Small business owners apparently are clueless about cloud computing, according to a survey.
Findings:
-- 71 percent have never heard of cloud computing
-- 74 percent of those who have heard of cloud computing said they could not describe it
-- 22 percent said they had data or critical information, software or hardware in their office that may not be secure
-- Only 29 percent said that their critical computer hardware, software and data was backed up and stored offsite
Comment from Barry Sloane, President and CEO of The Small Business Authority: Cloud computing will be the next important trend in the U.S. economy for businesses large and small. There is no doubt that business owners will embrace the cloud concept and over time gravitate towards its massive benefits. We surveyed over 1,800 independent business owners and discovered that the concept of cloud computing has begun to disseminate into the marketplace, due primarily to large advertising programs by entities like Microsoft, Cisco and others. Business owners will need to understand what the cloud is and what it can do for their businesses in the areas of cost control, data security, data protection, accessibility, efficiency and productivity to facilitate a smooth running technological platform for their business. About 25 percent of our business owners said they understood what cloud computing was. However, when we drilled down deeper most, 78 percent, thought that their data was secure. Yet 71 percent stated their data was not backed up offsite. Server huggers beware. The cloud is approaching; the security blanket of the server in the closet onsite and having an assistant backup important business data and confidential client information needs to be behind us all. Our survey this month is quite telling about what independent business owners really need to know about the cloud and how misinformed they are about data safety and security.
About the survey: Conducted by Newtek Business Services, the monthly SB Authority Market Sentiment Survey polled approximately 1,800 small business respondents.
Contact: http://www.newtekbusinessservices.com
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Tuesday, May 31, 2011
Monday, May 16, 2011
Security Vulnerabilities Are At All Time Highs for Mobile Devices
Enterprise and consumer mobile devices are being exposed to a record number of security threats, including a 400 percent increase in Android malware, as well as highly targeted Wi-Fi attacks, according to a report.
With smartphones set to eclipse PCs as the preferred method of both personal and professional computing, cyber criminals have turned their attention to mobile devices. At the same time, the gap between hacker capabilities and an organization's defenses is widening. These trends underscore the need for further mobile security awareness, as well as more stringent, better integrated mobile security policies and solutions.
Key report findings:
-- App Store Anxiety: The single greatest distribution point for mobile malware is application download, yet the vast majority of smartphone users are not employing an antivirus solution on their mobile device to scan for malware
-- Wi-Fi Worries: Mobile devices are increasingly susceptible to Wi-Fi attacks, including applications that enable an attacker to easily log into victim email and social networking applications
-- The Text Threat: 17 percent of all reported infections were due to SMS trojans that sent SMS messages to premium rate numbers, often at irretrievable cost to the user or enterprise
-- Device Loss and Theft: 1 in 20 Juniper customer devices were lost or stolen, requiring locate, lock or wipe commands to be issued
-- Risky Teen Behavior: 20 percent of all teens admit sending inappropriate or explicit material from a mobile device
-- "Droid Distress": The number of Android malware attacks increased 400 percent since Summer 2010
Comment from Jeff Wilson, principal analyst, security, at Infonetics Research: The last 18 months have produced a non-stop barrage of newsworthy threat events, and while most had been aimed at traditional desktop computers, hackers are now setting their sights on mobile devices. Operating system consolidation and the massive and growing installed base of powerful mobile devices is tempting profit-motivated hackers to target these devices. In a recent survey of large businesses, we found that nearly 40 percent considered smartphones the device type posing the largest security threat now. Businesses need security tools that provide comprehensive protection: from the core of the network to the diverse range of endpoints that all IT shops are now forced to manage and secure.
Comment from Dan Hoffman, chief mobile security evangelist at Juniper Networks: These findings reflect a perfect storm of users who are either uneducated on or disinterested in security, downloading readily available applications from unknown and unvetted sources in the complete absence of mobile device security solutions. App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation. There are specifics steps users must take to mitigate mobile attacks. Both enterprises and consumers alike need to be aware of the growing risks associated with the convenience of having the Internet in the palm of your hand.
Recommendations for guarding against growing mobile malware threats for enterprises, government agencies and SMBs:
-- Employ on-device anti-malware to protect against malicious applications, spyware, infected SD cards and malware-based attacks against the mobile device
-- Use SSL VPN clients to effortlessly protect data in transit and ensure appropriate network authentication and access rights
-- Centralize locate and remote lock, wipe, backup and restore facilities for lost and stolen devices
-- Strongly enforce security policies, such as mandating the use of strong PINs/Passcodes
-- Leverage tools to help monitor device activity for data leakage and inappropriate use
-- Centralize mobile device administration to enforce and report on security policies
About the report: "Malicious Mobile Threats Report 2010/2011" was compiled by the Juniper Networks Global Threat Center (GTC) research facility, which conducts around-the-clock security, vulnerability and malware research tailored specifically to mobile device platforms and technologies. The GTC examines increasingly sophisticated attacks from 2010 and 2011, such as, Myournet/Droid Dream, Tap Snake and Geinimi as well as the pirating of the "Walk and Text" application, new threat vectors for mobile cybercrime, and the potential for exploitation and misuse of mobile devices and data.
Contact: http://www.juniper.net
With smartphones set to eclipse PCs as the preferred method of both personal and professional computing, cyber criminals have turned their attention to mobile devices. At the same time, the gap between hacker capabilities and an organization's defenses is widening. These trends underscore the need for further mobile security awareness, as well as more stringent, better integrated mobile security policies and solutions.
Key report findings:
-- App Store Anxiety: The single greatest distribution point for mobile malware is application download, yet the vast majority of smartphone users are not employing an antivirus solution on their mobile device to scan for malware
-- Wi-Fi Worries: Mobile devices are increasingly susceptible to Wi-Fi attacks, including applications that enable an attacker to easily log into victim email and social networking applications
-- The Text Threat: 17 percent of all reported infections were due to SMS trojans that sent SMS messages to premium rate numbers, often at irretrievable cost to the user or enterprise
-- Device Loss and Theft: 1 in 20 Juniper customer devices were lost or stolen, requiring locate, lock or wipe commands to be issued
-- Risky Teen Behavior: 20 percent of all teens admit sending inappropriate or explicit material from a mobile device
-- "Droid Distress": The number of Android malware attacks increased 400 percent since Summer 2010
Comment from Jeff Wilson, principal analyst, security, at Infonetics Research: The last 18 months have produced a non-stop barrage of newsworthy threat events, and while most had been aimed at traditional desktop computers, hackers are now setting their sights on mobile devices. Operating system consolidation and the massive and growing installed base of powerful mobile devices is tempting profit-motivated hackers to target these devices. In a recent survey of large businesses, we found that nearly 40 percent considered smartphones the device type posing the largest security threat now. Businesses need security tools that provide comprehensive protection: from the core of the network to the diverse range of endpoints that all IT shops are now forced to manage and secure.
Comment from Dan Hoffman, chief mobile security evangelist at Juniper Networks: These findings reflect a perfect storm of users who are either uneducated on or disinterested in security, downloading readily available applications from unknown and unvetted sources in the complete absence of mobile device security solutions. App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation. There are specifics steps users must take to mitigate mobile attacks. Both enterprises and consumers alike need to be aware of the growing risks associated with the convenience of having the Internet in the palm of your hand.
Recommendations for guarding against growing mobile malware threats for enterprises, government agencies and SMBs:
-- Employ on-device anti-malware to protect against malicious applications, spyware, infected SD cards and malware-based attacks against the mobile device
-- Use SSL VPN clients to effortlessly protect data in transit and ensure appropriate network authentication and access rights
-- Centralize locate and remote lock, wipe, backup and restore facilities for lost and stolen devices
-- Strongly enforce security policies, such as mandating the use of strong PINs/Passcodes
-- Leverage tools to help monitor device activity for data leakage and inappropriate use
-- Centralize mobile device administration to enforce and report on security policies
About the report: "Malicious Mobile Threats Report 2010/2011" was compiled by the Juniper Networks Global Threat Center (GTC) research facility, which conducts around-the-clock security, vulnerability and malware research tailored specifically to mobile device platforms and technologies. The GTC examines increasingly sophisticated attacks from 2010 and 2011, such as, Myournet/Droid Dream, Tap Snake and Geinimi as well as the pirating of the "Walk and Text" application, new threat vectors for mobile cybercrime, and the potential for exploitation and misuse of mobile devices and data.
Contact: http://www.juniper.net
Monday, April 11, 2011
Security Spending For Virtualized Environments To Spike
Many companies are moving to a virtualized server infrastructure to take advantage of the overabundance of computing resources in their networks, save energy and cost, and make their IT infrastructure more robust, but they are starting to realize that this may all come at the expense of security, according to a survey.
