Pattern Recognition: The First Step to Reducing Risk Is Recognizing Threats

Amy Larsen DeCarlo

Amy Larsen DeCarlo

Summary Bullets:

  • Business and governments alike are facing unprecedented cybersecurity challenges as the threat environment becomes more virulent and complex and as more data is digitized.
  • Yet, as difficult and complicated as it can be to mount an effective defense today, threats share some common traits. The latest Verizon Data Breach Investigations Report uncovered the fact that the majority of security incidents fit into one of nine distinct patterns.

In an era where cybercrime and its costs to business and government are escalating at a breakneck pace, resource-constrained enterprises are struggling to keep ahead of the threats. One of the issues made clear by incidents such as the 2013 Target breach is that often organizations have the information, but their IT teams are drowning in so many alerts and false alarms, they fail to focus in on the most damaging threats. Unfortunately, too many IT teams are simply overwhelmed by the volume of incident data and the mysterious sources of cyber-attacks. Read more of this post

Are There Still Differentiators in Managed Mobility?

Kathryn Weldon

Kathryn Weldon

Summary Bullets:

  • Current Analysis was recently briefed by seven mobile operators on their latest managed mobility services.
  •  While their portfolios have many elements in common, there remain a few key differentiators.

Every time Current Analysis completes its updates on the global managed mobility services market, there are a number of service elements or sound bites with which to position portfolios that sound increasingly similar. For example, all operators now have several platform options for mobile device management, and most are also leveraging the mobile application management and enterprise app store functionality (and increasingly the app-wrapping or other form of containerization) of their platform partners. Most operators also still offer TEM; a few have MEAP platforms offered as a service while others offer sets of pre-built mobile apps; yet others will do end-to-end mobile application development. Mobile security also has some variation, as some operators view their MDM services as synonymous with their mobile security offerings while others offer a continuum of add-on security capabilities and software partner add-ons or do a lot of custom mobile security engagements. As for positioning, there remains a common view of the near future where, at least as an option, all managed mobility elements are multi-carrier, are offered from the operator’s cloud, and have been integrated into the same service, with a common UI and with all elements viewable and manageable from the same portal; there is also sharing of all data from each service in a shared database to be able to do more analytics and even real-time analysis of usage. Many operators have done some of this kind of integration or plan to do so. Read more of this post

Everyone’s Getting in on Flexible WAN/Cloud Connectivity

Brian Washburn

Brian Washburn

Summary Bullets:

  • Many providers have placed their MPLS WAN service edge inside data centers, offering secure connectivity with class of service support.
  •  The expanding list of competitive offers means enterprises do not have to look far for flexible WAN/cloud connectivity options; pricing should only get better.

When it comes to connecting the enterprise WAN edge directly into the data center, it seems many of the major global and U.S. network providers are now in on the action. Just in the past several weeks, Verizon upgraded its Cloud Services Interconnect to Secure Cloud Interconnect, adding granular visibility and management control to connectivity in major Equinix locations worldwide and select U.S. Terremark facilities. XO announced Bandwidth-on-Demand, a service that supports dynamic bandwidth across the company’s WAN PoPs, including those terminating in data centers. Similar types of services have been launched by AT&T (Cloud Network Enablement and NetBond), tw telecom (Intelligent Network), Level 3 (Cloud Connect), and Orange Business Services (its long-established VPN Galerie). While these offers’ approaches and features differ, they all offer the security of transporting traffic all the way into the data center via an enterprise WAN and honoring class of service (CoS) support. Most of these WAN-to-cloud services have usage-based billing, to handle moving big workloads. Many also support bursting with CoS performance up to double, triple, or many times more bandwidth.

Read more of this post

Heartbleed Bug Shows Industry is Under-investing in Software Integrity

Paula Musich

Paula Musich

Summary Bullets:

  • The disclosure of the devastating Heartbleed bug – two years in the wild – illustrates how much the technology industry under-invests in software integrity.
  • Bug bounty programs spur greater participation in vulnerability research, and those who benefit most directly from open source software should contribute to an open source bug bounty program.

Unless you’ve taken a holiday from the connected world, you probably know by now about the Heartbleed bug. And if you’re a CSO or CISO, you’ve most likely seen plenty of suggestions on how to respond to the threat posed by this extremely risky and widespread vulnerability. Although the effort to address the problem is not quite as Herculean, it struck me that the response to the Heartbleed bug needs to be nearly as widespread as the effort to fix the date problem at the turn of the 21st century. Estimates that I saw about how widespread OpenSSL use is suggest that as much as 66% of all the websites across the globe use OpenSSL, and some reports suggested that the technology is embedded in a wide variety of network infrastructure devices, including routers, WLAN controllers, firewalls and more. But while enterprises had plenty of advance notice to address the date problem leading up to the year 2000, web site operators and technology vendors need to move with the utmost urgency to patch this flaw and clean up the mess created by this “catastrophic” vulnerability. It shouldn’t be a surprise that the coding error happened, and I don’t think that its existence is necessarily a condemnation of the way that open source vetting works. Read more of this post

Why Generational Stereotyping Does Not Sell the Next Wave of Communication and Collaboration Services

Tim Banting

Tim Banting

Summary Bullets:

  • There are three generations in the workforce today; vendors need to show how solutions unite all workers to foster a collaborative environment, producing business value.
  • Communication and collaboration solutions provide the opportunity for partners to monetize new services based upon driving user adoption.

There is much talk focused on ‘the millennials’ in communication and collaboration: the next-gen workforce demanding new ways to communicate and collaborate. Many vendors are citing that this new generation is changing the way work gets done, bringing a different mindset to work, and demanding different tools to use in a modern work environment. Millennials are the socially collaborative generation, using tablets and smartphones to share opinions with friends and make more informed decisions through apps such as Facebook, Instagram, and Twitter. However, there are three generations in the workforce today: the millennials, or Generation Y (those born since the early 1980s); Generation X (since 1965); and baby boomers (since 1943). Baby boomers (the youngest of whom will turn 50 this year) are working beyond the traditional retirement age of 65. Concerns about money (given the recent economic crisis) play a significant role in explaining why so many baby boomers see themselves working longer. Baby boomers are still a substantial part of the workforce, and whether by choice or necessity, they will remain a sizable proportion of the workforce in the years ahead.

Read more of this post