-4 times per year. Nearly two-thirds do not limit employee internet usage. The study aims to identify security gaps and make recommendations to help small businesses strengthen their network security.
The document discusses the main cybersecurity challenges faced in social computing. It identifies several key challenges: (1) big data breaches as more personal data is collected and stored; (2) the expansion of AI which could help detect cyberattacks but also poses risks; and (3) limited IT resources making it difficult for organizations to adequately monitor and secure expanding networks and devices. Additional challenges discussed include threats posed by the growing number of internet-connected devices and vulnerabilities in serverless applications. Real-world examples are provided to illustrate incidents and the potential damage from successful cyberattacks.
The Cisco 2010 Midyear Security Report includes:
* Results and analysis from two new Cisco studies -- one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
* International trends in cyber-security and their potential impact on business
* Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
* An update on global spam trends since late 2009 and spam volume predictions for 2010
* Guidance from Cisco security experts to help businesses improve their enterprise security by 2011
This document discusses current and emerging cyber threats. It notes that the physical and digital worlds are converging through devices like CCTVs and medical devices. In 2010, common threats included botnets, exploits, and identity theft. For 2011, the document predicts tighter budgets, more sophisticated technology, and more innocent users coming online leading to more targets and accessibility for criminals. It emphasizes the need for security awareness programs and cautions that internal threats may be as significant as external ones.
Cyber threats are becoming more sophisticated and targeted attacks are harder to detect. Traditional security controls are no longer sufficient to defend against modern threats. Cyber intelligence provides total visibility into an organization's systems to detect emerging anomalies in real-time, before they become security incidents or crises. This intelligence-based approach uses adaptive technologies and skilled analysts to continuously learn, understand, and address developing issues. It aims to regain the advantage over attackers by enhancing visibility and informing timely decision-making.
Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Example of Hacking: Using password cracking algorithm to gain access to a system
Computers have become mandatory to run a successful businesses. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and hacking. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.
The document discusses security issues related to data stored on mobile devices outside the corporate network. It provides statistics on laptop theft and data breaches. It then introduces the Beyond Encryption solution, which uses encryption and remote management capabilities to protect data on devices, enable file retrieval, locking or destroying of data regardless of device location. Case studies are presented showing how various organizations have used Beyond Encryption to securely manage data on third-party and employee devices.
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
This document discusses threats to enterprise data security and recommends best practices for 360 degree protection. It examines three scenarios of common data security threats: 1) theft of a mobile computing device, 2) losing removable media containing confidential data, and 3) insider threats from unauthorized internal access. For each scenario, it describes how the threat could impact a business and recommends encryption solutions from Sophos to minimize risks and protect data, such as SafeGuard Easy, SafeGuard PDA, SafeGuard Data Exchange, SafeGuard RemovableMedia, and SafeGuard LAN Crypt. The document advocates a holistic approach to data security across endpoints, in transit, and during use to address evolving threats in today's mobile and networked business environment.
Open Source Governance in Highly Regulated Companiesiasaglobal
The document discusses the importance and risks of open source governance for highly regulated companies. It outlines that open source now represents an average of 29% of code deployed by IT and is used by 60-80% of technology innovators. However, uncontrolled use of open source can expose companies to technical, regulatory, security, legal and brand risks. The document advocates for formal open source governance processes to maximize the benefits of open source while minimizing risks.
The continued expansion of file-based, business-critical information within extended enterprises is changing the storage dynamic in a wide range of industries and organizations. In a series of interviews with U.S. and European enterprises, IDC found that companies are increasing their file-based storage by 40% to 120% a year and place a high priority on boosting the efficiency and reliability of their management processes for file-based information. IDC research indicates that unstructured, filebased data drove a majority of new storage capacity in all organizations' datacenters in 2008 and projects this growth to accelerate, in spite of current economic conditions. By 2012, over 75% of new storage capacity shipped will be dedicated to the storage, organization, and protection of files.
