Archive

Archive for the ‘Contributed Articles’ Category

The Future of IT: Hype vs. Reality

December 16, 2016 Comments off

SpiceworksSpiceworks launched a new report today –Future of IT: Hype vs. Reality – that examines organizations’ adoptions plans of emerging technology like IoT, AI, VR, and 3D printers and the expected impact in the workplace.

The survey results show that among these emerging technologies, IT pros expect IoT devices and AI technology to have the biggest impact in the workplace. They don’t expect mass adoption to take off for VR and 3D printers, but some industries have significantly higher adoption rates than the industry average.

Key findings:

  • Artificial intelligence

o   Apple Siri is most commonly used in the workplace, but Cortana expected to overtake Siri in next 12 months

o   Over next 5 years, 60% of companies plan to adopt machine learning; 72% plan to deploy business analytics with AI; 32% plan to deploy self-learning robots

  • Internet of things

o   As with AI, security is the top concern with IoT in the workplace

o   Healthcare industry has highest adoption rate for IoT at 28% with an additional 50 percent planning to adopt it

  • Virtual reality

o   Only 7% of companies use VR and 13% plan to adopt it; Construction/engineering industry has highest planned adoption rate at 27%

o   Cost is biggest barrier to adoption; security/privacy is the least concern

o   IT pros surveyed named Oculus the most innovative leader in VR

  • 3D printers

o   Only 11% of companies use 3D printers and 22% plan to adopt them; Education industry has highest current adoption rate at 45%

o   As with VR, cost is biggest barrier to adoption and security is least concern

[Ken’s Notes]

No VR for BusinessThis report, like all reports from Spiceworks, is excellent and accurate. There’s a lot of hype around virtual reality (VR) tech and it will have some adoption in universities and in specialty businesses, but for most of us, don’t invest too heavily in anything VR-related. Most businesses don’t need VR and those that do, already have it in some form.

One point I disagree on, and it’s not uncommon for me to do so, is artificial intelligence (AI). For the past many* years, I have thought that AI would be the one technology that really surpassed all the others in terms of adoption, especially for voice-controlled applications, like Siri, Alexa, and Cortana. I’ve waited for 20 years for a decent voice-recognition program so that I don’t have to type, but can just dictate. Yes, I know about Dragon, and it’s pretty good. But I want something that’s truly ready for prime time.
For me, voice recognition is the first step in AI. Once you have voice recognition, then you can create programs to respond to commands and to perform complex functions. I need for it to be better than my R2D2 robot and the current state of Siri, Alexa, and Cortana. There are a lot of applications for voice recognition, but we just haven’t tapped into them yet.

Overall, this is a very thorough report. I like the visual statistics and the comparisons. I think that you’ll find it enlightening. Use the Comments section to tell me how closely these statistics come to your reality.

*many – A bunch. More than I’m going to tell you about.

Advertisements

Why a Seamless Digital User Experience Matters

November 3, 2016 Comments off

Pem GuerryGuest post by: Pem Guerry

As the digital space evolves, new applications, services and platforms are introduced to the market each year. This multitude of digital tools have certainly proved beneficial in the workplace and at home, but because so many of these programs work independently, users often miss out on the benefits of a truly seamless digital experience.

Integrating, or combining, two or more digital services into one fluid application greatly improves efficiency, usability and the overall user experience. This can be seen in the most robust e-signature integration—where a company combines a third party e-signature service with its own user platform for a swift signing process.

E-signature integration isn’t new to the digital conversation, but the technology behind these integrations has continued to improve—enabling you to offer a completely seamless signing experience for your clients.

API Integration

The most effective way to integrate e-signatures is through an application programming interface (API), which acts as a bridge between multiple applications, allowing you to manage them from a single platform.

The catch is looking for the degree of integration that an e-signature service can provide. There’s a difference between simply connecting two software workflows together and building a truly cohesive, integrated experience for signers. Most e-signature services will be able to provide a rudimentary-level integration where users can flow from one digital service, like a CRM portal, to an e-signature platform—an automatic connection from “Point A” to “Point B.”

