Tuesday, 19 July 2016

4 basic security facts everyone should know


4 basic security facts everyone should know

The bad news: It's you against an army of cyber criminals around the world. The good news: A little knowledge can provide an effective defense

1. Two starting points lead to the vast majority of attacks

Unpatched software provides the main entry point of entry for hackers or malware, in part because very few computers have the latest updates for every commonly hacked program. The victim surfs to a web page or opens an email, and their computer is instantly, silently compromised. The second-most-common attack method: The user gets tricked into installing a Trojan. Together, these two methods account for almost all successful hacks.
Sure, there are hundreds of other methods: SQL injection attacks, password guessing, and so on. But nearly everything besides unpatched software and downloaded Trojans is statistical noise. In fact, if you fix the main two issues, you almost don’t need to do anything else. 

Friday, 6 May 2016

5 simple steps to controlling cloud access

How IT can bring order and accountability to public cloud usage without getting in the way of progress

Every technology success story is also a story of unintended consequences. Take virtualization, for instance. Virtualization gave us unprecedented utilization of hardware resources. It transformed a provisioning process that used to take months into one that now takes minutes. It gave us flexibility and speed that was once unimaginable and formed the core foundation of the public cloud and private cloud platforms so prevalent today.
However, with that speed and access to public clouds came the ability to circumvent established processes, also known as “shadow IT.” Today line-of-business teams simply swipe credit cards on public cloud providers to get the self-service, on-demand provisioning they can’t get from their internal IT departments. 
Cloud anarchy is shadow IT’s better-behaved cousin. You’ll find it in IT shops that centralize cloud accounts that get passed around among different line-of-business teams, so that at least the accounting funnels through one place in the IT bureaucracy. In truth, IT typically doesn’t have much control over who is deploying what or where. Instead of per-team or per-individual usage line items, IT only sees the final bill.
Among the strengths of a cloud management platform is that it can apply the governance IT needs without sacrificing the flexibility and speed the business demands. Line-of-business teams get that highly prized self-service, on-demand provisioning, and IT can anoint specific applications -- like those passing security audits -- and dictate who is allowed to access the applications and from where. Add metering and billing to keep track of who is spending what, and IT gets accountability without hampering line-of-business agility.
What does such governance look like? Here are five ways to implement governance of public cloud usage that successfully avoids cloud anarchy: