OpsCentre - Gold partners with Continuity Forum

Find us on LinkedIn

Find us on Facebook

Follow us on Twitter


Should Mobile Device Data Protection Be Encouraged or Enforced?

February 11th, 2016

How many people in your enterprise use their personal mobile devices for work? How many benefit from a smartphone, tablet or laptop provided by the company, and that they can use outside work? How much risk is there in each case of data loss or compromise? Nowadays, we are increasingly dependent on our mobile devices for professional and personal reasons. A device that is lost or stolen can mean losing all our data, if no other precautions are taken. So how much can enterprises encourage data protection on mobile devices, and how far should they go to enforce it?

Read the rest of this entry »

Our 2015 Business Continuity Review – Cloudy with Scattered Security Breaches

February 4th, 2016

Just like IT systems are moving away from monolithic big-bang style releases to agile increments, so it seems is life in related areas. Business continuity, enterprise computing, information security, and the major business systems that are affected by them – notably supply chains – seemed to have less thunder and lightning in 2015, and more trending cloudiness (or was it cloudy trendiness?).

Read the rest of this entry »

Which Part of Your Body Will You Use to Protect Your Data?

February 4th, 2016

A big driving factor in the search for the perfect biometric security app is the wish to stop using current user ID and password access methods. The biometric body-part solutions typically have the advantage of being unique (unforgettable) and impossible for a user to forget, because of course his or her fingerprints, etc. are always to hand. Here’s a rundown of some of the contenders:

Read the rest of this entry »

How Ready Do You Feel for BYOE (Bring Your Own Encryption)?

January 28th, 2016

Revelations of government snooping and pressure on cloud providers to provide customer data to authorities have led to new developments in the way encryption is applied. The problem came about because the providers did the encryption of the data, but also held the encryption keys. That meant that customer data was protected from everyone else, except from the provider itself. Of course, the option for customers to encrypt their data before sending it to the cloud for storage has always existed, but makes it more difficult to use the data for cloud-based applications. A recent twist to the encryption saga is BYOE, also known as BYOK (Bring Your Own Key). How well does this answer concerns about data privacy in the cloud?

Read the rest of this entry »

When Corporate Reputation Management is About Thinking, Not Feeling

January 26th, 2016

Data breaches, IT incidents or any other corporate disasters have an impact on a company’s standing. Reputation management is a matter of protecting that standing or of keeping damage to minimal levels. In some instances, data breaches for instance may not need to be declared to the public. In other cases, when customer, medical or other personal data is compromised, a company has no choice but to advise consumers, patients and other individuals about the risks engendered. An interesting insight from MIT’s Sloan School of Management into how the public at large perceives enterprises and organisations suggests that trying to leverage feelings may be a bad move, when it comes to reputation management.

Read the rest of this entry »

Micro Answers to Expanding IT Security Perimeters

January 21st, 2016

If you use a cloud service or let your employees access company systems from their own smartphones, you’ve probably already noticed how your IT security world has expanded. What used to be a tightly defined domain behind a firewall has morphed into something that now extends to the far confines of cyberspace. As a matter of principle, any business data that travels outside the company perimeter is automatically at greater risk, even if enterprises make great efforts to keep the risk delta as small as possible. However, the macro style solution of a bigger firewall no longer works when you have to deal with the Internet at large. Micro-oriented approaches offer another approach.

Read the rest of this entry »

Why Business Continuity Will Now Be Even More Visible

January 19th, 2016

Once upon a time, enterprises made products and supplied the occasional service. Now it seems this situation is being turned upside-down. The trend is to supply far more as a service or a subscription, with one-off product sales becoming the exception, instead of the rule. Much of this started in IT, as cloud computing became popular. Enterprises saw the advantage of paying for software and hardware usage month by month and according to how much they wanted, instead of large lump sum capital payments for resources they did not always use fully. Cloud providers often offered better business continuity too. But will the same be true when the client enterprises become service providers in their own right?