Far fewer are able to provide a true private-label integration—where it’s virtually impossible for a user to tell that there are two technology engines behind their digital workflow. However, some technology providers and development resources have capabilities that allow you to customize an e-signature dashboard to match your own user interface with the same colors, fonts, logos, navigation menu and more. Because the end user does not have to switch back and forth between your site and an e-signature site, it’s a transparent process for him. This allows you to appear as the only source your clients must go through to submit approval, providing him with a smooth and easy signing experience.

Why does this level of detail matter? Why not simply take users from Point A to Point B? Two primary reasons:

  1. Client Trust

Client trust is a top priority – especially for members of highly regulated, high-stakes industries such as financial services, real estate and healthcare. Your clients are familiar with your brand, have had positive experiences using your software and have grown to trust you.

So think about how they’ll feel if they’re suddenly shuffled to an outsider for a portion of a transaction. For a homebuyer about to sign a real estate contract worth hundreds of thousands of dollars, going from the lender’s original website to a third party e-signature site could suddenly raise suspicion and cause hesitation. An integrated approach gives users a single, consistent and secure platform throughout the entire process.

  1. Brand Retention

In a world full of competition, creating a memorable brand—including company personality, logos, slogans and more—is key if you want to stand out in consumers’ minds. E-signature integration contributes to brand retention and exposure by eliminating third party branding and keeping your company name at the center of the signing process.

When searching for an e-signature service, make sure that you’re not leaving the aesthetics out of the conversation. With a cohesive, easy-to-use platform, your clients will complete seamless transactions and have more positive encounters with your company, furthering their loyalty to your brand.

###

Pem Guerry is the Executive Vice President at SIGNiX, a digital signature solutions provider that makes signing documents online safe, secure, and legal for any business. SIGNiX offers the only independently verifiable, cloud-based digital signature solution, which combines workflow convenience with superior security. Learn more about what makes SIGNiX different at www.signix.com.

iPhone 7 Release: How to Save Money on Smartphones

September 6, 2016 1 comment

Guest Post by Andrea Woroch

For gadget heads and Apple fans, the wait is over. The much-anticipated press event held by Apple every year is scheduled forSeptember 7, at which the company is expected to unveil new iPhones and possibly new MacBook Pros and the Apple Watch 2.

While early adopters are likely making plans to line up at the nearest Apple store, the average consumer would rather not pay full price for the latest-and-greatest gadget. To help reduce the cost of your next smartphone upgrade or replacement, follow these seven tips.

Check competitor offers.
Whenever Apple releases their newest iPhone and other devices, competitors often feel the burn with a drop in sales and offer discounts in an attempt to grab attention away from Apple products. In the past, we’ve seen retailers like Walmart and Best Buy as well as wireless carriers such as Verizon and AT&T slash prices on Samsung, LG, Motorola and other Android devices. Keep your eyes peeled for similar deals this year!

Save big on previous models.
With the arrival of the iPhone 7, prices of previous-generation iPhones typically drop by as much as $150. Since the design and functional differences between the iPhone 6 and iPhone 7 are reportedly minimal, buying a previous-generation iPhone at a reduced rate is hardly a compromise. Same goes for Android devices: the Samsung Galaxy S6 was offered for just $1 with a two-year contract in April of this year, ahead of the S7 release.

Search for refurbished.
One of the best ways to save on any smartphone is to search for deals on previously-owned and certified options across brands and carriers including Apple, Samsung, AT&T or Verizon to save 20% to 40%. Even sites like Overstock offer certified-refurbished phones. For example, a refurbished iPhone 5s Unlocked GSM starts at $381.99, compared to $450 for a new iPhone 5s from Apple.

Wait it out.
Jumping on the latest release of any new gadgets means you’re going to pay a premium. Wait for deals to come out later in the year and mark your calendar for Cyber Monday, the one day every year that Apple releases deals on their popular gadgets. Last year, for example, Best Buy offered the iPhone 6s for $99.99 with a two-year activation with Verizon during Cyber Week, a $100 price drop from when the phone was released in September.

Repair first.
If you’re considering upgrading or buying a new phone because of a faulty mechanism or cracked screen, consider repairing it first before shelling out big bucks for a new one. Common issues such as cracked screens, broken charging docks and diminished battery life can be fixed for low fees at sites like RapidRepair.com, saving you hundreds of dollars.