Key findings:
-- The virtual server security market is new and fragmented, marked by a mix of vendors, including virtualization vendors, application and database vendors, server and data center heavy hitters, client security players, and network security vendors
-- The top three drivers for deploying new security solutions for virtualized environments are preventing new threats specific to virtual environments, preventing inter-virtual machine (inter-VM) threats, and maintaining secure server configurations
-- The confluence of media hype, maturing product offerings, and strong buyer interest will make 2011 the year brand leadership and mindshare are established in the virtualized infrastructure security market, followed by a breakout spending year in 2012
-- Respondent companies expect to spend an average of 51 percent more on security for virtualized environments in 2012 than they did in 2010
Comment from Jeff Wilson, principal analyst for security at Infonetics Research: While the market leader in the data center/cloud security space is at this point undecided, at the center of the leadership puzzle is the emerging segment of security solutions for virtualized environments. Microsoft, Cisco, and VMware lead in brand awareness and strength overall now, but this is only one (admittedly early) piece of the virtualization/data center security leadership puzzle. It's possible that when it comes down to who will actually be able to best monetize security solutions for virtualized environments, players with much lower brand presence will do better than some of the players with stronger overall brands, if they deliver a better product.
About the survey: Market research firm Infonetics Research polled end-user companies that have deployed server virtualization about their buying plans for security.The survey, Security for Virtualized Infrastructure: North American Enterprise Survey, is a 20-page report of buyer plans, deployment drivers, budgets, strategies, and ratings of vendors in the space. The survey includes respondent ratings of Check Point, Cisco, Juniper/Altor, Microsoft, Reflex, and VMware on 8 criteria: security, technology, product roadmap, management, price-to-performance ratio (value), pricing, financial stability, and service and support. Vendors named by respondents in open-ended questions or rated when prompted include Check Point, Cisco, Citrix, Crossbeam, F5 Networks, HP, IBM, Juniper/Altor, McAfee, Microsoft, Oracle, Reflex, Symantec, and VMware.
Contact: http://www.infonetics.com
Key findings:
-- The virtual server security market is new and fragmented, marked by a mix of vendors, including virtualization vendors, application and database vendors, server and data center heavy hitters, client security players, and network security vendors
-- The top three drivers for deploying new security solutions for virtualized environments are preventing new threats specific to virtual environments, preventing inter-virtual machine (inter-VM) threats, and maintaining secure server configurations
-- The confluence of media hype, maturing product offerings, and strong buyer interest will make 2011 the year brand leadership and mindshare are established in the virtualized infrastructure security market, followed by a breakout spending year in 2012
-- Respondent companies expect to spend an average of 51 percent more on security for virtualized environments in 2012 than they did in 2010
Comment from Jeff Wilson, principal analyst for security at Infonetics Research: While the market leader in the data center/cloud security space is at this point undecided, at the center of the leadership puzzle is the emerging segment of security solutions for virtualized environments. Microsoft, Cisco, and VMware lead in brand awareness and strength overall now, but this is only one (admittedly early) piece of the virtualization/data center security leadership puzzle. It's possible that when it comes down to who will actually be able to best monetize security solutions for virtualized environments, players with much lower brand presence will do better than some of the players with stronger overall brands, if they deliver a better product.
About the survey: Market research firm Infonetics Research polled end-user companies that have deployed server virtualization about their buying plans for security.The survey, Security for Virtualized Infrastructure: North American Enterprise Survey, is a 20-page report of buyer plans, deployment drivers, budgets, strategies, and ratings of vendors in the space. The survey includes respondent ratings of Check Point, Cisco, Juniper/Altor, Microsoft, Reflex, and VMware on 8 criteria: security, technology, product roadmap, management, price-to-performance ratio (value), pricing, financial stability, and service and support. Vendors named by respondents in open-ended questions or rated when prompted include Check Point, Cisco, Citrix, Crossbeam, F5 Networks, HP, IBM, Juniper/Altor, McAfee, Microsoft, Oracle, Reflex, Symantec, and VMware.
Contact: http://www.infonetics.com
Friday, December 17, 2010
"Cloud Thinking" Has Arrived In Large Enterprises
Cloud computing is coming of age in large enterprises, according to a new study of North American and European IT professionals. Enterprises are active in the cloud, and their virtualization efforts are contributing to broader interest in cloud computing. The results also indicate a shift toward approaching IT using "cloud thinking," accelerating the uses of cloud computing and helping to align IT decision makers and implementers around common goals of efficiency, flexibility and scalability.
Key findings:
-- More than 80 percent of enterprises and 92 percent of the largest enterprises have at least one cloud service; 53 percent of IT implementers indicate having more than six cloud services.
-- The primary incentives for organizations exploring the cloud are to save money (44 percent) and gain greater cost control (35 percent). IT staff are incented by increasing efficiency (35 percent) and a desire to work with the latest technologies (34 percent).
-- Security and control remain perceived barriers to the cloud. Executives are primarily concerned about security (68 percent) and poor service quality (40 percent), while roughly half of all respondents consider risk of job loss and loss of control as top deterrents.
-- Virtualization maturity leads to more optimistic attitudes toward cloud: Virtualization-intensive organizations are four times more likely to move as many services as possible to both public and private clouds.
-- Attitudes toward public and private clouds align. Respondents cite cost savings, resource efficiencies, flexibility and servicing global users as drivers for public clouds; similarly, cost, scalability, flexibility and manageability are drivers for private clouds. Security is noted as both a driver and deterrent for public and private clouds.
-- Collaboration tools lead cloud deployments at 75 percent, with hosted email, antivirus/spam filters and web conferencing noted as the most common applications being deployed in the cloud by large enterprises.
-- Infrastructure and development platforms in the cloud (Infrastructure- and Platform-as-a-Service) appear to be poised for growth with 58 percent of large organizations already using these services, and 43 percent considering them. Such use and consideration sets up infrastructure clouds as the next wave of cloud adoption.
-- On average, roughly one-third of x86 servers are virtualized within the enterprise today. Nearly half of these companies (46 percent) indicate a "managed" stage of virtualization, with the ability to move virtual machines and manage them for high availability. As enterprises move along the virtualization maturity lifecycle from basic (unmanaged virtual servers), to managed, to advanced (dynamic resource scheduling and consolidated back-up), and on to "cloud-like" (advanced virtual automation, full disaster recovery via virtualization), the applications they earmark for the cloud also begin to shift.
-- Email leads in the managed stage (53 percent); desktop virtualization and databases peak during the advanced stage (30 percent); and industry-specific applications top all others in the cloud-like stage (32 percent).
-- In addition, respondents indicate plans to continue to move mission-critical applications from non-virtualized infrastructure to virtual machines over the next couple of years. Enterprises are running nearly half (47 percent) of these applications on non-virtualized infrastructure today, which will drop by 17 percent in the next two years. Of that 17 percent, 10 percent will shift to public and private clouds.
-- As IT reorganizes itself for more dynamic virtualized environments, the tendency to embrace the cloud rises. Virtualization-intensive organizations are roughly four times more likely to move as many services as possible into both public and private clouds. Overall, the perceptions of cloud computing take on a more optimistic tone as organizations advance their technical infrastructure to support more dynamic environments.
-- When asked to share their viewpoints on drivers and barriers to the adoption of public and private clouds, respondents cite cost as a driver and barrier, suggesting the true impact and relevance of "cost savings" is still unresolved.
-- Drivers of public cloud adoption also cite resource efficiencies, flexibility and servicing global users as key drivers. Deterrents include security, compliance, internal resistance and the perception that public clouds are not suitable for some business applications.
-- Cost and security also confound private cloud adoption, with respondents citing them as both drivers and barriers. Additional drivers include scalability, flexibility and manageability, while complexity, availability and reliability, and slow adoption of new technology are seen as deterrents.
-- Survey participants also provided input on advocates and opponents of cloud computing within their organizations. Senior management (C-level and senior IT executives) are the primary advocates for public clouds, while those with more day-to-day responsibilities over virtualization and servers are seen as the leading private cloud advocates (32 percent of directors of IT operations or senior data center management, 31 percent of virtualization team, 30 percent of server management team). Not surprisingly, the security team topped the list as the primary opponent for both public and private clouds (44 percent and 27 percent respectively), with business unit leaders/managers sharing that attitude (23 percent and 18 percent respectively).
-- Overall, the study confirms large organizations are embracing both public and private clouds. Enterprises are already active in cloud computing. Virtualization is fostering the confidence and skills needed to encourage further adoption among large organizations to build private clouds. Ultimately, living in this duopoly of public and private cloud environments will require enterprises to adapt their integration tools and management philosophies to provide end-user services across both types of clouds.
Comment from Adam Famularo, general manager, Cloud Computing Business, CA Technologies: This study confirms that large enterprises are exploring the benefits of the cloud, and are looking to expand from basic services like collaboration to more complex Infrastructure and Platform cloud services. It validates a trend we predicted, that IT executives are rapidly becoming orchestrators of an IT supply chain made up of internal and external services. With this shift comes a growing need for sophisticated management and security, allowing enterprises to change how they think about IT to reap the full rewards that cloud computing offers - agility, efficiency and scalability.