This document discusses cryptography and security implementations for Internet of Things (IoT) devices. It begins with an introduction to IoT and the need for security protocols as IoT devices collect and transmit large amounts of sensitive data. Challenges to IoT security include the diversity of devices which makes vulnerabilities complex, and limited computational resources. The document then explores using symmetric and public key cryptography algorithms as well as proposed lightweight cryptography solutions for IoT security. It concludes that while traditional security solutions are inadequate, lightweight cryptography protocols have the potential to help secure IoT communications and address current challenges if standardized for diverse IoT hardware.
Quick Start Guide to IT Security for BusinessesCompTIA
IT security is constantly changing, which means it can be hard for businesses to keep up. This guide from CompTIA educates IT solution providers on the importance of providing clients with up-to-date IT security, identifies the risks of inadequate or poor security, and examines the technology shifts and factors affecting security in in the workplace.
Omlis Data Breaches Report - An Inside Perspective Omlis
The rise in digital and mobile financial services has introduced an onset of increased data breaches over the last few years. The digital revolution has undermined the traditional framework used to regulate financial institutions, which has led to areas of vulnerability within their security systems.
In the report, Data Breaches: An Inside Perspective, Omlis conducted in-depth interviews with experienced cyber security professionals to understand why TFIs (traditional financial institutions) aren't adequately addressing security weaknesses.
In our research, the discussions centered on the types of security systems employed by TFIs, personal and industry-wide attitudes to security, and the types of security measures used to prevent breaches.
The findings indicate that TFIs current preference towards technology creates an increasingly complex system with associated vulnerabilities and ultimately it requires greater manual input for maintenance and updates.
There are also issues related to the attitudes of employees and difficulties implementing comprehensive and in-depth incident strategies.
Taking this into account, the report suggests a new direction for TFI's security systems to provide secure, innovative solutions.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
Building the Anytime, Anywhere Network -
Mobile technologies are opening enormous new
business opportunities. Capitalizing on them takes
a new approach to networking. To learn more, visit Juniper Networks at: http://juni.pr/CMlpCMPss
Today’s online world brings new challenges to businesses, making the security of your businesses’ internal information extremely critical. As we are all connected to the Internet,
we all can become a victim of cyber-attacks.
So, what can you do to better protect your business and secure your internal data?
Networking Plus December 2014: Connecting Mobile WorkersEric Wong
An excerpt from magazine where Peplink, Citrix, Vodafone and Cisco voice their thoughts on BYOD, mobile and remote workers, and the devices that make it possible.
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
The document discusses cyber security trends for 2021. Key points include:
- Cyber threats increased during the pandemic as remote work became standard. Hackers targeted vulnerabilities from limited remote security and careless employees.
- Companies need to implement data access plans to restrict what information employees can access and send.
- Threats like phishing, RDP attacks, weak passwords, and DDoS attacks expanded in scope and became more dangerous.
- Addressing the global cyber skills gap and developing cyber security professionals with both technical and leadership skills is a priority.
An advanced portfolio of leading infrastructure solutions for IT and OT networks. Our solutions include protection for wired and wireless networks and aid in the construct of highly secure indoor, campus, and outdoor networks.
Consumer technology is invading the enterprise and IT must embrace it in order to encourage employee productivity and satisfaction. Info-Tech recommends that organizations allow personal mobile devices on their corporate networks. This research addresses the following:
•Understand differences in security and management between the three major platforms – BlackBerry, Apple iOS, and Google Android.
•Evaluate the organization's position on the mobile device security scale and determine if third-party infrastructure is necessary.
•Development and enforcement of a personal mobile acceptable use policy to encourage end-user compliance and foster success.
Embrace consumer technology in the enterprise, and focus on end-user compliance to leverage productivity and maximize the potential for success.
