As Research Director for Business Networks and IT Services at Current Analysis, Bernt covers the competitive landscape for system integration and IT service provisioning, and analyzing the managed security services across carriers and IT Service Providers. He brings with him a broad understanding of the competitive issues and environment that currently exists in the rapidly changing IT services and telco sectors.
Information management capabilities are more important than cheap storage capacity
Ease of storage expansion as well as lower storage costs per TB, combined with the drive to be more security ‘compliant’, threaten to combine to create a perfect data storm. Present conditions seem to encourage regulators and government agencies to insist that public sector institutions as well as corporations collect and retain even more data that is not required for operational purposes, but might be needed in future, or might be needed for public safety, or might aid future issue handling. Corporate governance, risk, compliance (GRC) policies are going in the same direction. The bottom line is: added operational costs. Privacy issues aside, from a cost-benefit perspective two facts spring out: first, some 98% of what is stored is never viewed again, and second information management is way behind the curve. To put it bluntly: garbage in, garbage out (GIGO) is a growing problem because duplication, inconsistencies, randomness as well as systemic errors, lead to massive waste. Policy decisions based on such data risk being flawed and misleading, rather than those based on well-informed analysis of timely and reliable data. Clearly, it’s easier to just add more data to storage than to actually create an information management policy and capability that gives some assurance that data used for decision-making is valid to some defined degree. Continue reading “Stop GIGO Data with Better Information Management”→
Mobile carriers only want to make sure our traffic is OK; they just forgot to ask.
Anything put on an open platform can be taken off, but what about the ethics behind such actions?
Carrier IQ (CIQ) is a very discreet U.S. software company with an application which it claims helps network providers diagnose a range of problems on Android devices, including identifying user location, causes of premature battery drainage, dropped calls, and other system problems. The reason for discretion is the fact that the app is preloaded onto mobile phones before being sold to customers, and once loaded, it is very hard to spot, has a wide range of preset permissions to monitor and report any and all user activities on the device to the carrier, and cannot be turned off. In other words, CIQ meets the definition of a root kit.
MSSPs are having to invest more in improving their service quality, as customers get more critical
The solution could be better overall customer support and more security outsourcing
Reviewing the latest Q3 2011 financial performance metrics, a common trait is emerging: many service providers (carriers like Verizon and IT service providers like T-Systems) are investing a lot of their revenues into improving the quality of their managed service delivery – which has put a dent in Q3 profits. Some are making the investments defensively because customers are complaining; others are doing it proactively to avoid future grief. Continue reading “Ouch, Quarterly Financial Reports Highlight Managed Service Quality Issues”→
Pay attention to basic security procedures and attitudes
Explore quantifying the risk from an insurance perspective
Most attacks on most networks could be defeated with just four key strategies according to this year’s winner of the SANS Institute 2011 US National Cybersecurity Innovation Award – Australia’s Defence Signals Directorate: patching applications and always using the latest version of the software, keeping operating systems patched; keeping admin rights under strict control (and forbidding the use of administrative accounts for e-mail and browsing); and whitelisting applications. The basis of these recommendations is that security is a behavioral problem, not a technical problem. In other words, if users don’t have the basic security procedures and the right attitude, no amount of technology investment is going to create the needed security. Continue reading “KISS Your Security Measures”→
Provide simple security commandments to follow under pain of dismissal
The most compelling briefings at this year’s RSA Security Conference in London were focused on how companies can make the journey from their governance, risk and compliance process and the resulting security policy to actually making it work throughout their enterprise, where getting people aligned with security is a real sticking point. It’s not that employees actually want to spill company secrets – mostly, they just want to be helpful to ‘perceived’ colleagues. How many times do we actually read error messages or listen to security warnings? How often do we reflect on the veracity of a caller who seems really nice and obviously knows a lot about the company? Continue reading “Social Engineering – Industrialized Exploitation of Human Helpfulness”→
Poison in the Well: APTs threaten basic Internet trustworthiness
Head for the cloud (services), but look for open standards to avoid vendor lock-in
Network-centric cloud services are emerging as the new computing paradigm for performance-hungry, cost-conscious business customers. Recent surveys show that businesses are looking at the full span of private, hybrid and public cloud services in their adoption plans. Yet, most IT security professionals express serious and legitimate concerns about the security of cloud services, as well as how cloud adoption can adhere to corporate governance, risk and compliance (GRC) policies. IT security professionals are also increasingly alarmed by advanced persistent threats (APTs) that are undermining the very structure of the public Internet.