About the study: This Management Insight Technologies study was executed as a web-based study. The sample was collected in September 2010 and is comprised of 434 IT professionals across two regions - North America (273) and Europe (161). Respondents working for companies that produce cloud computing software were excluded. Qualified respondents had to be sufficiently knowledgeable about their company's IT environments. The screener and sample frame were developed to target a fairly even representation of IT decision makers and IT implementers and of the three company sizes within each region.
Contact: For more details and to learn more about the survey, download a copy of "The Arrival of 'Cloud Thinking': How and Why Cloud Computing Has Come of Age In Large Enterprises" here.
Contact: http://www.ca.com/cloud
Key findings:
-- More than 80 percent of enterprises and 92 percent of the largest enterprises have at least one cloud service; 53 percent of IT implementers indicate having more than six cloud services.
-- The primary incentives for organizations exploring the cloud are to save money (44 percent) and gain greater cost control (35 percent). IT staff are incented by increasing efficiency (35 percent) and a desire to work with the latest technologies (34 percent).
-- Security and control remain perceived barriers to the cloud. Executives are primarily concerned about security (68 percent) and poor service quality (40 percent), while roughly half of all respondents consider risk of job loss and loss of control as top deterrents.
-- Virtualization maturity leads to more optimistic attitudes toward cloud: Virtualization-intensive organizations are four times more likely to move as many services as possible to both public and private clouds.
-- Attitudes toward public and private clouds align. Respondents cite cost savings, resource efficiencies, flexibility and servicing global users as drivers for public clouds; similarly, cost, scalability, flexibility and manageability are drivers for private clouds. Security is noted as both a driver and deterrent for public and private clouds.
-- Collaboration tools lead cloud deployments at 75 percent, with hosted email, antivirus/spam filters and web conferencing noted as the most common applications being deployed in the cloud by large enterprises.
-- Infrastructure and development platforms in the cloud (Infrastructure- and Platform-as-a-Service) appear to be poised for growth with 58 percent of large organizations already using these services, and 43 percent considering them. Such use and consideration sets up infrastructure clouds as the next wave of cloud adoption.
-- On average, roughly one-third of x86 servers are virtualized within the enterprise today. Nearly half of these companies (46 percent) indicate a "managed" stage of virtualization, with the ability to move virtual machines and manage them for high availability. As enterprises move along the virtualization maturity lifecycle from basic (unmanaged virtual servers), to managed, to advanced (dynamic resource scheduling and consolidated back-up), and on to "cloud-like" (advanced virtual automation, full disaster recovery via virtualization), the applications they earmark for the cloud also begin to shift.
-- Email leads in the managed stage (53 percent); desktop virtualization and databases peak during the advanced stage (30 percent); and industry-specific applications top all others in the cloud-like stage (32 percent).
-- In addition, respondents indicate plans to continue to move mission-critical applications from non-virtualized infrastructure to virtual machines over the next couple of years. Enterprises are running nearly half (47 percent) of these applications on non-virtualized infrastructure today, which will drop by 17 percent in the next two years. Of that 17 percent, 10 percent will shift to public and private clouds.
-- As IT reorganizes itself for more dynamic virtualized environments, the tendency to embrace the cloud rises. Virtualization-intensive organizations are roughly four times more likely to move as many services as possible into both public and private clouds. Overall, the perceptions of cloud computing take on a more optimistic tone as organizations advance their technical infrastructure to support more dynamic environments.
-- When asked to share their viewpoints on drivers and barriers to the adoption of public and private clouds, respondents cite cost as a driver and barrier, suggesting the true impact and relevance of "cost savings" is still unresolved.
-- Drivers of public cloud adoption also cite resource efficiencies, flexibility and servicing global users as key drivers. Deterrents include security, compliance, internal resistance and the perception that public clouds are not suitable for some business applications.
-- Cost and security also confound private cloud adoption, with respondents citing them as both drivers and barriers. Additional drivers include scalability, flexibility and manageability, while complexity, availability and reliability, and slow adoption of new technology are seen as deterrents.
-- Survey participants also provided input on advocates and opponents of cloud computing within their organizations. Senior management (C-level and senior IT executives) are the primary advocates for public clouds, while those with more day-to-day responsibilities over virtualization and servers are seen as the leading private cloud advocates (32 percent of directors of IT operations or senior data center management, 31 percent of virtualization team, 30 percent of server management team). Not surprisingly, the security team topped the list as the primary opponent for both public and private clouds (44 percent and 27 percent respectively), with business unit leaders/managers sharing that attitude (23 percent and 18 percent respectively).
-- Overall, the study confirms large organizations are embracing both public and private clouds. Enterprises are already active in cloud computing. Virtualization is fostering the confidence and skills needed to encourage further adoption among large organizations to build private clouds. Ultimately, living in this duopoly of public and private cloud environments will require enterprises to adapt their integration tools and management philosophies to provide end-user services across both types of clouds.
Comment from Adam Famularo, general manager, Cloud Computing Business, CA Technologies: This study confirms that large enterprises are exploring the benefits of the cloud, and are looking to expand from basic services like collaboration to more complex Infrastructure and Platform cloud services. It validates a trend we predicted, that IT executives are rapidly becoming orchestrators of an IT supply chain made up of internal and external services. With this shift comes a growing need for sophisticated management and security, allowing enterprises to change how they think about IT to reap the full rewards that cloud computing offers - agility, efficiency and scalability.
About the study: This Management Insight Technologies study was executed as a web-based study. The sample was collected in September 2010 and is comprised of 434 IT professionals across two regions - North America (273) and Europe (161). Respondents working for companies that produce cloud computing software were excluded. Qualified respondents had to be sufficiently knowledgeable about their company's IT environments. The screener and sample frame were developed to target a fairly even representation of IT decision makers and IT implementers and of the three company sizes within each region.
Contact: For more details and to learn more about the survey, download a copy of "The Arrival of 'Cloud Thinking': How and Why Cloud Computing Has Come of Age In Large Enterprises" here.
Contact: http://www.ca.com/cloud
Thursday, November 18, 2010
Most Companies Believe Sensitive Data Can Be Secured in the Cloud
Most companies believe sensitive data can be secured in the cloud, a survey has found.
In addition, nearly half of the respondents also said they believe cloud-based solutions can be as secure as on-premise products, with over 40 percent stating they would consider replacing current solutions with cloud-based ones.
However, respondents did keep their feet on the ground with clear caveats that cloud solutions must include strong data protection, data segregation and the ability to comply with key compliance mandates, such as Sarbanes Oxley, HIPAA and PCI DSS. Compliance was noted as mission critical by nearly 80 percent of those surveyed, and most respondents felt there was some data still too risky to put in the cloud, including intellectual property, financial information and employee records. The survey also showed most companies are willing to forego performance for cloud security, with nearly 80 percent saying they would sacrifice some cloud computing performance in order to ensure that the data was secure.
In the end, it comes down to whether or not a cloud vendor can address the top criteria for cloud security, which are: data protection (85 percent), auditing and tracking (53 percent), access control rules and securing data in motion (both at 36 percent).
For cloud vendors, the survey clearly reveals the most important criteria for companies evaluating a cloud vendor. Respondents placed greatest importance how their data is segregated from other customers (85 percent), whether or not the vendor has a comprehensive and secure disaster recovery plan in place (80 percent), understanding how their company data is secured within the application (79 percent), and understanding the vendor's security breach contingency process (72 percent). Access control rules, strong authentication and best-of-breed network security infrastructure were some of the other criteria near the top of the list when considering cloud providers.
Comment from Margaret Dawson, vice president of marketing and product management at Hubspan: The results of this survey show that while some of the concerns over cloud security may be overblown, vendors must be able to clearly show how they address data segregation, compliance and other areas critical to businesses interested in augmenting on-premise infrastructure with cloud-based solutions. These results mirror what we hear from our own customers, and Hubspan has been ahead of the game in providing best-in-class security and compliance-based B2B integration in the cloud.
About the survey: More than 200 companies completed the cloud survey, ranging in size from under 50 to several thousand employees. Respondents represented a range of industries, with high-tech, manufacturing, wholesale distribution, retail and B2B eCommerce accounting for 50 percent of the polls.
Contact: http://www.hubspan.com
In addition, nearly half of the respondents also said they believe cloud-based solutions can be as secure as on-premise products, with over 40 percent stating they would consider replacing current solutions with cloud-based ones.
However, respondents did keep their feet on the ground with clear caveats that cloud solutions must include strong data protection, data segregation and the ability to comply with key compliance mandates, such as Sarbanes Oxley, HIPAA and PCI DSS. Compliance was noted as mission critical by nearly 80 percent of those surveyed, and most respondents felt there was some data still too risky to put in the cloud, including intellectual property, financial information and employee records. The survey also showed most companies are willing to forego performance for cloud security, with nearly 80 percent saying they would sacrifice some cloud computing performance in order to ensure that the data was secure.
In the end, it comes down to whether or not a cloud vendor can address the top criteria for cloud security, which are: data protection (85 percent), auditing and tracking (53 percent), access control rules and securing data in motion (both at 36 percent).
