The Outsource Blog

General discussion, news & views about Outsourcing and Offshoring

Posts Tagged ‘Security’

Hackers, IT units focusing on smartphone security

January 2nd, 2012

Mobile phones, long seen as safe amid rising threats to computer security, have become a key target for hackers and an increasing worry for corporate IT departments.

While the first mobile virus dates back to June 2004, risks from hackers remained limited because of the relatively small size of the market.

But this has changed recently with the surge in the smartphone segment, which this year outgrew the PC market, and the new dominance of Google’s Android software.

The emergence of mobile payments, which allows shoppers simply to swipe their phones at a cash register, is whetting the interest of hackers and data thieves.

“Mobile security has become a major concern since smartphone transactions are now of much higher value, including corporate data access, managing personal finances and online purchases,” said Steven Nathasingh, chief of U.S. research firm Vaxa Inc.

Most consumers have not protected their smartphones. Fewer than 5 percent of smartphones and tablets are installed with security software, according to Juniper Research.

The research firm expects to see a surge in demand with the total annual market for mobile security software growing to $3.6 billion by 2016.

“With more and more mobile devices being hijacked without the owner’s knowledge, the risk of identity theft and personal financial loss is intensifying,” said Peter Davin, chief executive of Cryptzone.

A study by consultancy Deloitte this week showed that companies in the technology, media and telecom sector expect data stored on staff mobile devices to be their biggest security headache in 2012.

“Employees should be made aware that using a personal device to access corporate data may also have personal implications,” said Cryptzone’s Davin. “For example if the device is lost, stolen or clandestinely taken over, the organization may decide to wipe data.”

In the United States alone, 113 mobile phones are lost every minute, according to research firm Gartner.

For most attacks criminals would need to install software on a victim’s phone.

But at a hackers’ convention this week Karsten Nohl, a well-known expert on mobile phone security, demonstrated how to get remote control of a phone and sent text messages and made calls from phones to which he had no access.

Nohl used a vulnerability in the GSM network technology — which is used by billions of people in about 80 percent of the global mobile market — which operators can patch in their networks, but which is not done by most carriers.

Source:http://articles.economictimes.indiatimes.com/2011-12-30/news/30572944_1_mobile-security-mobile-phones-mobile-devices

Share and Enjoy:

Comments »

Posted in News

Tags: Hackers IT Security Smartphones

Latisys Selects Palo Alto Networks to Provide Next Generation Security for Data Center Platform

December 14th, 2011

Share

Latisys, a leading national provider of IT Outsourcing solutions from colocation to cloud, today announced it will leverage Palo Alto Networks next-generation firewalls to support the security requirements of its rapidly expanding hosting and managed services platform.

Latisys’ private and multi-tenant cloud solutions enable enterprises to increase scalability and achieve greater control over their computing resources. Network firewalls from Palo Alto Networks offer unprecedented ability to isolate customers within a more cost-effective multi-tenant environment without sacrificing high levels of privacy or security. Each customer is segregated into separate containers, or virtual walls with concurrent connections and sessions.

“As we continue to deploy technology and services that are truly built for the future, it is important to work with industry-leading partners like Palo Alto Networks,” said Christian Teeft, VP of Engineering, Latisys. “Palo Alto Networks has a unique grasp of the key factors driving the enterprise security market, and they’ve developed next-generation firewall products that enable Latisys to offer enterprise customers critical protection against the dynamic threats occurring at the network, application and content layers.”

As Latisys expands its suite of IT Outsourcing services from Colo, Managed Hosting and Virtualization to Private Cloud, enterprise customers demand firewall security that extends beyond traditional Unified Threat Management (UTM). Palo Alto’s next-generation firewall solutions protect data center environments where traffic demands dictate predictable firewall and threat prevention throughput. Latisys will leverage a variety of these capabilities in its high density data center facilities located in each U.S. time zone, including:

Deep Security Protection extends threat protection deep into the application layer, beyond what traditional defense mechanisms (firewalls, IPS/IDS, etc.) can identify. For example, it can identify exactly what the application is, across all ports, irrespective of protocol, encryption (SSL or SSH), or evasive tactic.
Multi-Gigabit Throughput Protection with traffic flows of up to 20 Gbps effectively protected with more than 40 processors distributed across four functional areas: networking, security, content inspection and management.
Reliability and Resiliency delivered by active/active or active/passive high availability; physical separation of data and control plane; and redundant, hot swappable components.
Granular, Real-Time View of performance characteristics and utilization.

“Latisys continues to deliver new cloud-based services to its nationwide customer base that are highly innovative and ideally suited for the data center of tomorrow,” said Punit Minocha, vice president of corporate and business development at Palo Alto Networks. “We are pleased to see Latisys making the most of our product’s unique multi-tenancy capabilities.”

