Security Software, IT Infrastructure and Business Continuity

Home / Logon / About this Site

Security Software, IT Infrastructure & Continuity

glossary

Introduction

Best-Practice Guides

Expert View

Market Research

Management Briefings

White Papers

Search this Area

Call us now to become a certified vendor

Click here to access a vendor Evaluation Report

Management Briefings

Are you a vulnerability?: Daniel Dresner, NCC (October 2008)

The biggest threat to information confidentiality, integrity and availability is its unacceptable use by staff, contractors, partners and former employees. That’s the conclusion of a recent National Computing Centre (NCC) ‘survey of surveys’ – reviewed by members and scrutinised by experts. In other words, information security or assurance is, as so many like to announce, a people problem. But it’s not just people! There seems to be a tendency in security to grab at ‘silver bullets’ and focus on the kind of single, limited-vector threats that silver bullet solutions are needed for. But there’s a danger that this attenuates risks to information security into a model that’s too simple to be helpful. Confident slogans that look good in headlines and on T-shirts help us to model complex challenges – but they do not abrogate our responsibilities to maintain a comprehensive view of a problem. This means dealing with people, processes, and technology. Keep models in their place; be tough on both risk and the causes of risk.

When disaster strikes: Chris Potter, PwC (August 2008)

Disasters have shaped history since the birth of mankind. As Homer once put it, the man who runs from disaster does better than he who is caught by it. Saint Anselm observed that disasters teach us humility, while Germaine Greer has speculated that catastrophe is the natural human environment and that we are all programmed for survival amidst it. But within the business and technology context, two things are clear. Firstly, catastrophe is not the natural environment for delicate computer systems. Secondly, computers are not very good at running. So contingency planning is vital to ensure that IT systems can be recovered if they are knocked out by a disaster. You only have to look at world events over the last year to see how fragile our way of life can be. Whether it is the cyclone in Burma, the earthquake in China or last summer’s flooding in Tewkesbury, the news is often dominated by disaster stories. Most scientists believe that the climate is changing and this will make natural calamities more frequent and more severe. So, disaster recovery has never been more important.

Unseen enemy: Steve Nimmons, Atos Origin (May 2008)

I recall (approximately eight years ago) reading an interesting poster on social engineering at a well-known electronics company in California. This wall-chart communicated sensible advice for dealing with unsolicited phone calls, ‘chance’ conversations and the importance of discretion when discussing corporate matters on planes, trains and automobiles. Topics such as tail gating, the ‘risk of gallantry’, the social and psychological tricks used by experienced practitioners to project ‘belonging’, the need for discretion and vigilance in public spaces and of course ‘clear desk policies’ were explained in concise, relevant and accessible language. In this way, workforces across this and other enterprises were equipped to deal with the primary aspects of corporate social manipulation. Using inhouse and industry standards, they shared the wisdom of primary threats, expected behaviours and above all encouraged staff training and awareness.

Working the web: Cliff Mills, PMP Research (March 2008)

Web analytics is the process of analysing the behaviour of visitors to a website. The aim is to help organisations maximise the value of their internet marketing and improve the design of their website. By understanding visitor behaviour, organisations can tailor their marketing initiatives to attract, retain and grow the value of customers. To see how companies are progressing in using this relatively new marketing tool, PMP Research surveyed a cross-section of leading organisations for their opinions on the use of web analytics software. For the majority of organisations (80%), the analysis and activity monitoring of their websites is undertaken by inhouse staff, with only 6% selecting an external company and 14% using a mixture of internal and external resources.

Sword of insecurity: John Walker, Secure-Bastion (January 2008)

Within a small timeframe, business has evolved to embrace the delivery channels of the internet. Companies increasingly have a globalised footprint, generating vast profits from online e-trade and adding much to the gross national product (GNP) of their respective countries and continents. We also see a wide utilisation of offshore service providers, supporting remote systems and applications and the development of code. The lower running costs offered by the internet are also attractive to business. Many corporate and mid-sized companies are deploying lower-cost IP communications, ranging from pure VoIP to the more popular technology of choice within the mid-sized community, Skype. Overall, in many respects business is doing very well indeed, notwithstanding a downturn in some areas of the global economy.