For cloud vendors, the survey clearly reveals the most important criteria for companies evaluating a cloud vendor. Respondents placed greatest importance how their data is segregated from other customers (85 percent), whether or not the vendor has a comprehensive and secure disaster recovery plan in place (80 percent), understanding how their company data is secured within the application (79 percent), and understanding the vendor's security breach contingency process (72 percent). Access control rules, strong authentication and best-of-breed network security infrastructure were some of the other criteria near the top of the list when considering cloud providers.
Comment from Margaret Dawson, vice president of marketing and product management at Hubspan: The results of this survey show that while some of the concerns over cloud security may be overblown, vendors must be able to clearly show how they address data segregation, compliance and other areas critical to businesses interested in augmenting on-premise infrastructure with cloud-based solutions. These results mirror what we hear from our own customers, and Hubspan has been ahead of the game in providing best-in-class security and compliance-based B2B integration in the cloud.
About the survey: More than 200 companies completed the cloud survey, ranging in size from under 50 to several thousand employees. Respondents represented a range of industries, with high-tech, manufacturing, wholesale distribution, retail and B2B eCommerce accounting for 50 percent of the polls.
Contact: http://www.hubspan.com
Thursday, October 28, 2010
Cloud Adopters Say Cloud Solutions Are Better Than Their On-Premise Counterparts
Experienced cloud adopters see public cloud solutions as a significant improvement from their traditional on-premise counterparts, and cite the cloud's positive and strategic impact on their business and IT organization, according to a new survey:
-- More than 60 percent of cloud adopters say cloud solutions are better than on-premise in terms of availability, total cost of ownership, ease-of-integration, ease-of-deployment and time-to-value.
-- 83 percent agreed that cloud solutions have helped them respond faster to the needs of their business.
-- 29 percent strongly agreed that cloud solutions have changed the way they run their business.
-- Nearly 40 percent say future cloud adoption will be part of an overall business transformation, 65 percent say it will be part of an IT transformation.
Given the positive experience of cloud adopters, it may not be surprising to see that adopters label many of the most common fears about cloud solutions as "misconceptions." Twenty-eight percent of survey respondents say that cloud security is the number one misconception about cloud solutions, with integration challenges (15 percent) and lock-in (13 percent) coming in a distant second and third choice. More than 35 percent of respondents said IT leadership is the primary driver of cloud misconceptions, more than triple the number who called out traditional vendors (10 percent) or media and analysts (6 percent) as the driver.
Cloud adopters are more aggressive in their near-term and long-term adoption plans than what general market data indicates. Today, 22 percent of cloud adopters said they had more than 50 percent of their IT in the public cloud; and 68 percent expect to have the majority of their IT in the public cloud within three years. While nearly every analyst group predicts tremendous growth for cloud computing in the next three years, they're typically much more conservative about how much of IT moves to the public cloud in that timeframe.
IT has often been portrayed as on the sidelines when it comes to cloud adoption, with business leaders using cloud applications as a way to get around IT. However, cloud adopters paint a much different picture:
-- 70 percent of cloud adopters say IT was a driver in the decision-making process to move to the cloud, and nearly 80 percent expect IT will be a driver in the future.
-- 70 percent agree that cloud solutions have "changed the role of IT within the business -- IT is now seen as a true business enabler," and 40 percent strongly agree with this statement.
Security, compliance and manageability remain priorities for improving cloud applications, just as they continue to be priorities for existing, on-premise IT solutions. However, a new set of challenges are beginning to emerge with cloud adopters, including cloud-to-cloud integration, bringing information to mobile devices, and reducing SaaS silos. More than 73 percent of respondents selected each of these three areas as an important or very important priority. Overall, more than 65 percent of respondents said enhancing their cloud applications was a high or essential priority in the context of their broader objectives. Only 3 percent rated it a low or non-priority.
Comment from Chris Barbin, CEO of Appirio: Companies leading the charge on cloud computing can teach the broader market a lot about what's real, what's hype and what to expect when you move more of your IT to the cloud. Cloud computing is a highly valuable but disruptive technology, and the enterprises that will be most successful with the transition are those who can learn from the experience of others and look beyond the challenges of today.
About the survey: Appirio's State of the Public Cloud Survey targeted more than 150 IT decision makers at mid-to-large sized companies that had already implemented at least one of the leading SaaS applications or cloud platforms. Conducted by a third-party firm, the survey uncovered valuable insights from companies that have already begun their move to the cloud.
Contact: A free copy of Appirio's State of the Public Cloud report, including full data and commentary, can be downloaded here.
Contact: http://www.appirio.com
-- More than 60 percent of cloud adopters say cloud solutions are better than on-premise in terms of availability, total cost of ownership, ease-of-integration, ease-of-deployment and time-to-value.
-- 83 percent agreed that cloud solutions have helped them respond faster to the needs of their business.
-- 29 percent strongly agreed that cloud solutions have changed the way they run their business.
-- Nearly 40 percent say future cloud adoption will be part of an overall business transformation, 65 percent say it will be part of an IT transformation.
Given the positive experience of cloud adopters, it may not be surprising to see that adopters label many of the most common fears about cloud solutions as "misconceptions." Twenty-eight percent of survey respondents say that cloud security is the number one misconception about cloud solutions, with integration challenges (15 percent) and lock-in (13 percent) coming in a distant second and third choice. More than 35 percent of respondents said IT leadership is the primary driver of cloud misconceptions, more than triple the number who called out traditional vendors (10 percent) or media and analysts (6 percent) as the driver.
Cloud adopters are more aggressive in their near-term and long-term adoption plans than what general market data indicates. Today, 22 percent of cloud adopters said they had more than 50 percent of their IT in the public cloud; and 68 percent expect to have the majority of their IT in the public cloud within three years. While nearly every analyst group predicts tremendous growth for cloud computing in the next three years, they're typically much more conservative about how much of IT moves to the public cloud in that timeframe.
IT has often been portrayed as on the sidelines when it comes to cloud adoption, with business leaders using cloud applications as a way to get around IT. However, cloud adopters paint a much different picture:
-- 70 percent of cloud adopters say IT was a driver in the decision-making process to move to the cloud, and nearly 80 percent expect IT will be a driver in the future.
-- 70 percent agree that cloud solutions have "changed the role of IT within the business -- IT is now seen as a true business enabler," and 40 percent strongly agree with this statement.
Security, compliance and manageability remain priorities for improving cloud applications, just as they continue to be priorities for existing, on-premise IT solutions. However, a new set of challenges are beginning to emerge with cloud adopters, including cloud-to-cloud integration, bringing information to mobile devices, and reducing SaaS silos. More than 73 percent of respondents selected each of these three areas as an important or very important priority. Overall, more than 65 percent of respondents said enhancing their cloud applications was a high or essential priority in the context of their broader objectives. Only 3 percent rated it a low or non-priority.
Comment from Chris Barbin, CEO of Appirio: Companies leading the charge on cloud computing can teach the broader market a lot about what's real, what's hype and what to expect when you move more of your IT to the cloud. Cloud computing is a highly valuable but disruptive technology, and the enterprises that will be most successful with the transition are those who can learn from the experience of others and look beyond the challenges of today.
About the survey: Appirio's State of the Public Cloud Survey targeted more than 150 IT decision makers at mid-to-large sized companies that had already implemented at least one of the leading SaaS applications or cloud platforms. Conducted by a third-party firm, the survey uncovered valuable insights from companies that have already begun their move to the cloud.
Contact: A free copy of Appirio's State of the Public Cloud report, including full data and commentary, can be downloaded here.
Contact: http://www.appirio.com
Wednesday, October 27, 2010
Sixty-Four Percent Of Enterprises Admit They Would Not Pass an Audit Verifying Appropriate Access to Cloud Data
The Cloud is still akin to the Wild West when it comes to the security of the data hosted there, according to new survey findings.
In fact, one in seven companies admit that they know there are potential access violations in their Cloud applications, but they don't know how to find them. The survey also found that there is widespread confusion about who is responsible for securing Cloud data: 78.4 percent of respondents could not identify the single party responsible. As enterprises increasingly leverage Cloud solutions amid this confusion, more data is at risk of unauthorized access.
Cloud adoption may be outpacing commensurate security controls. Even more startling, the lack of knowledge about which systems or applications employees have access to is actually increasing, up nearly 10 percent from last year's figures. This indicates an alarming growth in the lack of control enterprises have over user access, which is only exacerbated by the use of Cloud solutions.
Key cloud-related results from the survey include:
-- Nearly half (48.1 percent) of respondents said they are not confident that a compliance audit of their Cloud-based applications would show that all user access is appropriate. An additional 15.7 percent admitted they are aware that potential access violations exist, but they don't know how to find them. Confusion abounds about Cloud data security - more than three quarters of respondents cannot say who they believe should be responsible for data housed in a Cloud environment.
-- While 65.4 percent said that the company from which the data originates, the application provider and the Cloud service provider are all responsible, another 13 percent said they were not sure. There is no consensus on who the single party should be that protects that data.