This document discusses securing mobile devices in the business environment. It explores how companies can safely introduce employee-owned mobile devices while managing security risks. Key points include:
- Mobile devices increase productivity but also security risks if not properly secured. A range of platforms need support, and personal and work data coexist on devices.
- Common security threats include loss/theft, malware, spam, phishing via Bluetooth/Wi-Fi. The document outlines techniques to mitigate these risks, such as encryption, remote wiping, and antimalware software.
- The document recommends companies establish mobile security strategies and policies to identify allowed resources/platforms and assign management responsibilities according to a security framework covering identity, data protection, applications,
The SolarWinds hack, first detected in December 2020 and referred to as “the largest and most sophisticated attack the world has ever seen” by the president of Microsoft, was a watershed moment in cybersecurity. Hundreds of organizations, including Fortune 500 companies and government agencies, were affected, with sensitive data compromised. A year on, a major study conducted by Splunk has found that 78% of companies expect the same thing to happen again.
The document summarizes the findings of a survey of 1,300 IT decision-makers about wireless security trends. Key findings include:
1) Wireless LANs are considered the greatest security risk despite security measures, and securing IoT devices is a major concern.
2) Implementation of intrusion prevention and application control grew significantly year-over-year.
3) Over half of respondents prefer cloud-managed wireless networks for benefits like simplified management.
In this comprehensive ebook from Infinity Group, we highlight cyber security threats and the practical steps you can embark on to promote an effective remote and hybrid workforce for your business.
B Distributed Workforce Management In The Cloud Wp.En UsVishal Shah
This document discusses the challenges of managing a distributed workforce as more employees work remotely. It notes that cloud-based security services are well-suited for protecting mobile workers as they allow companies to enforce policies consistently for remote employees. The document then describes Symantec.cloud, a cloud-based security solution that includes endpoint protection, web security, email security and instant messaging security to help companies manage risks for their distributed workforce.
kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel
This document contains the slides from a Kaspersky Technical Training presentation on cybersecurity given in June 2016. The presentation covers several topics:
- The changing nature of work, security, and threats as more devices and data move to the cloud.
- New rules for security like avoiding complexity, recognizing borderless attack surfaces, and not slowing networks for security.
- Gartner's 2016 Magic Quadrant ratings which recognized Trend Micro, Intel Security, and Kaspersky Lab as leaders in endpoint protection.
- The rise of ransomware as a growing threat.
- Kaspersky's security solutions including their endpoint protection, virtualization security, threat intelligence, and focus on research to discover
This document discusses information security in management information systems. It defines information security and explains how classified information is typically stored and protected using high-level security networks, technology, and encryption. It also examines factors that influence information security systems, such as service agreements, operational requirements, and staff qualifications. Risk management in information technology is also covered, looking at risks like intellectual property protection, data leakage, and compliance. The document then analyzes a case study on security issues found at the FBI, such as unsecured networks, outdated plans and training. It also discusses wireless security threats and solutions for protecting wireless networks and devices. Finally, it addresses the roles and responsibilities of management in information security systems.
Cyber Security Challenges on Latest TechnologiesIRJET Journal
This document discusses cyber security challenges posed by latest technologies. It notes that as new technologies like cloud computing and mobile networks have been adopted, cyber crimes have also increased exponentially. The document outlines some key trends changing cyber security like increased use of web servers by cyber criminals, security issues with cloud services, new types of advanced persistent threats, security risks of mobile networks, challenges of the new IPv6 internet protocol, and importance of encryption. Overall it examines the current state of cyber security and risks posed by emerging technologies.
The top 3 security concerns for enterprises are mobile security, cloud security, and human error. Mobile security is challenging as mobile devices accessing business information can be compromised if lost or stolen. Cloud security is a concern as companies lose visibility and control over their data in the cloud. Most security breaches are caused by human error through misconfigurations, not system flaws. CIOs must implement security strategies and policies to address these growing threats to protect companies' sensitive data and systems from cyber attacks and breaches.
