Brazil has a strong IT sector, though the country has been mired in lackluster growth for the past several years after its earlier sprint. There is a lot of development beneath the surface, however, and among the strongest influencers, are an attempt to put on two top international events – the World Cup and the Olympics – within two years. This is a feat that no other nation has yet attempted. It is extraordinarily expensive and demanding, with demands from FIFA (World Cup governing body) and the Olympics Committee for a wide range of new infrastructure and conditions, all of which have created a need for new technology, as well as waves of protests over costs and security arrangements.
IT has been an important part of event preparation, with high tech security centers being established in major urban locations throughout the country, and media/communications facilities being expanded to accommodate viewers, visitors, and fans. The preparations have also highlighted Brazilian technology, as well as drawing even greater attention to the protests, construction failures, and inability to meet time commitments. Continue reading
As we roll into Friday the 13th, we see that Cloud security is a hot topic again this week. A review of news feeds, blog posts, Twitter feeds and more reveals a plethora of publications and posts generating FUD regarding Cloud security.
The net feeling across all of these is that Cloud is big and scary. The negative quotes cited all seem to be from IT “security experts” and providers of IT security. Hmmm.
The most-cited security breaches include the December 2013 Target breach (not Cloud; failure to develop and manage adequate security within Target), various laptop and memory stick thefts beginning in the 1990s (obviously not Cloud; failures of security management and practice), and the October 2013 MongoHQ breach, which suffered an attack through social media app provider Buffer. Continue reading
We keep deploying and maintaining antivirus on our end points, expecting this to protect our enterprise. Instead our adversaries use root-kits and back door transplants that are largely invisible, and which enable them to own the PCs and revisit them at will. We assume we are protected, and yet we have this nagging doubt because we don’t know, what we don’t know. Yet we keep spending a lot of money on antivirus and other security tools that are built on the same premise of a mechanical security perimeter. The compulsion to do so is from regulation, industry practice, and because, well that’s just the way we’ve always done it.
This problem is not unique to antivirus. Almost all of the security perimeters we rely on are now outdated and ignored by our adversaries. Why? Our adversaries have access to the same systems and tools we do, and they have access to a wide variety of exploits through online auction sites and underground share sites. It doesn’t take much to test out a new exploit and even less to activate it without being caught. Once activated, exploits find ready targets across millions and billions of the limited technology monocultures we use around the world. Today’s exploits simply walk through or around our security perimeters and our adversaries simply thumb their nose at us. Continue reading
The API economy is doing quite well, but its expansion awaits a breakthrough security invention that will enable the use of APIs and the economy to unleash data currently behind corporate firewalls. As it exists today, the API economy is fixated on freemium business models where consumers find “freely” available information they can put to use in their daily lives. Whether the purpose of acquiring the data is to make travel reservations, purchase something, or simply search for something, the current complexion of the freemium API economy is just the start of business model reinventions that are yet to come, where entire industries will be remade and then made over again.
The big business blockbuster gains of the past 40 years might have been propelled forward by technology innovation, but all have been led by changes in business models. This will be the same in the API economy. Changes in business models will drive the need for technology innovation, which will drive further change in business models.
The current state of information security today is one where data is either free, or it’s not free. The data is commonly available on the Internet through a wide variety of APIs, or it’s behind many layers of security controls to prevent access to the data. This security wormhole, from data being free to it not being free, is going to be traversed as businesses seek competitive advantage over others in the API economy. Continue reading
What is Happening?
Verizon’s annual data breach investigations report is out, and Saugatuck’s analysis of the information, gathered from 50 sources cataloguing 63,000 security incidents across 95 countries is this: Despite investing billions in hardware, software, and services, we have learned little to nothing about managing data and system security effectively.
Two things stand out in our review of the report:
- The number and scope of data breaches bears little resemblance to the related hype and resultant market perceptions; and,
- The vast majority of data breaches (and losses) are still, quite simply, preventable by improving and adhering to consistent management practices. Acquiring and implementing security technology does not effectively prevent data loss.
