Author Archives: Joe Windover
I Virtualized My Data Center…Now How Do I Secure It?
Despite the many benefits that companies can and are achieving by virtualizing their data centers, virtualization brings new security and compliance challenges. According to Neil MacDonald, Vice President, VP and Gartner Fellow Emeritus, “With more than half of all data center workloads now virtualized, enterprises need defined virtualization security processes.”
Many of our clients ask, “Can’t my existing physical security protect virtual systems, too?” While physical security technologies are necessary and very capable of protecting physical assets and external data flows, they are not specifically designed to protect application and business services running in virtualized or cloud environments. “Traditional” security depends on physical devices deployed on the perimeter of the data center or on physical networks. These physical devices depend on network inspection and are thus blind to the significant security-related activity within virtual infrastructure, whose networks they cannot see.
Virtualization and cloud computing brings four significant changes to security:
- A new virtual network fabric, blind to physical security devices
- A new threat surface: the hypervisor
- An all-powerful virtual administrator, collapsing roles
- Machines becoming files, leading to mobility, rapid change and opportunity for theft
Each of these changes brings unique security challenges. Security professionals need to recognize – and acknowledge – what is new and adapt their security practices to accommodate. If not, virtualization will pose a significant security risk. Indeed, in recognition of these changes, independent 3rd party standards bodies, such as the PCI Security Standards Council and NIST, have modified their own standards and regulations. Their updated specifications acknowledge that without appropriate technology and training, virtualization and cloud systems will introduce significant security and compliance gaps. Such gaps include unprotected networks, access control failures, loss of change controls, new threat surfaces, breakdowns in separation of duties and escalation of privilege. Virtualization security addresses these potential gaps while also reducing cost and complexity.
So how can companies make a positive impact on the security of virtualized workloads? While IT does need to update their security practices and corporate governance in the face of virtualization, the net impact of virtualization on security can be extremely beneficial. Virtualization, when deployed correctly and according to architectures established on best practices, can innately improve security by making the data center more fluid and context-aware. This means security can be more accurate, easier to manage, and less expensive to deploy than traditional physical security.
Security in a virtualized data center can also be more easily automated, orchestrated, and policy-managed. Virtualization security gives data center administrators the power to automatically provision secure machines, automatically have security policies follow desktops when they move, automatically set up firewall rule sets for classes of servers and automatically quarantine compromised or out of compliance assets, amongst many examples.
With the right technology and processes, virtualization has the power to make data centers even more secure and compliant than their physical counterparts.
Continuous Security and Compliance
Williams & Garcia can get you there. With our audit-approved reference architecture designed specifically for a virtualized enterprise, security concerns and threat management becomes much easier when you are partnering with a company that has a successful track record.
To learn more about W&G and our Continuous Security and Compliance Practice click here.
BYOD, Interesting Survey Results
The last few months have seen an explosion of surveys and forward-looking prediction reports that examine the digital transformation in the workplace, specifically the Bring Your Own Device (BYOD) trend. A more collaborative work environment with greater worker mobility is now the reality that businesses and IT organizations are facing.
Below, I have captured some of the report highlights, providing links to the studies that can be accessed online.
A recent Avanade-sponsored survey of over 600 C-suite executives uncovered some surprising business trends:
- 88% of executives report employees are using their personal devices for business purposes today. While the ‘bring your own device’ (BYOD) trend has been a popular topic lately, 88% is a much higher number than one might expect.
- Very few executives (just 20%) believe that allowing personal computing technologies in the workplace will benefit recruitment and retention efforts for younger workers.
- Over 40% of people using mobile devices for work purposes are using them for more than email and social networking; they are actually using them to run business applications anytime and anywhere.
- The most popular mobile technology in the workplace is Android NOT Apple.
- The enterprise social collaboration sector will reach $3.5 billion by 2016, up from just under $1 billion in 2012.
- A key factor driving wider social and mobile adoption within the enterprise is that workers say they enjoy and benefit from these technologies when not at work.
- A wide range of vendors are currently offering (or building) solutions that sport “compelling social features” which can be used to integrate seamlessly with Microsoft SharePoint to address a wide range of important and real-time collaboration needs.
Gartner Research studies released in November 2011 predict that:
- By 2016, at least 50% of enterprise email users will rely primarily on a browser, tablet or mobile client, instead of a desktop client.
- By 2015, 35% of enterprise IT expenditures for most organizations will be managed outside the IT department’s budget.
- By 2014, 30 of the most popular 100 Web applications will work online or off.
And finally, a recent Cap Gemini/MIT survey of 157 executives in large (over $1 billion in revenue) found that:
- The number one reason for adopting a more collaborative work environment is related to competition. Employee pressure to change is actually quite small.
- 66% of companies are using some form of mobile applications for operations.
- 52% of companies are using some form of social media for operations.
