HOT TOPICS: Customer Experience Marketing Automation Social Business SharePoint 2013 Document Management Big Data Mobile DAM

Security News & Analysis

How to Be Smart with Your Corporate Data

2014-19-December-be-smart.jpg

The cyber attack against Sony Pictures revealed a treasure trove of titillating sensitive corporate data: emails that revealed the true feelings of certain producers for certain movie stars, sensitive compensation data for employees up and down the company's food chain, and scripts of future movies.

The attack has been declared the work of a mysterious group that calls itself the Guardians of Peace — a group US intelligence officials have concluded are involved with the North Korean government.

But imagine how foolish – and how liable – the IT security shop at Sony Pictures would look if this information leaked to the public through its own sloppy policies and willingness to look the other way as employees took short cuts to make their work processes easier. That is, imagine the headlines if this data had been snatched from an unprotected or minimally protected collaboration app that resided in the cloud.

For that's a major vulnerability at many companies, concludes SailPoint's Annual Market Pulse Survey.

Getting a Grip on Information Governance

Cyberspace is looking a lot like the Wild West these days, with outlaw hackers ready to rob you of your data and the sheriff nearby looking to make sure you’re sticking to the letter of ever-tightening laws.

Are you ready?

A new Forrester Consulting survey report, Governance Takes a Central Role as Enterprises Shift to Mobile, commissioned by Druva, a data protection and governance firm, shows that more and more companies are responding to these pressures by boosting spending on information governance (IG) and adopting new systems to better-manage data.

6 C's for More Efficient IT In 2015 [Infographic]

There’s no getting away from the inevitable round of IT predictions that mark the end of every year. Just about every research company and IT vendor has its own list — and 451 Research is no exception.

This time it comes in the shape of 6 C’s for 2015 that cover a range of issues from content management to containers to cloud and crowd working. Combined, they envisage a year that will see workers using more agile IT, largely through cloud and converged platforms. These same workers will also be more mobile and disassociated from the enterprise.

Box Has a Problem and a New Trust Initiative

2014-09-December-Polka-Dot-Socks.jpgFirst off, let’s get one thing straight: Box is not in the Enterprise File Sync and Share (EFSS) business.

“We certainly do that,” says Box executive Whitney Bouck, every time I ask her if Box is an EFSS provider. “But that’s not where the value is,” she always adds “that’s table stakes.”

So what does Box do? According to its SEC S-1 registration it is “a cloud-based, mobile-optimized Enterprise Content Collaboration platform that enables organizations of all sizes to easily and securely manage their content and collaborate internally and externally.”

How’s that for an elevator pitch?

Not too good. But, to be fair, it probably wasn’t crafted to be one.
 

IBM Security: Beware the Social Login Hacker

2014-9-December-IBM social login security.jpgIBM security officials have detected a malicious attacker who intrudes into user accounts of those who log in to third-party websites via a social login.

We've all seen it -- "log in via Facebook, Twitter, LinkedIn, etc."

Makes things easier.

But that, according to IBM, is the point where a recent attacker penetrates a relying website -- a website that relies on authentication assertions passed to it by the identity provider -- and abuses the social login mechanism.

IBM's security group -- called the IBM X-Force Application Security Research Team -- identified the vulnerability last week in LinkedIn, Amazon and MYDIGIPASS.COM login tools offered on vulnerable websites such as Slashdot, Spiceworks and NASDAQ, according to Diana Kelley, executive security advisor for IBM Security.

"We do not know how many websites are vulnerable to this attack," Kelley told CMSWire, "but given the size of the internet, it's hard for us to determine which are."

TigerText Expands Its Secure Texting for the Enterprise

2014-09-December-BradBrooks-quote.jpgLike it or not, your coworkers probably share sensitive corporate information in texts. For them, it's a matter of convenience that helps them to collaborate with coworkers. For many businesses, that represents a nightmarish brew of security concerns, compliance violations, data loss and policy breaches.

Today, TigerText expanded its enterprise-grade texting service, hoping to add to the 5,000 healthcare facilities that already use its secure cloud-based network. The five-year-old company also has its eye on expansion into the financial services and government sectors, which face comparable challenges in controlling the information shared by workers.