Unload your old device.
Once you buy your upgrade or new device, think about what to do with the old one. Sites like Gazelle.com pay surprisingly well for a number of phone models. For instance, a quick search revealed that they offer $168 for an unlocked iPhone 6S 64GB in good condition and $45 of a Samsung Galaxy Tab 3 10.1 tablet. Otherwise, Apple offers their own trade-in program, while retailers like Walmart and Best Buy are also getting in on the action.

Buy extras online.
Spending on a new smartphone doesn’t end with the device. You’ll likely buy a case, screen protector, additional chargers or even upgraded headphones (especially if the iPhone 7 doesn’t have a headphone jack, as rumored). Before loading up with these extras from a traditional retailer or your wireless carrier, know that most stores mark up mobile accessories by up to 60%. Instead, save big by shopping for these accessories online at sites like Amazon or AccessoryGeeks, and search for coupons before checkout. For example, deals’ site CouponSherpa.com recently featured several Amazon promo codes for $4 to $7.50 off popular iPhone accessories.

Keep an emergency smartphone stash.
30% of smartphone users admit to breaking their device by dropping it, while others cite irreparable water damage. Though Apple’s new upgrade program includes coverage for up to two incidents of accidental damage, the best insurance comes in the form of an emergency fund. Set aside a few hundred dollars in a separate account to cover the full cost of replacing your device.

Feel free to share “iPhone 7 Release: How to Save Money on Smartphones” with your audience, giving proper attribution to the source.

###

Andrea Woroch is a money-saving expert who transforms everyday consumers into savvy shoppers by sharing smart spending tips and personal finance advice. As a sought-after media source, she has been featured among such top news outlets as Good Morning America, Today, CNN, Dr. OZ, New York Times, MONEY Magazine, Consumer Reports, Forbesand many more. In addition, Andrea’s stories have been published among leading publications and sites such as Yahoo!, AOL Daily Finance, CNN Money, Huffington Post, LearnVest and New York Daily News. Check out Andrea’s demo reel or visit her website at AndreaWoroch.com for more information about booking an interview or requesting an original written article. You can also follow her on Twitter or Facebook for daily money tips.

IT Security as a “Gated Community”

August 9, 2016 Comments off

Why workers are a threat organizations can no longer ignore

shadow-3By Stacy Leidwinger, VP of Products at RES

When one thinks about keeping the home and family secure, the first thought is to take up residence in a secure location – ideally, a guarded and gated community. The second is to carefully secure the perimeter of the house itself: the doors and windows – the points of ingress. Sensors are wired to each opening, cameras and motion detectors are aimed at carefully selected places, and monitoring is switched on. When it’s all plugged in and working, we are confident that our homes are safe. But we also need to keep track of the residents of the home and ensure their cooperation with security measures. Who has a key? Or a garage door opener? Do they routinely close and lock the windows? Because even the finest perimeter defenses are readily breached by the actions, intentional or not, of residents. What can happen when someone leaves a key under the doormat for an expected visitor? Or a garage door is mistakenly left open as the owner drives off to work?

In our gated community example, our traditional defense is focused on securing entry and exit points, and assuming that residents will make no action to breach security. And in the vast majority of cases that will prove just fine. But we in our houses are not continually subject to attackers seeking to trick or cajole us into one simple mistake; a mistake that, once taken, will crack the most airtight security, exposing our homes to the depredations of criminals.

When cybersecurity measures are focused entirely on the perimeter, the organization does nothing to mitigate its greatest risk: the workers whose actions can breach the most secure perimeter defense with a single, careless mouse click.

Secure perimeters require secure workers

An organization’s workers are its chief assets – the means by which value is delivered. But they’re also a massive liability in terms of cybersecurity. And new trends within the technology-enabled workforce are making things far worse.

Today’s IT organizations are expected to equip their workforces with the devices that make the most sense for the organization, while also satisfying the ever more demanding individual worker. Whether it’s supporting preferences between Mac and PC, providing immediate access to apps and services, or allowing workers to use their own mobile devices for work, the workspace has truly become digitized – and therefore more vulnerable, compared to the days when each worker had his or her own locked-down desktop PC, and worked exclusively from the office. But as IT continues to support mobile work-style requirements, a whole slew of security-related IT issues are being raised; and the most serious threats to today’s security are stemming from the inside.

In a time of “do more with less,” IT departments are struggling to provide basic protections against malware, ransomware and spyware, and to secure firewalls to prevent outsider attacks. But is enough attention being paid to those they trust the most – their own workers?