Digital Forensics Market, Size, Global Forecast 2023-2028Renub Research
Global Digital Forensics Market is forecasted to hit US$ 13.93 Billion by 2028, according to Renub Research. The modern world has witnessed an increased dependence on the latest digital technology. With the widespread adoption of the internet, smartphones, social media platforms like Facebook, Internet of Things (IoT), GPS, fitness trackers, and even smart cars, it has become increasingly difficult for digital forensics investigators to retrieve digital data.
The document discusses insider threats and how to mitigate them. It covers how insider threats can come from employees with malicious intent, but also from inadvertent actions like clicking a phishing link. Insider threats also include third party contractors who are given access to networks. The document provides recommendations for organizations to mitigate insider threats such as conducting background checks, monitoring unusual employee behavior, and escorting outsiders within the company's physical sites. It also discusses the ongoing threat of spam being used to distribute malware and how organizations need to protect their users from inadvertently enabling attacks through emails.
The document discusses insider threats and how to mitigate them. It covers how insider threats can come from employees with malicious intent, but also from inadvertent actions like clicking a phishing link. Insider threats also include third party contractors who are given access to networks. The document provides recommendations for organizations to mitigate insider threats such as conducting background checks, monitoring unusual employee behavior, and escorting outsiders within the company's physical sites. It also discusses the ongoing threat of spam distribution of malware and how organizations need to ensure all users remain vigilant against phishing attempts.
What makes the next-generation firewall better than the traditional firewalls in protecting your data from hackers? Know more information from Netmagic!
Jim romeo b2 b copywriter - how long should blogs beJim Romeo
Long-form blogs that are 1,000 words or more generate more links, shares and social media engagement than shorter blogs. Research from Buzzsumo, Curata, QuickSprout and WordStream found long-form blogs averaging 3,000-10,000 words received the most social shares. Studies also found blogs over 1,500 words got 68% more tweets and blogs over 2,100 words performed best. While some blogs are 500 words or less, data suggests long-form is a powerful content strategy.
This document discusses ensuring the safe passage of goods through supply chains. It identifies several areas of security focus, including sealing and tracking shipments, screening facilities and vehicles, and monitoring high-risk areas. Adopting security best practices and technologies at all points helps protect against theft and tampering while shipments are in transit.
The document discusses the growing risks of mobile security as more employees work remotely. It identifies common myths about mobile security, such as believing existing security programs are sufficient or that do-it-yourself security is better than outsourcing. The document recommends establishing a solid mobile security strategy by selecting a managed security provider to gain expertise, remain up-to-date on evolving threats, and help organizations comply with increasing regulations on data protection.
Hybrid IT combines the use of cloud-based applications and data with on-premises applications and databases. It allows workloads to move between internal and external IT infrastructures, improving productivity for knowledge workers. Managing security risks from a distributed workforce is a key challenge for CISOs. With the right security tools that provide secure access to data across devices and locations, Hybrid IT can transform enterprise productivity.
This document provides an overview of the In-N-Out Burger fast food chain. Some key points:
1) In-N-Out Burger focuses on fresh, high-quality ingredients for its burgers, fries, and shakes. They do not freeze or microwave foods and prepare each meal fresh per customer order.
2) The family-owned company has remained small in scale, operating primarily in Western states, to maintain control over its supply chain and preparation methods.
3) Customers demonstrate strong loyalty to In-N-Out Burger and its simple menu. They are eager to work for the company and excitedly await new location openings.
4) In-N-
- The document discusses the rise of China's chemical industry and the threat it poses to the US chemical industry. It argues that US chemical firms can respond by (1) focusing on specialty chemicals and innovation, (2) investing in China to access its growing market and reduce costs, (3) managing global supply networks rather than individual companies, and (4) investing in programs to increase long-term competitiveness such as energy management. By collaborating rather than competing directly, both Chinese and US chemical industries can benefit.