If IT leaders have learned nothing else during the BYOD era, they learned that resistance is futile. Workers will use their own smartphones at work and the best strategy is to help them to do so safely. In healthcare, for example, doctors and other caregivers form shadow networks to share updates on patient status and other factors, often in violation of government privacy regulations and employer information governance policies.

FBI Warns Businesses to Brace for Foreign Hacker Attacks

The threat of International electronic terrorism appears to be rising, following two separate reports of hacker attacks on US business and government interests.

The FBI issued a warning about a highly destructive malware attack that may be coordinated by a foreign country and could be continuing over the next few weeks, according to a Reuters report. The warning comes in the wake of last week's devastating hacker attack on the Sony Pictures Corp. that kept many of its systems, including corporate email, down for as much as a week.  

In a separate report security firm Cylance noted that it has identified a hacker group out of a Iran — Operation Cleaver.

Cyber Monday Phishing Scams Intensifying

2014-26-November-computerdog.jpg

Thanksgiving turkey may symbolize the holiday for most people, but messaging security firm Proofpoint is warning businesses to watch for a whole flock of cyber security threats that peak around Thanksgiving.

In preparation for the rise in phishing scams expected over the weekend, Proofpoint is urging businesses to take particular care with email and social media scams.

Google for Work Puts Security in the Hands of Employees

Microsoft may be making a lot of noise about additional security features in Office 365, but Google has been working away behind the scenes too, if perhaps in a less vocal way. Yesterday, it launched the Devices and Activity dashboard, which monitors Google accounts on enterprise devices.

The new dashboard provides IT administrators a way of monitoring who has been accessing what accounts, where and why, but adds an underlying current to the security discussion that's becoming increasingly important in enterprises: responsibility.

IT Pros Warm Up to Open Source Collaboration Software

IT security professionals like the idea of open-source collaborating and messaging solutions. So where the heck are they?

Respondents in a Ponemon Institute study released this week are generally positive about commercial open source applications, especially because of the assurance of continuity. However, despite those benefits, companies are slow to adopt, Ponemon found. 

Zimbra, a provider of open source collaboration software, sponsored the survey of 723 IT and IT security practitioners in the United States and 675 IT and IT security practitioners in 18 Europe, the Middle East and Africa (EMEA).

How Big Will the Internet of Things Grow?

How many devices are likely to be connected to the Internet of Things (IoT) — and which industries are most likely to be affected by its growth? At its Symposium/ITxpo 2014 in Barcelona last week, Gartner offered answers.

By 2020, there will be 25 billion connected devices. And the most forceful impact will be with consumer goods, outstripping its nearest rival category of generic business goods by 250 percent.

Serious Drupal Flaw May Have Compromised Thousands of Sites

2014-3-November-Drupal CMS.jpg

Thousands of websites running one of the world's most popular open source web content management systems (CMS) may have been compromised by a "highly critical" security flaw.

The team at Drupal acknowledged last week that a vulnerability that affected every site running Drupal 7 was about as bad as it could get — and that websites that did not update or patch promptly should probably assume the worst.

"If you did not update your site within seven hours of the bug being announced, we consider it likely your site was already compromised," the team noted in a security announcement.

Buy the Wrong Software? A Fix Can Cost $700,000

information management, Organizations Ignore Quality When Buying Enterprise Software

A website only runs in Flash and doesn't work on Macs.

An online photo-sharing service is slow due to lack of scalability for a high volume of concurrent users.

A memory leak goes undetected through manual code reviews, functional testing and performance testing.

This is the software world. Things go wrong.

Securing Social Business in Office 365

2014-10-27 office 365 DLP.jpg

Microsoft continues to weave the web around Office 365 tighter and tighter.

Over the past few months it has added more and more functionality to Office 365 and expanded its reach across and even beyond the enterprise. It is now adding additional security to keep enterprise data safe.

Microsoft introduced new compliance features last week. This week it is extending Data Loss Prevention functionality across the entire Office 365 product.

IBM Security App Focuses on Multi-Dimensional Analysis

IBM introduced new high-speed analysis and criminal investigation software yesterday that is based on multi-dimensional analysis and can scale to almost any level the user needs.

Called IBM i2 Enterprise Insight Analysis, the application is designed to find "non-obvious relationships" buried within a corporation's IT — an environment typified by hundreds of terabytes of data and trillions of objects.

Displaying 1-15 of 440 results

< Previous 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Next >