Putting in storage: Peter Williams, Bloor Research (October 2007)

The near-exponential rise in data storage requirements is an escalating problem, and it manifests itself in soaring costs, degraded performance for backup and retrieval, slower access, and more complex storage management. Storage equipment producers are delighted to sell more systems but even they are beginning to see the spectre of systems becoming unmanageable or unusable, so crippling their customers. This has concentrated minds, and a number of technologies have emerged which counter the effects of the storage explosion (although not its causes). A few companies have patented some aspect of their software but mostly they have adapted existing techniques.

Phishing, pharming and other cyberspace scams:John Hookham, Adrelia (Jul/Aug 07)

Throughout history, confidence tricksters and their scams have always existed. In the age of the internet the old classics are alive and well and new ones have been invented. And despite warnings that con men and fraudsters out there are after your money, millions of normal computer users and many businesses still fall victim to cyber crimes. Some scams are easy to avoid and some are fairly obvious, but others are more subtle, some are downright fiendish and a few are quite simply despicable – preying on the most vulnerable and often desperate members of society.

Business risk: the bigger picture: Martin Atherton, Freeform Dynamics (May 2007)

Many organisations spend a lot of time and money chasing regulation and compliance. But taking a step back and revisiting information management strategies in the context of the broader landscape of business risk could help them address multiple, critical challenges. In fact, many businesses are beginning to adopt a more formal approach to risk management. The more forward-thinking among them are taking a co-ordinated, executive-led approach and appointing a chief risk officer (CRO) – particularly in financial services, where 48% of firms have a CRO in place compared to the overall average of 36%. Organisations are also striving for more co-ordination at a practical level – between physical and IT security, and across security and information management.

As safe as houses: Allan Cooke, Akubra (April 2007)

Most of us are familiar with the concept of domestic security. We understand the value of our possessions, the threats to our home and family, and take appropriate measures. But in the business world, with an intangible asset such as information, how do you achieve similar confidence in your security measures? Do you know what the threats to your information are, and how to protect against them? Security product vendors have a vested interest in casting fear, uncertainty and doubt over the levels of protection organisations have implemented, and would prefer you to solve problems through the deployment of costly solutions. Without the ability to assess the value of information, organisations risk having an expensive and possibly ineffective information security policy. Whether or not their security expenditure is appropriate depends on the specific nature of each business. Organisations therefore need a mechanism for establishing which information assets need protection, and a way of assessing the cost-effectiveness of security measures.

Mind the gap: Colin Butcher, XDelta (December 2006)

We have a support ‘time bomb’ waiting to explode. It has been created by the widespread loss of experienced business continuity staff, the lack of new people coming through to take their place, and across-the-board cost cutting initiatives such as outsourcing and offshoring to the cheapest supplier. Getting good value is important, but cutting costs to the point that quality of service is impacted at the front line will cause long-term damage. In practice, an ‘expertise gap’ is growing between the necessary level of skill required to support companies’ technical infrastructure, the immediately available level of skill with end-user organisations and, crucially, the immediately available level of support from manufacturers and suppliers. This is creating a major risk to the survival of businesses when they have problems with their technology infrastructure or with their external communication mechanisms.

21st century IT: B Challinor/I Barnes, Intelligent Network/ProsolveIT (Oct 2006)

In today’s challenging environment, businesses are being asked to respond faster to competitive and customer challenges; and they are looking to IT to be a differentiator, providing flexibility and speed as they address complex business issues. IT managers are seeking solutions that provide both agility and reduced cost – and service oriented architecture (SOA) is being characterised as the next big thing in IT infrastructure development by both industry analysts and the IT press. Gartner is predicting that by 2007, most companies will adopt SOA frameworks for new applications and will have the infrastructure required for wrapping legacy applications and integration across processes.