Automotive Logistics Magazine - The Automotive South -Working IIJim Romeo
The document discusses the trend of automotive manufacturers locating plants in the Southern US. This is driven by several factors, including lower unionization rates, lower labor costs, and incentives from state governments who view auto manufacturing jobs as important for local economies. Toyota, Kia, and other brands have opened new facilities in places like Mississippi, Georgia, and Texas. Suppliers are also locating near assembly plants to enable just-in-time delivery.
Organizations moving to virtualized platforms need to carefully examine the impact on overall security policy. While virtualization can provide cost savings, it also brings new security risks that must be mitigated. When servers and applications are consolidated onto fewer physical hosts, there is a risk that a single vulnerability or failure could impact multiple systems. Implementing proper access controls, monitoring, and security best practices throughout the virtual infrastructure is important to reduce risks. CIOs must develop strategies to extend existing security policies and controls to the new virtual environment.
The document discusses perceptions of "Linux people" and whether there is such a thing as a Linux personality. It notes that while Linux once had a counterculture image, it is now widely used in corporations. Many IT professionals use Linux at home and support it alongside Windows at work. Companies seek employees with strong problem solving skills who will find innovative solutions, and Linux experience demonstrates these qualities. Managing diverse technical skills and ensuring knowledge sharing are important for organizations using multiple platforms like Linux and Windows.
Heavy lift, breakbulk, and project cargo volumes are robust for U.S. ports as the energy and industrial sectors drive demand. Ports are expanding facilities and working with customers in sectors like wind power, manufacturing, and mining to accommodate large and heavy cargoes. Growth is expected to continue for ports on the East, Gulf, and West Coasts as they pursue replacement cargo for slower container volumes and benefit from government incentives in industries like renewable energy.
Heavy lift, breakbulk, and project cargo volumes are robust for U.S. ports as the energy and industrial sectors drive demand. Ports are expanding facilities and working closely with customers in industries like wind power, manufacturing, and mining to accommodate large or heavy cargoes like wind turbines, power generators, machinery and other non-containerized goods. Growth is expected to continue in these cargo types as incentives promote industries requiring big equipment shipments.
Greg Royal is the CTO and EVP of Cistera Networks, a software company that builds platforms connecting enterprise applications to phone systems using voice over IP. The company extensively uses Linux due to its robustness, scalability, and flexibility. Linux forms the basis of Cistera's IT strategy along with Cisco infrastructure. Linux allows the company to do more with less by reducing licensing costs and increasing capabilities. While some proprietary solutions will remain, open source software allows for lower costs, more flexibility, and better informed decisions through testing and trials.
The global production of waste is increasing rapidly due to population growth and economic development. Waste can be seen as an opportunity resource, and its viability is accelerating. Some governments and companies are well on their way to capitalizing on this trend.
Cellulosic ethanol production from waste feedstocks provides great promise as the next big renewable resource. BlueFire Renewables has operated a pilot facility in Southern California for over 10 years, perfecting the patent applications as well as test and verify various equipment for use in the concentrated acid hydrolysis process. The company is currently completing permitting efforts for the construction of a $1.2 billion, 100 million gallon per year cellulosic ethanol facility in Northern Los Angeles County, S
CIOs need a strategy for securing enterprises as data breaches have increased significantly in recent years. While IT budgets and staffing have decreased, compliance requirements have increased. Outsourcing security functions to a managed security provider can help CIOs address these challenges more effectively by leveraging provider expertise, advanced tools and economies of scale, allowing IT to focus on business needs. Failure to comply with regulations through inadequate security practices can result in penalties, loss of customer trust and damage to reputation.
1) The document discusses how oil and gas companies are increasingly relying on big data and advanced analytics to make strategic decisions, but face challenges in capturing, analyzing, and utilizing large volumes of complex data.
2) It provides examples of how oil and gas companies can use big data for intelligent modeling of underground structures, precise computation to accelerate decisions, and faster exploration and discovery.
