They last a lifetime and they never change. Fingerprints, irises and even gaits (as in walking) are immutable, if you discount the use of surgery. That is what makes them such reliable identifiers and the basis of different biometric security systems. From science fiction and spy films, we now have smartphones (iPhones for example) that have integrated fingerprint recognition. Users no longer have to remember or reset those ID/PIN combinations. Yet recently, hackers recently stole a file with 5.6 million fingerprints of US government employees. And of course, unlike ID/PIN combinations, those fingerprints cannot be reset. Now what?
Competition in business – can’t live with it, can’t live without it, or so it seems. Your enterprise wants to be better than its competitors, and reduce competitive threats. On the other hand, a lack of competitors usually means your market is very new (or non-existent) or you are operating as a monopoly: neither situation is likely to last long. There is also another scenario: when a major competitor commits a huge, publicly visible and morally reprehensible blunder. The immediate reaction of many is to rub their hands with glee at the thought of increasing their own market share at that competitor’s expense. However, as the current case of Volkswagen and the emissions scandal shows, one company’s mistake can cost its competitors dearly too.
People who try to do it all themselves soon bump up against their limits. Delegation is a crucial skill to acquire if an organisation is to grow and run properly. Business continuity is built on it too. Internally, employees need to know the contribution they must make to keeping an enterprise running, including taking over certain roles in emergencies. Externally, outsourcing providers must also have a clear understanding of what they must supply, whether products, services or results. What often happens however is that delegators do the rest of their delegation correctly, but neglect one essential aspect.
Can’t afford your own data centre? Want to grow a small business and looking for somewhere else to put your IT servers? Colocation services might be the solution. The idea is that for a monthly fee, providers will give your company space in a purpose-built facility with cooling, redundant power supplies and resilient, high-speed network connectivity. Naturally, service levels and quality may vary, but colocation should be a cost-effective way of relocating your servers for security and square footage. What’s not to like? The neighbours, perhaps…
If FDE and FLE sound like twins to you, you could be on the right track for a comprehensive approach to keeping your data confidential. Indeed, FDE (full disk encryption) and FLE (file level encryption) both have security advantages to offer on their own – and even more when they are used together. Conversely, this means that neither encryption approach replaces the other. In particular, FDE protects data at rest on a PC hard disk, for example, whereas FLE protects data in motion, as in files that are being transferred or copied to other systems. Both can benefit from paying attention to the following.
Like a medical examination, the result of penetration testing to assess your organisation’s IT security is technically only valid at the moment it is performed. Independently of how thorough such ‘pen tests’ are, the context in which they are performed changes on a frequent basis. IT hardware and software vendors release new versions and patches of firmware, operating systems and applications. Hackers invent new attack vectors. Employees come and go, and business partners and suppliers, with whom you collaborate and share information, change too. If the business and IT environment fluctuates so much, why then is it still important to do penetration testing?
The future is automation, business processes automated, IT systems automated but where does that leave us humans in the equation of the automated world? And will there be sufficient job positions to counteract the imbalance of jobs moving to an automated cycle? The answer lies within our economy and heads of organisations. For a business to progress and effectively make their margins and profits every year involves many factors and the biggest factor is the expense of paying employees.
We always tend to leave the ground up requirements astray and why? Because they’re not necessary or require too many resources to maintain but what happens when that requirement becomes a legal requirement which is enforced by law will not allow you to run your business without having it. Like leaving breakfast aside and having only lunch and dinner, why would you miss a meal if you know it might affect your body mentally and physically and that goes without say to your Business Continuity Plans (BCPs), without them there will be no BC controls and best practices in place.
For many years we’ve been hyped with the cloud generation of computing with the likes of giants such as Amazon, Microsoft, VMware and Oracle to name a few in the ring. But moving entirely to the cloud has some considerations to take into account and a Cloud Risk Assessment is to be conducted to analyse the possible risks you may be placing your data in. On the up side cloud reduces internal costs, internal resources providing companies with better efficiency and flexibility to maintain data usage loads and scalability.
Every once in a while it’s good to take stock of a situation. A projected 1.25 billion Android users for 2015 (according to Gartner) is such a situation. Either your organisation is already an Android shop or it is likely to become one in the near future. A plethora of software apps for the Android OS and a decidedly spotty security record for many Android users means that reviewing your approach to Android security could be a wise move as well.
One of the bugbears of IT network security is the denial of service (DOS) attack. Instead of (or as well as) trying to sneak past a firewall with a few innocent-looking data packets, the DOS attack tries to cripple a network or a system by swamping it out. In the case of network firewalls, the attacker will try to generate as much network traffic as possible to overload the firewall’s processing power. Attackers often multiply the sources of the network traffic for that reason, leading to distributed denial of service (DDOS) attacks. Firewalls that are submerged by traffic may become unmanageable, unless the vendor has taken suitable design precautions, which might also inspire good business continuity in general.
Middle East Respiratory Syndrome (MERS) is a new threat for humans. Also known as ‘camel flu’, it is a viral respiratory illness first identified in 2012 in Saudi Arabia, where so far it has caused over 280 deaths. Since then it has spread to other countries. As of late June 2015, South Korea was the second most affected country, with 31 fatal casualties. People infected with Middle East Respiratory Syndrome coronavirus (MERS-CoV), to give it its full name, develop fever, coughing and shortness of breath. Although the symptoms are recognisable, the transmission of the virus has yet to be properly understood.
For business executives and marketers, as well as IT departments, the following paragraphs on the secrets of cryptography hold a useful lesson. First a quick recap on what this is all about. AES stands for Advanced Encryption Standard, used to keep your data confidential. The 128 and 256 numbers refer to the size of the ‘key’ that is used to encrypt your data and then to decrypt it so that you can use it again. In an intuitive marketing sense, 256 should be significantly better or ‘stronger’ than 128. This sounds good, but is it of any practical use? Or is it simply fulfilling a psychological need rather than a technical one?
What does it take to get PC or server backups to work properly and bring computers back to operational status? Correctly stored data files are a critical component for most organisations. However, on their own they won’t let you get back to business. You’ll also need the applications that generated those data files and you’ll need the associated configuration and profile information. That includes user and account-specific information and any purpose-built software modules to link your system to others in your enterprise. The smart solution would be to back up all of this information within the same process.
Data encryption should be a good thing for security. When your data is encrypted using today’s encryption standards, other people cannot decode your files or your information. Data at rest encryption (DARE) takes care of the data sitting on hard drives, while data in motion encryption (logically DIME – you read it here first!) ensures that it remains confidential while being transmitted from one point to another. However, like the petard or bomb that blows its user up, encryption can sometimes backfire.