Read the rest of this entry »

IT Security and the End of Ivory Towers, Bolt-Ons and Bigger Fences

January 14th, 2016

Have you ever looked at an IT security plan and wondered, “what’s wrong with this picture?” When words like “policy”, “procedure” and even “implementation” are prominent, but others like “user”, “training”, “performance” and “awareness” seem to be pushed into the background, there may be room for improvement. Unless your context is entirely “lights-out” and computer-driven (still rare even in this age), human beings will be an integral and fundamental factor in your IT security planning and management. And unless your context is completely on-premises without any connections to the cloud (increasingly rare), the days of the bolt-on, “bigger fence” are numbered.

Read the rest of this entry »

7 Business Continuity Tips for Keeping Supply Chains Working Well in 2016

January 12th, 2016

Business continuity priorities don’t come much bigger than having a properly functioning supply chain. Whether an organisation is in the private or the public sector, supply chains have to work without interruption, profitably and to the satisfaction of end-customers. Over time, observations and experience have helped put together the following list of tips for BC management of this critical part of all companies. As we progress through 2016, here’s what to look out for.

Read the rest of this entry »

The Rise of Rule-Based Security in Cloud Computing

January 7th, 2016

Corporate policies on anything from safety to ethical sourcing are all about rules. Do this; don’t do that! Often created from the experience of everything that went wrong in the past, policies can soon turn into large, unwieldy documents. IT security also has its rules, some of them born of common sense, others of past problems. These rules for checking attribution of user access rights, encrypting data volumes and similar precautions, can easily mount into the hundreds. Some cloud services vendors now make rules-based management services part of their offering to customers, but with a key advantage that sets them apart from those other chunky policy documents that managers must cope with.

Read the rest of this entry »

IT Security, One Rotten Apple and a Whole Bad Barrel

January 5th, 2016

Barrels of apples can go bad, both literally and figuratively, because of just one rotten apple. The rot spreads from one apple to another until the whole barrel is infected. Not so long ago (in 2014), experts from security company ESET discovered 25,000 servers infected with malware, some of these servers being grouped together in a network and infected together. The common factor was the installation of the Linux/Ebury malware, allowing login information to be harvested and communicated to the attackers that installed the malware. According to the experts, attackers needed to compromise just one server to then gain easy access to others in the same network. But was this one bad apple – or the whole lot?

Read the rest of this entry »

3 Broad Categories of Cyber-Security Trends for 2016

December 31st, 2015

System hacks, data breaches and information theft are frequently in the news, and will surely continue to feature strongly in 2016. However, recent crystal ball gazing by different actors and experts yielded an intriguing variety of predictions for the coming year. Broadly speaking, there are IT security trends we can expect, those we should suspect, and those that sound a little like cyber-fiction, but still sound just credible enough to be given at least a modicum of attention.

Read the rest of this entry »

Data Encryption and Reputation Management

December 29th, 2015

What do encryption and reputation have to do with each other? On the face of it, the link seems tenuous. However, if a data breach occurs, encryption could be the difference between intense corporate embarrassment and a corporate reputation that remains untarnished. Of course, we’re talking about than standard encryption of data in transit with SSL. This must be complemented by encryption of data at rest. Organisations are then better protected all round. In some locations, there is no obligation even to inform consumers if only properly encrypted data has been breached. But is this a reasonable approach? And if so, why did at least one recent high profile corporate victim fail to encrypt highly sensitive, compromised data?

Read the rest of this entry »

Cryptographic Protection that Does Not Hide Your Information

December 24th, 2015

Does this sound like a contradiction in terms? If your idea of cryptography is all about keeping confidential information hidden from prying eyes, then the idea of applying it to information that is then consumable by others may seem strange, to say the least. However, this is a major function of cryptography too. It makes it very difficult to change information without such a change being easily detected. Practical examples of application include secure transfer of funds: for example, you wouldn’t want anybody to add an extra zero at the end of that payment you just made. Business applications of cryptography in this sense can go much further too.

Read the rest of this entry »

Password Salting may be Effective, but is it Healthy?

December 22nd, 2015

Much of IT security revolves around the question of how much you believe users can think for themselves. Password salting is a solution likely to appeal to those who think users are unreliable, careless or otherwise unable to behave correctly when it comes to the proper use of passwords. Yet the brain is a muscle and needs regular exercise, including password push-ups and security question squats. Which way should you go? To help answer that question, first try our super-fast primer on what password salting actually is; or if you prefer, how to explain its importance to your CEO.

Read the rest of this entry »