3) The document also describes how high performance computing architectures and technologies like GPUs and co-processors can help oil and gas companies more effectively process and gain insights from big data.
1. In a well-publicized case, a data analyst em-
ployed by the U.S. Department of Veterans Affairs (VA) took his laptop
home to suburban Maryland. Burglars entered his home and stole
the laptop. Suddenly, the personal information of some 26.5 million
veterans was at risk. The incident became an international news story
raising caution flags about managed security at the VA.
Incidents like this one are not unusual today, and the risk is increas-
ing as the mobile workforce grows. Gartner reports that 83.9 percent
of businesses have a remote workforce, and by 2011 an estimated 46
million employees globally will telecommute at least one day per week
and 112 million will work from home at least one day per month.
Software and technology solutions help mitigate security risks and
safeguard organizations from threats, but they require IT staff to select,
deploy and maintain them. The problem is, today’s IT environments
are lean. This paper examines the current mobile security landscape,
including myths surrounding the risks and threats, and how organiza-
tions can establish a solid mobile security strategy.
White Paper: Mobile Security
Mobile Security:
The Essential Ingredient
for Today’s Enterprise
2. The Mobile Landscape
The mobile workforce is increasing. More than 17 mil-
lion Americans got their work done via telecommuting
in 2008, a 74 percent increase over the previous three
years, according to WorldatWork Telework Trendlines.
How is this changing our workforce? Mobile work
encourages cross-pollination of different cultures with
fresh ideas and innovative practices for collaborative
teams. In a telecommuting survey sponsored by Robert
Half International, 53 percent of respondents said the
ability to work at home is important to their employment
choice. In the most recent annual telework survey by
CDW Corp., 40 percent of the respondents agreed that
“the option to telecommute would influence their deci-
sion to remain with their employer or take a new job.”
On the one hand, teleworkers help alleviate the daily mi-
nutiae of managing in-house employees, giving manage-
ment more time to strategically develop initiatives. But
on the other hand, a dispersed team of mobile workers
creates more work and new concerns for IT managers.
For example, in a recent survey of CIOs, 45 percent said
they were not confident that their company’s policies
and security measures prevent mobile employees from
sending confidential information to unauthorized third
parties—such as sending company information from a
laptop to a home PC (IDG Research Services on behalf of
Fiberlink Communications, 2008).
Ensuring security is a formidable challenge for IT manag-
ers. Mobility creates opportunity for hackers and preda-
tors and increases other threats and vulnerabilities. It
requires a new approach to security management, in-
cluding an assessment of security plans and policies and,
ultimately, the creation of a mobile security strategy.
Identifying Myths
Before development of a strategy for securing mobile
workers and data, some common myths about IT secu-
rity practices should be clarified and dispelled.
Myth 1: Having a core security program in the office
environment means that IT assets and data are safe
everywhere.
Mobile security is not confined to the office or headquar-
ters location. Wherever a mobile worker goes, so goes
a virtual office. The price and performance of laptops,
coupled with wireless access availability, have created
a work-from-anywhere preference. However, working
outside the office guarded by firewalls and intrusion
measures can increase risks for businesses. Dispersed
employees have lower visibility than those in the office.
It requires resources, time and technology to remotely
monitor and control which sites users visit, the informa-
tion they exchange and the online connections they use.
“Given our business as an international communications
solution provider, our challenges are often compounded
by the need to support customers and business func-
tions in a variety of locations,” says Michael Glenn,
director of Information Security and chief information
security official (CISO) at Qwest Communications Inter-
national Inc., a managed security provider.
Employees now connect and work via wireless networks
and Wi-Fi hotspots and expect to access data 24x7 from
their personal smartphones. Unencrypted wireless ac-
cess points often do not offer the security levels neces-
sary to protect corporate data. Unencrypted public wire-
less access makes it possible for an outsider to detect a
user, enter a wireless network and potentially steal data.