-- 61.2 percent of respondents said they have limited or no knowledge of which systems or applications employees have access to. This number spiked from 52.8 percent in 2009, demonstrating an increasing risk of "zombie" accounts -- accounts that remain active after employees have left the company or changed roles, which can lead to data breaches. Fittingly, enterprises are less confident this year than in 2009 that they can prevent terminated employees from accessing one or more IT systems.
-- 64.3 percent said they are not completely confident, compared with 57.9 percent last year. There was a slight increase in the percentage of companies who were more concerned with external IT security threats than internal ones. 56.5 percent of respondents said that external threats were still the biggest concern, compared with 54 percent last year.
Comment from Courion: These results show that many organizations are not currently doing the proper due diligence to ensure that sensitive data is being accessed by the right employees on-premise, not to mention when data is housed by a third party provider. The responses indicate that the problem is getting worse, and is only being exacerbated by the increasing use of Cloud-based applications, which creates more access violation risk. Courion recommends careful inspection of Access Assurance policies that define, verify and enforce that the right users have the right access to the right resources and are doing the right things, and also that companies deliberate on which applications are best-suited for Cloud environments and which are best kept on-premise.
About the survey: Courion Corporation conducted the 2010 Access Assurance Survey in October 2010 among 384 business managers from large enterprises, 86 percent of which had at least 1,000 employees.
Contact: http://www.courion.com
In fact, one in seven companies admit that they know there are potential access violations in their Cloud applications, but they don't know how to find them. The survey also found that there is widespread confusion about who is responsible for securing Cloud data: 78.4 percent of respondents could not identify the single party responsible. As enterprises increasingly leverage Cloud solutions amid this confusion, more data is at risk of unauthorized access.
Cloud adoption may be outpacing commensurate security controls. Even more startling, the lack of knowledge about which systems or applications employees have access to is actually increasing, up nearly 10 percent from last year's figures. This indicates an alarming growth in the lack of control enterprises have over user access, which is only exacerbated by the use of Cloud solutions.
Key cloud-related results from the survey include:
-- Nearly half (48.1 percent) of respondents said they are not confident that a compliance audit of their Cloud-based applications would show that all user access is appropriate. An additional 15.7 percent admitted they are aware that potential access violations exist, but they don't know how to find them. Confusion abounds about Cloud data security - more than three quarters of respondents cannot say who they believe should be responsible for data housed in a Cloud environment.
-- While 65.4 percent said that the company from which the data originates, the application provider and the Cloud service provider are all responsible, another 13 percent said they were not sure. There is no consensus on who the single party should be that protects that data.
-- 61.2 percent of respondents said they have limited or no knowledge of which systems or applications employees have access to. This number spiked from 52.8 percent in 2009, demonstrating an increasing risk of "zombie" accounts -- accounts that remain active after employees have left the company or changed roles, which can lead to data breaches. Fittingly, enterprises are less confident this year than in 2009 that they can prevent terminated employees from accessing one or more IT systems.
-- 64.3 percent said they are not completely confident, compared with 57.9 percent last year. There was a slight increase in the percentage of companies who were more concerned with external IT security threats than internal ones. 56.5 percent of respondents said that external threats were still the biggest concern, compared with 54 percent last year.
Comment from Courion: These results show that many organizations are not currently doing the proper due diligence to ensure that sensitive data is being accessed by the right employees on-premise, not to mention when data is housed by a third party provider. The responses indicate that the problem is getting worse, and is only being exacerbated by the increasing use of Cloud-based applications, which creates more access violation risk. Courion recommends careful inspection of Access Assurance policies that define, verify and enforce that the right users have the right access to the right resources and are doing the right things, and also that companies deliberate on which applications are best-suited for Cloud environments and which are best kept on-premise.
About the survey: Courion Corporation conducted the 2010 Access Assurance Survey in October 2010 among 384 business managers from large enterprises, 86 percent of which had at least 1,000 employees.
Contact: http://www.courion.com
Wednesday, October 20, 2010
Demand For Security In The Cloud Continues Unabated
Market demand for security delivered in the cloud continues, especially as part of a software-as-a-service (SaaS) model that make it easier for businesses to protect customer, employee and corporate information.
A recent survey of IT decision-makers at small-to-medium sized businesses found that one-third of respondents plan to implement such security services by 2012.
Industry analysts have also projected a continued shift toward security services.
Comment by Chris Christiansen, Program Vice President, Security Products and Services, IDC: We are seeing considerable movement from security software to SaaS, especially for messaging and Web security. Customers demand more flexibility so practically every security vendor will offer a SaaS alternative to hardware-based appliances and software licenses. SaaS will move from its traditional strength in messaging and Web into other markets such as vulnerability and identity management.
In response the the surging demand, Webroot introduced a new version of its Web security service. Updates include new Web activity reports that enable IT administrators to better manage bandwidth usage and prevent "repeat policy offenders" from putting the company's network at risk. Enhancements also include a new reporting infrastructure that provides administrators with instant access to custom data at any level of granularity.
About the survey: The online survey fielded in April 2010 with 505 U.S. Web and email security decision-makers in companies with 10 to 999 seats. The survey was commissioned by Webroot and conducted by e-Rewards.
A recent survey of IT decision-makers at small-to-medium sized businesses found that one-third of respondents plan to implement such security services by 2012.
Industry analysts have also projected a continued shift toward security services.
Comment by Chris Christiansen, Program Vice President, Security Products and Services, IDC: We are seeing considerable movement from security software to SaaS, especially for messaging and Web security. Customers demand more flexibility so practically every security vendor will offer a SaaS alternative to hardware-based appliances and software licenses. SaaS will move from its traditional strength in messaging and Web into other markets such as vulnerability and identity management.
In response the the surging demand, Webroot introduced a new version of its Web security service. Updates include new Web activity reports that enable IT administrators to better manage bandwidth usage and prevent "repeat policy offenders" from putting the company's network at risk. Enhancements also include a new reporting infrastructure that provides administrators with instant access to custom data at any level of granularity.
About the survey: The online survey fielded in April 2010 with 505 U.S. Web and email security decision-makers in companies with 10 to 999 seats. The survey was commissioned by Webroot and conducted by e-Rewards.
Friday, October 8, 2010
Cloud Is A Strategic Direction For Most Companies
More than 60 percent of responders to a recent survey said that moving to the cloud for applications, infrastructure, integration and other solutions is a strategic direction for their organization. Thirty-five percent of cloud strategy decision makers were C-level executives with IT management owning the strategy in 41 percent of the cases.
Most of the companies involved in the survey are already deploying cloud-based solutions. One-third (36 percent) of those surveyed have implemented at least one cloud solution, with Software-as-a-Service (SaaS) ranking among 70 percent of respondents as the number one cloud platform implemented or planned for implementation. An additional 25 percent said they are considering moving some or all business processes to the cloud, illustrating that more than half of the survey respondents see the value of the cloud.
However, lack of clarity around cloud benefits was the top reason cited by respondents for not currently implementing cloud-based solutions. Despite the growing adoption of cloud-based solutions, companies still struggle to understand what the cloud is and how to use it.
The survey also showed that security, management and scalability are the top considerations for companies when evaluating whether or not to deploy cloud solutions, with 70 percent citing the ability to secure data as their top priority. Other high scoring considerations include the ability to quickly integrate with internal applications and external partner systems as well as a "pay as you go" pricing model.
Comment from Margaret Dawson, vice president of marketing and product management at Hubspan: This research validates what we are seeing in the market, with many IT departments looking to move applications and business processes to the cloud but doing so in a strategic, thoughtful manner. No matter what challenge you are trying to solve, one of the key benefits of the cloud is being able to start small and grow both from a cost and implementation perspective.
About the survey: The survey on cloud computing and "as a service" solutions was conducted by Hubspan Inc., a provider of cloud-based business integration solutions. More than 200 companies completed the cloud survey, ranging in size from under 50 to several thousand employees. Respondents represented a range of industries, with high-tech, manufacturing, wholesale distribution, retail and B2B eCommerce accounting for 50 percent of the polls.
Contact: http://www.hubspan.com
Most of the companies involved in the survey are already deploying cloud-based solutions. One-third (36 percent) of those surveyed have implemented at least one cloud solution, with Software-as-a-Service (SaaS) ranking among 70 percent of respondents as the number one cloud platform implemented or planned for implementation. An additional 25 percent said they are considering moving some or all business processes to the cloud, illustrating that more than half of the survey respondents see the value of the cloud.
However, lack of clarity around cloud benefits was the top reason cited by respondents for not currently implementing cloud-based solutions. Despite the growing adoption of cloud-based solutions, companies still struggle to understand what the cloud is and how to use it.
The survey also showed that security, management and scalability are the top considerations for companies when evaluating whether or not to deploy cloud solutions, with 70 percent citing the ability to secure data as their top priority. Other high scoring considerations include the ability to quickly integrate with internal applications and external partner systems as well as a "pay as you go" pricing model.