First, let’s look at perceptions and realities regarding frequency of system breaches and resulting losses of data. The pie slices in Figure 1 use Verizon’s published data to illustrate the relative numbers of reported data breach incidents by firms in 21 industry categories, alongside the relative percentages of actual losses reported by the same firms.
Figure 1: Analyzing Verizon’s Data Breach Data
Source: Saugatuck Technology Inc. from Verizon Inc. data published April 2014 Continue reading
The crowd says Cloud is less secure and holds more risk than enterprise networks. But try to convince the principals at Target of this, and you’ll be told that nothing is secure anymore, unless you turn it off. Unlike the conventional wisdom of the crowd, Saugatuck sees the Cloud as the path through which the entire field of information security is going to become transformed into more control and less risk.
The age of big data security analytics is in its childhood, but this child is growing fast and strong and will soon carry the entire industry on its shoulders as it transforms current practices and technologies. The primary constraint to its growth is the necessary skills to interpret and use the new generation of big data security analytic tools. This key restraint will be overcome by Cloud-enabled application services and the massive pools of information these analytic applications will ingest from around the world. Continue reading
Saugatuck recently surveyed user executives worldwide seeking their perceptions about adoption and usage of Cloud-based offerings. Results of the survey include the combined responses from over 200 IT and non-IT executives in enterprises of various sizes.
In newly published research, we examine a subset of the survey data in more depth to identify insights regarding the concerns that executives associate with the adoption of Cloud-based offerings. In our survey we offered a list of eleven potential concerns and asked IT and business executives to identify their top 3 most important concerns related to the Cloud. The results reveal that Data Security and Privacy are a concern for a clear majority of respondents. In fact, Data Security and Privacy (selected 55 percent overall) is the top ranked concern in the survey. Continue reading
Saugatuck recently published a Strategic Perspective which looks at data center moves and suggests adopting Cloud offerings as a way to avoid a move. In the paper Saugatuck offers pragmatic guidance in five areas for planning and executing a data center move. In addition, the paper explains that requirements for networking, and for security and certifications, both frequently neglected, must be considered when evaluating Cloud offerings.
In short, moving a data center will incur substantial costs, risks, and time. Thus, in almost all situations avoiding a move is highly desirable. Saugatuck’s guidance is: Adopting a Cloud-based offering is less expensive, less risky – and far more expedient – compared to moving, or expanding, a data center.
Note: Ongoing Saugatuck subscription clients can access this premium research piece (1184STR) by clicking here, and inputting your ID and password.
The use of Cloud-based solutions is infiltrating all aspects of business IT – expanding both across enterprises and across user departments within enterprises. Similar to other technological advances, the risks and the rewards of Cloud IT vary for individual situations. A clear understanding of the popular perceptions about Cloud IT is the crucial first step toward objective evaluation and planning – and, away from project failure and management disappointment.
Note: Ongoing Saugatuck subscription clients can access this premium research piece (1149STR) by clicking here, and inputting your ID and password.
IT organizations are actively embracing the mobile computing devices born in the consumer market. While the challenges of managing the devices are significant, they are not overwhelming and multiple tools are available to automate processes ranging from on-boarding a new user, to erasing sensitive data from a misplaced or stolen device.
However, beyond managing the devices, IT organizations are finding – sometimes, the hard way – that managing the applications on the mobile devices is necessary to avoid security and availability exposures. IT shops are finding that welcoming an authorized user on an approved device with unknown software is similar to the Trojans unwittingly welcoming the Greeks by pulling the fabled horse inside the city walls. Details vary by enterprise, but IT organizations should consider the functions detailed in Figure 1, below, for managing mobile device applications and software.
Figure 1: Mobile Device Application Management Functions
Source: Saugatuck Technology Inc.
Note: Ongoing Saugatuck subscription clients can access this premium research piece (1141MKT) by clicking here, and inputting your ID and password.