The same scenario is not true with encryption, where
data is modified to prevent access.
Unencrypted hotspots are causing concern about the in-
tegrity and safety of wireless access; 47 percent of CIOs
and IT leaders say they are not very or not at all confident
that their company’s policies and security measures pre-
vent mobile employees from accessing the Internet via
unencrypted public wireless access points (IDG Research
Services for Fiberlink Communications, 2008).
Myth 2: Existing mobile security programs are good
enough as is and don’t require investment or long-term
planning.
Many IT managers believe that their existing mobile
policies are sufficient to mitigate risk. However, vulner-
abilities and threats constantly change, as do the ways
predators exploit weaknesses in IT infrastructure.
Mobile users and the technology used to accommodate
them are growing and changing. For example, it took
BlackBerry five years to get its first million users, just
another 10 months to get its second million and six
months for the next million. Today the company has
more than 28 million users. The steep increase in usage
and the evolving need for new features and capabilities
have heightened the risks and vulnerabilities.
[2]
Qwest White Paper: Mobile Security
3. Complying with encryption regulations and controlling
threats requires vigilant monitoring processes, because
blind spots exist when assets are deployed in remote
places. Workers travel everywhere with their laptops,
smartphones and other equipment. They can work virtu-
ally anywhere. An unnoticed vulnerability potentially
exposes proprietary data to unwanted parties.
Myth 3: Do-it-yourself managed mobile security is a
better, less costly alternative to outsourcing.
In recent research, CIOs declared that privacy and secu-
[3]
Qwest White Paper: Mobile Security
Five Steps to Reduce
Mobile Blind Spots
Today’s mobile workers are everywhere. From their kitchen
tables to airports to remote office locations to headquar-
ters offices, they roam past geographic boundaries and
operate on many different networks. A wide variety of
vulnerabilities can potentially threaten and damage an
organization’s IT systems and data. Here are five steps se-
curity managers can take to reduce these risks and ensure
that mobile blind spots do not bring unwanted publicity
and costs to the organization.
1. Ensure Visibility
r Continually monitor the health and compliance of all
laptops with tools for monitoring applications, flagging
those that are out of company compliance and encrypt-
ing and locking down sensitive data deployed in
a laptop or other device.
r Enforce policies and do remediation as needed.
2. Protect Sensitive Data on Business
Endpoints
r Monitor, protect and update mobile devices, including
those outside the corporate LAN, with tools that provide
secure access to the company network via an optional
virtual private network (VPN) client, as well as authenti-
cation and encryption.
r Monitor and enforce rules about and remediate obso-
lete software. Provide adequate security protection for
device use from any location.
r Disable noncompliant endpoints.
r Set boundaries for information transfer.
3. Develop a Specific Policy to Protect
the Organization
r Develop a policy for damaged, lost or stolen mobile
devices, and protect sensitive information as necessary.
r Monitor deployment of encryption tools, and prevent
employees from copying or distributing sensitive data.
Ensure your company’s ability to meet e-discovery
obligations.
r Make sure your policies enable you to monitor company
data and meet all compliance and legal obligations from
company-issued as well as personal mobile devices.
r Track and document the status and condition of mobile
and remote systems software.
4. Tie Access to Directories, Identities
and Roles
r Allow access to the resources on the corporate net-
work based on the individual, that person’s role and
organizational policy.
r Ensure that licensed content, digital rights and the
distribution of content are protected.
r Secure integrated communications for VoIP, e-mail and
e-commerce transactions.
r Enable the image that appears on the remote workstation
to be identical to that on the home office workstation.
5. Enforce Productivity
r Notify employees that instant message conversations
are monitored and that logs are stored for possible
management review and e-discovery obligations.
r Monitor, audit and collect usage statistics for manage-
ment purposes.
rity concerns are the leading objection to outsourcing.