This insider threat is no secret. A recent global study by Kensington entitled “Voice of IT” revealed that IT executives pegged the following as their biggest pain points when it comes to IT: human error, lack of process and workers not following established processes.

What can companies to do streamline IT processes and find solutions to insider threats? After all, within the “gated community” of organizational security, the user is the last line of defense.

A Gap too Big to Span?

One of the biggest debates in recent years when it comes to the digital workspace is bridging the gap between worker enablement and security. It’s an old conundrum in IT: new technologies are constantly being layered into the infrastructure, but hardly anything is ever thrown away. The result is a hodgepodge of hybrid technologies seeking to solve the same problems. And this is far from invisible to workers, who are often required to shift from app to app, from physical to virtual, in an awkward sequence of steps that has them longing for the relative simplicity of the consumer technologies they enjoy at home.

And IT security is perhaps the greatest culprit in the disruption of worker productivity. Is your organization overwhelming your workers with too many checkpoints to cross and too many updates to install? Are your existing security systems working together? And if so, are they working together seamlessly?

Organizations must create a safety net around their workers – the risks of cyberattack are too great to do otherwise – but they must do it in a way that doesn’t inhibit individual productivity, allowing workers to work when and where they choose, on the devices that are most productive for them. And all this must be accomplished with safety controls in place to prevent them from being the source – witting or otherwise – of security threats.

Yes, there are Solutions

IT must be continually on the defensive, protecting workers and the infrastructure from easy-to-make, yet potentially tragic mistakes. And, good news: there are several decisive steps an organization can make that will secure the organizational community without undue hampering of workers.

  • Deploy automated, context-aware access controls

Automate the many processes and workflows that govern the access each worker has to apps, databases and services within his or her digital workspace. Technology is available now that will:

  • Govern what resources can be accessed for each person, based on their immediate working contexts (including the devices being used, physical locations and time of day)
  • Automatically provision and de-provision those resources as needed based on that working context
  • Track that access gathering data necessary for guaranteed, easy audits.
  • Low-maintenance whitelisting with automation

Human behavior is your greatest security risk. And today’s cybercrooks are becoming increasingly creative in their attempts to exploit human inattention. Context aware whitelisting and blacklisting can ensure that only permitted apps can be executed; and the list of permitted apps can be governed by IT based on what the business chooses to allow, and each individual worker’s context at the moment access is attempted. Whitelisting adds a thick layer of protection by only allowing approved executables to be opened.

Although many organizations have some form of whitelisting in place, maintenance burdens can be high for traditional solutions. A new approach can not only use automation to better maintain the whitelist, but can add user safeguards by automatically verifying unique file signatures. This ensures that the files being executed are authentic and that workers aren’t being tricked into opening different infected files.

  • Automate the onboarding and offboarding of workers

More than 13% of workers can still access a previous employer’s systems using their old credentials. And there’s much more. In a study on rogue access, Intermedia found that 89% of ex-workers retain access to at least one app from a former employer. 49% actually logged into an account they were supposed to no longer have access to. 45% retained access to confidential data.

When employees leave the organization, that is the moment they pose perhaps the greatest risk to the organization. IT must tightly integrate de-provisioning processes into existing human resource apps, project management systems and other enterprise identity stores. Doing so allows worker access qualifications to be automatically managed and altered each time a worker’s identity status is changed in those systems. With a more holistic approach to identity lifecycle management, organizations can significantly improve productivity, compliance and security – and prevent former employees from exposing the organization’s data and systems to extremely high risk.

  • Stamp Out “Shadow IT”

Today’s crop of workers are productive like never before, thanks to the incredible technology available through modern digital workspaces. But this productivity also breeds an “I need it right now” attitude towards new technologies. And if IT can’t provide it “right now”? Often the worker’s solution is just a log in or credit card away, with ubiquitous cloud-based solutions studding the skies overhead.

The risks are great. IT must prevent employees from taking matters into their own hands to solve IT issues. But is shadow IT best prevented by hiring an army of alert IT professionals, available 24/7? Or is there an easier (and cheaper) solution? Yes! Through automation, IT can provide on-demand self-service access to the apps and services workers need, and prevent workers from circumventing access rules. This can include password management, access to a new data drive, or a request for a particular workspace app. The best way to prevent workers from going around procedures is to give them an instantaneous, trackable and reliable way to get what they need from IT. No hassles. No tickets. No violations.