- The three top reasons why companies are finding it hard to implement tools like analytics, mobile technology, and social media for business are: missing skills (77%), cultural issues (55%), and ineffective IT (50%). It is clear that changing people’s work habits represent the biggest impediment to technology change.
It is clear that there is a growing frenzy of interest in organizations moving towards a more collaborative work environment, but the challenges to doing so are not straightforward. Business drivers like competition appear to be more important than catering to the younger Facebook generation, at least for the moment. Also, it is clear that there is an interest in using collaborative tools for more than just email and social networking; running real business applications anytime/anywhere offers enormous potential for improving business productivity. But, as always, worker reluctance to changing work habits is the biggest impediment to adopting new technologies.
W&G End-User Computing Services
Williams & Garcia is helping companies face these challenges with innovative tools and a methodology uniquely focused on making BYOD users more secure and productive. To learn more about the W&G End-User Computing Services click here.
At a recent MIT Forum event in Atlanta, a panel of security leaders discussed the topic of Embracing Innovation in a World of Cybercrime. Dr. Paul Judge, Chief Research Officer and VP or Barracuda Networks; Jon Ramsey, CTO of Dell SecureWorks; and David Gillman, Senior Manager at AAA Insurance Exchange each presented and then volleyed questions from a studio audience.
The question of protecting our companies’ sensitive and valuable data from cybercriminals was discussed and solutions were debated. Defending your perimeter from external threats and creating multiple layers of authentication is a status quo approach that most every security vendor will claim. Even to the extent an organization can combine multiple layers of security with a combination of solutions is still missing the target.
Data shared during the panel discussions showed that the majority of security breach incidents are now coming from internal sources. The example provided was an email sent to staff in the marketing department that invites the unsuspecting individual to click a link that is relative to her job and does not appear out of the ordinary. By clicking the link, the individual unknowingly launces a script that can now move freely throughout the network, searching for data and gaps in the security mechanisms already deployed.
This got me thinking about just how big of a problem we are facing when the next generation enters the workforce. Protecting against unwelcome outside threats is only the beginning. Our kids are growing up in a world that provides immediate access, feedback, and exposure to the Internet like we never had to consider.
Take for example the simple and naïve way our kids categorize how a “friend” is defined. Facebook, Twitter and Instagram allow someone they have just met online to be labeled “a friend”. I asked my daughters this question which should make us all stand up and take notice: “How long do you need to know someone on Facebook or Twitter before you would consider them your friend?” The answer collaborated by both girls was, “at least ten messages exchanged.”
“What? You would consider a complete stranger, you have never met in person, one of your friends?” I asked. To which they replied, “Dad, please. You can see who they are connected with and what kind of person they are a whole lot better and faster on Facebook than you can in real life.”
This is what we have to contend with. A generation of willing accomplices that are quick to react to criticism in a public forum. A generation of tribes that share personal photos with the world. A generation of trusted friendships and bonds granting clear access into their world.
Here are 10 eye poppers about social media growth and security trending:
- Nearly three quarters (73%) of online teens use social network sites.
- Nearly two-thirds (63%) of teens with profiles on social networks believe that a motivated person could eventually identify them from the information they publicly provide on their profiles
- Nearly 54% of the selected profiles revealed details about risky sexual lifestyles, drug addictions and violent encounters with peers
- There are nearly 206.2 million Internet users in the U.S., which means 71.2% of the U.S. web audience is on Facebook.
- However, about 70% of the Facebook user base resides outside the U.S.A.
- 250 million photos are uploaded to Facebook every day
- There are 425 mobile Facebook users
- 2.7 billion “likes” are clicked each day on Facebook
- 1 million accounts are added to Twitter each day
- 2 new members join Linked In every second. And the fastest growing demographic is students and recent college graduates
How are you going to protect your company from this kind of growth? What are you doing to protect your company now?
At Williams & Garcia, we have been one step ahead of the security curve. With our always security-first cloud initiative, WG clients are facing the future today. In addition our defense-in-depth strategies and threat analysis services can help put your organization on the right track to combat the next generation of attacks.
For more information about how Williams & Garcia can help you protect your organization and anticipate the future of cybercrimes, send a meeting request to email@example.com.
Today could be the day my parents finally understand that the cloud is their friend.
If your parents are anything like mine, you have experienced an unwillingness to embrace all that the Internet and ultimately the cloud has to offer. However, today is a new day. My parents’ favorite store, Wal-Mart, launched a new service that could easily move them into cloud computing without them even knowing.
“How”, you ask? By doing the same thing I have been doing for years to get them to use Facebook, email and Xbox… Someone is going to have to do it for them.
Wal-Mart recently launched a new service that allows customers to take their DVD and Blue Ray collection to a local store where an associate will convert the titles to be stored and viewed via Wal-Mart’s entertainment cloud, VUDU.com.
Here are the 5 steps to my parents moving to the cloud without even knowing what hit them:
- They can physically walk into their local Wal-Mart store and hand the trusted clerk (Jason, that develops their film) their entire DVD collection.
- Jason will take their DVDs and enter the titles into their VUDU.com account.
- If they do not have a VUDU.com account, (which is a 100% certainty) Jason will create that account for them for free, and provide instruction on how to access the account.
- If the title is supported by the VUDU.com library, the movie will be available immediately for viewing online through their pc, Xbox360, or any other web-enabled device.
- Jason will then stamp the inner circle of the DVD. (So the DVDs that they “will” sell in the summer garage sale can’t be registered multiple times)
The thing my parents will love about this service is the fact that they will get to keep their DVDs, “just in case the Internet ever goes out of business”, as my mother so often points out. The thing they may not appreciate is the fact that they are going to have to pay again for something they already have paid for once. Wal-Mart has decided $2 is the price tag amount my parents will be willing to pay for Jason to be such a huge help in “converting” their DVDs to a cloudified movie library.
Compare that price to the normal amount (about $5) they pay for a roll of film with no doubles and you can see how a loyal Wal-Mart customer will accept this fee for the outstanding service Jason has provided. Wal-Mart’s claim is that the new program allows customers to reconnect with the movies they already own on a variety of new devices, while preserving the investments they’ve already made in disc purchases.
The interesting point of this story is not that my parents are now going to be willing participants and users of cloud computing. No, the interesting point is that Wal-Mart has found an easy way to explain the cloud to a market segment previously untapped for cloud marketers.
Wal-Mart has created a physical portal to transport my parents into a digital world. And thanks to Jason and his relationship with my parents, the next time I visit we can all watch “Smokey and the Bandit” in the cloud.
So cloud providers take notice. When you are trying to explain to companies (your end-consumers) that you provide:
- A dynamic computing infrastructure: to support the elastic provisioning and de-provisioning of services while maintaining high levels of reliability and security.
- A user-centric service approach: the easier and faster a user can perform an administrative task the more expedient their business moves, reducing costs and driving revenue.
- A self-service based consumption model: the benefit of self service from the users’ perspective is a level of empowerment and independence that yields significant business agility.
- A cloud-optimized management model: the balance of control and delegation maintains security and uptime, minimizes the level of IT administrative effort, and keeps operating expenses low, freeing up resources to focus on higher value projects.
- A consumption-based billing structure: the value here from a user’s perspective is the ability for them to pay only for the resources they use.
None of this will mean a thing to the consumer unless you can package the cloud in a way that allows them to immediately and easily picture a real life solution that makes their personal or business life better.
At Williams & Garcia, we understand what makes consumption of cloud services successful, and we are delivering products and services that impact our customers’ life in a positive way.
For more information about how Williams & Garcia can help you create a cloud that means something personal to you and your organization, send a meeting request to firstname.lastname@example.org.
I must admit, I’ve never been much of a pioneer when it comes to most new technologies. This I’m sure doesn’t shock my extremely talented staff. I was the last of my friends to get a cell phone. I held off on joining Twitter and Facebook until my kids told me I had to do it. And for years I refused to utilize a CRM solution, and rather opted to continue using my physical MoleSkin book to keep things organized (several of which I kept and it’s pretty interesting to look back a few years ago and see what incredible notes I had written on a daily basis).
And it wasn’t until last month that I downloaded the QR code reader app on my iPhone (and now I’m like a little kid scanning every QR code I see). But for some technologies or services, I have been more of a pioneer. I was one of the first users of Basecamp to collaborate projects with my staff online, across multiple business units. And I was an early adopter of Voice Over IP.
I tell you this since there’s a new type of product delivery that’s available to companies and their customers everywhere. And while I’ve only dabbled in using it to date, I am going to be making much more use of it in the near future. And I urge you to do the same.
This new type of delivery model is Mobile. And the statistics proving why you can’t ignore it any longer are staggering. Consider the following:
1.) According to Nielsen, the iPhone’s growth was 10 times faster than the growth of America Online.
2.) According to the Mobile Marketing Association Asia, more people on planet Earth own a mobile phone (5.1 billion) than own a toothbrush (4.2 billion), “so gross but so true”.
3.) According to the CTIA Wireless Association, 250+ million Americans carry mobile phones; representing over 80% of the nation’s population.
4.) Of those carrying phones, 62% of mobile adults aged 25-34 report owning smartphones.
5.) According to Morgan Stanley, 91% of all U.S. citizens have their cell phone or mobile device within reach 24/7.
6.) Nielsen Wire reports that 40% of all mobile phones in the U.S. are smart phones.
7.) According to Facebook, there are more than 350 million active users [44 percent] currently accessing Facebook through their mobile devices. And people who use Facebook on their mobile devices are twice as active on Facebook as non-mobile users.
SPEED & ACTION
8.) According to the CTIA Wireless Association, while it takes 90 minutes for the average person to respond to an email, it takes just 90 seconds for someone on average to respond to a text message.
9.) According to Mobile Marketer, 70% of all mobile searches result in action within 1 hour.
REVENUES & RESULTS
10.) According to Borrell Associates, mobile coupons get 10 times the redemption rate of traditional coupons.
11.) According to Yankee Group, global mobile payments (called m-payments) currently total approximately $240 billion and are expected to exceed $1 trillion by 2015.
12.) According to IDC, mobile app downloads will reach 76.9 billion in 2014 and will generate $35 billion in sales.
13.) According to Reuters, mobile customers display a ferocious loyalty to their current device. 80% of Apple users would purchase another device of the same brand.
So what does this mean to you?
Well to me, it means that mobile delivery solutions should be a key part to your new product development strategy of virtually any company. Mobile delivery solutions allow you to reach customers quickly. Customers will get more and more used to paying you and other companies via their mobile device. And mobile applications will continue to explode, and are not only a way for you to stay in front of customers, but they could be a huge revenue source for your company.
For example, mobile banking consumers carry a higher balance than the average banking consumer and has a greater net worth. While still only representing a small percentage of banking households, that number is increasing. Understanding the unique needs of this lucrative segment could mean winning and retaining valuable customers.
Companies will need to figure out innovative and personal ways to deliver value to their clients, improve the user experience which in-turn increases customer loyalty.
So, don’t ignore this key market trend. Rather, seize the opportunity to become the mobile delivery leader in your niche.
For more information on how Williams & Garcia can help your company be a pioneer in this market, let’s have a conversation.
Knowing What You Can Do Best
There is an old parable about a hedgehog and a fox. The fox knows many things, but the hedgehog knows just one big thing. The fox is a cunning creature, able to devise a myriad of complex strategies for the sneak attacks upon the hedgehog. Day after day, the fox circles around the hedgehog’s den, waiting for the perfect moment to pounce. Sleek, fast, beautiful, fleet of foot, and crafty – the fox looks like the sure winner. The hedgehog, on the other hand, is a dowdier creature, looking like a genetic mix-up between a porcupine and a small armadillo. He waddles along, going about his simple day, searching for lunch and taking care of his home.
The fox waits in cunning silence at the juncture in the trail. The hedgehog, minding his own business, wanders right into the path of the fox. “Ah ha, I’ve got you now!” thinks the fox. He leaps out, bounding across the ground, lightning fast. The little hedgehog, sensing danger, looks up and thinks, “Here we go again. Will he ever learn?” Rolling up into a perfect ball, the hedgehog becomes a sphere of sharp spikes, pointing outward in all directions. The fox, bounding toward his prey, sees the hedgehog’s defense and calls off the attack. Retreating back to the forest, the fox begins to calculate a new line of attack. Each day, some version of this battle between the hedgehog and the fox takes place, and despite the greater cunning of the fox, the hedgehog always wins. *
Hedgehogs in Corporate America
There are an abundance of foxes out there in the corporate world. Companies that pursue many directions at the same time. They are “scattered or diffused, moving on whims at many levels.”
Never integrating their thinking into one overall concept or unifying vision. Hedgehog companies, on the other hand, simplify a complex world into a single organizing idea, a basic principle or concept that unifies and guides everything. It doesn’t matter how complex the world, a hedgehog company reduces all challenges and dilemas to simple – indeed almost simplistic – hedgehog ideas. For the hedgehog company, anything that does not somehow relate to the hedgehog idea holds no relevance.
Isn’t it refreshing when you find a company that has taken a thoughtful and unified approach to the complex world of IT?
So many foxes are out there bouncing from productivity tool to security tool to automation tool, strategizing about that next idea that can provide the solution that will “magically” help them to finally catch their hedgehog. But, time and time again they produce the same poor results.
Key Focus For Hedgehog Companies
Organizations that are hugely successful are able to take a complex world and simplify it. Understanding what matters most to an IT organization has very little to do with the latest technology, but everything to do with the process and how they use that technology to support their one single hedgehog idea. Companies today make money so many different ways that the complexity of the choices can draw their focus away from that one idea that makes them unique.
Great organizations have found a way to simplify the complicated processes that weave the fabrics of business and IT together into one focused idea. However, the organizations that are continually frustrated by their repeated attempts to try anything to snare their elusive hedgehog, will remain instead scattered, diffused, and inconsistent.
For the moral of the story is that the fox is constantly focusing on the latest idea, concept or fad. No matter how hard he tries, the fox will always fall short. Understand what you do best and do only that. The hedgehog knows what it can do, but even more importantly, knows what he can’t do.
[Excerpts and idea for this blog came from the book "Good To Great", by Jim Collins]