However, roughly half of these IT executives reported
that they are still likely to outsource some type of data,
voice or network service over the next 18 months (IDG
Research Services and Fortune on behalf of Qwest Com-
munications, May 2009). In the research, cost savings
were the most frequently cited benefit of outsourcing,
followed by access to expertise.
Building an in-house program requires staff and technol-
ogy, and ultimately, investment. And sometimes having
4. an internal, dedicated staff equipped with the most-up-
to-date security technologies can turn out to be more
expensive than hiring a managed service provider. It’s
important to perform a cost analysis of do-it-yourself
versus outsourced managed security.
Myth 4: In-house staff is always up to date on the
latest security threats and trained in the processes,
solutions and equipment needed to combat them.
Managed security providers bring expertise in finding
solutions to fit complex problems, solutions that may
not be available in-house. With cross-industry experi-
ence, an outsourcing provider must stay abreast of
developing threats and investigate products and secu-
rity solutions to address them. Their experience affords
recommendations that save time and money.
The Compliance Conundrum
Understanding misconceptions is the first step toward
improving mobile security. However, the steady growth
of industry compliance requirements makes the task of
managing it even more daunting.
Some of these regulations, or parts of them, promote
data protection within particular industries. For ex-
ample, the Gramm-Leach-Bliley Act (GLBA) has privacy
stipulations to protect information in the financial
services industry. The Healthcare Insurance Portability
and Accountability Act (HIPAA) sets standards for health
care coverage and transactions, including safe-harbor
provisions if data is encrypted to specific standards.
Payment Card Industry (PCI) standards govern data used
in payment card transactions. The U.S. Federal Trade
Commission (FTC) also has information protection rules
that apply. Not meeting compliance requirements can
mean hefty fines and expensive consequences.
In addition, some states in the U.S.—including Massa-
chusetts and Nevada—will soon require encryption on
all mobile devices, including smartphones, if they con-
tain personal information. Further, companies must be
able to retrieve data from mobile devices if the informa-
tion is pertinent to a discovery motion or lawsuit.
New compliance requirements necessitate safeguards
such as network monitoring, data tracking, firewall con-
figuration and access control programs—areas where
outsourced security services are valuable.
Complying with regulations and identifying vulner-
abilities are significant business benefits of using an
outsourced mobile security partner. A provider can also
help prevent costly incidents that degrade the brand
identity of the organization and that have extended
costs. For example, the Department of Veterans Af-
fairs incident led to an outcry from the general public
and government leaders who questioned the security
governance of its mobile workers. This reflected on the
integrity of the organization.
In addition, a security breach has costs that extend
beyond those directly related to the incident. A recent
study by the Ponemon Institute found that the loss of one
laptop costs an average of $49,246. On top of the actual
replacement of the notebook, larger expenses include
costs associated with investigating the incident, the loss
of intellectual property and data and compliance with
regulatory requirements related to the breach.
A managed security provider can help protect the or-
ganization by establishing a mobile security strategy to
prevent such incidents. For example, having a compre-
hensive inventory of mobile assets and the ability to re-
motely disable them can prevent consequential damage
from theft and intrusion by predators.
A managed security partner also provides metrics for
ongoing security maintenance and protection—such as
how mobile workers communicate, how often they are
online, the Web sites they visit and when and how data
is exchanged. This knowledge aids in decision-making
and overall security strategy.
Conclusion
Our universal mobile workforce is steadily growing. Like-
wise, the need to manage the security of the devices
and data used by these workers is also increasing. It’s
important to understand the challenges and miscon-
ceptions about security in terms of complacency, cost,
experience and do-it-yourself security management.
In addition, a rise in compliance requirements has
caused IT managers with limited resources to seek out-
side help to meet these requirements. Having a mobile
security program that incorporates a trusted managed
security provider is a best business practice and an es-
sential ingredient in protecting today’s enterprises.
For more information, visit www.qwest.com/business.
[4]
Qwest White Paper: Mobile Security