IT Best Practices Alert

The CIO-level business angle on the latest tech

Search IT Best Practices Alert

IT Best Practices news and resources from Network World.

New approaches to combat 'sources of evil' and other security issues: 05/18/12; Eric Cole of the SANS Institute says threats to our networks have changed but the way we approach security hasn't changed. As a result, companies have spent heavily on security technologies but they are still getting compromised. He suggests some new approaches.
Training workers to be cyber safe: 05/11/12; Cyber thieves and scam artists have become more sophisticated in their means to steal login credentials and gain access to valuable information or other assets. The scams affect individuals at work as well as at home. It’s more important than ever for companies to teach their workers how to be cyber safe and to think about their actions and the risks involved.
Manage software deployments across complex environments: 05/04/12; The larger and more complex an organization's processing environments are, including cloud instances, the more challenging the process of application deployment. Automation tools support the best practice of keeping these apps updated for peak performance, capability and security.
Meeting data privacy, residency and security requirements in the cloud: 04/27/12; In survey after survey, CIOs and CISOs express concern about adopting cloud computing due to "data security issues." Many organizations are addressing their concerns by encrypting data in the cloud. An alternative solution is to tokenize data before it passes through your firewall so sensitive data never reaches the cloud.
ISPs agree to fight botnets using the U.S. Anti-Bot Code of Conduct: 04/20/12; By some accounts, more than 10% of U.S. computers are enjoined to a botnet. The U.S. Federal Communications Commission recently approved the Anti-Bot Code of Conduct, a voluntary program for ISPs that aims to reduce the likelihood of users' computers being recruited into botnet servitude.
Vaultive encrypts data-in-use for hosted Exchange environments: 04/13/12; While many organizations could save time and money by moving their email systems to the cloud, security is often a barrier. A new solution coming this spring offers data-in-use encryption technology that addresses data security, privacy, residency and regulatory compliance concerns associated with cloud-based application deployment.
Automating data encryption for new cloud architectures: 04/06/12; Almost every survey about inhibitors to cloud computing identifies "security concerns" as the top issue. It will remain an issue until the notion of encrypting all data in the cloud becomes a best practice. Gazzang is rising to the challenge with a PaaS encryption solution that automates data encryption, especially for open source environments and big data applications.
Considerations for modernizing your network: 03/30/12; Business applications and the way we use them are undergoing a radical change, and this is leading many companies to modernize their network. Here are some "best practice" considerations for modernization strategies.
The 2012 State of the Network report: 03/23/12; According to Network Instruments' 2012 State of the Network survey, video is having great impact on many companies' network performance and bandwidth. By the beginning of 2013, nearly one-quarter of respondents expect video to consume more than half of their bandwidth.
Expert advice on implementing role-based access control (RBAC): 03/16/12; Role-based access control can improve enterprise security, reduce employee downtime and improve the efficiency of resource provisioning and access control policy administration. Here's expert advice on implementing RBAC in your enterprise.
New key technology simplifies data encryption in the cloud: 03/09/12; Many companies cite data security as their top inhibitor to cloud adoption. Data encryption is a logical security measure, but key management can be tricky. Now there's a new service that simplifies key management while ensuring that no one but the data owner ever knows the master key.
Coming soon: Certification for mobile app developers: 03/02/12; The next time you use an application on your smartphone, give this a thought: Did the developer who created the app build security in from the very start? Too often the answer is no. CompTIA and viaForensics are addressing this gaping hole with a new Secure Mobile App Developer certification.
Using forensics to deeply understand the security impact of iOS and Android in the enterprise: 02/24/12; When smartphones first emerged many IT organizations didn't recognize the risk they posed. That changed rapidly, of course, and today these devices are changing the risk profile for organizations because they introduce threats to sensitive company information.
5 tips for successful mobile app development for the enterprise: 02/17/12; The founders of Taptera, a young software company making mobile apps for BYOD in the enterprise, offer tips for developing the kinds of apps employees will want to use, and that will bring real productivity to the enterprise.
M86 Security Labs report provides insight to plan security for 2012: 02/10/12; The researchers at M86 Security Labs have just released their semiannual report about security trends and malware, spam and phishing activities they observed in the latter half of 2011. Use the 20/20 hindsight of this report to plan ahead for your security measures in 2012.
Get expert advice on building an effective BYOD strategy: 02/03/12; Is your organization struggling with the task of creating a “bring your own device” (BYOD) strategy? Pick up some pointers from some of the leading expert practitioners in information security. The Wisegate community has just published a new report on effective BYOD strategies.
Systems management uses social media-like messages to enable better decisions: 01/27/12; Wouldn't it be cool if our computer systems could talk to us like HAL in the movie "2001: A Space Odyssey"? Instead we get complex and nearly undecipherable messages that read like pure log files. Startup company Nodeable aims to help your cloud-based systems communicate with you in a much more human language. Think of it as tweets from the cloud to provide you with status updates. Cool!
Reduce the conflicts between IT administrators and information security personnel: 01/20/12; Sometimes the simplest solutions to problems evade us because we cannot see the forest through all the trees. In this case, the forest and trees I'm referring to are the people and policies that are in place to manage the operations and the information security of business networks. A few common-sense practices can reduce the conflicts between teams with a shared mission but disparate approaches.
A new audit standard validates IT-specific controls for cloud service providers: 01/13/12; Risk mitigation is one thing when you own all the resources, but when you start moving data and applications into the cloud, it's doubly important to understand what the service provider is doing to protect your assets. Now there is a new audit standard and certification for reporting on controls for data centers and service providers in the cloud.
Social engineering attacks on the enterprise are trending upward: 01/05/12; Amit Klein, CTO of the security firm Trusteer, predicts that social engineering attacks against enterprises will be on the rise in 2012. The problem is that too many people disclose too much personal information on social networks, and this gives thieves the leverage they need to gain and then abuse people's trust.
Be on the lookout for the malicious insider: 12/23/11; A new white paper from Symantec profiles the risk indicators of the malicious insider. There are key patterns and technologies that can help you identify the employee who might have a penchant to steal your company's intellectual property.
Remote management of applications frees your people from mundane tasks: 12/15/11; Do you have a portfolio of commodity applications like email, collaboration, mobile device management and directory and identity management that require multiple staff members to administer? Could their time and expertise be put to better use? Here's a business model that lets you outsource the remote monitoring and management of common in-house applications, freeing up your people for more strategic IT work.
HP has new cloud certifications for technical experts: 12/09/11; HP has a new set of expert-level cloud certifications for IT professionals who can design and develop cloud computing solutions based on open systems. The training for the certification exams helps technical professionals gain hands-on experience and knowledge across the cloud technology spectrum.
Citrix Receiver brings full-fledged desktop apps to smartphones and tablets: 12/02/11; The BYOD phenomenon shows no signs of abating, and many companies continue to struggle with the best (read: safest) way to give workers access to corporate applications via employee-owned smart devices. Citrix Receiver leverages the security of a Citrix XenDesktop or XenApp infrastructure to bring full-blown desktop applications to smartphones and tablet PCs.
Two-thirds of firewall managers lack confidence in their security posture: 11/28/11; In its annual firewall management survey, Tufin Technologies uncovered some disheartening details. For example, 1 in 4 firewall managers have never conducted an audit, and 66% of the managers think their processes put them at risk of a security breach. The alarm is sounding for a giant wake-up call.