Source:http://www.prweb.com/releases/2011/12/prweb9035040.htm

Share and Enjoy:

Comments Off »

Posted in News

Tags: Generation Next Platform Security

IT security spending in 2015

November 14th, 2011

Share

Companies around the world by 2011, more than 35 billion U.S. dollars for security services spending. That’s four billion dollars more than last year. 2012, sales of security services in the outsourcing model to get more than 38 billion dollars – even in 2015 to 49 billion dollars.

Managed Security Cuts Costs

For this result, the U.S. market research institute comes Gartner in the market report “Forecast: Security Service Market, Worldwide, 2011.” Gartner analyst Lawrence Pingree thinks the reason for the soaring investments in Managed Security Services ( MSS ) is that the market for services related to security technology has changed rapidly in recent years.

Companies are outsourcing the operation and management of their security solutions to one of specialist providers to reduce their operational costs and the IT budget to relieve. Second, they want to bundle with this step freed IT personnel capacity in strategic security initiatives.

Even small and medium-sized companies now ask for increased external services IT Security for. You want to be – even in terms of IT networking with customers and partners – better protection from attack or data loss. According to Pingree these companies lack the financial resources and staff to build internal expertise to do this.

Source:http://www.cio.de/knowledgecenter/security/2294879/

Share and Enjoy:

Comments Off »

Posted in News

Tags: IT Security

Outsourcing data security

September 30th, 2011

Share

Having recently been served a series of sharp reminders about the growing threat posed by cyber attackers, many CIOs have now turned a critical eye towards understanding their exposure to data loss.

What they are finding is that much of their data actually resides, or at least flows, through a number of third party service providers that are outside of the organisation’s direct control.

As a result, many CIOs are now asking if their data security can be successfully and reliably outsourced and to whom?

Bringing in the armed guards
Before we can answer that, we need to look at the two different types of outsourced security.

The first is the use of third party suppliers to provide security services within the enterprise. Some of the most common types are malware managers, email monitoring, firewalls and virus protection software.

For this type of security, outsourcing to third party specialists is often a recommended option for organisations. Specialist third party suppliers tend to service multiple large clients and are therefore able to spot threats and deploy responses far faster than isolated in-house teams.

Many of the larger outfits also invest significantly in R&D to deliver ever-increasing levels of security to their clients.

However, the security services market is also highly fragmented, leaving CIOs to work with an increasing number of different services providers in order to properly defend against a growing onslaught of new and emerging threats.

This may not remain the case for long. HP’s purchase of Fortify Software and ArcSight last year seems to indicate a move towards more consolidated security offerings in the future.

Locking down the cloud
The second type of security outsourcing relates to that day-to-day data flow that underscores the operations of almost every organization.

This bit is often much more difficult to manage.

A large percentage of organisational data now flows through third party suppliers who provide a range of services from data warehousing to customer analytics.

The emergence of cloud computing (or Outsourcing 3.0) only exacerbates the complexity by shuttling data from centre to centre, creating backups and artefacts across multiple systems.

In fact, in a report by KPMG and the e-Crime Congress, more than two thirds of the senior security professionals surveyed said that cloud computing would increase their risk of e-crime. nearly nine out of 10 said that internet-hosted software such as webmail and enterprise social networks would pose an equal risk.

The answer is not to ignore the business opportunities — sometimes imperatives — surrounding outsourcing and cloud; nor is it simply to bury your head in the sand.

Out of sight, but not out of mind
Through greater use of outsourcing, CIOs have effectively been delegating their security management to a hodgepodge of disparate vendors that may include everyone from their CRM service provider to their website hosting service.

IT leaders would be well advised to remember that a supplier’s ability to manage and store data does not necessarily reflect their ability to also protect that data.

That is not to say that data service providers are not secure; many successfully differentiate themselves based on their reputation for security.

However, it does mean that CIOs will need to go above and beyond simply including security clauses into outsourcing contracts in order to get peace of mind.

Often, the details agreed upon by those signing the contracts either don’t represent the reality on the ground, or are not properly communicated to the individuals or teams that actually provide the service. This may ultimately result in a mismatch between client expectations and what service providers are able to deliver.

Protecting the Crown Jewels
The other challenge facing CIOs is one of classification. Not all data requires the same level of protection and not all information holds equal value to the organisation.

But to properly classify and protect the organisation’s Crown Jewels, CIOs will need to develop a better understanding of the sensitivity, value and risk profile of the enterprise’s various data streams.

They must work across the business to develop appropriate protocols and controls to properly secure that data.

Unfortunately, there is no silver bullet in the offing.

Just as quickly as companies develop ways to plug the chinks in their armour, cyber attackers seem to move to develop new and more powerful assaults.

There is a degree of automation that is eventually developed to respond to most security threats in the same way that spam filters automated elements of email security. But, usually these are brought to market months or even years after the threat is first detected.

So, for the time being, the answer is that CIOs have to recognise that data security is an executive-level risk and responsibility for that risk cannot be outsourced.