Horses for courses: Paul Mellings, Xantus (August 2006)

The term virtual private network (VPN) is well-established in IT parlance, though it can mean different things to different people. For some, it is intimately linked with the internet, whilst confusingly for others it is a way of avoiding all that is bad about the internet. Muddying the waters further, the term also has connotations in the voice networking arena. This article seeks to clarify the differences between various VPNs and discuss the features, benefits and applications of each. So what is a VPN? What is true of all VPNs is that they provide connectivity between two or more places using a previously established shared network infrastructure – rather than having to deploy new, dedicated hardware specifically for this purpose. By ‘overlaying’ new secure logical links or channels on top of an existing physical network infrastructure, it is possible to emulate a dedicated private network without the expense, time and trouble of building one. Hence the term ‘virtual private network’ – it looks and acts like a private network but by being built on shared infrastructure, fundamentally is not.

In the frame: Alan Calder, IT Governance (June 2006)

If information is the lifeblood of the modern enterprise, information technology provides its circulatory and nervous systems. In a ruthlessly competitive business environment, IT makes possible the move from a tangible asset-based business model to an intangible intellectual capital based one. Information and IT provide competitive advantage, improve productivity, reduce costs, support communication and operational capability, and are essential for financial reporting. This should put information and IT near the top of the board agenda: IT should be a governance issue.

IT yesterday and today: Terry Critchley, TAC Associates (April 2006)

The IT world today is far more complex than it was 15-20 years ago when the internet, data warehousing and knowledge engineering were relatively rare. As a result of this complexity, systems migration and consolidation have become key management issues. Back in the 80s the mainframe, under centralised control, still ruled the roost but Unix was being considered for new applications which may have been on a backlog in the mainframe environment. In addition, there was a surge in the availability of application packages, a thing unknown on the mainframe – where nearly all applications were bespoke and very organisation-specific. Many of these programs still exist today as core business applications, often because they do the required job and there is a massive investment in the software.

Building a security awareness 'matrix': John Walker, Experian (February 2006)

It would seem the penny has finally dropped about the threats faced by internet users that could impact both the business and end users alike. The problem for most security professionals is that their non-security colleagues tend to view them as semi, if not totally, paranoid, with a tendency to read far too much John le Carre. In other words, they appreciate the necessity for much of what the specialists have introduced, or wish to introduce, but feel that it simply gets in the way of the real world of business. However, this attitude appears to be changing. In mid-2004, I attended a meeting with an external specialist group to consider the threats posed by online vulnerabilities. At the meting, we discussed the dangers posed by ‘phishing’ attacks and I suggested this would be a significant risk as we moved into 2005/6. In my opinion then, phishing should not have been considered a passive threat, but one with very real potential to damage online confidence.

Battling the identity crisis: Chris Voice, Entrust (December 2005)

The internet has created significant opportunities for organisations to move processes online, helping them both deliver new services and cut costs compared to traditional transactions. However, with this opportunity also comes inherent risk — especially in the absence of appropriate security to protect the identities of users online. Today, organisations are experiencing a rapid increase in the incidence of online identity attacks. Typical attacks to perpetrate these crimes include ‘phishing’ and ‘malware’, and are resulting in online user identities being stolen at an alarming rate. In the first eight months of 2005, the number of phishing sites, from which many online identity attacks are perpetrated, increased by over 200%, according to the Anti-Phishing Working Group.

IT governance: who runs infrastructure?: Richard Ellis, X Consulting (Nov 05)

“Be willing to make decisions. That’s the most important quality in a good leader.” General George S Patton. Enron, Parmalat and Equitable Life are amongst the most high profile of corporate scandals. These, and others, have placed governance on the executive radar as an important issue for organisations both in the public and private sector. IT is a key component of overall corporate governance and needs to be addressed in much the same way as with strong financial governance. The finance director does not authorise every payment or sign every cheque but ensures that the mechanisms are in place to answer three key questions: what are the decisions required to ensure that our finances are used and managed effectively?; who should make these decisions?; and how will the decisions be made and monitored?

Accessibility: not such a bitter pill: Jake Liddell, Charteris (August 2005)

Over the last 18 months, the world’s IT press has gradually been waking up to the fact that, for whatever reason, companies must now make their internet and intranet content accessible to everyone. The requirement is very real. Despite a multitude of incorrect articles published on the details, the one thing everyone is in agreement about is that UK business owners and managers must address this ‘accessibility’ issue. The picture that is painted is usually one of doom and gloom. Accessibility is generally presented as a mandatory requirement that will cost you money to implement, but is something you just have to do. Occasionally, articles will mention the size of the market that might benefit, and conclusions are sometimes drawn about the lost sales at stake if you do nothing.