Security should come naturally to an organization, but it will likely never become second nature to many of your workers. When we’re at home, we’re surrounded by a sense of security – no matter how real or illusory it truly is. Many of us don’t truly think about security unless our perimeter is breached. But IT can build a powerful security shroud around its systems, its data and its workers, by using automation and self service to simplify security processes, empowering workers to focus on their responsibilities without disruption, and keeping the enterprise safe from intrusion.

To be sure, no security solution is perfect. But we owe it to our organizations and our fellow workers to do our very best.

Pokemon GO Away: Top Apps to Find Things You Actually Need

July 29, 2016 Comments off

Guest post by Andrea Woroch

When you respond to the mention of Pikachu with, “bless you!,” you know you’re aged out of the latest app craze. Pokemon GO is inescapable right now, whether you’re grocery shopping, watching the evening news or simply driving your car. The game, which reportedly has about 9.5 million active daily users despite debuting just a few short weeks ago, has increased smartphone-related oblivion to an all-time high, resulting in car accidents, robberies, breakups and a few near-death experiences.

Despite the apparent omnipresence of these cartoon creatures, not everyone is overcome with the desire to catch them. If you prefer to use your smartphone to find something you actually need, consider the following app recommendations that don’t require the ceaseless pursuit of pocket monsters.

Find fee-free ATMs with ATM Hunter.
According to recent reports, the average out-of-network ATM withdrawal fee is $4.52. That’s the cost of a fancy latte just to access your own funds! Use the ATM Hunter app to find nearby cash withdrawal machines that won’t charge you fees and save that money for your next caffeine fix.

Find inner peace with Calm.
Who couldn’t use a little calm these days? This app offers guided meditation to newbies who are interested in the practice but aren’t sure where to start. While the free app has plenty of great content, users can upgrade to paid subscriptions for $9.99 per month or $39.99 a year for access to more robust meditation programs.

Find coupons and savings with Coupon Sherpa.
Don’t fear this cartoon character: Coupon Sherpa lists coupons for real savings from top national brands and local shops and services. For example, you can currently use a Home Depot coupon to save $5 off your $50 purchase. The “nearby” function also highlights offers available near your location, including local restaurants, hair salons and other service providers.

Find happy hour deals with Happy Hour Finder.
Observing the downward spiral of humanity into the make-believe world of Pokemon GO calls for a stiff drink. Use the Happy Hour Finder to locate the best booze specials at nearby restaurants and pick your poison accordingly without blowing your budget.

Find new digs using HotPads.
Sick of your roommate? Find a new room or place with HotPads. The app features apartment listings nationwide along with neighborhood details, such as nearby schools and a “walk score” of the area to help you pick a place to live that suits you best.

Find a place to go using Sit or Squat.
When you gotta go, you gotta go, right? This app identifies nearby public restrooms on a map offering user reviews and ratings to help you find a clean place to stop.

Find the fastest route with Waze.
Wherever you’re heading, this community-based traffic and navigation app will get you there sans construction slow-downs and insidious rubber neckers. You’ll get real-time traffic and road information from other drivers in your area, saving you time and gas money on your daily commute.

Find your travel deets with TripCase.
Frequent fliers take note: TripCase is your ultimate digital travel assistant. The app sends notifications about flight delays, gate changes and baggage claim information, often more quickly than the airlines themselves. Plus, you can also store hotel, transportation, meeting and entertainment confirmations and reservations for quick reference.

Andrea Woroch is a money-saving expert who transforms everyday consumers into savvy shoppers by sharing smart spending tips and personal finance advice. As a sought-after media source, she has been featured among such top news outlets as Good Morning America, Today, CNN, Dr. OZ, New York Times, MONEY Magazine, Consumer Reports, Forbes and many more. In addition, Andrea’s stories have been published among leading publications and sites such as Yahoo!, AOL Daily Finance, CNN Money, Huffington Post, LearnVest and New York Daily News. Check out Andrea’s demo reel or visit her website at AndreaWoroch.com for more information about booking an interview or requesting an original written article. You can also follow her on Twitter or Facebook for daily money tips.