Security therefore needs to be part of the organisation’s overall sourcing strategy, with clear policies and oversight and assurance processes in place for service providers.

Because ultimately, it will be the CIO that will be called to the mat should the company’s crown jewels go missing.

Source:http://www.cio.co.uk/article/3306639/outsourcing-data-security/?intcmp=HPF2

Share and Enjoy:

Comments Off »

Posted in News

Tags: Data Outsourcing Security

Ethical hacking for cyber security

August 15th, 2011

Share

Investment in Business Process Outsourcing (BPO) and Information Technology services are estimated to grow by 16.6 per cent during 2011, to reach Rs 43,600 crore in 2012. Expenditure on software is projected to scale by 19.5 per cent during the period, to reach Rs 18,800 crore. The rate of cyber crimes is also bound to grow exponentially in the coming years.

As most sophisticated cyber criminals prefer targeting banks and government organisations, there is an urgent need to revamp the security system for Internet activities and to put in place effective internal controls. As the hackers’ prime objective is to find secure IDs for accessing networks for cyber burglary, authentication procedures should be made secure and foolproof from hacking.

The rapidly-increasing use of mobile-banking technologies augments risks and increases vulnerability. When a large number of customers prefer using wireless technology, iPhones, iPads, and Android-enabled smart phones for financial services, the cyber criminal may usethe opportunity to phish with an application, and gain access to their secure credentials.

Ethical hackers are in greater demand to counter cyber crimes which are growing at an alarming speed.

Experts specialised in different aspects of cyber policing, ranging from the relatively inexperienced greenhorns to seasoned cyber security greybeards need to visualise the big picture, anticipate potential attacks to the organisation and mitigate risks from cyber hacking.

An ethical hacker is not a cyber criminal though he knows well the art and science of hacking. He exercises his hacking expertise prudently for ethical concerns and deploys the cyber tools effectively to counter hacking and to identify the loopholes in order to safeguard the system from lethal cyber criminals.

CYBER SECURITY

Ethical hacking must be encouraged for detection and prevention of automated application attacks, because hackers are becoming adept at automating attacks by intensifying computerised attacks at smaller, vulnerable and largely homogenous targets.

For this, IT security professionals should monitor and analyse attack data, extract relevant information, share information for enlarging the knowledge base for identifying attacks and select appropriate mitigation tools.

They must ensure that controls are in place at all times to deter automated attacks. Securing data confidentiality, and availability in the cyber realm is becoming an increasingly challenging objective for the government and private sectors. Organisations must engage competent, well-trained, skilled, information security professionals to continuously monitor and manage cyber threats and secure sensitive organisational information assets.

Source:http://www.thehindubusinessline.com/features/mentor/article2356616.ece

Share and Enjoy:

Comments Off »

Posted in News

Tags: Cyber Security

Earthlink Completes Business Vitals Acquisition for Managed IT and Security Services

August 3rd, 2011

Share

EarthLink, Inc. has completed its acquisition of managed IT, security and professional services provider Business Vitals. The South Carolina based company company will provide EarthLink with an additional Tier IV secure data center connected to its fiber network as well as a fully redundant Security Operations Center and a broad set of security-centric IT outsourcing solutions.

EarthLink, a provider of IP infrastructure and services, did not disclose the financial terms of the transaction. Business Vitals will enable EarthLink’s clients to focus on core business issues by outsourcing the management of a range of IT operations, infrastructure and systems. The company offers EarthLink additional IT security and professional services capabilities that it currently provides to businesses in the financial, retail, engineering, legal, manufacturing and healthcare sectors in addition to universities and government agencies.

Business Vitals supports clients in 10 countries and 35 states, and is an SAS70 Type II tested operation. When combined with EarthLink’s recently launched Cloud and existing managed services, the acquisition enables the company to offer a range of secure IT solutions to business customers via its newly formed Premier, National and partner distribution channels.

The new Tier IV data center is connected to EarthLink’s fiber network as well as its other on-net regional data centers to offer cloud and disaster recovery services. Services will be supported by certified engineers in the company’s Security Operations Center, IT Solutions Center and Network Operations Centers.

“EarthLink is building a full range of managed IT services that focus on security as a key capability,” said Brian Fink, executive vice president of managed services at EarthLink. “Business Vitals is an important extension of our managed services portfolio, and we will be actively leveraging the assets, capabilities and proven expertise we have acquired to enhance our national managed services business.”

“Business Vitals has built a premier IT managed security services and IT risk management firm with a strong customer base,” said Jeff Brewer, CEO of Business Vitals. “We are pleased to become part of EarthLink, which translates into more and better options for current and future clients.” Brewer will join EarthLink as vice president of IT solutions and security.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO (News – Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It’s also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities.

Source:http://it.tmcnet.com/topics/it/articles/203666-earthlink-completes-business-vitals-acquisition-managed-it-security.htm