Individual identity: a corporate issue: Simon Ratcliffe, DiData (July 2005)

It is difficult today to find anybody who does not accept that well-managed identities within an organisation save vast amounts of money. This may be through the direct cost of provisioning a new user, the incalculable cost of forgetting to completely de-provision a disgruntled user, or the hard-to-calculate but nonetheless significant cost of having an employee unable to work effectively after being promoted because all their systems don’t quite line up with the new job. Even the simple consideration of the fact that password resets cost £25 a pop, is virtually cost justification on its own. Yet while identity management is one of the most talked-about IT security issues in the modern corporate environment, it remains one of the least effectively addressed.

The death of tapes?: Danny Thomas, The Thomas Bamber Partnership (May 2005)

I remember my first visit to a computer room. I was working for a software development company and had gone to collect the output from the previous night’s batch test run. While not large, the room matched most of my expectation: lots of large beige machines connected to similarly large reel-to-reel tape drives, some of them busy shuffling backwards and forwards, and a large trolley piled high with tapes – the previous night’s backup ready for transfer to a massive fire safe. I was in a Gerry Anderson world, somewhere between Joe 90 and UFO (without the purple hair and dodgy dress sense). As time passed, the technology has changed dramatically. Open reel migrated to tape cartridges, cartridges got smaller and data density got ever higher. Direct connected tape drives began to give way to backup LANs and automated tape libraries.

Web services – so what?: Leon Benjamin, Tony Evans Associates (April 2005)

Rarely has a technology that is so transformative, taken so long to be exploited by large enterprises. Web services, first announced by the World Wide Web Consortium in 1999/2000, still has poor adoption rates despite the widespread use of its sister technology, XML (eXtensible Mark Up Language). In the year 2000, the Financial Times reported that XML was so important that it was an agenda item at UK Government Cabinet meetings. At this time, Bill Gates went on record as saying Microsoft “had bet the farm” on this technology, announcing its .NET initiative that is still at the heart of its product line and core marketing messages.

Making the users responsible: Pat Sweet, PMP Research (May 2004)

There is plenty of technology on the market to help companies keep their IT infrastructure running smoothly and to ensure that vital corporate data is safe and secure – but handling the people and processes involved remains a major challenge. New applications are only part of the answer: greater user awareness of the possible pitfalls and responsibilities is also required. Against this background, PMP Research invited four industry experts to give their views on the business continuity and IT infrastructure market. We spoke to Graham Titterington, an analyst with Ovum; Paul Hammond, director of solutions consulting for CNT; David Sharp, head of business service line at Charteris; and Tony Hart, senior analyst with the enterprise applications team at Datamonitor.

Getting connected: Correy Voo, BT Global Services (May 2004)

According to the latest figures from research firm Macarthur Stroud International, 40% of European businesses now have storage area networks (SANs) and a further 9% have mixed SAN and networked attached storage (NAS) environments. The migration towards networked storage is set to continue. Gartner predicts that the global NAS market alone will reach $2.6 billion in 2007 with a 14% annual growth rate. Studies suggest that many businesses now accept that direct attached storage (DAS) is no longer a cost-effective or efficient way to manage data. This is largely due to the fact that storage attached directly to individual applications creates islands of duplicate data across organisations and pools of redundant capacity.

Cyber liability: Lisa Hansford-Smith, Marsh (May 2004)

It only takes one alert like the recent MyDoom virus attack for organisations to take a close interest in how best to protect their computer systems. For many, the first response will be to invest in additional technology designed to safeguard business-critical applications, such as firewalls, intrusion detection tools and backup facilities. Such an approach will do much to improve the security of the technical infrastructure, but in some instances it may not be enough to allow the organisation to carry on business as usual if something does go wrong. To do that, companies have to think about how they are going to protect their non-material assets – that is, the knowledge and the intellectual property which is held within those physical computer systems and which is absolutely vital to the smooth running of the company.