What the Juniper Revelation Means To You

December 23, 2015 Comments off

The Sixth FlagPete Kofod, December 22, 2015

Juniper Networks, a leading networking equipment vendor, announced on December 17, 2015 that they had discovered “unauthorized code” in their ScreenOS software.

ScreenOS is the operating system used to run their widely deployed firewall and VPN equipment.   The software appears to have been surreptitiously inserted, granting attackers full access to the firewall and the ability to read encrypted traffic.

To make matters worse, it appears this intentional “back door” has been a part of the ScreenOS since 2012.  Given how much sensitive traffic is protected by Juniper equipment, the consequences will likely prove to be disastrous.

Juniper is the firewall vendor of choice for the Unites States Department of Defense as well as for the banking sector.    Consequently, this vulnerability impacts virtually every government agency, Fortune 100 Company as well as the broad technology sector including social media firms and their customers.  In other words, everybody is impacted.

While Juniper and their customers go about analyzing the extent of condition and remediation, we should also consider this to be a teaching moment and an opportunity to review our assumptions about how we secure systems.

Defense In Depth is Not Enough

Most IT professionals, and certainly all security professionals, are familiar with the concept of Defense In Depth.  The principle states that security functions should be layered, forcing adversaries to successfully compromise multiple layers before successfully reaching a network’s “inner sanctum.”

Security LayersWhile this is certainly a worthy security guideline, there are good reasons to believe it may not fully meet its intended mark.  Defense in Depth historically is a network as opposed to application concept.  Simply, it is classic network security involving access lists on border routers, packet inspection by firewalls and restrictive routing policies inside the perimeter.

Unfortunately we have seen that many applications do not include detailed, multi-layered application security, choosing instead to rely on external resources (“the security team”) to save them, except the point and mandate of Defense in Depth is that each layer should include relevant and effective security.

This trend has only become more pronounced as application development has converged around web services.  Vulnerability exploitation has followed the trend and moved “up the stack.” This makes the security engineer’s responsibility far more challenging as applications, including exploits and attacks, are moving communications to HTTPS.

Defensive technologies such as Web Application Firewalls have stepped into the gap in an attempt to mitigate such attacks, but clearly they are not always successful and should not be considered the sole or even primary remedy.  Security is everybody’s responsibility, especially application developers and owners.   In addition to Defense in Depth, technologists should consider adopting cell structure approach to security.

Importance of the Cell Structure approach to Security

Cell Structure Security is the idea that the impact of system compromise can be sufficiently mitigated regardless of which system is affected.

The term traces back to how clandestine resistance groups organize themselves.  In a resistance movement organized in a cell structure if a member of a cell is captured and compelled to spill the beans, the compromise does not go beyond the individual or, at worse, the members of the cell.

To be clear, Cell Structure Security does not ask the question of whether a system can be compromised, it assumes compromise can and will occur at any level and therefore focuses on limiting the damage post-failure.

In a world of directory services and central authentication, this may seem like a tall order but analyzing the feasibility of implementing such an architecture is a worthwhile exercise nonetheless.

In the context of the current mess, it is all but certain that organizations have seen elevated credentials traverse their Juniper VPN connections completely unprotected.  The extent of condition for Juniper’s customers is still largely unknown but it should be assumed that the impact reaches far beyond just patching the Juniper systems.  In fact, the skunk may  well still be inside the walls as internal systems are likely to have been targeted based on the attackers’ reconnaissance of compromised VPN traffic.  The collapse of a single system has compromised the entire enterprise.

Premise is NOT inherently more secure than public cloud

Security remains a persistent concern for organizations considering the public cloud as a software and infrastructure platform.  Whether restricted by cultural or regulatory considerations, events like the Juniper incident should force technology managers to assess whether premise-based systems offer more effective security.

Public Hybrid PrivateWorries have understandably been fueled by well-publicized security breaches of cloud application vendors, but even a cursory review shows lax software and system design were more often than not to blame as opposed to inherent structural flaws of the cloud.

The truth is that the public cloud, in the hands of a responsible and security conscious team should be seen as an asset that can strengthen, as opposed to weaken, system security.  Top cloud service providers offer rich security functionality, but it is up to the software vendor and client to avail themselves of it.

An interesting exercise for technology leaders to undertake is to consider the architectural differences between premise and cloud-based systems.  Odds are that if they are both well-designed, the differences are not going to be significant and the public cloud may in fact offer security features such as 2-factor authentication and web application firewalls at a fraction of the cost of premise-based solutions.