Comment from Margaret Dawson, vice president of marketing and product management at Hubspan: This research validates what we are seeing in the market, with many IT departments looking to move applications and business processes to the cloud but doing so in a strategic, thoughtful manner. No matter what challenge you are trying to solve, one of the key benefits of the cloud is being able to start small and grow both from a cost and implementation perspective.
About the survey: The survey on cloud computing and "as a service" solutions was conducted by Hubspan Inc., a provider of cloud-based business integration solutions. More than 200 companies completed the cloud survey, ranging in size from under 50 to several thousand employees. Respondents represented a range of industries, with high-tech, manufacturing, wholesale distribution, retail and B2B eCommerce accounting for 50 percent of the polls.
Contact: http://www.hubspan.com
Thursday, October 7, 2010
Government, Companies Must Do More To Ensure Cyber Security
More than 71 percent of respondents to a recent online survey are concerned that their company is not equipped to protect itself from cyber attacks, while approximately 88 percent think the government is not equipped to protect itself.
Other findings:
-- The overwhelming majority of respondents (93 percent) believe cyber attacks are on the rise.
-- Respondents cited viruses and malware (67 percent) and DoS attacks (50 percent) as significant threats to organizations today.
-- Respondents (nearly 74 percent) expect their service provider to provide protection against cyber attacks.
-- The clear majority of respondents (90 percent) believe the best way to protect against cyber attacks is with a solution that detects, analyzes and mitigates unwanted, unwarranted or malicious traffic in real time.
Many fear critical networks face significant threats It is no surprise that the majority of survey respondents feel cyber attacks are increasing with alarming frequency. News reports of various worms, bots, viruses and identity theft have put the public on high alert. But despite an increased awareness of cyber attacks and a renewed effort by the Obama administration to fight cyber threats, few respondents feel critical government networks and company networks are adequately protected (12 percent and 19 percent, respectively).
Not only do respondents believe more cyber attacks are being levied on critical networks, an overwhelming majority (95 percent) believe those attacks are increasing in sophistication, as compared with attacks from a year or two ago. Survey results indicate an inability to protect sensitive and confidential data (69 percent) is a top concern among respondents. This is especially true in a cloud environment.
Responsibility of protection placed on carriers Although malicious activity on the Web has undoubtedly prompted most -- if not all -- organizations to put some sort of network security in place, more than 73 percent of respondents feel the onus of security should fall to their respective carriers or service providers. While not part of this study, we believe the reasons for this expectation are because of resource constraints in most organizations, the relative scarcity of skilled personnel, and the lack of widely available tools to detect and mitigate sophisticated attacks.
With a rise in the complexity and sophistication of attacks, the type of security tools that service providers deploy may well be a differentiator as customers begin to understand the real, devastating threats present in the cyber world.
As more networks become compromised, it is evident that standard approaches using signature- and policy-based software and hardware such as malware/anti-virus, firewalls, IDS/IPSs, and SEMs alone or in combination are critical but insufficient. Rather, a multi-tiered system based on vulnerability analysis and risk assessment of the data contained in the network -- enabling complete network and data visibility in distributed, heterogeneous networks and real-time processing and policy enforcement -- will emerge as a more desirable and complete solution.
Realizing that one company cannot possibly offer technology and services to cover the vast needs among organizations, cyber security vendors must cooperate with each and form a "cyber security ecosystem" and to offer more value to their customers. In an ecosystem, vendors interoperate with others in their ecosystem -- such as combining the best of forensics, visualization, data mining and storage -- in addition to their own cyber security solution. This integrated approach seems more valuable as it enables "best of breed" solutions to be combined based on the risk assessment and vulnerability analysis. By extending a vendor's product set through partnerships, cyber security vendors add critical value to their product and provide the best possible system for network protection and management.
Comment from Greg Oslan, CEO and president of Narus: Narus sponsored this survey to uncover what's important to the people most affected by malicious cyber activity -- the network and security professionals. Armed with these results, Narus can bolster its campaign to arm the world's most critical networks with cyber protection -- a solution that will provide the ability to see clearly and act swiftly.
The Narus survey focused on cyber security in the United States. Sponsored jointly with Converge! Network Digest and Government Security News, the survey queried a cross-section of security professionals in a variety of industries. The survey questions were developed by Narus, Converge! Network Digest and Government Security News, with input from noted telecom and security industry pundits. Opinions were gathered online from respondents, representing a cross-section of professionals in a variety of industries. One-on-one interviews were conducted to add more depth to the survey.
Contact: http://www.narus.com
Other findings:
-- The overwhelming majority of respondents (93 percent) believe cyber attacks are on the rise.
-- Respondents cited viruses and malware (67 percent) and DoS attacks (50 percent) as significant threats to organizations today.
-- Respondents (nearly 74 percent) expect their service provider to provide protection against cyber attacks.
-- The clear majority of respondents (90 percent) believe the best way to protect against cyber attacks is with a solution that detects, analyzes and mitigates unwanted, unwarranted or malicious traffic in real time.
Many fear critical networks face significant threats It is no surprise that the majority of survey respondents feel cyber attacks are increasing with alarming frequency. News reports of various worms, bots, viruses and identity theft have put the public on high alert. But despite an increased awareness of cyber attacks and a renewed effort by the Obama administration to fight cyber threats, few respondents feel critical government networks and company networks are adequately protected (12 percent and 19 percent, respectively).
Not only do respondents believe more cyber attacks are being levied on critical networks, an overwhelming majority (95 percent) believe those attacks are increasing in sophistication, as compared with attacks from a year or two ago. Survey results indicate an inability to protect sensitive and confidential data (69 percent) is a top concern among respondents. This is especially true in a cloud environment.
Responsibility of protection placed on carriers Although malicious activity on the Web has undoubtedly prompted most -- if not all -- organizations to put some sort of network security in place, more than 73 percent of respondents feel the onus of security should fall to their respective carriers or service providers. While not part of this study, we believe the reasons for this expectation are because of resource constraints in most organizations, the relative scarcity of skilled personnel, and the lack of widely available tools to detect and mitigate sophisticated attacks.
With a rise in the complexity and sophistication of attacks, the type of security tools that service providers deploy may well be a differentiator as customers begin to understand the real, devastating threats present in the cyber world.
As more networks become compromised, it is evident that standard approaches using signature- and policy-based software and hardware such as malware/anti-virus, firewalls, IDS/IPSs, and SEMs alone or in combination are critical but insufficient. Rather, a multi-tiered system based on vulnerability analysis and risk assessment of the data contained in the network -- enabling complete network and data visibility in distributed, heterogeneous networks and real-time processing and policy enforcement -- will emerge as a more desirable and complete solution.
Realizing that one company cannot possibly offer technology and services to cover the vast needs among organizations, cyber security vendors must cooperate with each and form a "cyber security ecosystem" and to offer more value to their customers. In an ecosystem, vendors interoperate with others in their ecosystem -- such as combining the best of forensics, visualization, data mining and storage -- in addition to their own cyber security solution. This integrated approach seems more valuable as it enables "best of breed" solutions to be combined based on the risk assessment and vulnerability analysis. By extending a vendor's product set through partnerships, cyber security vendors add critical value to their product and provide the best possible system for network protection and management.
Comment from Greg Oslan, CEO and president of Narus: Narus sponsored this survey to uncover what's important to the people most affected by malicious cyber activity -- the network and security professionals. Armed with these results, Narus can bolster its campaign to arm the world's most critical networks with cyber protection -- a solution that will provide the ability to see clearly and act swiftly.
The Narus survey focused on cyber security in the United States. Sponsored jointly with Converge! Network Digest and Government Security News, the survey queried a cross-section of security professionals in a variety of industries. The survey questions were developed by Narus, Converge! Network Digest and Government Security News, with input from noted telecom and security industry pundits. Opinions were gathered online from respondents, representing a cross-section of professionals in a variety of industries. One-on-one interviews were conducted to add more depth to the survey.
Contact: http://www.narus.com
Many Small and Medium-sized Businesses Worry About IT Security
With limited resources, now more than ever, small- and medium-size business (SMBs) need to carefully consider the range of threats to their business and take action to protect and run their IT systems. Information security threats can be overwhelming and the risks require more than traditional perimeter and host defenses to protect critical business data.
Nearly 60 percent of respondents to a new survey said they are concerned about network security threats. In addition, more than 70 percent said that if an IT security incident took their business offline for one day it would significantly impact their business or potentially put them out of business altogether. Meanwhile, IT outsourcing has emerged as an important trend for SMBs challenged to maintain IT systems which are increasingly difficult to manage internally. The survey revealed that 40 percent of SMBs use external IT support to help run their operations.
Additional key findings from the Staples Advantage survey include:
-- IT is mission-critical. More than half (51 percent) of respondents said IT support personnel should be available 24 hours a day, seven days a week.
-- Telecommuting and security. Nearly 60 percent of respondents say telecommuting is a key way they plan to trim costs in the year ahead. This can be an IT security risk without adequate security practices and employee awareness.
-- Data retention. To satisfy certain legal and regulatory requirements, businesses need a way to store and protect certain business information. According to the survey, more than 40 percent of respondents say their organization does not have company policies in place regarding the storage and retention of email, as an example.
-- Data protection and employee transitions. Employee transitions are an often overlooked risk to company security. Only one in four respondents said they monitor activity to ensure departing employees are not downloading proprietary information. Additionally, 40 percent have not changed network passwords associated with certain departing employees.
To help IT managers and those responsible for IT decisions increase network security and avoid IT downtime, experts at Staples Advantage offer SMBs the following five tips:
-- Adopt a multi-layer security strategy. Just as bumpers, airbags and seat belts all work together to protect passengers in a car, implement security measures at the file, email data store and gateway levels to properly protect data against viruses.
-- Make sure all machines are up-to-date with patches and security update downloads.
-- Use encryption to protect your sensitive data. Enable encryption on wireless networks, and optionally use passwords and encryption software to protect individual files. Use file permissions to control access to sensitive data, and consider installing software that monitors and logs who accesses what data, and when.
-- Invest in multiple connections to the Internet. Leasing and maintaining dual connections to the Internet is no longer an expensive proposition. Using two connections to the Internet, each from a different provider, greatly reduces the potential impact of connectivity interruptions to email, Web and VoIP services.
-- Avoid costly hardware failure by investing in hardware redundancy. Use a service that monitors hardware for uptime and critical performance metrics. Robust monitoring platforms that can dig down to the machine level are best. Carefully assess service providers. Before choosing an external provider of cloud services or any SaaS application, carefully research their service level agreements, infrastructure, redundancy and disaster recovery provisions. When possible, use multiple vendors to eliminate single points of service failure.
Comment from Jim Lippie, president, Thrive Networks, the IT network services business of Staples Advantage: The survey findings help show that IT managed services is becoming a "must have" rather than a "nice to have" for SMBs. A majority of small- and medium-sized businesses (SMBs) are concerned about threats to IT security while many of them can increase steps to help protect their business information.
About the survey: Staples Advantage conducted an online survey of business decision makers at more than 100 small and medium-sized businesses across the US. The survey asked a series of questions about IT and its impact to business operations, taking into account a variety of technologies ranging from personal computers to smartphones.
Contact: http://www.staplesadvantage.com/technology
Nearly 60 percent of respondents to a new survey said they are concerned about network security threats. In addition, more than 70 percent said that if an IT security incident took their business offline for one day it would significantly impact their business or potentially put them out of business altogether. Meanwhile, IT outsourcing has emerged as an important trend for SMBs challenged to maintain IT systems which are increasingly difficult to manage internally. The survey revealed that 40 percent of SMBs use external IT support to help run their operations.
Additional key findings from the Staples Advantage survey include:
-- IT is mission-critical. More than half (51 percent) of respondents said IT support personnel should be available 24 hours a day, seven days a week.
-- Telecommuting and security. Nearly 60 percent of respondents say telecommuting is a key way they plan to trim costs in the year ahead. This can be an IT security risk without adequate security practices and employee awareness.
-- Data retention. To satisfy certain legal and regulatory requirements, businesses need a way to store and protect certain business information. According to the survey, more than 40 percent of respondents say their organization does not have company policies in place regarding the storage and retention of email, as an example.
-- Data protection and employee transitions. Employee transitions are an often overlooked risk to company security. Only one in four respondents said they monitor activity to ensure departing employees are not downloading proprietary information. Additionally, 40 percent have not changed network passwords associated with certain departing employees.
To help IT managers and those responsible for IT decisions increase network security and avoid IT downtime, experts at Staples Advantage offer SMBs the following five tips:
-- Adopt a multi-layer security strategy. Just as bumpers, airbags and seat belts all work together to protect passengers in a car, implement security measures at the file, email data store and gateway levels to properly protect data against viruses.
-- Make sure all machines are up-to-date with patches and security update downloads.
-- Use encryption to protect your sensitive data. Enable encryption on wireless networks, and optionally use passwords and encryption software to protect individual files. Use file permissions to control access to sensitive data, and consider installing software that monitors and logs who accesses what data, and when.
-- Invest in multiple connections to the Internet. Leasing and maintaining dual connections to the Internet is no longer an expensive proposition. Using two connections to the Internet, each from a different provider, greatly reduces the potential impact of connectivity interruptions to email, Web and VoIP services.
-- Avoid costly hardware failure by investing in hardware redundancy. Use a service that monitors hardware for uptime and critical performance metrics. Robust monitoring platforms that can dig down to the machine level are best. Carefully assess service providers. Before choosing an external provider of cloud services or any SaaS application, carefully research their service level agreements, infrastructure, redundancy and disaster recovery provisions. When possible, use multiple vendors to eliminate single points of service failure.
Comment from Jim Lippie, president, Thrive Networks, the IT network services business of Staples Advantage: The survey findings help show that IT managed services is becoming a "must have" rather than a "nice to have" for SMBs. A majority of small- and medium-sized businesses (SMBs) are concerned about threats to IT security while many of them can increase steps to help protect their business information.
About the survey: Staples Advantage conducted an online survey of business decision makers at more than 100 small and medium-sized businesses across the US. The survey asked a series of questions about IT and its impact to business operations, taking into account a variety of technologies ranging from personal computers to smartphones.
Contact: http://www.staplesadvantage.com/technology
Wednesday, October 6, 2010
Enterprise Adoption of Private Clouds Is Widespread And Accelerating
Adoption of cloud computing has been much broader than has been suggested by previous research, and shows accelerating momentum behind developing private cloud infrastructures, new research reveals. Cloud computing, both public and private, will be an increasing part of the mix of resources deployed by enterprise IT organizations, and that companies are particularly interested in simplifying management across their integrated physical, virtual and cloud environments.
Cloud adoption is a focus for many enterprise organizations. But the question remains, what is the best way to leverage the power of cloud computing, maximizing efficiency gains and cost savings while minimizing risk? Seventy-seven percent report using some form of cloud computing today, much higher than previously reported.
Other key findings tied to cloud adoption include:
-- Private clouds are the next logical step for organizations already implementing virtualization, according to 89 percent of the respondents.
-- 34 percent are using a mixed approach of private and public cloud computing, with 43 percent planning to increase their use of the combined approach.
-- 87 percent believe public cloud computing adoption will occur alongside of, instead of replacing, company-owned data centers, with 92 percent indicating an increase in public cloud use as current IT platforms are replaced.
-- 31 percent find that a key benefit to private cloud computing is the ability to manage a heterogeneous infrastructure.
Security is a leading barrier to cloud computing adoption, with 83 percent feeling private cloud computing offers most of the advantages of public cloud computing (freedom from maintaining hardware, lower cost upkeep, resource scalability, lower initial costs) without the security and compliance issues of the public cloud.
Additional findings include:
-- Ninety-one percent are concerned about security issues in the public cloud, with 50 percent indicating security as the primary barrier to implementation.
-- Eighty-six percent believe data is more secure in a private cloud.
-- Seventy-six percent of those surveyed feel outside vendors are not as diligent about data security as internal IT departments.
-- Difficulty maintaining regulatory policy compliance in the public cloud versus that of the private cloud was an issue for 81 percent of respondents.
Comment from Jim Ebzery, senior vice president and general manager of Security, Management and Operating Platforms at Novell: The survey results are telling. The path to public cloud computing needs to begin with the private cloud, learning to leverage the public cloud within the safety of the enterprise network. Despite these concerns, enterprises are moving forward with cloud computing - whether in a private cloud, public cloud or in a hybrid cloud environment.
About the survey: Novell sponsored the Harris Interactive survey of more than 200 IT leaders, primarily IT director and above, at large enterprises organizations (2,500-20,000+ employees).
Contact: http://www.novell.com/private-cloud-survey
Cloud adoption is a focus for many enterprise organizations. But the question remains, what is the best way to leverage the power of cloud computing, maximizing efficiency gains and cost savings while minimizing risk? Seventy-seven percent report using some form of cloud computing today, much higher than previously reported.
Other key findings tied to cloud adoption include:
-- Private clouds are the next logical step for organizations already implementing virtualization, according to 89 percent of the respondents.
-- 34 percent are using a mixed approach of private and public cloud computing, with 43 percent planning to increase their use of the combined approach.
-- 87 percent believe public cloud computing adoption will occur alongside of, instead of replacing, company-owned data centers, with 92 percent indicating an increase in public cloud use as current IT platforms are replaced.
-- 31 percent find that a key benefit to private cloud computing is the ability to manage a heterogeneous infrastructure.
Security is a leading barrier to cloud computing adoption, with 83 percent feeling private cloud computing offers most of the advantages of public cloud computing (freedom from maintaining hardware, lower cost upkeep, resource scalability, lower initial costs) without the security and compliance issues of the public cloud.
Additional findings include:
-- Ninety-one percent are concerned about security issues in the public cloud, with 50 percent indicating security as the primary barrier to implementation.
-- Eighty-six percent believe data is more secure in a private cloud.
-- Seventy-six percent of those surveyed feel outside vendors are not as diligent about data security as internal IT departments.
-- Difficulty maintaining regulatory policy compliance in the public cloud versus that of the private cloud was an issue for 81 percent of respondents.
Comment from Jim Ebzery, senior vice president and general manager of Security, Management and Operating Platforms at Novell: The survey results are telling. The path to public cloud computing needs to begin with the private cloud, learning to leverage the public cloud within the safety of the enterprise network. Despite these concerns, enterprises are moving forward with cloud computing - whether in a private cloud, public cloud or in a hybrid cloud environment.
About the survey: Novell sponsored the Harris Interactive survey of more than 200 IT leaders, primarily IT director and above, at large enterprises organizations (2,500-20,000+ employees).
Contact: http://www.novell.com/private-cloud-survey
Thursday, September 23, 2010
Cloud/Web-Based Application Suppliers Face Greatest Scrutiny By CXOs
In the past six months alone there have been multiple new zero-day vulnerabilities reported in Microsoft Windows and widely covered uneasiness about the security of mobile apps, cloud service providers and SCADA systems that reinforce concerns about unknown weaknesses lurking in everyday software, according to a Veracode, Inc., report.
Overall quality of applications remains poor, with 57 percent failing to meet acceptable levels of security. Cloud/web-based applications are the most commonly scrutinized, and with good reason: 80 percent of web applications would not pass a PCI audit.
Key findings of the Veracode study:
-- More than half of all software failed to meet an acceptable level of security -- 57 percent of all applications were found to have unacceptable application security quality on first submission to Veracode's testing service, even when standards were lowered for those considered less business critical.
-- Third-party code is the culprit behind Operation Aurora, Siemens Stuxnet and others - Third-party code is an essential and rapidly growing part of an enterprise's software portfolio, making up nearly 30 percent of all applications submitted to Veracode for review, with third-party components comprising between 30-70 percent of internally developed applications. Of particular note, third-party suppliers failed to achieve acceptable security standards 81 percent of the time.
-- Cloud /web applications were the most requested third-party assessments -- Suppliers of cloud/web applications made up nearly 60 percent of all third-party assessments requested of Veracode. Similar to the results of testing other types of third-party software, cloud/web applications show low levels of acceptable security.
-- Eight out of 10 web applications would fail a PCI audit -- Based on automated analysis, Veracode found that eight out of 10 web applications failed to comply with the OWASP Top 10 industry standard for security quality, and therefore would not pass a PCI audit.
-- Security flaws are being repaired quicker than ever before -- Indicating the positive impact of greater developer education and training, more mature tools and increasing enterprise pressure, Veracode found that the time it took organizations to repair flaws to achieve acceptable levels of security decreased from between 36-82 days, to 16 days on average.
-- 56 percent of finance-related applications failed upon first submission to Veracode's testing service. Analysis shows that software quality of applications from banking, insurance and financial services industries is not commensurate with the security requirements expected for business critical applications, though the financial services industry performed better than banking and insurance overall.
-- Cross-site scripting remains prevalent, accounting for 51 percent of all vulnerabilities uncovered in the testing process; .NET applications exhibited abnormally high cross-site scripting vulnerabilities. Additionally, "potential backdoors" broke into the top 10 most common vulnerabilities.
Of interest to CIOs and CISOs is the rise of a new market sector for third-party risk assessments. Veracode noted a significant increase in the number of applications it has been asked to review at the request of a buyer of software or software development services since its last report. Third-party assessments (similar to having a pre-purchase home inspection) are among the fastest growing types of assessments requested of Veracode -- a sign that organizations are taking increased responsibility for managing risk within their software supply chain and the growing use of independent, cloud-based application risk management services.
Comment from Joseph Feiman, vice president and Gartner fellow, Gartner: The traditional disjointed approach to enterprise security needs to give way to a comprehensive approach that enables advanced security, improved analytics and optimal decision making. We are calling this new approach "ESI" [Enterprise Security Intelligence], and we believe that both technology providers and their enterprise customers must begin laying the groundwork for its development, adoption and implementation. The concept of "intelligence" is crucial, because it makes it clear that vulnerability scanning, monitoring and reporting are no longer adequate.
About the Veracode study: In compiling its report, Veracode, Inc. analyzed more than 2,900 applications to publish the "State of Software Security Report: Volume 2." The goal of the report is to create greater enterprise security intelligence among the C-suite, security managers and developers regarding their application portfolio. The data empowers informed decision-making around IT infrastructure choices including selecting the best mobile platform, policies about the use of Open Source software and how to best structure third-party software procurement contracts. Findings are based on analysis of Internally Developed, Open Source, Outsourced and Commercial applications that have been submitted to Veracode for testing using its cloud-based platform over the past 18 months. Veracode reports a nearly 200 percent increase in the number of applications submitted for review during the past six months, indicating greater industry awareness about software security. Unlike surveys or other industry reports that perform post-mortem analysis on reported breaches and disclosed vulnerabilities, Veracode's State of Software Security Report examines unknown vulnerabilities by analyzing the DNA of applications -- prior to a breach (and often prior to deployment) -- to identify what the applications are comprised of and where potential weaknesses exist.
Contact: Click here.
Overall quality of applications remains poor, with 57 percent failing to meet acceptable levels of security. Cloud/web-based applications are the most commonly scrutinized, and with good reason: 80 percent of web applications would not pass a PCI audit.
Key findings of the Veracode study:
-- More than half of all software failed to meet an acceptable level of security -- 57 percent of all applications were found to have unacceptable application security quality on first submission to Veracode's testing service, even when standards were lowered for those considered less business critical.
-- Third-party code is the culprit behind Operation Aurora, Siemens Stuxnet and others - Third-party code is an essential and rapidly growing part of an enterprise's software portfolio, making up nearly 30 percent of all applications submitted to Veracode for review, with third-party components comprising between 30-70 percent of internally developed applications. Of particular note, third-party suppliers failed to achieve acceptable security standards 81 percent of the time.
-- Cloud /web applications were the most requested third-party assessments -- Suppliers of cloud/web applications made up nearly 60 percent of all third-party assessments requested of Veracode. Similar to the results of testing other types of third-party software, cloud/web applications show low levels of acceptable security.
-- Eight out of 10 web applications would fail a PCI audit -- Based on automated analysis, Veracode found that eight out of 10 web applications failed to comply with the OWASP Top 10 industry standard for security quality, and therefore would not pass a PCI audit.
-- Security flaws are being repaired quicker than ever before -- Indicating the positive impact of greater developer education and training, more mature tools and increasing enterprise pressure, Veracode found that the time it took organizations to repair flaws to achieve acceptable levels of security decreased from between 36-82 days, to 16 days on average.
-- 56 percent of finance-related applications failed upon first submission to Veracode's testing service. Analysis shows that software quality of applications from banking, insurance and financial services industries is not commensurate with the security requirements expected for business critical applications, though the financial services industry performed better than banking and insurance overall.
-- Cross-site scripting remains prevalent, accounting for 51 percent of all vulnerabilities uncovered in the testing process; .NET applications exhibited abnormally high cross-site scripting vulnerabilities. Additionally, "potential backdoors" broke into the top 10 most common vulnerabilities.
Of interest to CIOs and CISOs is the rise of a new market sector for third-party risk assessments. Veracode noted a significant increase in the number of applications it has been asked to review at the request of a buyer of software or software development services since its last report. Third-party assessments (similar to having a pre-purchase home inspection) are among the fastest growing types of assessments requested of Veracode -- a sign that organizations are taking increased responsibility for managing risk within their software supply chain and the growing use of independent, cloud-based application risk management services.
Comment from Joseph Feiman, vice president and Gartner fellow, Gartner: The traditional disjointed approach to enterprise security needs to give way to a comprehensive approach that enables advanced security, improved analytics and optimal decision making. We are calling this new approach "ESI" [Enterprise Security Intelligence], and we believe that both technology providers and their enterprise customers must begin laying the groundwork for its development, adoption and implementation. The concept of "intelligence" is crucial, because it makes it clear that vulnerability scanning, monitoring and reporting are no longer adequate.
About the Veracode study: In compiling its report, Veracode, Inc. analyzed more than 2,900 applications to publish the "State of Software Security Report: Volume 2." The goal of the report is to create greater enterprise security intelligence among the C-suite, security managers and developers regarding their application portfolio. The data empowers informed decision-making around IT infrastructure choices including selecting the best mobile platform, policies about the use of Open Source software and how to best structure third-party software procurement contracts. Findings are based on analysis of Internally Developed, Open Source, Outsourced and Commercial applications that have been submitted to Veracode for testing using its cloud-based platform over the past 18 months. Veracode reports a nearly 200 percent increase in the number of applications submitted for review during the past six months, indicating greater industry awareness about software security. Unlike surveys or other industry reports that perform post-mortem analysis on reported breaches and disclosed vulnerabilities, Veracode's State of Software Security Report examines unknown vulnerabilities by analyzing the DNA of applications -- prior to a breach (and often prior to deployment) -- to identify what the applications are comprised of and where potential weaknesses exist.
Contact: Click here.
Subscribe to:
Posts (Atom)