Technology teams should also challenge themselves to answer the following question:  “If we were to move all systems to the public cloud, how would we do it in a manner that is consistent with our security objectives?”  After doing that, the team should compare the move with maintaining their existing premise-based architecture.

If the team finds itself implementing security measures in the cloud, which have not been currently implemented on premise, the team should ask why that is the case.

Conclusion

While the full impact of Juniper’s security lapse will not be known for some time, it should serve as an urgent opportunity for technology teams to question fundamental security assumptions, not just vendor selection.  What happened to Juniper can happen to anybody, vendor and customer alike.  IT leaders need to spend more time guiding their teams in evaluating consequences of security failures.

While vendors tend to define problem narratives in terms of known solutions, customers should not confine themselves to following that path.

About Pete Kofod

Pete Kofod has over twenty years of technical and leadership experience in Information Technology, including the development of secure hosted services for the transportation industry as well as designing and managing networks in the utility and defense sectors. Pete is Principal of Raleigh-based Datasages Consulting Group LLC, a firm he founded in 2008 that is dedicated to providing enterprise management services to industrial and transportation customers. Pete is often called upon to lend expertise to large-scale transportation projects. He has been a material contributor to the implementation of Positive Train Control in the United States, particularly as it applies to security and availability in a hosted environment.  Pete is also cofounder of The Sixth Flag, Inc. He can be reached at pete@thesixthflag.com

5 Places to Never Use a Bank or Credit Card

September 18, 2015 Comments off

Contributed Article By: Shaun Murphy, CEO Private Giant

According to ConsumerCredit.com, 80% of consumers use their debit cards for everyday purchases like gas, meals and groceries instead of cash. While a card is more convenient to simply swipe through a machine versus counting out change and worrying if you have enough cash on hand to make a purchase, it is not always the safest way to pay. Cash cannot be traced to a bank account or to other personal financial information like a bank or credit card can.

Privacy and security expert Shaun Murphy, founder of Private Giant, has identified five places consumers should never use their bank or credit card in order to help prevent their identity from being stolen and to protect their personal information.

Here are the places you should think twice before swiping or entering those priceless digits:

1.) Online shopping sites that are not secure. Before you enter your credit or bank card information, look for the lock icon without any overlays. While you are checking out, you should see this icon in your web browser:

HTTPS - Secure Connection

Not either of these:

HTTPS-Bad1  or  HTTPS-Bad2

Some sites, Amazon included, will not show you a lock icon until you login to your account or begin the check out process. This means anyone can see what you are shopping for while you are browsing.

2.) Hidden / out of view terminals. A hidden terminal could be as simple as the gas pump furthest away from the center or an unattended station for automatic checkouts at the grocery store. These are sweet targets for credit card skimming devices that can sit there for months without anyone noticing.

3.) Cell phone charging stations. While it may sound convenient to swipe your card to charge your phone for free when the battery is nearly dead, but you should think again. Despite being ripe for credit card skimming or nefarious credit card information storage, these devices can also dump the information from your cell phone while charging! This attack method even has a cool name: Juice Jacking!

4.) Apps (desktop or mobile) that ask you for your credit card information outside of the normal app store. Chances are this is not a legit application, especially if it is threatening you (you have a virus, please deposit $10… or I’ve encrypted all of your files and I’ll unlock them for a price.)

5.) Services that claim to be free or a free trial but still need you to input a credit card before you can start using it. It is almost guaranteed that service is either going to scam you or sign you up for some paid service that will be impossible to cancel.

Now, if you are wondering how exactly you are supposed to pay for the services you need in situations like those listed above there are a few options. One of the easiest is to use your bank or credit card to buy one-time use/reloadable cards that do not have ties to your personal information. Just make sure when you are checking out at the store that you go to a clerk, not a self-checkout lane.

False Pretense Films

Film Noir with a Modern Twist

I'm Just Trying to Help

Helpful Hints, Tips, Tricks, and Info

5K a Day 2017

Our 2017 fitness goal

securityNOW

Cybersecurity News and Interviews

LoneStarFreedomPress

Phoenix Republic - The Lone Star Gambit / Sovereign's Journey

%d bloggers like this: