108470 éléments (108470 non lus) dans 10 canaux
With data breaches making the news ever more frequently, businesses are on the look out for new ways to identify and guard against threats.
Cyber threat intelligence company DomainTools has released the results of a new survey conducted by the SANS Institute on the effectiveness of using threat hunting to aggressively track and eliminate cyber adversaries as early as possible.
According to the survey, adopters of this model reported positive results, with 74 percent citing reduced attack surfaces, 59 percent experiencing faster speed and accuracy of responses, and 52 percent finding previously undetected threats in their networks.
"With cyberattacks increasing exponentially each year, it's no surprise enterprises are attracted to threat hunting as a proactive multi-layered approach to discovering and mitigating cyber threats as early as possible," says Tim Chen, CEO of DomainTools. "As the findings note, successful threat hunting isn't necessarily about overhauling an existing cybersecurity program, it's about using the third-party data and technologies that most organizations already possess in order to maximize the chances of proactively finding, attributing and eliminating an adversary before the damage is done".
Though it's a relatively new approach to the early identification of cyber threats, 85 percent of enterprises say they are currently involved with some level of threat hunting. There are barriers to using the technique effectively though, 40 percent cite the need for a formal program and 52 percent a lack of skilled staff.
The top seven data sets that support threat hunting are IP addresses, network artifacts and patterns, DNS activity, host artifacts and patterns, file monitoring, user behavior and analytics, and software baseline monitoring. The most common trigger for launching a hunt is an anomaly or anything that deviates from normal network behavior according to 86 percent of respondents.
However, the survey also reveals that only 23 percent of businesses have hunting processes that are invisible to attackers, meaning that the majority of organizations are at risk from exposing internal hunting procedures in a way that benefits the attacker.
You can learn more in the full report which is available from the DomainTools website.
Image Credit: alphaspirit / Shutterstock
For businesses, particularly online ones, there will always be a mix of new and old customers. But what does the ratio between them tell you about the health of the company?
Cloud marketing company Optimove has studied data from millions of online customers and more than 180 brands to help companies understand if their ratio of new-to-existing customers indicates a state of growth, stagnation or decline.
It finds that online retailers with a new to old customer ratio of 90:10 are unhealthy, with a five-year compound annual growth rate (CAGR) lower than two percent and customer churn rates 100 percent higher than average. These are classed as 'running in place.'
Those with a new-to-existing customer ratio between 70:30 and 40:60 are typically early stage companies (less than seven years old). These are 'rockets' and are growing very fast, with a five-year CAGR over 100 percent and churn rates 50 percent lower than the average.
Businesses with new:existing ratios between 40:60 and 20:80 can be considered as 'healthy grown ups,' as they're typically more than 7 years old and have a five-year CAGR between 20 percent and 60 percent, with the lowest churn rates of any companies in the study.
A ratio of 10:90 or worse is bad news, these businesses, 'old cash cows,' are practically dying, showing declining revenues over the last three to five years.
"Two companies with the same revenue mix may tell very different stories and drive growth in very different ways," says Shauli Rozen, head of professional services at Optimove. "A quick example might be two companies that both derive 75 percent of revenue from existing customers. One might be acquiring many new customers and converting only a small portion of them to active and loyal customers, while the other may choose a more focused acquisition strategy, acquiring a smaller number of new customers, but turning a larger portion of them into loyal, long-time customers".
You can read more about the findings on the Optimove blog.
Photo credit: mtkang / Shutterstock
As the April 18 deadline for submitting individual and company tax returns in the US approaches, many people will be rushing to submit their information and this makes it a major opportunity for cyber criminals.
The run up to the deadline is likely to see millions of phishing emails sent to consumers and businesses. These will be trying to grab social security numbers, paycheck stubs, bank accounts, passwords, IDs and other key pieces of personal and professional information, using fake web sites and fraudulent emails that masquerade as official government collection agencies.
Fatih Orhan, director of technology for Comodo and the Comodo Threat Research Labs says, "In this age of sharing and collaborating in an online world, being exposed to phishing is an eventuality for virtually every company, well-known or not. It may not be the most groundbreaking attack method cyber criminals use -- but there's no denying that cyber criminals are becoming more clever when crafting their messages. More frequently, they're using well-known applications or social platforms and also action-oriented language in the subject lines to entice recipients to open the emails, click the links or attachments and get the information they want".
Comodo advises users to carefully check the address and domain name of email senders. While it may appear to be official, closer inspection will most likely reveal that the actual address is not linked with the domain name of the company.
In addition check the URL and domain of the website the mail is linking to. Chances are the URL and domain are also not affiliated with the company they’re purporting to represent. It also advises users to check with their IT department before opening or clicking on a link that seems suspicious.
Image Credit: wk1003mike / Shutterstock
The first generation of Dell’s Venue 8 tablet hit the market back in 2013. In January of this year the company launched the updated version that we have here, which comes with a faster Intel Atom X5 processor and 64-bit Windows 10 as standard.
So, how does this latest version measure up, and is it a good option for business users?
In the Box
The Venue 8 Pro is available as Wi-Fi only or you can have a mobile data connection too. It’s powered by a 2.4GHz Intel Atom X5 Z8500 -- the old model had the 1.8GHz Z7340. You get 2GB of DDR3 RAM, a 64GB solid state hard drive and Wi-Fi as standard. Our review unit came with 4GB of RAM and the mobile data option, if you need more space, storage can be further expanded with a microSD card of up to 128GB. It’s worth noting that Dell uses eMMC storage -- which is basically a built-in SD card -- rather than a faster SSD disk.
The tablet measures 130 by 216mm and is only 9.45mm thick. At 377 g it gives an impression of solidity without feeling too weighty to carry around. The tablet has an 8-inch 1280 x 800 screen, a 5MP rear camera and 2MP front. The 5855 supports Miracast so you can wirelessly connect to compatible peripherals like screens and keyboards. The battery is a 19.5 WHr single cell unit.
You get a USB C cable and a mains adaptor in the package and, an attractive feature for business users, Microsoft Office Mobile is included in the price, and you can upgrade to the full version with an Office 365 subscription. Security is taken care of with the Dell Data Protection software.
Business Features
The Dell has a reassuringly solid feel and it should stand up well to the rigours of everyday business life. It comes with the Bamboo Paper digital notebook software that allows you to write and draw on the screen either with your finger or the optional stylus.
The fact that MS Office Mobile is included means you can start work almost as soon as you take it out of the box. You also get Dell’s Data Protection software which offers encryption and anti-malware features to keep your tablet and data secure. The Venue 8 Pro is also compatible with the Dell Client Command Suite, allowing IT departments to centrally manage BIOS and hardware configurations.
In addition you get access to Dell ProSupport Plus as an option, which helps identify and resolve problems and keep your hardware running smoothly. There’s the option of Protected Workspace too, this opens applications likely to be targeted by malware in a sandbox environment to guard against attacks.
There are a number of accessories that will be attractive to business users too, including a docking, station that supports keyboard, mouse and dual displays, a case called "Folio" that converts into a hands free stand, plus an active pen stylus for writing and drawing on the screen. You can also get an adaptor that gives access to HDMI, VGA, Ethernet and USB 3.0 via the USB-C port. Software options include Adobe Create Cloud, Photoshop Elements and Acrobat.
In Use
There’s a power switch on the top along with a headphone socket. The bottom edge has a USB C socket and speaker grille. On the right are the volume control and a hard Windows button plus a slot for SIM and memory cards. Because it’s USB C it’s less fiddly to connect as you don’t have to get the plug the right way around, but you’ll need to get an adaptor if you want to attach a flash drive or other standard USB peripheral.
The back has a ridged finish which makes it pleasant to grip, though it does tend to show finger marks. While the Venue 8 is nicely weighty it isn’t too heavy to hold one-handed. The rear camera is in a slightly raised panel in the centre of the back towards the top. You do tend to place your fingers over this if you’re holding the tablet landscape, so you’ll need to wipe it clean before taking photos. The back of the machine does get warm in use, but not uncomfortably so. The performance of this tablet isn’t going to set the world on fire. but it’s perfectly adequate for everyday tasks.
The screen has quite a wide bezel -- especially on the short edges -- but the viewing area itself is a good size. The screen itself offer 283 ppi pixel density (an improvement on the 189 ppi of the previous generation). What this means in practice is that it has crisp colors, good contrast and delivers smooth video playback. Viewing angles are good too so its possible for two people to watch the screen at the same time. It isn’t quite bright enough to cope with outdoor use on sunny days but that’s a minor quibble. There’s only a single speaker but it delivers decent sound quality.
The number of megapixels doesn’t tell the whole story with the rear camera, as although it’s "only" 5MP it actually delivers pretty impressive results. There’s no flash, but it takes good pictures in both daylight and artificial light. It uses the standard Windows 10 Camera app which is basic but functional. The 2MP front camera is good enough for VoIP calling.
The most disappointing aspect of the Venue 8 Pro is its battery life. Even in relatively light use, like visiting websites or viewing documents you’ll struggle to get more than five or six hours on a charge. Watch videos or play games and you’ll eat through the power reserves much faster.
Conclusion
At £366 for the 64GB version with mobile data as tested -- you can get the 2GB Wi-Fi only version for £259 -- the Venue 8 Pro may seem a little pricey. As a business machine though it looks like an attractive package. It’s solidly constructed, has a good range of practical hardware and software options, and it looks smart in an understated way.
If you can live with the rather disappointing battery life and you value reliability over performance, it’s well worth considering.
Pros
Cons
ITProPortal Review: 7/10
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Getting useful information from unstructured data is a notoriously difficult and time consuming task, but the launch of a new intelligent crowdsourcing platform could be about to change that.
The Spare5 platform uses a known community of specialists to accomplish custom micro-tasks that, filtered for quality, allow product owners to train powerful artificial intelligence models, improve their search and browse experiences, augment their directories and more.
According to IDG, unstructured data is growing at the rate of 62 percent annually and by 2022, 93 percent of all data will be unstructured. The Spare5 platform applies a combination of human insights and machine learning to solve the increasingly complex problem of using unstructured data, including images, video, social media content and text messages. Among the company's first wave of customers are Avvo, Expedia, Getty Images, GoPro, and Sentient Technologies.
"The old adage that a picture is worth a thousand words is true, but it's just the beginning. Spare5 is providing us breakthrough value by delivering nuanced human insights into our photos, at a value and scale that was unthinkable just a year ago," says Steve Heck, CTO of Getty Images.
Recognizing that all people have some expertise, valuable interests and free time, Spare5 has amassed a community of subject matter specialists across a wide range of skills and demographics, and built a library of game-like tasks. This approach enables Spare5 to ensure the right task goes to the right person. In order to continuously improve accuracy its Reputation Engine applies machine learning to rate each individual's performance.
As customers use the platform over time, the process becomes faster, smarter and better. Using a variety of SDKs and APIs, processed data can be easily integrated into existing data workflows and exported to produce top-line business reports.
"Our mission is to tap the world's potential brainpower," says Matt Bencke, founder and CEO of Spare5. "Businesses need specialized human insights to solve complex data problems. It used to be somewhere between impossible and impractical to crowdsource specialized insights at scale, with confidence and speed. Not any more. We love seeing our customers get the help they need to interpret unstructured data, while freeing up their employees to focus on their core competencies. There is a profound difference when the right human intelligence powers machine learning. And we've just begun".
Spare5 uses a subscription model allowing companies to easily make use of the platform. To find out more about it you can take a look at the company's website.
Photo Credit: photobank.kiev.ua/Shutterstock
Much of the sales process is about making effective use of information about existing and potential customers. But often that knowledge isn't easily accessible and therefore not used effectively.
A new platform from sales transformation specialist Altify aims to give B2B sales teams real-time visibility into the process based on stored knowledge and its built-in contextual insight engine.
Called Altify Max it monitors what is happening in the opportunity, the account, and the pipeline and forecast, assesses the impact, and notifies the salesperson to act with a suggested measure. Max has 30 years of deep sales knowledge and insights built in to the software, and customers can extend and customize the knowledge with their own insights. This real-time coaching solution is aimed at making the sales team more effective and delivering better results.
"Altify's ongoing mission is to help salespeople provide more value for their customers, and become true business partners," says Donal Daly, CEO of Altify. "We have always embedded knowledge, insight and context into the applications on the Altify Platform, but what makes Max so exciting is that we have poured a lot more knowledge into the system, added contextual notifications, and given our customers the capability to add their own knowledge and insights. This is really augmented intelligence for everyone who uses Salesforce. It is the perfect platform to enable companies to take their sales organizations to a higher level of performance and professionalism".
Benefits of the Max platform include increased engagement and effectiveness, with sales teams able to work more productively. Max can identify warning signs, so salespeople can address risk earlier in the sales process.
Max has been developed using 30 years of sales knowledge and packaged as a set of 'business rules' or insights that can help guide salespeople as they are working their opportunities or accounts. Organizations can personalize Max by customizing or extending the supplied knowledge and by creating insights specific to their own business.
Max will be generally available from next month and you can find out more on the company's website.
Image Credit: Tatiana Shepeleva / Shutterstock
It's becoming increasingly common for companies to offer their employees a choice of technology devices. And according to a new survey when they do have a choice people are more likely to choose Apple devices.
The study by device management company JAMF Software shows that ease of use is the main reason given by people for selecting Mac (75 percent) and iOS (79 percent) as their work device of choice.
The findings also show a generation gap in computer choice. Employees between the ages of 18 and 54 overwhelmingly choose Mac, while those 55 and over are more comfortable using PCs. However, when given a mobile device choice, nearly 80 percent of all age groups select iOS compared to just 18 percent who choose Android. Regardless of age, when staff are given the technology they want, employers are rewarded with more productive and appreciative employees.
"Employees today not only want -- but expect -- the ability to choose the devices they are most comfortable with for work," says Dean Hager, CEO of JAMF Software. "Because Apple builds technology that puts people first, people prefer Apple. When employers combine the freedom of choice with Apple, employees are happier and are empowered to be more productive -- offering a huge business advantage".
Among other findings are that 61 percent of respondents say their company has a choice program and 72 percent claim that the ability to select their device of choice makes them more productive in the workplace. Choice programs are important to the well being of an organization according to 73 percent, and 70 percent of those who currently lack user choice say their organization should give them the right to choose the device that best empowers them to do their job.
More detail is available in the full report which you can find on the JAMF website.
Photo credit: Blablo101 / Shutterstock
According to a new survey 78 percent of organizations say that security outweighs cost savings and user experience when choosing identity management solutions.
The survey by access control specialist SecureAuth used responses from over 230 IT security professionals in the US and UK.
When asked why their company has initiated new identity projects in the past, 55 percent of respondents across small, medium and large companies say the deployment of new applications -- including both on-premises and cloud-based -- was the top driver. Board and senior management's drive for increased security is also cited by 50 percent of respondents as a chief reason for new identity project initiation, underscoring that cyber security has become a board-level concern.
Other drivers for installing identity management include compliance and audit requirements at 49 percent, cost savings (44 percent), security breaches at another company (36 percent), increased use of stolen or misused credentials (34 percent) and the company itself experiencing a security breach (25 percent).
"It's no secret that security has become a board room-level imperative," says Craig Lund, CEO of SecureAuth. "A decade ago, it was a nice to have; today, it's a must have. Accordingly, organizations across the globe are abandoning their laissez-faire approaches to cybersecurity and significantly increasing security spending for the coming years. Worthwhile cybersecurity endeavors may require some redirection of budget, but in this day and age, proactivity is just as important as reactivity".
When asked about their plans for identity and access management, 79 percent of respondents say that plans are underway for IAM of externally focused applications, including vendor, partner and customer applications, portals and mobile apps. In addition 47 percent say that IAM investment is a currently funded priority, 32 percent will invest in the next year, and 13 percent will invest in IAM, but don't have a specific time frame.
For more information you can visit the SecureAuth blog.
Photo Credit: Maxx-Studio/Shutterstock
Security is a key concern for all enterprises, so it's not surprising that it's something managed service providers are keen to offer their customers in order to add value and differentiate their service.
Network breach detection company Eastwind Networks is launching a Managed Service Provider (MSP) and Managed Security Service Provider (MSSP) program. The new program is designed to help service providers stand out and grow their business with a simple cloud-based breach detection solution that ensures that customer data and assets are secure.
"In today's competitive security industry, MSPs are looking for value-added, easy to deploy and manage solutions that help ensure their customer’s success," says Paul Kraus, president and CEO of Eastwind Networks. "With our new MSP program, we are able to offer our partners services that provide an additional level of security expertise, a strong security platform offering and complete visibility to threats, security gaps, application usage, and overall network awareness".
Available via the Eastwind Cloud or in the customer's private cloud, the platform uses rich data, behavioral analytics, and threat intelligence to pinpoint anomalous behaviors even before they're classified as breaches. It's been designed to catch hackers during the weeks and months that they spend in the network before they take action. Storing and mining more than a year's worth of rich network metadata, Eastwind examines not only current network conditions, but continually analyzes historical data against updated threat sources to find breaches that would have otherwise gone unnoticed.
You can find out more about Eastwind breach detection and the MSP program on the company's website.
Photo credit: allepu / Shutterstock
Bluetooth tracking devices to help stop you forgetting your phone have been around for a while, but they've generally been quite functional in design, looking like a remote car key.
Chinese smartphone maker Oukitel is launching its own take on the lost phone finder with a new gadget that looks like a piece of jewelry but also functions as more than just an alarm to tell you you've left your phone behind.
The Oukitel A8 lets you answer and hang up calls so you can appear a bit strange on the train by talking to your pendant -- it could be a good way of getting a seat. It can also control music playback and act as a shutter button to control the phone's camera so it’s handy for taking selfies too.
It has a 280mAh battery which the company says takes only 30 minutes to charge and will give you 15 hours of connected standby or five hours of talk time. It's compatible with both Android and iOS, so it should work with most smartphones on the market and it comes in a choice of blue or black.
Normal price of the A8 is $24.99 but until April 29 it's available for $19.99 from the Tomtop.com site. More details of the gadget are available on the Oukitel website.
One of the problems with big data is that creating applications to access the information inevitably introduces a time lag and this leads to frustration for the end user.
Search and analytics software company Lucidworks is aiming to cut out this bottleneck with the launch of Lucidworks View, which allows companies to quickly and easily create custom search-driven applications built on Apache Solr and Apache Spark.
"Data lives everywhere, across a growing set of formats and locations. Even the most mature companies struggle to not only wrangle it in high volumes but expose it in a meaningful way," says Will Hayes, CEO of Lucidworks. "We built Lucidworks View to give our users the ability to rapidly create sophisticated applications for customers and, for the first time, truly plug and play with Big Data. Our aim is to eliminate the costly, time consuming complexities usually associated with the front- and back-end development of intelligent apps, moving companies quickly from the question, 'What do I do with my data?' to the statement, 'Data drives every part of the business'".
Lucidworks View lets companies build custom user interfaces that use the power of the popular Apache Solr and Apache Spark database engines. Using the platform can give customers individualized access to essential information while equipping their workforce with the tools they need to make informed business decisions.
Capabilities include simple configuration and workflow so that developers and admins at any level of expertise can start building and deploying intelligent apps with just a few keystrokes and no code. There are out-of-the-box connectors for over 60 systems including MySQL, databases, JIRA, Slack, Logstash, local file systems, and the web.
The product also allows tracking and continual improvement of search results based on user signals like clicks, social, device and geolocation for a contextually relevant data experience powered by machine learning. Developers can easily and quickly customize the interface to meet user expectations and present data in an intuitive, valuable way.
Lucidworks View is available from today and you can find out more on the company's website.
Image credit: Angela Waye/Shutterstock
One of the best known names in the flash memory market, Kingston acquired the IronKey brand from Imation in February of this year.
IronKey has long been one of the leading brands in encrypted Flash drives and today we see the first fruits of the new partnership with Kingston's launch of two new managed and 256-bit AES hardware encrypted USB drives.
The DataTraveler 4000G2 with Management (DT4000G2DM) and DataTraveler Vault Privacy 3.0 with Management (DTVP30DM) solve the requirements of organizations that need to meet Federal Information Processing Standards (FIPS) and protect data at the highest level across their mobile workforce. Both devices can be used as a managed solution via the SafeConsole Encryption Management Platform from DataLocker, Kingston's partner for encrypted USB drive management.
Both new drives are 256-bit AES hardware encrypted and FIPS certified (the DT4000G2DM is FIPS 140-2 Level 3 validated; the DTVP30DM is FIPS 197 certified) to ensure maximum corporate and personal data security. Additionally, SafeConsole is the only secure USB management platform for secure USB drives with true password management at both remote and local level. The platform enables secure reset of forgotten passwords, activation of full audit trails, geolocation and geofencing to ensure cross-border compliance, automatic inventory, plus a 'remote kill' feature in the event the device is lost.
"Human error, malicious attacks and technical failures can place employee and corporate data at risk. Companies, agencies and organizations need to implement a security policy well before anything goes wrong as it's critical to prevent non-compliance, fines and even financial loss," says Ken Campbell, Flash business manager, Kingston. "Our latest encrypted managed USB drives, the recent IronKey acquisition and growing DataLocker partnership all demonstrates Kingston's commitment to providing the most secure and largest family of encrypted USB solutions on the market".
The DT4000G2DM and DTVP30DM are available in 4GB, 8GB, 16GB, 32GB and 64GB capacities, and are backed by a five-year warranty and free technical support. More information and details of where to buy can be found on the Kingston website.
Key concerns of information security executives include the growing threats of global cyber terrorism, the current state of security within the US and the ability of organizations to prevent such attacks.
These are among the findings of a new study by account management solutions provider Thycotic of more than 200 security industry attendees at RSA.
Cyber terrorism needs to be be taken more seriously as 63 percent of respondents feel terrorists are capable of launching a catastrophic cyber-attack on the US within one year. In addition, 92 percent of respondents believe that a majority of US companies either need more security or are behind the security curve in their ability to defend against cyber terrorism attacks.
"Some may say the whole discussion surrounding the threats associated with cyber terrorism is hyped; however, our findings show that 72 percent actually feel that the topic isn't hyped enough and that more needs to be done to protect companies and country as a whole from these types of vulnerabilities," says Jonathan Cogley, founder and CTO at Thycotic. "Re-examining the type of security technology used to protect both the US government and private sectors is essential to keeping our country safe".
There's a fairly even split on whether public or private sector systems are more at risk, 50 percent of respondents believe US private companies are more vulnerable than government agencies, while 42 percent believe the government is more vulnerable. An overwhelming 89 percent of survey respondents believe that both the military and businesses need to focus more on developing capabilities to defend against terrorist inspired cyber attacks.
You can find out more about the results on the Thycotic blog or register for an upcoming webinar which will discuss the findings.
Photo credit: Kletr / Shutterstock
While it's important for companies to manage their software licensing effectively, with the shift of many systems to the cloud doing so has become more difficult.
Software asset management specialist Flexera is riding to the rescue with the launch of a new solution addressing the management of cloud Infrastructure-as-a-Service.
FlexNet Manager for Cloud Infrastructure gives organizations centralized visibility into their cloud services use and allows them to optimize utilization and control costs. This first release focuses on optimization of Amazon Web Services (AWS) -- the most widely adopted cloud infrastructure service.
"The cloud services industry is growing more than five times faster than other IT categories as organizations shift away from internal hardware to greater use of public cloud infrastructures. This shift in spend means having the ability to track, manage and optimize cloud services usage is essential for responsible governance and cost management," says Jim Ryan, president and CEO of Flexera Software. "With FlexNet Manager for Cloud Infrastructure as part of FlexNet Manager Suite for Enterprises, Flexera Software enables companies to manage and optimize cloud infrastructure services and the software running in the cloud, along with traditional on-premises software".
FlexNet Manager for Cloud Infrastructure can automatically import usage and billing data from multiple accounts to deliver a centralized view of all AWS accounts and instances across the business. A cloud dashboard provides an executive-level view of the organization's use of cloud resources, showing consumption patterns and total spend across all AWS cloud subscriptions.
Cloud usage analysis and reporting enables organizations to eliminate waste and optimize spend. Users can analyze data and view consumption reports and breakdowns based on AWS instance types, both On-demand and Reserved instances, view consumption rates by departments and perform trending analysis.
You can find out more about the product and its features on the Flexera website.
Photo Credit: kentoh/Shutterstock
We've known for some time that SQL Server 2005 was reaching the end of its extended support period and Microsoft has been busy encouraging users to move to newer software such as SQL Server 2014.
Today is the day when its support finally ends, so users still running the system will no longer receive hotfixes and security updates from Microsoft.
Ali Din, CMO at cloud infrastructure company dinCloud says, "Migrating your infrastructure can seem daunting, but it's imperative for organizations to upgrade to a modern data platform before the support deadline in order to maintain security and compliance. There are a lot of enhancements from SQL Server 2005 to SQL Server 2012, but if you are going to go through an upgrade, I suggest taking advantage of the technology with a proven methodology".
Din recommends that enterprises make the move to the latest version on SQL Server (SQL Server 2014), so that they can take advantage of the latest features and functionality available. In addition they should use an SQL database expert to help with the planning, migration, and optimization of their systems.
The Enterprise edition of SQL Server allows users to take advantage of In-Memory to improve database performance, along with AlwaysOn for high availability. The robust features of SQL Server 2014 should allow companies to save by not having to buy multiple smaller or less feature-rich databases.
More about end of support for SQL Server 2005 and migration options can be found on the Microsoft website and on the dinCloud blog.
Photo credit: 360b / Shutterstock.com
Recruiting developers is often a problem for organizations as the skills required are different from those in other sectors and can be hard to assess. Development often has a great deal in common with more creative fields, where suitability for a job is not so much about qualifications but about what you can do and how you can communicate.
So what can companies do to discover the developer talent they need? We spoke to Mike Bartlett, CEO of developer community site Gitter to get his perspective.
BN: What's wrong with the traditional approach where you simply advertise a job and wait for applications to roll in?
MB: Very seldom is great talent looking for a new job. The best engineers will be highly in demand and can effectively pick and choose where they work and what they work on. If you want the best, as you should, not only do you have to go out and find them, but you're also going to have to convince them why they should be working for you. Higher salaries, better free lunches and more ping-pong tables just won't cut it any more.
You need to start building relationships far in advance of hiring, building trust and an understanding of why working for you is better than working for someone else.
If you're just placing ads on traditional jobs boards or using regular recruiters, you’re probably going to get a large number of CVs through the door and spend a huge amount of time trying to figure out if the candidate is any good. This is hugely time consuming not only for the hiring manager, but will also take time out of your existing development team's schedule as they are generally the ones having to dig into each applicant individually.
BN: Do companies sometimes fail to effectively assess technical skills as part of the recruitment process?
MB: The most common failure is assessing how the candidate works with your particular technology stack, the code you've already written and -- most important -- with the team.
We've seen, and even used, a lot of developer testing techniques. There are particular exercises that will test competency, for example with a particular algorithm and understanding if the candidate truly understands computer science, logic and reasoning and these can weed out some of the obvious bad hires.
What we've found really effective is doing pair programming tests where the applicant will come and spend three or four hours sitting with one of your existing developers and working together on a real problem within your own environment. This will not only test software development skills, but communication skills, team work and a you'll get a really good sense of how that person behaves in real working conditions.
BN: What can businesses do to look for candidates rather than waiting for them to appear?
MB: The whole team should always be hiring. Make sure your developers are always on the look out for great people to hire. This means going to meetups and not just listening to the presentations, but socializing with the other attendees and getting to know one another. It means actively contributing to open source projects and hanging out in the online communities such as our own developer network, Gitter, and building relationships with the people who stand out.
There are great tools such as Workable or Lever where you can give your whole team access and help keep a list of prospective future candidates in a centralized place.
BN: What can developers themselves do to make them more attractive to prospective employers?
MB: Get stuck into the online communities and contribute back to open source projects. Pretty much every technology stack used in software development today is open source; rather than just reporting bugs back to the project maintainers, if you can roll up your sleeves and get stuck into the code, find the bug and send a proposed fix back to the project, you'll immediately gain a lot of credibility and be seen as contributing back to the ecosystem.
BN: Developer recruitment is a bit like online dating really, isn't it?
MB: Oddly enough, I met my wife on Match.com. If she reads me comparing our relationship to hiring developers, I think I might find myself in a lot of trouble!
Photo Credit: sokolovsky/Shutterstock
Businesses have ever more demand from consumers to deliver services via mobile, so they're looking for ways to produce apps quickly and efficiently.
To address this need, Android solutions provider Genymobile is cloud-based platform that allows enterprises to build, test, show off and service Android applications across the entire application lifecycle while streamlining the development process.
Genymotion Cloud is a cloud-based emulator that combines collaboration and automation features. It enables developers, QA, UI/UX designers, sales and marketing, help desk teams and business decision-makers to easily evaluate apps at any stage of development on more than 3,000 virtual device configurations instantly via any web browser.
"There is mounting pressure for every business to be mobile-powered. It is imperative that mobile development does not become a burden. Our SaaS solution maximizes efficiencies across the whole mobile application value delivery chain," says co-founder and co-CEO of Genymobile, Arnaud Dupuis. "Everyone involved in the project gets the information they need exactly when they need it. This not only means faster time to market. It also means better quality, reliability and improved customer satisfaction".
Collaboration features include the ability to demo the app's functionality on any Android device via any web browser, allowing sales and marketing to gather market feedback before the application is complete. Customized virtual device configurations can be remotely shared, allowing developers working on the same project to share an identical local development environment. The most up-to-date application under-development can also be shared for review, meaning developer teams and UX or UI engineers can collaborate more easily throughout the project. Sales teams can expedite cycles by allowing potential customers to use and test an app under development without requiring additional engineering support.
Genymotion Cloud also offers automation features including continuous integration support, compatible with on-premise CI infrastructures such as Jenkins, Bamboo, Buildbot and TeamCity. Code testing is simplified too with standard HTTPS REST and Java APIs that allows developers to create a testing device, install an application, run and test it against multiple device configurations without leaving the development environment. In addition, it's compatible with industry standard integrated development environments, including Android Studio and Eclipse.
You can find out more about Genymotion Cloud on the company's website.
Image Credit: Alex Mit / Shutterstock
The idea of connected devices is nothing new, the University of Cambridge had a connected coffee pot, to save on trips down the corridor to see if it had finished brewing, as early as 1991.
But as more and more devices go online we've come up with the idea of the Internet of Things. This, apparently, is such a good idea that it also now has its own day on April 9.
To mark this year's Internet of Things Day, electronics supplier RS Components has produced an infographic looking at how the IoT has developed and what it means for our day-to-day lives.
By 2020 it's reckoned that there will be about 13 billion household Things like toasters, fridges, TVs and thermostats connected to the internet. To put that into perspective in 2016 there are around two billion mobile phones online.
There will also be around 3.5 billion Things in Cars online by 2020, 411 million wearables and 646 million Things in Hospital, like heart monitors and body implants. In addition 9.7 billion Things in the Street like traffic lights, parking meters and buildings will be online too.
You can see more detail in the full graphic below, but just remember, a connected Thing is for life not just April 9.
Image Credit: Ahmetov_Ruslan / Shutterstock
We already know that having a mobile friendly site is important to search rankings, and with Google's announcement in March that it will start to rank mobile-ready sites even higher, companies are likely to focus even more on the mobile experience.
It's particularly important for retailers to connect with millennial shoppers who are more likely to research or buy using their mobile devices. We spoke to Aaron Shook, executive software architect of digital transformation specialist PointSource, to find out why a mobile strategy and good design are key to success.
BN: How important is it for shopping sites to deliver a positive mobile experience?
AKS: Very. Not only does mobile friendliness now affect SEO holistically (desktop included), but it also is a huge driver in determining mobile conversion rate and overall traffic numbers. A poor mobile user experience will send users directly to competitors who offer better experiences on the customer's device.
BN: Does a move towards more mobile friendly sites risk alienating older users?
AKS: No. E-comm sites can be mobile friendly without being flashy. Mobile friendliness simply means that you cater to the device that your user is viewing your page on; older users have a similar need for mobile pages to be easily viewable when using mobile devices. Design differences around flashiness, button sizes, etc. can be driven by analyzing your user demographics, but mobile friendliness is a must regardless of age group.
BN: Are we seeing a trend towards accessing retails sites using apps rather than browsers and what impact does this have?
AKS: For every-day retail shopping, I don't think that retail-branded apps will outpace mobile web in the foreseeable future. When users have simple purchases to make, their go-to is still going to be a web browser rather than downloading a retail-specific app. That said, apps are very valuable because they allow retailers to occupy real estate on users' phones and thus every day lives and continually engage the user. The most loyal customers who are spending the most with your brand are also the ones who will keep brand-specific apps installed, so providing these customers with additional value-adds through an app to reward them for loyalty is definitely a revenue driver. A solid mobile strategy needs to account for both mobile web and apps.
BN: How can mobile be used to enhance the physical in-store experience?
AKS: Newer technologies are making it possible to track user journeys through stores in ways that we couldn't have imagined prior to smartphones. Beacon technologies can allow retailers to track user movements through the store in order to optimize shopping patterns, send promotions, and gain a firm understanding of the user journey in a brick-and-mortar setting.
BN: Surveys have shown that surfers visit fewer pages of a site on mobile devices than they do on desktops. How can retailers adapt to this?
AKS: Our belief is that a big part of the reason for this pattern is twofold, and the reasons are heavily intertwined. Firstly users often pull out mobile phones to research a specific item rather than to browse e-comm storefronts since browsing is easier on a desktop device. Second, user experiences on retail mobile sites are still not up to par with desktop experiences, making it more difficult to shop on the majority of sites. We've seen huge gains in overall traffic, page views per user, average usage time, etc. by designing mobile websites with experiences specifically catering to the needs of mobile users. Designing an experience specifically for your mobile users is a must in order to truly unlock an e-comm mobile site's full potential.
BN: Will we see numbers of mobile shoppers continuing to increase or are we reaching a plateau?
AKS: Numbers continue to rise and don't show signs of stopping any time soon. 2015's holiday period mobile numbers set record numbers for mobile across the board, as did 2014, 2013, and so on. While 2013 and 2014 mobile transaction numbers were still relatively low compared to desktop counterparts, 2015 saw a rise of customers checking out and completing purchases on mobile. According to IBM, more than 36 percent of e-commerce sales during the 2015 holiday period took place on mobile devices, up from 27 percent the year before. The numbers may eventually plateau, but we are not anywhere close to that point yet.
Image Credit: Slavoljub Pantelic / Shutterstock
In our increasingly connected world it isn't just your computer or smartphone that can fall victim to attack. The Internet of Things is producing a whole new generation of vulnerable devices.
Not least of these are connected cars where attackers can potentially infiltrate and take control over car systems, even killing the engine as you drive.
A new Israeli startup company Karamba Security has produced a purpose-built ECU solution that protects a car's externally connected components. It can identify attack attempts and block exploits from infiltrating the car's network to ensure drivers' safety.
Security detection and enforcement capabilities can be embedded directly on the ECU to ensure only explicitly allowed code and applications can be loaded and run on the controller. Karamba blocks any foreign code, which means the controller is safe from attackers, regardless of how they entered (via the internet, USB drive, service port, etc), with no false alarms.
"Customers have been very excited about our ECU endpoint approach," says Ami Dotan, CEO of Karamba Security. "By stopping attacks at the ECU, attackers can't make it inside the car's network, which means the car's ongoing operations are safe. Our early warning and malware prevention capabilities allow car companies to provide drivers smart vehicles that will get them where they want to go, safely."
The solution can be used to protect existing as well as new cars, manufacturers are able to retro fit protection to older models as part of an ECU software update.
Karamba has received $2.5 million in seed funding from YL Ventures and from the GlenRock private investment company. "We were impressed with Karamba's unique focus on developing an unobtrusive solution to the cybersecurity problems of the automotive industry," says Yoav Leitersdorf, managing partner of YL Ventures. "The experience of the team gave us confidence they could take a unique, shrink wrapped, approach and make it a reality."
You can find out more about the risks and how Karamba's protection works on the company's website.
Photo Credit: ssguy/Shutterstock
APIs are the glue that holds much of the digital world together, connecting systems, apps and data. But a new survey reveals that many organizations are failing to place enough emphasis on API security.
Research company Ovum in partnership with bot detection and mitigation firm Distil Networks, surveyed 100 IT and security professionals. They found that 30 percent of APIs are planned out with no input from the IT security team and 27 percent of APIs proceed through the development stage without the IT security team weighing in.
Other findings include that 87 percent of respondents were running an API management platform, with 63 percent using a platform developed in-house. However, rate limiting, considered to be a basic API security practice, was employed by less than half of respondents.
Of those surveyed 53 percent feel security teams should be responsible for API security, while 47 percent think the developer teams should hold responsibility.
It's clear that APIs have taken hold, with 20 percent of respondents saying they're maintaining, building, or publishing more than 50, while at the other end of the scale, 32 percent are working on between one and 10. The remainder are running somewhere between 11 and 50 APIs, but Ovum expects to see the number grow over the next few years.
A significant proportion are using public APIs that are exposed to developers outside their own companies. 51 percent say that at least part of the rationale for their APIs was to enable an external developer community/ecosystem, while 67 percent say that partner connectivity is a driving factor.
The report's authors note, "Our survey finds that most respondents are at least concerned with the issue of API security, which is as it should be. Furthermore, most of them are using some form of API management platform, and the majority of platforms in use provide some level of security capability. However, there is by no means blanket coverage of all aspects of API security by all platforms."
You can read more about the findings on the Distil Networks site.
Image Credit: Profit_Image / Shutterstock
Modern software is often complex, perhaps running services on multiple machines. This can make deployments complex and prone to errors.
Software deployment specialist Puppet Labs is launching the latest version of its Puppet Enterprise platform which gives development teams control over and insight into the changes they want to push out.
At the same time the company is launching a software operations platform called Blueshift. It engages with products like Docker to give organizations the tools they need to build and operate modern software.
"We're driven by a belief that software can make people more powerful," says Luke Kanies, founder and CEO of Puppet. "To make that a reality, we're focused on building the standard platform for automating delivery and operation of the software that powers everything around us. Puppet gives organizations a common language to deliver and operate modern infrastructure and to adopt whatever comes next -- simply, securely, and consistently".
Puppet makes it possible to push out any change on demand and manage ordered deployments of applications and infrastructure. It's also possible to possible to schedule change in a specific time window, and push change through tools like HipChat, Git, Jenkins or directly with Puppet Enterprise.
Operators gain visibility into deployments and can manage them as required. Thanks to an an interactive dependency graph, teams can visualize dependencies across all the resources they manage with Puppet.
There's also integration with the Splunk operational intelligence platform. This allows users to analyze their infrastructure and get performance metrics for Puppet Enterprise services with data sent direct to Splunk Enterprise.
You can find out more on the Puppet Labs website.
Image Credit: Rafal Olechowski / Shutterstock
Back in September of last year we reported that Microsoft had announced its purchase of cloud security firm Adallom to help its customers protect their cloud-based data and applications.
In February it teased that a new Cloud App Security offering based on Adallom's technology would be released in April. Well, today the wait is over and the product becomes generally available as a cloud-delivered service to help IT and security teams gain visibility and control over cloud apps.
Writing on the company's blog back in February, Bret Arsenault, Microsoft's chief information security officer says, "Microsoft Cloud App Security brings the same level of visibility and control that IT departments have in their on-premises network to their SaaS applications including apps like Box, SalesForce, ServiceNow, Ariba, and of course Office 365".
Cloud App Security identifies all cloud applications on a network -- from all devices -- and provides risk scoring and ongoing risk assessment and analytics. It allows admins to set granular controls and policies for data sharing and loss prevention (DLP), leveraging API-based integration. Users can opt to use out-of-the box policies or build and customize their own. Cloud App Security also provides threat protection for cloud applications using user behavioral analytics and anomaly detection.
As a first step network logs are uploaded to the service. These are analyzed and admins can then choose which apps are sanctioned and need to be connected to the service. Once that's done data control policies can be set up and admins start to receive alerts. You can read more about how it works on the Microsoft Cyber Trust Blog.
It's available on a subscription basis at $5 per user per month. If you're interested in finding out more you can visit the Cloud App Security product page to request a trial.
Photo credit: Maksim Kabakou / Shutterstock
Useful apps tend to embed themselves deeply into people's work lives and stay installed on their devices for the long term. As a result it can be hard to get a definitive list of the best apps at any one time.
To try to remedy this, app quality company Applause has produced a report that ranks 130 business apps based on what people feel about them. Categories of apps ranked include communication, organization, work productivity, security and weather.
To qualify for the report, apps needed to have a minimum of 1,000 reviews combined in the Android and iOS app stores. Ranking is based on a sentiment score of 0-100 as determined by Applause's analytics platform for attributes including usability, security, privacy, interoperability and more.
The average score of all 130 apps was 61 out of 100 (the average score of apps across all categories is 67). Organization apps were the highest ranked at an average score of 68/100. Communication and security apps received average scores of 55 and 53, respectively.
In the communication category, Slack (64.5) scored ahead of Google Hangouts (47), HipChat (42.5) and Skype for Business (22). In organization, Box (64.5) scored ahead of Google Drive (61), Dropbox (60) and Microsoft OneDrive (58). Of security apps, Norton Mobile Security (79) scored ahead of Kaspersky Internet Security (77) and Avast Mobile Security (75).
Ten apps earned above average scores based on more than 100,000 reviews. These include ColorNote (93), Duolingo (88.5), CamScanner (85) and Evernote (78). The report's authors note that, "Consumers value apps with elegant user interfaces and simple navigation, accurate information, relevant notifications, quick launch times, fast performance and engaging and fun experiences".
At the other end of the scale the worst scores were received by enterprise mobile management apps such as Good, Mobile Iron and AirWatch, all of which ranked at the bottom with scores under 20.
You can find out more about how Applause measures app sentiment and access the full report on the company's website.
Image Credit: Syda Productions / Shutterstock
More than 27 million Android devices running medical apps are likely to have high risk malware installed according to a new report.
The Mobile Threat Intelligence report from threat defense company Skycure is focused on healthcare and finds that doctors who use mobile devices to assist their day-to-day practice are exposed to network threats, and that these significantly increase over time.
In a single month, one in five (22 percent) of mobile devices will be at risk of a network attack. This figure nearly doubles to 39 percent after four months. In addition to network threats, mobile devices continue to be plagued by malware. More than four percent of all Android devices were found to be infected with malicious apps. Medical app users need to be particularly wary, as the report shows 27.79 million devices with medical apps installed might also be infected with high-risk malware. The Skycure mobile threat defense platform conducted 51 million network tests in 2015, and detected the installation of nearly 13,000 malicious apps.
"Mobile is a huge attack target for cyber criminals who are after sensitive personal data like patient records," says Adi Sharabani, CEO of Skycure. "Unlike desktop and network security, mobile security is often the weakest link in the security chain. Healthcare is one place where it is clear that one compromised device puts more than just the device owner’s data and identity at risk".
Among other findings are that 80 percent of doctors use their mobile devices to assist in their day-to-day practice and 28 percent store patient data on their mobile device, making their devices prime targets for cyber criminals.
Eleven percent of mobile devices running an outdated operating system with high-severity vulnerabilities might have stored patient data on them. In addition fourteen percent of mobile devices containing patient data likely have no passcode to protect them.
There is some good news, for example, the percentage of devices with passcodes enabled rose slightly to 52 percent in the last quarter of 2015 from 48 percent in Q3 2015. This may be due to the adoption of new devices featuring biometric passcodes. However, it still leaves nearly half of devices completely unprotected.
The report also shows that users of iPhones and iPads are more protected because they are much more likely to have the most current version of their device's operating system. At the end of 2015, 88 percent of iOS users had upgraded iOS 9. By contrast, only three percent of Android users were using Android 6.0, Marshmallow, at the end of the year.
You can find more about the findings by registering for an on-demand webinar, and there's a summary of the findings in infographic form below.
Image Credit: Rob Hyron / Shutterstock
Leader in open source databases MariaDB is announcing the release of its new big data analytics engine, MariaDB ColumnStore.
It unifies transactional and massively parallelized analytic workloads on the same platform. This is made possible because of MariaDB's extensible architecture that allows the simultaneous use of purpose built storage engines for maximum performance, simplification, and cost savings. This approach sets it apart from competitors like Oracle, and removes the need to buy and deploy traditional columnar database appliances.
"I've seen first-hand how traditional columnar appliances arose as reactions to the cost and complexity of Oracle," says Michael Howard, CEO of MariaDB, "But these reactions have only increased complexity and cost further, and most importantly, over-looked critical features. In contrast, MariaDB ColumnStore is ACID compliant, blazingly fast, massively parallelized, and uses a distributed storage engine. What's equally important is its front end -- MariaDB, which provides the same interface, same security, same SQL richness simplifying management, reducing operating costs".
ColumnStore is a columnar storage engine for massively parallel distributed query execution and data loading. It supports a vast spectrum of use cases including real-time, batch, and algorithmic. It can perform complex aggregation, joins, and windowing functions at the data storage level to increase performance. MariaDB ColumnStore is an Open Source GPL2, a fork based on InfiniDB and open source community contributions.
The company is also announcing new data streaming capability in MariaDB MaxScale that will simplify real-time data propagation to external data lakes or data warehouses. This feature allows transactions in MariaDB to be replicated in real time to Hadoop or any other data store. It enables MaxScale and MariaDB to handle replication in mission critical applications without impacting performance. At the same time it includes all necessary metadata so that any program can read it, with no per-value overhead.
MariaDB ColumnStore will be available for beta testers next month, you can sign up for more information on the release on the company's website.
Image Credit: Tashatuvango / Shutterstock
Whether it's down to stolen credentials, weak passwords or bot-based attacks, the threat of an account takeover is one of the major worries for most users.
Mobile identity company TeleSign is launching Behavior ID, a new offering that enables web and mobile applications to measure and analyze a user's behavioral patterns to provide continuous authentication, even after the user has been verified with traditional security measures like passwords.
It provides an additional, transparent layer of security for every type of online account or mobile application, ensuring they are protected them from fraud, without the need for user interaction. Behavior ID delivers a 'similarity score' based on a set of behavioral biometric traits that are collected, analyzed and rated as users go about their everyday tasks, from initial account creation through ongoing access and usage of an account. This profile is then used to calculate a similarity ratio between the user's current behavior and their historical, expected behavior. It can therefore streamline the user experience for known good users, while providing a basis for challenging potentially bad or fraudulent users by asking for re-verification, or two-factor authentication.
No user interaction is required to enroll, enable, and start protecting an account from compromise. Users simply continue to use their web or mobile application as normal with no change to their workflow or behavior.
"With Behavior ID, our customers can immediately increase the level of identity assurance for every user account they have, without adding friction," says Steve Jillings, CEO at TeleSign. "The power of Behavior ID is its ability to adapt to the user, transparently producing a digital fingerprint from a user's behavior to confirm their identity and develop an ongoing authentication without requiring the consumer to do anything. Best of all, these unique biometric patterns are extremely accurate, from the way we move our hand on a mobile device screen or with a mouse, it is virtually impossible to precisely imitate another person's behavior".
Behavior ID SDKs for web and mobile applications are available from today for developers to embed into new or existing web and mobile app platforms. More information can be found on the TeleSign website.
Image Credit: Kirill Wright / Shutterstock
Businesses are showing increased interest in developing their infrastructure to support distributed, scale-out databases and cloud databases, but a lack of robust backup and recovery technologies is hindering adoption.
Backup and recovery is cited by 61 percent of enterprise IT and database professionals as preventing adoption. However, 80 percent believe that deployment of next-generation databases will grow by two times or more by 2018.
These are among the findings of a new report from data protection specialist Datos IO which looks at the concerns of IT leaders and the benefits they cite surrounding the rising demand for distributed applications and adoption of scale-out databases.
Other findings are that 75 percent of respondents predicted that next-generation databases will influence their organizational growth in the coming 24 months. The majority of apps (54 percent) deployed on next-generation databases sit in the analytics category, with business management, IoT and security apps coming close behind.
MongoDB and Cassandra lead the way in distributed database deployment, followed by cloud-native databases from Microsoft and Amazon. Some 89 percent of enterprise IT database professionals say that backup and recovery (as a function of storage) is critical for production applications.
"This survey shows IT application and database professionals clearly understand that for organizations to ride this unprecedented tide of data agility, they also need to innovate data storage, specifically for distributed backup and recovery," says Tarun Thakur, co-founder and CEO of Datos IO. "To deploy and scale next-generation applications, enterprises must be sure that data can be managed and recovered over its lifecycle at scale. To unlock the full potential of data, it is imperative that businesses fill data their protection gaps now".
There's a summary of the findings in infographic form below and you can find out more at the Datos IO site.
Image Credit: Oleksiy Mark / Shutterstock
Digital transformation strategies are often held back by complex IT systems that have been built over the years and represent significant investment. This may lead to departments seeking their own solutions, placing yet more pressure on back office systems.
Business automation specialist Automic is launching new capabilities to its DevOps release automation product, Automic Release Automation, to allow companies to deliver greater agility, scalability, and speed in order to drive competitive advantage.
"We are simplifying how our customers execute on their DevOps journey by specifically targeting all of the applications across an enterprise with the goal of driving the digital transformation required by our clients", says Chris Boorman, chief marketing officer at Automic. "Our experience in automation, expertise in production IT environments, and industry recognized technology are key differentiators that position us and our clients for success. The Automic Blueprint for Continuous Delivery provides a practical approach that an enterprise can employ to scale continuous delivery across both back-office applications and the new digital front-office. This blueprint provides a clear and structured approach for all enterprises to use in driving their digital transformation".
Features include a new cloud-based sandbox, and visualization of the delivery pipeline of all applications to better understand the impact and time implications of multiple concurrent releases throughout the organization.
Automic Release Automation enables enterprises and service providers to serve multiple departments and clients in isolation from each other on a single shared platform, simplifying operations and maintenance, and making scaling easier.
It also integrates with the Automic marketplace allowing developers to contribute and utilize new content seamlessly. There's a new online assessment service too that will benchmark an enterprise against key indicators of maturity. By answering a set of simple questions, enterprises can benchmark themselves against the Automic standard, against their peers, their industry or their region.
You can find out more about Automic Release Automation, which is available now, on the company's website.
Image Credit: Stokkete / Shutterstock
What are the trends driving the careers of tech professionals? A new report based on information gathered from the Woo platform, which allows workers to find jobs with companies that offer the things they really want, reveals what has changed in the first quarter of 2016.
The Woondex (Woo Index) shows there has been a 12.6 percent drop in salary expectations compared to the final quarter of last year. However, there's an 8.2 percent increase in the number of workers looking for a better work-life balance over the same period.
The San Francisco Bay Area is still the most popular location for tech workers in the US, but its appeal could be waning as there's a 6.9 percent increase in the number of Bay Area workers who say they are willing to relocate. The most popular choice for those who want to move on is New York, followed by Seattle.
It seems that size matters too, at least for businesses, with 82.6 percent wanting to work at larger companies compared to only 76.5 percent willing to work at startups.
The most in demand technologies are Java (18.2 percent), NodeJS (15.2 percent) and AngularJS (14 percent). When it comes to sectors big data/cloud is still most popular, followed by health and finance.
You can find out more about how Woo helps gauge their worth and find fulfilling roles on the company's website.
Photo Credit: wavebreakmedia/Shutterstock
Using threat intelligence helps enterprises to improve decision making when it comes to managing security incidents and enforcing policy.
Threat defense specialist LookingGlass Cyber Solutions is looking to improve the way analysts and security operators interpret threats targeting their organizations with the launch of its new ScoutPrime threat intelligence management platform.
"We are excited to announce the availability of ScoutPrime and the other enhancements to the broadest portfolio of threat intelligence and risk management products in the market," says Chris Coleman, CEO of LookingGlass Cyber Solutions. "These latest additions ensure our customers stay ahead of the rapidly changing threat landscape targeting their organizations and the companies they do business with".
ScoutPrime allows users to customize threat levels to match their organizational risk tolerance. With configurable threat indicator confidence scoring, along with an internet intelligence‐based foundation allos it to apply context using the largest collection of proprietary and third party threat data available in a single product. The result is relevant, actionable intelligence. By allowing organizations to visualize threats ScoutPrime reduces the risk they face from new and emerging threats.
LookingGlass has also enhanced its Cyber Threat Center which now includes a case management enhancement that allows customers to enrich the intelligence to sync with their internal processes and track each vetted issue from delivery to resolution. In addition Cyber Threat Center now has the ability for administrators to enable two‐factor authentication on user accounts.
Improved too is the company's Cyveillance Malicious C2 data feed which monitors over 60,000 domains known to be associated with active malicious command and control servers. Its daily updates now include support for internationalized domain names and additional metadata on the botnet, variant, category, and criticality score.
You can find out more on the LookingGlass website.
Image Credit: Mopic / Shutterstock
Over the last few years consumers have increasingly come to expect to receive messages keeping them up to date with appointments and transactions.
Mobile marketing company Vibes has announced the results of a study of over 1,000 people which finds that mobile phones are the number one preferred device for service-based messages with 70 percent preferring to receive service-based messages this way.
Good news for businesses is that service-based messages are seen to create a competitive advantage, with 84 percent of consumers saying that service-based messaging has an impact on their decision to choose one company over another.
Conveying basic information such as time, date and tracking information, is one of the most important features of service-based messages in terms of positively impacting customer satisfaction. Most consumers (78 percent) say that a text message is the fastest way to be reached for important service updates on purchases.
Alongside the survey results, Vibes is launching a new transactional messaging solution to enable enterprises to deliver automated service messaging programs across mobile channels. Using the company's Catapult platform, it enables enterprises to power automated service messaging programs across mobile channels, including text, push and mobile wallet (Apple Wallet and Android Pay).
"With the enterprise shift to mobile, mobile messaging has become a top priority and complement to email strategies to provide the best experience possible for customers", says Jack Philbin, co-founder and CEO of Vibes. "Transactional messaging on mobile provides an immense opportunity to gain a non-marketing mobile touch point, drive cost savings and innovate your brand. We’re already seeing large enterprises turn to Vibes to capitalize on the immediacy of mobile and power transactional messaging programs to reach consumers on their most trusted and heavily used device in a way that is easy for them".
Key features include user-friendly transactional messaging templates and logic that allow technical and non-technical users to create actual message templates, update content and set up message logic. Sophisticated reporting capabilities can conduct deep cross-channel analysis to help business users understand transactional messaging’s impact on the customer experience.
The full Transactional Messaging Consumer Report is available from the Vibes website where you can also find more about the transactional messaging service.
Image Credit: Rido / Shutterstock
It may not have escaped your notice that today is World Backup Day, which aims to raise awareness of the importance of looking after your data.
To mark the event Dark Bear Web Solutions has produced an infographic offering facts and tips about backups.
It reveals that 64 percent of people globally would be more worried about losing their data than about losing the device it was held on. Also that 37 percent of small businesses have had to restore lost data from a backup at some point.
Among the tips it offers are how to spot what isn't a backup, for example saving to another folder or leaving pictures in your camera's memory. It also recommends the 3-2-1 rule for data you care about -- taking three copies, using two formats, for example the cloud plus a hard drive, and having one off-site backup.
It looks at the differences between cloud storage and cloud backup too, and at the various physical media types that can be used, as well as offering tips for small businesses.
You can see much more in the full graphic below.
Image Credit: Oleksiy Mark / Shutterstock
If a data breach happens customers expect a fast and reassuring reaction from the company affected. It's therefore crucial for businesses to have an incident response plan, but often those plans are only tested when a breach occurs.
According to an upcoming survey from customer security company AllClear ID the two most common challenges during a breach response are people related, with 66 percent citing internal politics and 60 percent "too many cooks in the kitchen".
To address the need for a proactive security plan and enable enterprises to act swiftly and decisively, the company is launching its AllClear Reserved Response program. This is aimed at ensuring a successful customer response after a cyberattack by pairing expert planning with guaranteed response capacity.
"Cyberattacks are a very real part of doing business today and we've repeatedly seen the devastating impacts that poorly managed breach responses have on a company. CEOs get fired, customer loyalty and retention tank, and companies experience significant financial losses", says Bo Holland, founder and CEO of AllClear ID. "Reserving the response capacity you need in advance is the most effective way to mitigate the response risk and restore customer confidence after a breach".
Using Reserved Response, businesses are given the confidence and capacity they need to execute critical business decisions immediately following a breach, something which can make or break customer trust and loyalty. They can begin executing their response plans as soon as a breach occurs, reducing the chances of negative publicity and damage to business reputation.
"Planning is not enough. If you don’t have the operational capacity to communicate to all of your customers and resolve their problems during an emergency, you will fail", Holland adds. "It's the Titanic problem -- the captain had an evacuation plan, but he was caught short on lifeboats".
You can find out more about AllClear Reserved Response on the company's website.
Photo credit: Imillian / Shutterstock
The firewall is still at the center of most network security strategies, but it needs to evolve as cloud technology, software defined networks and next generation firewalls take hold.
This is among the conclusions of the latest State of the Firewall Report from network security specialist FireMon, which finds that 91 percent of IT security professionals believe firewalls are still as critical or more critical than ever to their security architecture.
Two-thirds of respondents also say that firewalls are somewhat or highly valuable to the cloud services they manage. This represents a 10 percent increase over 2015. Next generation firewalls (NGFWs) represent at least 50 percent of current firewall infrastructure in almost half of the organizations surveyed compared to 34 percent in 2015. NGFWs can add complexity to security management, but despite this only 6.7 percent of organizations say they have no NGFWs.
Software defined networking (SDN) is also seen as being a major factor, with 90 percent of respondents recognizing that it has impacted or will impact networking to some degree.
"We're seeing small shifts in IT professionals' perceptions of the firewall as new technologies enter the market", says Jody Brazil, co-founder and chief product strategy officer at FireMon. "Adoption of SDN and network virtualization in general won't decrease the need for firewalls, but it may open the door to advancements or a new category of network protection. It will be more of a continuous evolution rather than a complete upheaval as so many are quick to claim".
The report is based on a November 2015 survey of approximately 600 IT security practitioners from a range of organizations, a full copy can be downloaded from the FireMon website.
Photo Credit: Andrea Danti/Shutterstock
Most businesses have information they need to keep for compliance and other reasons. Traditionally this has been in the form of paper archives, but the availability of low-cost cloud storage offers an attractive alternative.
Data management company Solix Technologies has produced an infographic looking at the advantages of cloud archiving.
It reckons that for 1.6 terabytes of data -- around five million sheets of paper -- there are substantial savings in production and archiving costs, with a figure of less than $1,000 a year for cloud storage compared to $140,000 or more for paper.
There are also benefits in convenience and ease of access to stored data. Also 65 percent of people see password protected documents of secure compared to only 45 percent for papers locked in a filing cabinet.
You can see the full infographic below.
Image Credit: Bedrin / Shutterstock
Potential security vulnerabilities in Microsoft SCCM (System Center Configuration Manager) environments are a concern for 70 percent of IT professionals, according to a new survey, with 65 percent planning to conduct an SCCM security review in the next year.
The results of the study of more than 150 professionals by security company Adaptiva have been released to coincide with its launch, along with Windows Management Experts, of a new security auditing service for SCCM users.
As part of the service, security experts will conduct a series of interviews and system checks in order to validate processes, procedures, and configurations against a list of more than 100 security best practices.
They will also document where a company can improve SCCM security, and highlight the security areas where an IT department is doing things right. In addition they'll deliver a security action plan with specific fixes that should be applied to address identified vulnerabilities.
In addition customers have the option to implement Adaptiva solutions like its Client Health endpoint security engine or OneSite content distribution system, to automate system checks and support the ongoing deployment of security patches and updates. They can also schedule follow-up reviews to ensure progress is made as planned, and validate that recommended security best practices are maintained on an ongoing basis.
"Security is a huge concern for everyone in IT, from admins to CIOs, who see locking down their SCCM environments as a crucial part of the solution", says Jim Souders, COO of Adaptiva. "With the new SCCM Security Audit service, Adaptiva and WME team up to provide companies with protection and peace of mind. For organizations that want to upgrade their SCCM security program, we offer advanced security management capabilities with our OneSite and Client Health products".
More information on SCCM security audits is available on the Adaptiva website.
Photo Credit: watcharakun / Shutterstock
Thanks to the benefits that it offers in terms of productivity and employee satisfaction, BYOD remains a popular option for many companies and the market is predicted to be worth $360 billion by 2020.
But a new report from Crowd Research Partners in conjunction with some leading data security vendors -- including Bitglass, Blancco Technology Group, Check Point Technologies, Skycure, SnoopWall and Tenable Network Security --provides a conflicting portrayal of BYOD security barriers and adoption trends in the workplace.
The biggest factors inhibiting BYOD adoption are revealed as security (39 percent) and employee privacy (12 percent). In contrast, management opposition (three percent) and user experience concerns (four percent) rank much lower.
The survey results also show that one in five organizations suffered a mobile security breach, primarily driven by malware and malicious Wi-Fi. It’s not too surprising then that security threats to BYOD are a burden on organizations' IT resources (35 percent) and help desk workloads (27 percent).
Despite increasing mobile security threats, data breaches and new regulations, only 30 percent of organizations surveyed say they are increasing security budgets for BYOD in the next 12 months. Meanwhile, 37 percent have no plans to change their security budgets.
"BYOD can be a tough nut for organizations to crack", says Pat Clawson, CEO of Blancco Technology Group. "Despite its many benefits, our study found that 21 percent of organizations have experienced a data breach resulting from BYOD or corporate-owned mobile devices. This often creates a chicken-or-egg scenario -- where organizations contemplate whether to push forward with BYOD without having complete security controls in place, or to postpone until they can be absolutely certain data won't be leaked. To change this, we need to educate businesses on the full scope of mobile security risks and technology solutions that can help them protect data across the entire lifecycle -- and get the C-suite to understand the impact on overall business growth".
The complete report is available to download from the Blancco Technology website and there’s a webinar to discuss the findings on April 14.
Photo credit: Sarawut Aiemsinsuk/Shutterstock
Cubot is a name you may not have heard of, but the Chinese company is seeking to make an impact on the smartphone market with the X17, offering premium features at a more down market price of around $170 (£130).
First impressions are positive, the phone comes in a box with a textured bronze colored finish. In the package you get a USB cable, mains adaptor, SIM tray opening tool, a clip-on protective cover for the back, a spare screen protector -- there's one pre-installed -- and a printed quick start guide. You also get a couple of cleaning wipes which is a nice touch.
The technical spec is impressive too. The phone uses a 1.3 GHz quad-core, 64bit processor (Mediatek 6735A) and has 3GB of RAM. There's 16GB of onboard storage though you can expand this with a microSD card. The 5-inch screen has a 1920 x 1080 resolution and 441 ppi, there's 4G support along with Bluetooth and Wi-Fi, though no NFC, and it runs Android 5.1 Lollipop. Cameras are 16MP rear -- with an LED flash -- and 8MP front.
The X17 is dual SIM and, usefully, the two slots are different sizes so you can use a standard Micro SIM and/or the smaller Nano SIM. Note though that the Micro SIM and SD card use the same slot so you can't have both at once. The phone is powered by a non-removable 2500mAh battery.
You can find the full spec on the Cubot website.
Out of the Box
The phone itself feels and looks like a quality item. It's nicely weighty and has a shiny metal edge, the glass front curves into this which gives it a premium look. The 5-inch screen has white sections above and below it housing the front camera, speaker grille and fixed menu buttons. The back echoes this with a silver coloured metal centre panel between two white plastic sections. Power and volume buttons are on the right edge with the SIM and SD card slot on the left.
The rear camera lens is slightly raised above the phone body, though if you have the clear clip-on cover in place it sits flush. A slight oddity is that the permanent menu and back buttons are the other way around from most Android phones which takes a bit of getting used to.
With the phone switched off the screen appears to go right up to the sides of the device, but switch on and you realise that there's narrow black border so the actual usable area is slightly smaller. The part that you can use though is bright with strong colors and good viewing angles.
In Use
The X17's performance is perfectly acceptable in everyday tasks, accessing the net and playing videos, though the processor isn't quite up to the most intensive games. It does seem to get through the battery quite quickly, but you should manage around a day of normal use on a full charge. There is a battery saver mode that you can set to activate at 15 percent or five percent of remaining power to eke out the remaining life. The phone gets a little warm when you've been using it for a while, but not uncomfortably so.
You can swipe to the left from the lock screen to activate the camera without unlocking the phone first. Using the rear camera there's a bit of a lag when focusing, and when you have got it focused the photos aren't great with colors that look a little over saturated. Sharpness and detail is good though. Video can be shot in full HD at 30fps, but there's no image stabilization so you can end up with rather shaky results.
The front camera has a wide angle lens making it good for taking group selfies (groupies?), and you can enable a gesture mode for timer shots which detects a V sign to start a countdown. Again pictures are adequate rather than outstanding.
As we noted above there's no NFC on the X17, you do get something called HotKnot, which is similar but only works with other Mediatek-based kit so its usefulness is rather limited.
Software is pretty much standard Android. The phone does come with Opera Mini installed, but otherwise is commendably free of bloatware. There are air gesture options for scrolling through the gallery, changing radio stations and switching the screen on and off, but these are a bit hit and miss in use.
Conclusion
If you're looking for a phone that offers 4G on a budget, there's quite a bit to like about the X17. It's well made with the feel of a pricier device, the screen in particular being the equal of some much more expensive phones.
There are some compromises, the camera in particular isn't great and the lack of NFC may be a deal breaker for some. Also the battery life is no more than adequate. Those things aside the X17 is a decent all-rounder and will suit people who are looking to take their first leap into 4G without breaking the bank.
Security teams often spend a lot of their time investigating anomalies and suspicious behavior, leaving them less time to focus on true threats.
Cloud security specialist CloudLock is tackling this problem with research into what it calls a Cloud Threat Funnel. Based on analysis of user behavior patterns it can isolate truly malicious threats from the noise of other potentially suspicious or unusual behaviors.
As the report's authors note, "Analyzing user behavior for signs of a breach is like searching for a needle in a haystack. Anomalous behaviors may be simply accidental missteps by careless users, or typical work-related actions that in the right (or wrong) context can become dangerous".
The funnel approach is based on research into the daily behavior of 10 million users, 1 billion files and 140,000 cloud apps. It reveals that 99.6 percent of users access cloud platforms from just one or two countries per week. Establishing this as the norm, the team was then able to isolate and reveal anomalies.
By adding user activity to third-party threat intelligence the algorithms reduce the likelihood of false positives. The Threat Funnel then moves into anomalies, recognizing outliers that do not conform to expected patterns. Because it's a self-learning model, it reduces the number of alerts being generated to improve the signal-to-noise ratio and visibility. Using this approach allows security professionals to focus their efforts on true malicious threats.
In order to make use of the Cloud Threat Funnel, organizations need to deploy an adaptive security model that can provide security teams with predictive, preventive, detective and responsive capabilities. By narrowing the focus on top offenders and user activities that are the most indicative of a true threat, security teams can make confident decisions much faster and avoid costly breaches with less effort.
The findings and methodology behind Cloud Threat Funnel are available in a report which you can download from the CloudLock website.
Image Credit: Andrea Danti/Shutterstock
The number of software vulnerabilities has increased over the last year, but the majority of them are in non-Microsoft products.
This is a key finding of the latest Vulnerability Review from Flexera Software, which in 2015 recorded 6,081 vulnerabilities in 2,484 products from 263 vendors. This compares to 2014's figures of 15,698 vulnerabilities in 3,907 products from 514 vendors.
"The substantial 36 percent drop in number of products and 49 percent drop in vendors primarily reflects an adjustment in focus from Secunia Research to only monitor the systems and applications in use in the environments of customers of Flexera Software's Software Vulnerability Management product line", says Kasper Lindgaard, director of Secunia Research at Flexera Software. "This change is caused by a continuous rise in the number of vulnerabilities reported in recent years, and we are currently seeing other research houses choosing similar strategies -- CVE Mitre, for example".
Looking at the 50 most popular applications on private PCs -- identified using Flexera's Personal Software Inspector -- the split between vulnerabilities in Microsoft and non-Microsoft products shows 21 percent for Microsoft and 79 percent for other vendors. This is despite Microsoft products making up 67 percent of the top 50.
In 2015, 1,114 vulnerabilities were discovered in the five most popular browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari. That represents a four percent increase from 2014.
Over the same period 147 vulnerabilities were discovered in the five most popular PDF readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.
There's some good news in the fact that 84 percent of vulnerabilities in all products had patches available on the day of disclosure in 2015. The number of zero day vulnerabilities at 25 was the same as in 2014.
For more detail and to download a copy of the full report you can visit the Flexera website.
Photo Credit: Sergey Nivens/Shutterstock
According to Google's Consumer Barometer Report 53 percent of people compare products, prices and features online before buying.
This is even more true of B2B buyers, with 89 percent saying they use the web as part of their research process.
When it comes to buying business software it isn't surprising that it can take days if not weeks to shortlist software options. Even then information regarding different product choices is fragmented across multiple locations -- emails, spreadsheets, PDF proposals, online meetings and many more.
This is bad news for software vendors too, as due to the slow and fragmented nature of the research process, they have to wait a long time to understand purchase decisions. Since most research is done online the space is dominated by a few large software companies. Most smaller software vendors have to rely on traditional marketing channels which drive up cost of customer discovery and customer acquisition.
London based start-up Comparesoft is looking to solve this problem. Using a data-driven algorithm, Comparesoft provides unbiased and vendor neutral software comparisons. Users can review usability, implementation, pricing and case studies within minutes and get an immediate practical software comparison. They can then chat online with prospective vendors and book instant meetings with their favorites. All of the information related to their software selection is in one convenient place.
John de Robeck, marketing manager at asset management specialist FMIS says, "Comparesoft is exactly what FMIS was looking for. Unlike other providers we use, Comparesoft is specifically geared to the UK market and so covers a key sector in our target market".
Currently in beta, you can discover more and try out the software comparison tool from the Comparesoft website.
Image Credit: alphaspirit / Shutterstock
Today is the third birthday of the Docker containerization system and to celebrate the company is launching a beta program for Mac and Windows versions of its software.
It offers an integrated, easy-to-deploy environment for building, assembling, and shipping applications from Mac or Windows as well as having many improvements over Docker Toolbox.
Docker for Mac and Windows doesn't need a dedicated machine, making life easier for developers and providing easy access to running containers on a local host network. It includes a DNS server for containers, and is integrated with the Mac OS X and Windows networking system. On a Mac, Docker can be used even when connected to a corporate VPN.
Docker for Mac can be used at the same time as Docker Toolbox on the same machine, allowing developers to continue using Toolbox as they evaluate Docker for Mac. On Windows systems you need to stop Toolbox before using Docker for Windows.
"The Docker for Mac product has addressed all of these issues for us, installation has been significantly smoother thanks to the native Mac application and autoupdater. Official images now 'just work' with the Mac and the new development workflow allows engineers to quickly spin up new versions of services and develop software natively on the Mac against them, with everything just working", says Mat Clayton, Co-founder of Mixcloud, one of the few companies to have tried the software in private beta.
If you're interested in joining the beta program you can sign up to receive an invitation on the Docker website. Docker for Mac and Docker for Windows are at different stages of development, although they do share a significant code base. Docker for Windows will initially be rolled out to users at a slower pace but will eventually have the same functionality as Docker for Mac. Docker for Windows currently only ships on Windows 10 editions that support Hyper-V.
Overall bad bot activity is decreasing, but the number of advanced persistent bots is up according to a new report.
The 2016 Bad Bot Landscape Report from Distil Networks reveals that 88 percent of all bad bot traffic has one or more characteristics of an advanced persistent bot, one that's able to mimic human activity and evade detection.
"When we dug into the bot activity in 2015, we identified an influx of Advanced Persistent Bots (APBs)", says Rami Essaid, co-founder and CEO of Distil Networks. "ABPs can mimic human behavior, load JavaScript and external assets, tamper with cookies, perform browser automation, and spoof IP addresses and user agents. The persistency aspect is that they evade detection with tactics like dynamic IP rotation from huge pools of IP addresses, use Tor networks and peer to peer proxies to obfuscate their origins, and distribute attacks over hundreds of thousands of IP addresses. A whopping 88 percent of 2015 bad bot traffic were APBs. This shows that bot architects have already taken note of traditional bot detection techniques and are finding new sophisticated ways to invade websites and APIs, in an effort to take advantage of critical assets and impact a business's bottom line".
Among the main findings of the report are that 46 percent of all web traffic originates from bots, with over 18 percent coming from bad bots. Medium-sized websites (those with a 10,001 to 50,000 Alexa ranking) are at greater risk, as bad bot traffic made up 26 percent of all web traffic for this group.
Chrome has edged out Firefox as the browser of choice for bad bot creators with over 26 percent of all user agents now using the Google browser. In addition 53 percent of bad bots are now able to load external resources like JavaScript meaning these bots can show up falsely attributed as humans in Google analytics and other tools.
The report finds that 39 percent of bad bots are able to mimic human behavior, so tools such as WAFs, web log analysis, or firewalls, which perform less detailed analysis of clients and their behavior, will likely result in large amounts of false negatives.
It also finds that 36 percent of bad bots disguise themselves using two or more user agents, and the worst APBs change their identities over 100 times. Multiple IP addresses are used by 73 percent of bad bots to rotate or distribute their attacks, and of those, a surprising 20 percent used more than 100 IP addresses.
While six out of the top 20 ISPs with the highest percentage of bad bot traffic originated from China, Amazon has appeared in the top five bad bot originators three years in a row. It's still the US that's the largest originator of bots, with over 39 percent of bot traffic, while India and Israel moved up to the two and three spots.
You can find more information by downloading the full report from the Distil Networks website.
Photo Credit: Gunnar Assmy/Shutterstock
Security company SentinelOne has released news of a major flaw in Apple OS X systems that can allow the bypassing of the latest System Integrity Protection security feature.
This zero day vulnerability is present in all versions of Apple's OS X operating system. It has been reported to Apple and patches will be available soon. SentinelOne’s lead OS X security expert, Pedro Vilaça, is presenting the full findings on this vulnerability today at SysCan360 2016 in Singapore.
System Integrity Protection is intended to limit the ability of a root account to access protected parts of iOS and OS X. But some programs, such as those that update the operating system, retain privileges. It's this that is being exploited by the flaw which allows programs to run arbitrary code on the device and bypass SIP.
To exploit the vulnerability, an attacker must first compromise the target system, which could be done via a spearphishing attack, or by an exploit in the user's browser. The vulnerability is said to be reliable and stable, and won't cause systems to crash. It's also able to avoid detection using techniques that traditional detection mechanisms, looking for more obvious warning signs, would miss. The good news is that, up to now, there's no evidence of it being used in the wild.
You can find out more about the threat and see a full copy of Vilaça's presentation on the SentinelOne blog.
Photo credit: studioVin / Shutterstock
Accidental deletion of information is the leading cause of data loss from SaaS applications, responsible for 43 percent in the US and 41 percent in the UK, ahead of data loss caused by malicious insiders and hackers.
This is among the findings of a new survey of IT professionals in the US and UK from cloud backup specialist Spanning which also has insights into who is responsible for SaaS data protection, organizational confidence in SaaS data protection, and the top concerns surrounding moving data to the cloud.
Among the report's other findings are that a gap exists between perception and reality of SaaS data protection responsibility. Security is the top concern when moving critical business applications to the cloud. But 80 percent of respondents have suffered some type of SaaS data loss and have similar fears related to future cloud data security.
In light of the EU-US Privacy Shield being put in place, IT professionals in the UK are taking a more cautious approach to data sovereignty than their US counterparts. However, the US leads UK in SaaS data protection confidence and the two countries differ most on security when it comes to SaaS adoption.
On both sides of the Atlantic, organizations are moving to the cloud by deploying similar types of SaaS applications. When given a choice of 14 common types of SaaS applications, the top two for both the US and UK were the same -- email/messaging and financial applications are either deployed in a public cloud now, or will be deployed in one in the next 12 months.
In the UK, HR software -- containing some of the most sensitive personal data about employees -- was the third-most chosen option, while in the US, it was IT infrastructure management. Both regions had customer relationship management and sales force automation software as their fourth-most implemented.
The report concludes, "The security of SaaS data is critical -- and Americans (80 percent) are more confident than British respondents (45 percent) in their organization’s ability to secure cloud data. This confidence may shift, however, as organizations continue to see SaaS data loss incidents occur -- almost 80 percent of all respondents experienced some sort of SaaS data loss. And, while 78 percent of US respondents, and 73 percent in the UK, are aware of standalone services that allow them to backup and restore SaaS information separate of the provider/application, only 37 percent in the US utilize them, and 31 percent in the UK".
More detail can be found in the full report which is available to download from the Spanning website.
Image Credit: Maksim Kabakou / Shutterstock
According to new research 90 percent of IT security leaders in US federal agencies say they feel vulnerable to data threats.
In addition 61 percent have experienced a past data breach, with nearly one in five indicating a breach in the last year. This is among the findings of the US Federal Government Edition of the 2016 Vormetric Data Threat Report from enterprise data protection company Vormetric and 451 Research.
The top barriers to adopting better security are named as skill shortages at 44 percent, and budgets at 43 percent. Despite news stories highlighting the threat of nation state hacking, the top external threat actors identified were cybercriminals at 76 percent, with nation state hackers coming a distant fourth at 47 percent.
Bright spots in the report include that 58 percent are increasing spending to offset threats to data, and 37 percent are increasing spending on data-at-rest defenses this year. The top categories for increased spending over the next 12 months are network defenses at 53 percent, followed by analysis and correlation tools at 46 percent.
Network defenses are "very" effective at safeguarding data, according to 60 percent of respondents, more than any other vertical and well above the US average of 53 percent. With data-at-rest defenses seen as the most effective tools for protecting data once other defenses have failed, surprisingly these were ranked last in terms of US federal spending plans, with just 37 percent planning to increase their spending on data-at-rest defenses, compared to the US average of 45 percent.
However, many respondents are planning to implement "newer" security tools that are more effective at protecting data even when other defenses have been compromised. These include cloud security gateways (40 percent), application encryption (34 percent), data masking (31 percent) and tokenization (27 percent).
"Albert Einstein's oft-used quote is fitting -- if doing the same thing over and over and expecting a different result isn't the definition of insanity, it is certainly a recipe for placing our nation’s critical assets at risk", says vice president of Marketing for Vormetric, Tina Stewart. "Public sector organizations need to realize that doing more of the same won't help us achieve an improved data security posture. More attention must be paid to techniques that protect critical information even when peripheral security has failed, and data-at-rest security controls such as encryption, access control, tokenization and monitoring of data access patterns are some of the best ways to achieve this".
More information is available in the full report which you can download from the Vormetric website.
Image Credit: Brian A Jackson / Shutterstock
Data scientists spend a lot of time doing things they don't like, such as sorting out problems with unprocessed information, but they still love their jobs according to a new survey.
The second annual Data Science report from data enrichment platform CrowdFlower shows that there’s a perceived shortage of data scientists, with 83 percent saying there aren’t enough to go around, up from 79 percent last year.
The results of asking how data scientists spend their time are revealing to. They spend 60 percent of their time acting as "digital janitors" cleaning and organizing data prior to processing. Only nine percent of their time is spent mining for patterns and only four percent building algorithms, the sort of tasks that we think of data scientists performing.
When asked which part of the job they enjoyed least, 57 percent named the data wrangling aspect of cleaning and organizing information. Collecting data sets was cited by 21 percent. The tasks they do the most are therefore the ones they get least enjoyment from.
Yet despite this data scientists overwhelmingly happy in their work. When asked to rank how happy they felt in their current position on a simple five point scale, 35 percent gave it a five and 47 percent a four, meaning that over 80 percent like their jobs.
The survey also asked respondents if they felt they had the right tools to do their jobs. Just 14 percent disagreed, indicating that enterprises are committed to giving data scientists what they need to succeed.
When asked about the skills that are most in demand, SQL came out top on 56 percent, followed by big data favorite Hadoop on 49 percent, Python on 39 percent and Java on 36 percent.
The report concludes, "As more and more organizations adopt data as a key driver of decision making, the importance of streamlined, well-oiled data science teams is going to remain paramount. But the current status quo probably isn't sustainable. On the one hand, we see a shortage of data scientists while on the other, they’re spending too much time cleaning and munging data. This is time that could be much better served doing predictive analysis and building out machine learning practices".
You can find out more about the report's findings on the CrowdFlower blog.
Photo Credit: Sergey Nivens / Shutterstock
In modern fast-moving business environments, marketers need to be able to respond quickly to changes and deliver appropriate content.
To help deliver this ability, business transformation specialist Progress is releasing new versions of its Telerik Sitefinity platform for content management and customer analytics.
The new release, Telerik Sitefinity 9.0, provides new features, enhancements and architectural improvements to help digital marketers, and the departments that support them, achieve better agility with their online campaigns.
It allows marketing, development and IT to work more effectively together to increase digital marketing agility. New features, including improved personalization, multilingual asset support, multipage forms and a 360-degree customer view, enable marketers to be more effective in driving customer engagement. At the same time, Sitefinity 9.0 provides developers with greater extensibility that’s critical for achieving competitive advantage.
"To deliver the real-time, hyper-personalized, responsive content customers expect, marketing organizations have no choice but to become more agile, as agility can mean the difference between being a leader or laggard", says Svetozar Georgiev, senior vice president of Application Platforms at Progress. "Relying on IT and development for day-to-day tasks impedes digital marketing agility and hurts a team's ability to rapidly deliver innovative, personalized customer experiences. Spanning development, administrative and marketing capabilities, Sitefinity 9.0 delivers a powerful platform that supports rapidly changing business initiatives and messaging -- helping marketers respond more nimbly in today’s fast-paced, multichannel world".
Key features for marketers include improved personalization so campaigns can segment the audience and make use of behavioral and demographic data. A 360-degree customer view brings together all customer interactions within the organization, from website page visits to defined conversions, for dynamic decision-making using extended contact profiles. Multilingual asset support ensures appropriate content is delivered to global audiences, and multipage forms support cuts abandonment rates resulting from long, cumbersome forms and enables marketers to split long forms into smaller steps, improving the end-user experience.
For developers continuous delivery allows roll out of new website functionality with minimum effort, new APIs make deployment easier, and simplified widget creation improves performance for precompiled views, and increases developer productivity. There's also an integrated mobile solution to create easy-to-integrate, content-driven mobile apps with Telerik Platform.
You can find out more about the latest release on the Sitefinity website.
Photo credit: ra2studio / Shutterstock
Privileged accounts exist in all areas of business IT and if compromised they can provide an external attacker or dishonest insider access to sensitive data.
Account management company Thycotic wants to help businesses protect themselves and so is giving away a no-cost version of its Secret Server package to guard against attacks that target privileged accounts.
Secret Server Free will provide customers with a package valued at $5,000, at no-cost, to protect their privileged account credentials. By the end of the year, the company plans to protect more than 20,000 global organizations against cyber-attacks giving away a total of total $100 million worth of free privileged account security software.
"At Thycotic, we are on a global mission to help IT teams worldwide protect their organizations from hackers and have already done so for more than 3,500 organizations", says James Legg, CEO of Thycotic. "With the introduction of Secret Server Free, we will continue towards accomplishing this undertaking by making it easier, and more affordable, for IT teams to prevent cyber-attacks leveraging our industry-leading PAM security software at no cost to them".
Features of the free package include support for up to 100 users, protecting up to 1,000 privileged account passwords, integration with Active Directory, Remote Desktop tunneling with PuTTY, and password storage using military-grade encryption.
You can find out more and sign up for a copy of Secret Server Free on the Thycotic website.
Photo Credit: Mmaxer/Shutterstock
Big data deployments are increasingly shifting from lab settings to full production environments. But there are a number of security and QoS (quality of service) challenges that can slow this process.
Big data company BlueData is launching the latest release of its EPIC software platform, introducing several security and other upgrades to provide a smoother Big-Data-as-a-Service experience as well as support for new applications and frameworks.
Complexity remains a major barrier to adoption for big data technologies like Hadoop and Spark. BlueData's software makes it easier to deploy big data infrastructure and applications. It uses Docker containers to provide a self-service BDaaS experience on-premises together with the highest levels of security and performance for big data analytics in the enterprise.
"BlueData is working with customers in every industry and at all stages of their big data journey, from early experimentation and lab environments for dev/test to enterprise-wide production implementations", says Kumar Sreekanti, CEO of BlueData. "Our solution is highly flexible and scalable, supporting any big data use case and accelerating our customers’ deployments as they move through each stage of their journey. This new spring release is another key milestone for us, solidifying BlueData's position as the leading infrastructure platform for Big-Data-as-a-Service in the enterprise".
The latest release incorporates many features and functionality enhancements requested by BlueData's customers across multiple industries -- including financial services, pharmaceutical, healthcare, technology, telecommunications, energy, government, and education.
The enterprise version of BlueData's platform now provides additional security and governance capabilities to meet enterprise-class auditing and regulatory compliance requirements. Other new functionality includes more granular resource management controls, QoS-based allocation, performance optimizations, and quota enforcement for multi-tenant big data deployments. In addition there’s extended support for applications and tools including Cloudera Navigator and Ranger for data governance and security administration; HAWQ for massively parallel processing analytics; and Geode (Gemfire) as well as Cassandra and Kafka for real-time analytics.
The Spring release is available now and will be featured at the Strata + Hadoop World event in San Jose, California next week.
Image Credit: Maksim Kabakou/Shutterstock
Many organizations are looking at the benefits they can gain from big data but are put off by the infrastructure costs involved.
Analytics company Kyvos Insights is aiming to make big data more accessible by making its scalable, self-service online analytical processing (OLAP) solution available to users of Microsoft Azure HDInsight.
"Supporting a cloud platform like Azure HDInsight that you don’t have to manage and can get up and running in minutes with our solution is very appealing to our customers", says Ajay Anand, vice president of products at Kyvos Insights. "Now, through this relationship, Azure HDInsight users can analyze their data very quickly with Kyvos and the other BI tools they use. In addition, they benefit from not having to wait for IT data groups to provision hardware, making it easy to perform activities such as creating a cluster faster than ever before".
Kyvos helps business users to visualize, explore and analyze big data interactively using 'cubes on Hadoop' technology. By providing greater levels of scalability and interaction directly on Hadoop -- with no need for programming -- Kyvos helps users gain insights that can lead to better business decisions, increased understanding of customers, more accurately targeted marketing and greater profitability.
"Microsoft is focused on simplifying big data and advanced analytics to give organizations the fastest way to achieve business transformation," says Tiffany Wissner, senior director of data platform marketing at Microsoft. "By giving users the ability to do OLAP analysis with Kyvos on top of data in Hadoop with Azure HDInsight, our collective customers can achieve insights faster and easier to positively impact their business."
You can find out more about big data solutions from Kyvos Insights on the company's website.
Photo Credit: T.L. Furrer / Shutterstock
Running an application or server in the cloud has many advantages, but it doesn't guarantee scalability. It can be hard to predict demand, leading to infrastructure having to play catch up at peak periods.
Application delivery specialist Webscale Networks is aiming to improve things with the launch of its new platform offering mid-market e-commerce and enterprise companies a fast track to the cloud.
Webscale features predictive auto-scaling, multi-cloud, performance optimization, security and manageability. Based on nine years of research into predictive analytics, Webscale's patented, dynamic resource allocation IP sets it apart from traditional application delivery or load balancing solutions. Its ability to look ahead at demand and automatically take whatever action is needed to ensure a website stays fast and available, makes it easy to use by anyone within an organization.
"Mid-market businesses, especially e-commerce companies competing in tough markets that want to grow while they manage spend, need to be looking to the cloud as their infrastructure of choice -- Webscale gets them there", says Sonal Puri, CEO of Webscale. "Webscale provides complete control over a web application, offering predictive auto scaling, single-screen monitoring, self-healing and multi-cloud support. With the addition of free cloud migration services for qualifying customers, Webscale is now the fastest, most powerful and affordable path to the cloud".
Features include predictive auto-scaling technology that looks ahead of traffic surges and scales out, and back, with greater accuracy, so customers only pay for what they use. Webscale is cloud-agnostic, so it can be used by businesses deploying a multi-cloud strategy. Built and delivered as-a-service, it works across all public, private or hybrid cloud infrastructures, as well as static hosting environments.
It also offers a PCI-DSS 3.1 certified web application firewall that provides comprehensive functionality with support for security policies including SSL/TLS encryption support, DDoS attack mitigation, and more.
Webscale is available in four versions (Free, Lite, Pro and Enterprise), you can find out more and request a free trial on the company's website.
Image Credit: Chaiyapop Bhumiwat / Shutterstock
Account-based marketing (ABM) is one of the most effective approaches to B2B marketing, but historically users of the technique have struggled to scale it beyond a few accounts.
San Francisco-based YesPath is using the MarTech marketing technology conference to launch its new ABM offering using algorithms to select the right content and get it to the right person at the right time.
"Every day, companies are missing out on revenue because marketing and sales are not coordinated", says YesPath CEO Jason Garoutte. "When Sales learns something about a prospect's goals, that information does not get used in content or campaigns. Conversely, when Marketing collects data from digital campaigns, that information is not used by Sales. The problem affects every stage of the revenue cycle, from new business to renewals and upsells".
YesPath is a SaaS platform that constantly monitors a sales team's list of target accounts. It builds account profiles using massive amounts of data culled from the web. Based on these profiles, an engagement engine matches the right content to each account.
For example, if a marketing team wants to tell different stories for different use cases, YesPath can monitor a list of target accounts, watching for interest in those cases. When an account shows interest, YesPath can trigger an email to share appropriate content. It can also queue up a special offer for when that account visits the website. YesPath can also alert sales staff that it's time to place a call to a customer.
YesPath uses an Intent Network, which analyzes signals of interest across the broader web. This gives marketers insight into the activity of potential customers who may not even have visited their website or otherwise shown direct interest.
The Intent Network uses data from partner Bombora, which tracks consumption of content across 3,000 b2b publisher sites, to detect changes in account interests. Based on these signals, YesPath learns which accounts are "in market" and whether they’re finding their way to the marketer's content. By combining this intent data with marketers' existing data it generates a more complete picture of the account and can power real-time content recommendations.
You can find out more YesPath on the company's website.
Image Credit: donskarpo / Shutterstock
Businesses in the US have been struggling with innovation for the past three years and things show no signs of improving according to a new survey from professional services company Accenture.
The survey of managers and executives in 500 companies across the US reveals that 60 percent say their companies don't learn from past mistakes. This is nearly double the 36 percent who admitted to this three years ago in a similar survey.
In addition 72 percent say that their firms often miss opportunities to exploit underdeveloped areas or markets versus 53 percent three years ago. Sixty-seven percent also believe their companies are risk averse, a large increase from 46 percent in the previous survey.
The survey shows that 82 percent admit they don't distinguish their innovation approaches between incremental and large-scale change -- meaning they use a single one-size-fits-all approach to achieve different goals. Most respondents say they have big innovation ideas but are missing an organizational home with the company, as a result their ideas often go nowhere.
"A significant gap exists between what US companies want to achieve in the innovation arena versus what they are able to do", says Adi Alon, a managing director with Accenture’s Strategy practice. "They want to innovate yet they need to take different and bolder actions to achieve transformational, major revenue-generating innovation. True innovation requires aggressive changes in technologies, operating models and talent".
Despite their companies' innovation shortcomings, respondents are more bullish about disruptive innovation than they were three years ago. For example, 84 percent say they believe innovation is key for their long-term success compared with only 67 percent in the earlier survey. The same number of respondents say they're looking for the "next silver bullet", in terms of a market-defining innovation, rather than incremental changes to the same products. Creating new products is a priority for almost half (47 percent) of respondents, an increase of 20 percentage points from three years ago.
You can find out more about the report's findings, as well as recommendations for how business can improve their approach to innovation, on the Accenture website.
Photo Credit: xavier gallego morell/Shutterstock
According to new research from identity management company SailPoint one in five employees would be willing to sell their work passwords to another organization, up from one in seven last year.
Of those who would sell their passwords, 44 percent would do it for less than $1,000, and some for less than $100. This is made worse by the fact that 65 percent admit to using a single password among applications and 32 percent share passwords with their co-workers.
Other findings include the worrying fact that more than two in five employees still have corporate account access after they leave their job. In addition 26 percent uploaded sensitive information to cloud apps with the specific intent to share data outside the company. Also one in three employees purchased a SaaS app without IT's knowledge, a 55 percent increase from last year. Reasons for not involving the IT department include because it's faster (49 percent), because IT adds too much process (40 percent), and IT over complicating things (21 percent).
The data comes from a survey of 1,000 office workers at large organizations (with at least 1,000 employees) across the US, UK, Germany, France, the Netherlands and Australia. It reveals a disconnect between employees' growing concern over the security of their personal information and their negligence over data security practices in the workplace.
"This year's Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers", says Kevin Cunningham, president and founder of SailPoint. "Today's identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it's imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage".
More information is available in the full report which can be downloaded from the SailPoint website.
Image credit: Gunnar Pippel/Shutterstock
The use of an intranet helps businesses promote engagement in teams and enable staff to become more productive. But often intranets are seen as the preserve of large corporations.
Software company Axero is launching the latest version of its Communifire intranet platform aimed at small and medium enterprises.
Communifire 5.2 offers an array of new features that improve the user experience for administrators, enabling organizations to unlock the value of the platform and improve employee communication, collaboration and performance.
The main new feature is Page Builder, an easy-to-use, drag-and-drop interface that administrators can use to create page layouts. It turns elements into visual building blocks that allow anyone to understand and edit the layout and content of their pages without touching any code.
The latest Communifire also offers gamification capabilities that allow users to recognize other users by granting them badges. Badges can be earned by completing a customized series of actions within the community.
"Axero's mission is to empower organizations and employees with all the tools and features they need to perform their best," says the company's cofounder and President Tim Eisenhauer. "Communifire has always grown and evolved based on the voice of our customers, and version 5.2 reflects our ongoing commitment to delivering the best, most effective intranet software on the market".
Other updated feature include search enhancements to allow users to find content more easily, these include a 'fuzzy search' feature that tries to predict what users are looking for and accounts for typos and misspellings. There's also the ability to receive more focused digest emails, and an updated chat and messaging interface.
For more information and a 14-day free trial you can visit the Axero website.
Image Credit: alphaspirit / Shutterstock
When companies allow staff to use their own systems to access corporate data, the devices used can often be outside of IT department control.
But how much of a security and privacy hazard is presented by a new off-the-shelf laptop? Security company Duo Labs set out to discover the risks by buying a number of OEM Windows 10 machines in the US, Canada and the UK and testing them for vulnerabilities.
All of the systems tested were found to have privacy issues, some were more serious than others and many of them affected all the machines. Network protocol-related security issues affected all the laptops, starting as soon as the laptop appeared on the network during initial boot.
Following the application of Patch Tuesday updates, some privacy settings were reset to their default values, without the user being notified that they'd changed. Default laptop settings and protocols make it easier for an attacker to sniff, grab, view and redirect an unsuspecting user’s traffic especially on public networks.
Bloatware and trial software was at the root of questionable traffic on some of the systems too. The OEM Microsoft Signature Edition machine tested came in for praise here as it had less unnecessary software installed. It did, however, still have some of the Windows 10 privacy concerns identified elsewhere.
Systems with McAfee security trials installed were found to contain web bugs that could be used to track and serve advertising to users. "We observed web bugs which are used typically by advertisers to track surfing habits. You'd expect to see this in web browsers as they're a reality of internet advertising today. It seems curious to us that a security company would do this, because as an attacker if I were to compromise a third-party advertising company I would then have the ability to feed my content out to all the systems using that platform," says Steve Manzuik Director of Research at Duo. "I don't think there's anything nefarious going on, they're using it to track their trial versions and get people to buy the software, but it seems odd that this would be the route they decided to use".
More information and the full report, along with recommendations for making out-of-the-box machines more secure, is available from the Duo website.
Image Credit: Maslowski Marcin / Shutterstock
The increasingly decentralized world of work means that data can be in many different places, on desktops, mobile devices, or in the cloud.
This creates challenges for security and governance, especially if there's a need to adhere to legal and compliance rules. Data protection company Druva wants to guard information wherever it's stored and is extending its inSync offering to cover Box, Google Apps for Work and Exchange Online.
Druva inSync provides a single access point for viewing, monitoring and managing end-user data without having to manually access separate data sources through different solutions. In addition it automates and unifies backup, archive and governance capabilities across multiple cloud applications. New Microsoft Exchange Online support helps companies meet their hosted email and message-based governance needs. Cloud applications support also protects data shared via online file sharing and content management service Box -- which Druva has entered into a recent partnership with -- and the Google Apps suite of cloud computing productivity and collaboration software tools including Gmail, Google Drive and Google Docs.
"A user-centric approach to data protection and governance is key to a company’s managing data throughout its entire lifecycle, and across, among and between various devices, endpoints and the cloud," says Jaspreet Singh, CEO of Druva. "Today's businesses need a single solution for data availability and corporate governance -- eDiscovery, audit, search and compliance management covering data on cloud apps and endpoints -- and that's what Druva is delivering. This expanded data protection follows the user, something that is imperative as enterprises make use of new cloud services while working to adhere to data availability and corporate governance policies".
Key features include automated compliance management powered by full text search capabilities and built-in compliance templates for the likes of HIPAA. There's built-in legal hold workflow for eDiscovery to quickly collect and preserve data in place for investigative or litigation needs. Forensic-based collection and chain of custody reporting to ensure legal admissibility and remove the risk of information being corrupted.
A federated search facility can quickly locate files across the organization and all services. Tamper-proof audit trails give full data and user tracking for investigation and compliance audits, and automated compliance alerts enable visibility into latent data risks so they can quickly address them.
Druva inSync for Box and Office 365, including OneDrive and Exchange Online, is available now, Google Apps is in limited availability, becoming generally available next month. You can find out more on the Druva website.
Photo Credit: Slavoljub Pantelic / Shutterstock
All too often business communication and data are separate. This means that if you need to refer to something while chatting with a colleague you have to break off and open another application to do so.
In order to make data more accessible and collaboration easier, business analytics specialist Looker is announcing a new data platform that integrates with the popular Slack communication tool.
Called Lookerbot, it seeks to make enterprise collaboration more efficient by bringing real-time data into any conversation in Slack, eliminating the need to shuffle through applications looking for information.
"Data has been something people do out-of-cycle. Data needs to be part of the conversation, no matter where it's happening," says Frank Bien, CEO of Looker. "The world is moving on from the current swath of business intelligence tools that simply report a view of the past in a kludgy user interface. Accessing current data in collaboration tools like Slack helps everyone make better business decisions, faster. Looker's data platform makes these conversations possible".
Lookerbot is built using Looker's API and SDK and is one of many integrations built on the data platform. Users enter a simple command in Slack and Lookerbot returns the answer within the Slack conversation. The data is displayed in Slack as it appears in Looker with a complete array of visualization types (charts, maps, and tables), including custom visualizations and colors.
Michael Erasmus, Data Analytics Lead at Buffer says, "Buffer is a distributed company so Slack is basically our office. The majority of our work lives in Slack. Having Looker, one of our most critical tools, integrate into every conversation in Slack is incredibly powerful. It means that when decisions are being made at every stage of our process, we have data at our fingertips, improving transparency and collaboration".
More information about using Looker with Slack is available on the company's website.
Retailers have long depended on email marketing as an affordable and effective way to reach their customers, maintain loyalty and drive purchases.
On average, consumers opt-in to receive emails from two retailers and this can lead to them receiving around 13 emails a week. But a new survey reveals that 82 percent of people feel that this constant flow of offers means that the retailers they are loyal to don't understand them.
The survey from sales solution company First Insight shows that two-thirds of shoppers feel that receiving six or more emails a week from retailers is too many. Consumers only open one in four of the emails they receive, and feel that 95 percent of the messages they get are not at all relevant to them. Several consumers surveyed say they have taken action, with 44 percent reporting that they've unsubscribed from a retail email list in the past six months, and 40 percent saying that they would go out of their way to shop at a store that doesn't waste their time with irrelevant email offers.
"Right now we're seeing a huge disconnect in the conversation that retailers think they are having with customers through email marketing efforts," says Jim Shea, Chief Commercial Officer of FirstInsight. "The communications are not only too frequent but are basically meaningless to consumers. What consumers really want is for retailers to take the time to know them and make recommendations about clothing or products that are in line with their personal taste".
A lighter touch and more personalized approach with email marketing seems like the best way to generate business. Their favorite retailers only send them one or two emails a week according to 61 percent of those surveyed, and 43 percent say they would be more likely to open emails from retailers if they knew those messages contained personalized suggestions of products or clothing that aligned with past purchases, rather than simply promoting products that were generally available or reduced.
The survey polled over 1,100 people across the US and you can download the full report from the First Insight website.
Image Credit: Balefire/Shutterstock
Web gateways remain one of the most attractive attack routes for hackers, and many of the most commonly used gateways remain vulnerable.
According to attack detection specialist Seculert popular gateways have allowed more than 40 percent of malicious communications to succeed in 2015. To combat this the company is launching a new outbound attack simulator called Javelin.
While it doesn't use actual malware, the Javelin simulator replicates the latest and most dangerous attacks on an organization's gateway through individual attack communication simulations. It provides instant results, and then allows users to acquire a gateway update package. This package contains details about the simulated attacks, a license to run unlimited attack simulations, and fixes to update the enterprise's gateway solutions in order to contain the attacks should live attacks present themselves.
"In today's threat landscape, the ability to simulate the latest, real-world attacks and measure the efficacy of web gateway response is one of the keys to maintaining an effective security posture," says Richard Greene, Seculert's CEO. "With Javelin, enterprises will know, for the first time ever, how their perimeter defenses will perform in the face of the most malicious attacks we see in the wild each day".
Javelin has been in a closed beta test for two months. As well as highlighting their own security exposures, it gives enterprises a tool to assess how well their business partners are protecting their intellectual property.
Available now, Javelin needs no hardware or software to be installed. You can find out more and request a trial on the Seculert website.
Image Credit: rosedesigns / Shutterstock
Although security breach stories regularly make the headlines, a new survey shows that the biggest worry IT teams have with current security solutions is that they slow down the system.
The study from endpoint security specialist Barkly also reveals that while only half of respondents are confident in their current endpoint solution, 80 percent believe that effective endpoint security is possible.
When asked about the downfalls of their security solutions, 41 percent of respondents say they are dissatisfied with their current solution because it slows down their system. If security products are slowing systems, and by extension lowering productivity, it may be that users are taking insecure shortcuts to improve efficiency, such as using unauthorized third-party apps or connecting unsanctioned devices to the network. In addition the survey reveals that the other major issues IT teams have with current solutions are that they require too many updates (36 percent), are too expensive (33 percent) and provide no protection against zero-day attacks (33 percent).
In spite of increased spending on security, only 50 percent of respondents say they are confident in their current solution. More than half of respondents (54 percent) don’t believe their organization can effectively measure security return on investment, and only 25 percent have confidence in their colleagues’ cybersecurity awareness.
The research also shows a difference of opinion between IT pros and the C-suites on security. Respondents indicated that they believe IT teams prioritize security higher than the C-level, with nearly 40 percent of respondents saying that IT teams believe it to be an essential priority, compared to only 27 percent of C-level executives. There's also a disconnect between IT teams and the C-level when it comes to their biggest concerns -- while the C-level is more worried about insider threats, IT teams feel that careless, uninformed employees are a higher risk. When asked how they would improve security within their organizations, C-suite respondents say they would rather buy new software while front-line IT pros would prefer to educate their colleagues.
"This report proves that from the CISO to the entry-level IT pro, organizations must be better aligned when it comes to security. When there's a disconnect in priorities, level of understanding and measurement, even a seemingly strong security initiative is destined to fail," says Jack Danahy, co-founder and CTO of Barkly. "Once teams understand each other's priorities and concerns around security, they can implement the tools they really need, that will best protect their endpoints from ever-increasing, complex threats".
The full 2016 Cybersecurity Confidence Report can be downloaded from the Barkly website.
Photo credit: dencg / Shutterstock
The regulatory environment for data is in a state of change at the moment with many countries introducing legislation to control the flow of information. This combined with growth of the IoT and digital economy is posing major challenges for business.
A new survey by identity management company ForgeRock finds 96 percent of surveyed IT professionals agree that there is an increasing need for dynamic and flexible privacy tools. And that these need to be adaptable to future borderless regulatory requirements and consumer expectations.
The study of more than 300 IT professionals across 38 countries also finds that only nine percent believe current privacy and consent methods are adequate. Emerging European regulations for data protection are creating a need for better tools and standards for ensuring personal data protection, privacy and consent according to 96 percent.
In the US 84 percent of respondents (and 87 percent of Asia Pacific and Japan-based respondents) believe the US will eventually adopt similar personal data protection regulations to Europe. However, only 66 percent of EMEA-based respondents believed that the US will eventually adopt similar personal data protection regulations.
95 percent of respondents agree that individuals are becoming more concerned about their personal data privacy and their ability to control, manage and share data about themselves online. They also agree that organizations want to build trust by giving customers the ability to consent to data sharing and control over where their personal data is shared.
"As our survey illustrates, coping with regulation -- privacy or otherwise -- is no longer just a cost center for organizations. As connected devices and technologies take on a greater role in public and private life, there are massive business benefits to building in new identity and data privacy solutions that can scale over time," says ForgeRock's CEO, Mike Ellis. "Organizations clinging to legacy identity management technologies -- which are currently inadequate -- will be at a major disadvantage".
You can read more about the survey's findings on the ForgeRock blog.
Photo credit: Ivelin Radkov / Shutterstock
You'll quite often hear talk of how technology can disrupt business. A survey carried out at Microsoft's 2015 Global CIO Summit in October suggests that CIOs believe 47 percent of their company's revenues will be under threat from digital disruption in the next five years.
But what does this disruption really mean? Microsoft has produced an infographic looking at the five major technologies that are doing most to disrupt the business world.
These include mobile computing, with 5G and other developments expected to boost growth in coming years. Additional automation is expected to provide timelier access to information, leading to faster decision making.
Big data is expected to make a major difference to business intelligence and become a driving force in the global economy. This will be supported by the Internet of Things which is expected to grow five fold to 250 billion devices over the next decade.
Finally although the cloud has been around for may years it's still a major disruptive force and its economic influence is expected to rise to $6.2 trillion.
You can see the full infographic below or on the Microsoft website.
Image Credit: Peshkova / Shutterstock
Enterprises thrive on being able to set and manage goals. BetterWorks software provides the tools to do this and the company is now expanding its offering by adding performance development and strategic planning modules to its operational suite.
This means it now provides a comprehensive business operating platform combining planning, strategic execution and people development across a single system.
"The modern workforce is demanding a more frequent, open and collaborative solution to workplace operations," says Kris Duggan, CEO of BetterWorks. "We believe the future of work requires a business operating system that connects the dots between operationalizing the business and developing its employees".
The performance development module enables frequent, lightweight, two-way conversations between managers and their employees. Performance conversations can be built around the employee’s goals and top work priorities. Over the coming quarters, BetterWorks will roll out additional 360-feedback tools focused on individual work as well as contributions to company values.
Strategic planning via the Plans module lets users create multi-period views of goals to support agile, long term operational planning, and turn strategy into an actionable plan. This allows organizations to break annual plans into sizable, quarterly goals, update and communicate strategy as priorities of the company shift and allocate resources and planning more effectively.
"When asked to identify the single greatest challenge to executing their company’s strategy, 30 percent cite failure to coordinate across units, making that a close second to failure to align (40 percent)," says Donald Sull, Researcher at MIT. "Aligning on strategic objectives is crucial for businesses striving for operational excellence. BetterWorks Plans will help organizations overcome one of their most difficult challenges: connecting strategy with execution".
Both new modules are available now for an additional monthly fee, visit the BetterWorks website for more information.
Image Credit: Syda Productions / Shutterstock
With so much choice available online, if a business doesn't deliver on meeting customer expectations then it's likely to lose out. One of the main challenges in keeping customers happy is delivering effective authentication while maintaining security.
Identity management company Gigya is releasing a new registration-as-a-service (RaaS) offering to enable enterprises to more effectively authenticate consumers with consistent cross-device experiences.
The system provides a flexible set of REST APIs that support the integration of end-to-end user registration systems across web properties, mobile applications and connected devices. These are complete with identity validation, progressive profiling and responsive design. The new features allow businesses to minimize development and maintenance costs, build fully-customized registration forms and maximize conversion rates.
"Great customer experience has become the new market requirement for growing acquisition rates and expanding relationships, with customer identity and access management (CIAM) technologies at the core," says Troy Abraham, Gigya's SVP of Global Services. "With the ultimate goal of enabling our clients to exceed their end-users' expectations, the GigyaWorks program has been created to help global enterprises capture, manage and leverage customer data while educating them around key market trends and processes every step of the way".
Capabilities of Gigya's RaaS include risk-based authentication (RBA) which takes account of a combination of IP address and device-based information. Using this enterprises can implement additional layers of identity validation when certain anomalies occur. For example, if a user logs in from a different country.
It includes password-less mobile authentication using one-time codes sent via SMS, eliminating the need to remember username and password combinations. It's designed to work and look good on any mobile application or connected device. An upgraded UI builder allows brands to easily edit registration screens using a simple drag-and-drop interface, as well as giving them the ability to simulate how registration flows will look on different devices with the click of a button.
More information about RaaS is available on the Gigya website.
Image Credit: Kirill Wright / Shutterstock
Enabling efficient collaboration on projects is key to success in business and there are many platforms to enable it. But it can sometimes be hard to fully understand what's happening inside a particular task.
One of the leading collaboration platforms, Smartsheet is addressing this by launching Sights, a new product that delivers visibility into the work being done within Smartsheet environments.
By putting important information in front of the right audiences at the right times, Sights aims to deliver positive business impact by enhancing organizational speed and performance. Its ease of use and flexibility enables users to configure the product themselves, and gives teams the ability to customize how they visualize and derive insight from their work.
"Sights is a game-changer for our customers, giving them the power to amplify the value of the important work they’re doing on our platform," says Mark Mader, president and CEO of Smartsheet. "The valuable insights they derive from Sights go well beyond a surface-level look at productivity -- they enable individuals and teams to work smarter and make smarter decisions, driving enhanced organizational speed and performance".
Features of Sights include a drag and drop layout that makes it simple for any Smartsheet user to create a Sight by selecting widgets and dragging them into position. Sight widgets display data sources in visual styles including metrics, rich text, lists, grids and more. The look can be customized too using colors, fonts, sizing and text.
Sights can include any information held in Smartsheet plus links to information outside the package, so it can deliver a complete view of projects and processes. Sharing permissions can be set specific to each Sight so only the right set of viewers see it, and only people with administrative rights can change it.
More information on Sights is available on the Smartsheet website.
Photo Credit: nmedia/Shutterstock
Big data can provide a useful source of insights for business analysis. But providing access to it can mean significant IT effort and the use of expensive, off-the-shelf solutions.
Altiscale the big data as a service specialist is launching a new Insight Cloud self-service analytics solution to provide a bridge between big data and business users.
It aims to simplify the connection between big data and the end user, as well as bypassing the need for costly, proprietary solutions. Altiscale Insight Cloud should make it faster and easier for business analysts to benefit from the rich, detailed data held in the Hadoop data lake.
Using a converged architecture, it eliminates the need for a separate relational data store for aggregated data. This reduces the cost and management burden on the organization, while allowing easier scalability from tens of terabytes up to petabytes. The converged architecture also minimizes data movement and replication across environments.
"Our enterprise customers first wanted to have a powerful, affordable solution to solve their Big Data challenge, which we provided with the Altiscale Data Cloud," says Raymie Stata, CEO and founder, Altiscale. "Today we are introducing the Altiscale Insight Cloud, which solves the challenge of bringing Big Data to a broader range of users, so that enterprises can quickly develop new offerings, better target customers, and respond to shifting market or operational conditions. It's a faster and easier way to get from Big Data infrastructure to insights that drive real business value".
Insight Cloud will be on display at the Strata+Hadoop World conference from March 29-31 in San Jose, or you can find out more on the Altiscale website.
Image Credit: Tashatuvango / Shutterstock
Since the launch of its machine learning tool for IT analytics last year, SIOS Technology Corp has released regular updates to help maximize the availability and efficiency of virtualized environments.
New features in SIOS iQ 3.5 deliver greater accuracy and precision in capacity utilization and performance analysis for VMware environments. It also includes dashboard enhancements for improved usability and a 'graphical topological impact' view to enable faster identification and resolution of issues.
"Legacy monitoring tools provide data about individual objects, such as CPU or capacity utilization). When a performance problem arises they leave IT staff to compare data points to make educated guesses about both the root cause and potential solution," says Jerry Melnick, president and CEO of SIOS. "SIOS iQ not only eliminates this guesswork by precisely identifying the cause, it recommends specific steps to resolve it".
Key features of the latest release are capacity forecasting analysis, this allows SIOS iQ to understand capacity utilization pattern and forecast how many days remain before data stores run out of free space. This allows enterprises to optimize infrastructure without risking costly emergencies. It can be used with the existing SIOS iQ Snapshot Waste analysis feature to optimize storage and maintain a predictable budget.
In addition enhanced root cause analysis adds symptom analytics and graphically describes the topology of the impacted objects, visually displaying the infrastructure issue to the user. It can provide a deep understanding of issues by employing advanced topological behavior analysis to get to the root cause of performance issues without the need to manually analyze data logs or compile and compare charts.
SIOS iQ 3.5 is available now, more information and a free trial is available on the company's website.
In the digital world it's increasingly APIs that hold everything together, allowing information to be easily shared between applications.
A new study from SmartBear Software gathered responses from over 2,300 software professionals around the world to paint a picture of the current state of the API industry.
Among the findings are that demand for APIs is still growing, one in five respondents only began developing APIs in the last two years. They're being used by a wide spectrum of enterprises too, with 70 percent of financial organizations and 59 percent of government bodies saying they’re developing APIs. Much of this growth is driven by demand for mobile and Internet of Things access, 54 percent of API providers expect mobile to drive the most growth with 44 percent expecting it to be the IoT.
Security is cited as the number one challenge API providers want to see solved, cited by 41 percent of respondents. Quality is a key factor too, with 85 percent of respondents saying that API quality is either very important or extremely important to their organization. Performance matters too, with 61 percent of API providers saying they regularly do performance testing to ensure the quality of their output.
The full report is available from the SmartBear website and there's also a summary of the findings in infographic form below.
Image Credit: totallyPic.com / Shutterstock
Researchers at threat defense company Skycure have uncovered an Android proof of concept malware that uses accessibility services to allow attackers to spy on and even control a device.
It can monitor all of a victim's activity and allow attackers to read, and possibly compose, corporate emails and documents via the victim's device, as well as elevating their permissions to remotely encrypt or even wipe the device.
Accessibility APIs, which were introduced in Android 1.6 and significantly enhanced in Android 4.0, allow Accessibility Services to have access to the contents of the interfaces that a user interacts with, when reading or composing an email, browsing or working on a document for example. They can also perform actions on the behalf of the user. They're intended to help users with disabilities, by allowing the creation of system-wide text to speech tools, for example. But while having legitimate uses, these capabilities are also extremely attractive to malware writers.
Using Accessibility Clickjacking could allow malicious applications to access all text-based sensitive information on an infected Android device, as well as take automated actions via other apps or the operating system itself, all without the device user's consent. This would include access to both personal and work emails, SMS messages, data from messaging apps, sensitive data on business applications such as CRM software, marketing automation software and more.
More detail on the threat is available on the SkyCure blog there's also a video demonstration of how it works below.
Image Credit: Palto / Shutterstock
According to a new report, 56 percent of respondents believe that real-time messaging will displace email as their organization's primary workplace communication and collaboration tool.
The latest Trends in Cloud IT Research survey from BetterCloud surveyed over 800 people split between IT professionals and end users. The results show that while real-time messaging is gaining popularity, 27 percent of end users and 23 percent of IT professionals say some employees are less productive because of it.
The other side of that coin is that 80 percent of Skype for Business users, 84 percent of Google Hangouts users, and 95 percent of Slack users say their communication has improved because of real-time messaging.
Small and medium businesses are most likely to use the 'big three' messaging apps -- Google Hangouts, Skype for Business and Slack -- with Slack in particular having 92 percent SMB users. A majority of organizations (57 percent), however, use two or more real-time messaging applications. Bigger businesses are likely to use even more, over 20 percent of large enterprises (5,001+ employees) use five or more real-time messaging apps.
It seems that the telephone is under threat from this trend towards messaging too, 71 percent of small-to-medium sized businesses (1-1,000 employees) say they will not invest in another phone system at all or will not increase their investment.
The trend towards messaging is also partly driven by shadow IT. Nearly a quarter of respondents (22 percent) admit they either don’t know or don't care whether the real-time messaging application they use is approved by their IT department. Seven percent say they aren’t sure if the tool they use is outside IT’s control.
You can find more in the full report which is available via the BetterCloud blog.
Photo credit: Pavel Ignatov/ Shutterstock
Major data breaches continue to highlight how essential it is for businesses to secure their systems, and as a result many organizations are looking to recruit information security officers.
But what should they be looking for? What are the traits that the top information security professionals share? Data loss prevention specialist Digital Guardian has produced an infographic based on research into the CISOs and security leaders at Fortune 100 companies which throws up some interesting results.
Information security seems to be an overwhelmingly male profession, with only 11 of security leaders being female. Although most are qualified to at least bachelor's degree standard, qualifications in information security and indeed computer science are less common than those in business. However, 59 percent did begin their careers in IT or IT security.
CISSP (Certified Information Systems Security Professional) qualifications are held by more than half of Fortune 100 security leaders. The dynamic nature of the industry is also underlined by the fact that a large majority of CISOs have only been in their jobs for between one and five years.
You can see more details in the full infographic below.
Infographic by Digital Guardian
Standard query tools can often lack the flexibility required to deliver precise results which results in the need for further processing and adds to data traffic.
To address this problem ScaleOut Software is announcing a new computational query tool that combines Microsoft's LINQ query with the company's own data-parallel computing technology to offer more powerful and flexible query tools for grid-based applications. Available with ScaleOut Software's suite of in-memory data grid products, including ScaleOut StateServer and ScaleOut ComputeServer, computational query makes it easy for .NET developers and architects to harnesses the full power of the grid's data-parallel compute engine and dramatically accelerate query processing. It's available for use with Java on both Linux and Windows systems.
"We are excited to add computational query to our distributed LINQ query support based on customer feedback asking for even richer query capabilities," says Dr William L Bain, founder and CEO of ScaleOut Software. "We see a growing need for computational query in e-commerce, finance, and IoT applications that depend on in-memory data grids to track fast-changing data. These applications require powerful query tools to make informed, timely decisions before the moment is lost. We see this as an easy but important step that .NET developers and architects can take towards harnessing the full power of data-parallel computing".
ScaleOut's computational query enhances LINQ query thanks to a user-defined filter method which allows applications to extend query semantics by analyzing all properties of an object with a user-defined computation. It provides automatic, data-parallel computing that analyzes data in place, thereby reducing both networking traffic and client workload. User code is automatically shipped to grid servers, which manage its execution. By harnessing the power of the in-memory data grid to perform advanced query analysis, computational query accelerates query processing.
You can find out more about computational query and how it works on the ScaleOut website.
Image Credit: alphaspirit / Shutterstock
Healthcare organizations average about one cyber attack per month and almost half say they have experienced an incident involving the loss or exposure of patient information during the last year, leaving patients at risk of identity theft.
These are among the findings of a survey by security company ESET and the Ponemon Institute into cyber security in the healthcare sector.
According to 78 percent of respondents, the most common security incident is the exploitation of existing software vulnerabilities greater than three months old. Advanced persistent threats are a problem too, respondents experienced an APT attack about every three months during the last year. The primary consequences of APTs and zero-day attacks were IT downtime (63 percent) followed by the inability to provide services (46 percent). Yet despite these attacks only half of respondents say they have an incident response plan in place.
Attackers are most interested in patient's medical records according to 81 percent of respondents. Also a majority (52 percent) say that legacy systems and new technologies to support cloud and mobile implementations, big data and the Internet of Things, increase security vulnerabilities for patient information. Respondents also expressed concern about the impact of employee negligence (46 percent), and the ineffectiveness of business associate agreements mandated by HIPAA which are designed to ensure patient information security (45 percent).
"The concurrence of technology advances and delays in technology updates creates a perfect storm for healthcare IT security," says Stephen Cobb, senior security researcher at ESET. "The healthcare sector needs to organize incident response processes at the same level as cyber criminals to properly protect health data relative to current and future threat levels. A good start would be for all organizations to put incident response processes in place, including comprehensive backup and disaster recovery mechanisms. Beyond that, there is clearly a need for effective DDoS and malware protection, strong authentication, encryption and patch management".
More information is available in the full report which can be downloaded from the ESET website.
Image Credit: Rob Hyron / Shutterstock
Cyber attacks don't discriminate when it comes to the size of the organization. But smaller enterprises can lack the resources needed to effectively deal with them.
Incident response specialist Resilient Systems -- which is in the process of being acquired by IBM -- has designed its latest Resilient Commercial Incident Response Platform (IRP) to meet the needs of mid-sized organizations.
It offers a foundation for incident response planning, management, orchestration, and mitigation. In addition it provides immediate improvement in security teams’ ability to have an expert, consistent, repeatable, and measurable process.
"Organizations of all sizes face serious cyber threats every day. While these threats seem daunting, security teams can successfully navigate them by preparing and provisioning for incident response," says John Bruce, Co-Founder and CEO of Resilient Systems. "With the launch of our mid-market platform, we've made it easier for companies with fewer resources or a smaller footprint to transform their security posture immediately, and be better prepared to respond quickly and effectively to any threat".
The platform can be delivered as a service or installed in-house. Features include more than 18 different response plans or playbooks that are based on the latest industry standards and best practices -- ensuring that response plans are consistent, proven, and repeatable.
Fast and easy incident creation and tracking is available, providing greater visibility and helping organizations ensure that incidents are captured, tracked, and fully resolved. Commercial IRP has incident workflow capabilities that allow for an orchestrated process and response, allowing security teams to move faster with more intelligence.
The platform also has collaboration tools to ensure all potential stakeholders in an organization, such as IT, legal, marketing, HR, and the executive team, can work together to define their roles and act quickly and decisively when an incident occurs.
More information can be found on the Resilient Systems website.
Image Credit: underverse /Shutterstock
Passwords are increasingly seen as insufficient to protect sensitive systems and companies are looking for more secure alternatives.
Digital identity company Intercede is introducing new software that works with Intel's latest Intel Authenticate technology with the aim of eliminating workplace passwords entirely.
Intercede software, running on the 6th generation Intel Core vPro processor, works in combination with Intercede's MyID credentials management solution to replace password-based access control for networks, applications and services with certificate-based, secure and convenient hardware-backed protection.
"Intel Authenticate is a solid technology built to intelligently help secure Windows based platforms in today's enterprise environments," says Richard Parris, CEO of Intercede. "We are proud to be working with Intel to provide differentiating technology that works with their new generation solution. Intel Authenticate, coupled with MyID, enables end-user companies to focus on their business and to protect their workforce and assets with a more highly secure solution that is cost-effective, easy to deploy and manage across a global enterprise".
Currently available in preview, Intel Authenticate is a hardware-enhanced, multifactor authentication solution that strengthens identity protection on the PC, making it less vulnerable to identity breaches and security credential attacks. Intercede will complement Intel Authenticate by making hardware-backed credentials available for Windows and domain logons, as well as making it easier to issue and manage credentials. Enterprises will be able to use Intercede's technology with Intel Authenticate to remove the need for usernames and passwords and provide higher levels of user authentication.
"We're excited to advance our work on Intel Authenticate, working with premier security companies like Intercede," says Tom Garrison, vice president and general manager for the Intel Business Client Division. "Together, we're empowering enterprise to not only dramatically improve identity security, but to do so in a way that improves the ease of use and experience for the business professional".
The technology will be previewed at this week's RSA conference.
Photo Credit: Maxx-Studio/Shutterstock
Cyber attacks are becoming more sophisticated and can be costly for businesses. Microsoft has recognized that it needs to offer stronger protection for its enterprise customers and is announcing a new service to help them detect, investigate, and respond to advanced attacks.
Windows Defender Advanced Threat Protection adds a new post-breach layer of protection to the Windows 10 security stack. Using a mix of client technology built into Windows 10 and a cloud service, it will help detect threats that have made it past other defenses.
It will also provide enterprises with information to investigate the breach across their endpoints, and offer response recommendations. It can provide key information on attacks thanks to sophisticated cloud-based threat intelligence.
Windows Defender Advanced Threat Protection uses a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, as well as tapping into Microsoft’s intelligent security graph which uses big data analytics to identify anomalies. It allows admins to examine the state of machines and their activities over the last six months to maximize historical investigation capabilities and provides information on a simple attack timeline.
Writing on the Windows blog Terry Myerson, the head of Microsoft's Windows and Devices Group says, "Just like we developed Windows 10 with feedback from millions of Windows Insiders, we worked with our most advanced enterprise customers to address their biggest security challenges, including attack investigations and day-to-day operations, to test our solution in their environments. Windows Defender Advanced Threat Protection is already live with early adopter customers that span across geographies and industries, and the entire Microsoft network, making it one of the largest running advanced threat protection services".
SEE ALSO: How to activate Windows Defender Offline in Windows 10
Windows Defender ATP will be built into Windows 10, allowing it to be kept continuously up-to-date, so offering businesses lower costs and zero deployment effort. Using a cloud back end means no on premise server infrastructure or ongoing maintenance is required either.
It's likely that ATP will be made available via the Windows Insider program and eventually the public but as yet there's no word on the timescale.
While conventional security technologies are good at protecting against generic threats, targeted attacks are more difficult to handle.
Kaspersky Lab is looking to combat this type of attack with new offerings including the Kaspersky Anti Targeted Attack Platform, a sophisticated solution designed to detect targeted attacks, and a range of Security Intelligence Services, offering penetration testing, cybersecurity training and threat intelligence sharing.
The Kaspersky Anti Targeted Attack Platform enables businesses to detect targeted attacks and other malicious actions through the careful monitoring of network activity, including web and email. Based on the company's security intelligence and expertise in discovering cyber threats, the platform utilizes network and endpoint sensors and a sandbox technology to detect abnormal and potentially malicious activity within a highly integrated system.
The platform analyzes data collected from different points of the corporate IT infrastructure. Its sensors cover data acquisition over network traffic, web and email, as well as endpoints. This allows the solution to detect complex attacks at any stage, even when no malicious activity is taking place, like data exfiltration. Suspicious events are then processed via different engines, including an Advanced Sandbox and a Targeted Attack Analyzer for a final verdict.
"As we developed our Anti Targeted Attack Platform, we understood that a working solution cannot stand apart from well-known and highly efficient security approaches," says Nikita Shvetsov, Kaspersky Lab's Chief Technology Officer. "At the same time, new corporate threats demand new technology and intelligence an order of magnitude more complex than our existing solutions. The result of two years’ extensive investment of resources, expertise and talent is this premium product that helps enterprises to achieve new levels of security for their IT infrastructure".
In addition the company is launching its Security Intelligence Services to meet the needs of larger businesses. These include a Security Assessment service to carry out penetration testing and application security assessment, plus access to threat intelligence data from Kaspersky Lab through threat data feeds and botnet tracking. Kaspersky is also offering training in security awareness and in digital forensics and malware analysis.
You can find out more about Kaspersky Anti Targeted Attack and Security Intelligence Services on the company's website.
Image Credit: Jirsak/Shutterstock
A new report reveals that just four out of 10 IT and security executives feel the information they provide to the board of directors is actionable and that they often tell them what they want to hear.
The report from threat intelligence company Bay Dynamics also shows that only 39 percent believe they are getting the help they need from the board to address cyber security threats.
Based on a study conducted by Osterman Research among IT and security executives in 136 US companies, the report shows manual reporting methods still dominate. Manually compiled spreadsheets are used to report data to the board by 81 percent, a process which can lead to incorrect reporting and oversight of important data, whether due to intentional manipulation or to human error.
Boards have a strong preference for qualitative information, according to 53 percent of respondents, with 38 percent saying their boards prefer quantitative information.
"The report reveals that both the board and security professionals are not doing their jobs when it comes to security reporting," says Feris Rifai, co-founder and CEO at Bay Dynamics. "The board isn't holding IT and security executives accountable for providing accurate, traceable and actionable information and security executives are failing to report information that is accurate, traceable and actionable. Both parties must do better if they want to make the right decisions that minimize their cyber risk".
Among other findings are that the most common type of information reported about cyber security issues is known vulnerabilities within the organizational systems, followed by recommendations on cyber security program improvements and specific details on data loss incidents. Information about the cost of cyber security programs and details about expenditures on specific projects or controls are not as commonly reported.
The most common criteria used to determine which type of intrusion to report is the type of data affected -- cited by 84 percent of respondents. This includes whether the data breached or attacked was sensitive or confidential, such as customers’ financial data or personal information, or corporate financial data.
"Security is now everyone's problem -- from the IT team to the C-suite and the boardroom. As a result, reporting the right type of information with the right context, in addition to making it actionable, has never been more critical," says Michael Osterman, Principal Analyst at Osterman Research. "It is imperative that security executives reconsider how they’re getting their information, the type of information they're reporting, and how they’re reporting it, so that the board can effectively take action to make smart security decisions".
The full report is available to download from the Bay Dynamics website.
Photo Credit: EmiliaUngur/Shutterstock
According to a new study, data security is now on the agenda in most boardrooms. Yet only 14 percent of information security chiefs report to the CEO.
The report by the Information Systems audit and Control Association (ISACA) and the RSA Conference also reveals that 74 percent of security professionals expect a cyberattack in 2016 and 30 percent experience phishing attacks every day.
"While there are signs that C-level executives increasingly understand the importance of cybersecurity, there are still opportunities for improvement," says Jennifer Lawinski, Editor-in-Chief, RSA Conference. "The majority of CISOs still report to CIOs, which shows cybersecurity is viewed as a technical rather than business issue. This survey highlights the discrepancy to provide an opportunity for growth for the infosec community in the future".
The study also identifies a 12-point decline in the percentage of security professionals who are confident in their team's ability to detect and respond to incidents, dropping from 87 percent in 2014 to 75 percent in 2015. Among that 75 percent, six out of 10 don't believe their staff can handle anything beyond simple security incidents. In addition, the number who say that fewer than half of job candidates were considered 'qualified upon hire' has risen from 50 percent to 59 percent in a year. Also 27 percent say they need six months to fill a cybersecurity position, up three points from 2014.
"The lack of confidence in current cybersecurity skill levels shows that conventional approaches to training are lacking," says Ron Hale, Chief Knowledge Officer of ISACA. "Hands-on, skills-based training is critical to closing the cybersecurity skills gap and effectively developing a strong cyber workforce".
The study also examined emerging trends towards artificial intelligence and the Internet of Things. Rather than the accepted view of AI as an aid to detecting threats, it found that respondents believe that AI will increase risk in both the short (42 percent) and long (62 percent) term. Less surprising is that more than half (53 percent) of respondents are concerned or very concerned that the Internet of Things will expand attack surfaces further and exacerbate cyber risk.
The full State of Cybersecurity study is available to download from the ISACA website.
Image Credit: Manczurov / Shutterstock
Active vulnerabilities can present a serious threat to organizations, which is why many are turning to intelligence solutions to spot and manage security issues.
Cloud-based security and compliance specialist Qualys is announcing a new service as part of its Cloud Platform. Called Qualys ThreatPROTECT, it provides customers with an interactive dashboard to help them understand security threats at-a-glance.
ThreatPROTECT's dashboard uses vulnerability scan data gathered via Qualys scanners or Cloud Agents in real-time and correlates this with Real-time Threat Indicators (RTI) from multiple industry sources. It then provides customers with an easy-to-understand display offering clear insights into what vulnerabilities to fix first based on the level of threat seen in the wild.
"In today’s rapidly changing threat landscape, the most effective way for companies to protect themselves is to accurately identify assets, identify vulnerabilities, and ensure that systems are properly configured," says Philippe Courtot, chairman and CEO for Qualys. "Our goal is to continuously expand and improve our cloud-based offerings so customers can raise the bar when securing their assets. Qualys ThreatPROTECT is another example the demonstrates the power and agility of our cloud platform to introduce new services that can help customers improve their overall security without the cost and complexity associated with deploying enterprise software".
Qualys is also announcing the extension of its Cloud Agent platform, with the availability of agents for Linux and Mac OS, adding to the platform's existing support for Windows. The Cloud Agent platform gives organizations the ability to conduct real-time asset inventory searches on a global scale, to effectively address the security and compliance of their IT assets.
Cloud Agent augments the company's Cloud Platform. It automatically collects vulnerability and configuration data and securely transfers it to the Qualys Cloud Platform, where it is analyzed and correlated to identify risks and eliminate vulnerabilities.
Courtot adds, "IT and security professionals have the daunting task of ensuring that all assets are up-to-date, compliant and secure. With the availability of the Cloud Agent on all major computing environments, companies can now inventory all their IT assets, get the visibility needed to secure them against cyber attacks on a continuous basis and take action with Qualys' new patching capabilities".
More information on these developments can be found on the Qualys website and they'll be on display at the company's RSA stand.
Cloud and hybrid environments along with mobile access bring lots of challenges surrounding securing networks.
One way of addressing these is to provide security from the cloud which is what Comodo is doing with its new cloud delivered secure web platform, Comodo Dome.
Comodo Dome takes a modular approach, allowing system administrators and IT directors to layer in just the modules they need across their networks as they grow. These include advanced threat protection (ATP), web security, portable containment, sandboxing, antispam, data loss prevention (DLP), next-generation firewall, bandwidth management and a secure VPN service. Individual modules can be easily added to provide total security and compliance to corporate policies, regardless of the end user, device or location.
"Every best-of-breed Web security solution today leaves significant gaps in securing mobile first, cloud-centric and borderless networks. Having large security content filters and backhauling traffic from remote offices is quickly becoming cumbersome and costly for IT departments of all sizes," says John Peterson, vice president of Enterprise Products at Comodo. "With Comodo Dome, companies can use the platform by itself or layer it with their existing security gateways as an additional and highly critical piece of security, which prevents patient zero infections and unknown file types from being executed on internal networks and devices -- solving the malware problem".
Comodo Dome is built on the company's next-generation default-deny platform, which places emphasis on allowing known good applications, while denying everything else until a verdict on those applications is reached. This is the opposite of the traditional industry method of default-allow, and thus ensures uninterrupted business productivity across an enterprise, while protecting users from zero-day attacks.
Dome inspects all Internet traffic and blocks zero-day malware and malicious files in real time, even if they are currently undetected by other antivirus engines. It also acts as a Web proxy that blocks known bad files and then identifies unknown files and wraps them in a portable container in flight, ensuring that end users are free to open, execute and use the files with zero risk of infection. Even sophisticated targeted attacks and the newest emerging threats are contained and blocked in real time.
Comodo Dome will be on display at next week's RSA conference in San Francisco.
Image Credit: alphaspirit / Shutterstock
Cybercrime is big business, netting $445 billion in annual profits according to the United Nations. To combat it enterprises need to be able to detect risks and have the tools to prevent attacks.
Check Point Software and IBM Security have announced an expanded alliance which will allow the two companies to share threat intelligence, as well as a broad set of product integrations and expanded investment across IBM's consulting and managed security services.
"The sharing of intelligence and expertise is how the security industry will take our defensive capabilities to the next level", says Caleb Barlow, vice president of strategy at IBM Security. "Cybercriminals are not new to this concept of sharing and our industry needs to step up to the challenge. Having a partner the quality of Check Point validate this approach is a big win for our joint customers".
The alliance focuses on four key areas. IBM X-Force and Check Point's security research team will directly collaborate through the sharing of threat identification and analysis using IBM X-Force Exchange (XFE), IBM's threat intelligence sharing platform. This intelligence may be integrated into each company's products, to help deliver protection to customers of both companies.
Check Point will be launching a new SmartConsole application in the IBM Security App Exchange for integration with the IBM Security QRadar Intelligence Platform. The app will deliver network data and security events from Check Point devices to QRadar to enable operators to view threat information in real-time directly from the QRadar console.
Integration within IBM Maas360 enterprise mobility management (EMM) will allow customers to easily deploy and manage Check Point Mobile Threat Prevention to limit compromised devices from accessing enterprise networks and data, based on real-time insights. This will allow automated protection against advanced threats across mobile devices, apps and networks, while simplifying the implementation and ongoing monitoring of mobile security technology.
IBM Managed Security Services (MSS) will continue to deepen its expertise in delivering and managing Check Point solutions for IBM customers. The deployment and management of a broader range of Check Point network security offerings will be supported through new lab equipment and ongoing training of IBM SOC analysts and solution architects. This will give customers cost-effective access to resources and expertise as their security requirements change.
You can find more about the partnership on the Check Point blog.
Legacy identity management solutions can struggle to keep up with the current interconnected world where systems may be both local and in the cloud.
Security company Ping Identity is launching a new Federated Access Management product designed to offer lightweight, open and hyper-connected identity technology for the modern digital enterprise.
Key benefits include automatic scaling to match AWS and OpenStack environments, which delivers cost and resource savings. It has context-sensitive, risk-based multi-factor authentication to ensure users receive proper access based on their location, role or other criteria set by administrators. The product can trigger 2FA for users attempting to access applications from outside their network, from public Wi-Fi or after hours. There are also time savings for admins thanks to a simplified partner administration and integration interface.
"Demand for secure access across the entire digital enterprise will only rise in the years ahead," says Andre Durand, CEO and founder, Ping Identity. "Increasingly, identity and access management helps companies realize the benefits cloud has to offer, including enhanced security and better user experiences. With the Ping Identity Platform, we aim to help our customers make the leap to digital transformation quickly, without sacrificing security".
By analyzing constant streams of contextual data, it allows split-second decisions to be made about user identities and permissions. There are thousands of pre-integrated applications, along with flexible cloud and software deployment options, which allows Ping Identity to leapfrog legacy vendors and offer an extensible, open platform and advanced integration capabilities.
More information about Federated Access Management can be found on the Ping Identity website.
Photo credit: Pakhnyushcha / Shutterstock
Most of the internet is powered by Linux servers, so it's not surprising that they’re increasingly a target for attack. In particular recent attacks have focussed on using compromised systems to distribute malware to other systems.
Many Linux systems rely on traditional signature-based threat detection which leaves them vulnerable to zero-day attacks. Endpoint security company SentinelOne is announcing a new solution aimed at protecting enterprise data centers and cloud providers from emerging threats that target Linux servers.
"As we have seen, Linux endpoints, whether they are servers or other devices, are not immune to malware and other forms of attack," says Tomer Weingarten, CEO of SentinelOne. "To address this new threat plane, SentinelOne EPP now provides the same exceptional level of integrated threat detection, prevention and remediation for Linux machines as it does for Windows and OS X devices".
SentinelOne uses a lightweight autonomous agent to monitor all activity in both kernel and user space (including files, processes, memory, registry and network) on the protected device. Each agent leverages the SentinelOne Dynamic Behavior Tracking (DBT) Engine which uses sophisticated machine learning to predict threats across any vector against the background of normal application behavior. Once malicious activity is detected SentinelOne immediately employs a series of automated mitigation and quarantine processes to eliminate the threat in real-time. SentinelOne also maintains a detailed audit trail of activity for forensic analysis and reporting which is delivered to the management console in real-time.
The SentinelOne EPP platform with support for Linux is available now, you can find more information on the company's website.
Image Credit: rosedesigns / Shutterstock
Use of cloud apps, including unauthorised 'shadow' IT, is booming, but it leaves a gap in the protection provided by traditional perimeter security.
To plug this gap cloud access security broker Netskope is launching a threat protection solution for the cloud. Netskope Active Threat Protection combines threat intelligence, static and dynamic analysis, and machine-learning based anomaly detection to enable real-time detection, prioritized analysis, and handling of threats that may originate from cloud apps.
It gives a 360-degree view into sanctioned and unsanctioned cloud app usage, even if the user is accessing the app remotely or from a mobile device. It also understands the context of the usage, such as who is uploading, downloading and sharing data -- information that can prove critical when thwarting an attack or limiting its effects.
Active Threat Protection is designed to prioritize potential threat dangers during scanning without sacrificing the comprehensiveness of the scans performed. This is done at high-speed and in real-time before presenting forensic analysis in a single Netskope dashboard or via a customer's existing SIEM solution.
"With the constantly evolving landscape of malware, ransomware and other threats to the enterprise, IT need not only 'rip the blindfold off' when it comes to shadow IT, but to be able to react immediately to ensure the safety and security of sensitive data," says Sanjay Beri, co-founder and CEO, Netskope. "With Netskope Active Threat Protection, customers can now take advantage of the Netskope deep cloud app visibility and granular policy enforcement capabilities in tandem with the benefits of a complete threat protection suite. We have collaborated with a number of leading enterprise security companies to offer this service to our customers and ensure that we are one step closer to safer enterprise cloud app usage."
You can find more details on the Netskope website and the product will be demonstrated at the RSA conference next week.
Image Credit: Maksim Kabakou/Shutterstock
A security breach can involve many different elements, this means that analyzing attacks can be a complex and difficult task.
Security analytics specialist Niara is launching a new version of its security analytics platform that can analyze any data source and supports the customization of behavioral analytics modules, providing organizations with complete visibility into attacks and risky behaviors inside their environments.
"By making behavioral analytics modular and data-agnostic, Niara enables data sources, machine learning models and features to be easily combined to better isolate attacks and identify risky behaviors," says Sriram Ramachandran, CEO and co-founder of Niara. "That flexibility results in much richer Entity360 risk profiles, allowing attacks to be detected with greater precision and dramatically reducing the time and skill needed to investigate and respond to security events".
It allows organizations to derive security insights from data sources by combining Niara's built-in behavioral analytics with custom modules unique to a particular environment. As a result, organizations can benefit from more comprehensive risk profiles and extensive information about attacks due to the breadth of Niara's multi-dimensional analytics. Analysis includes factors like privilege escalation, password sharing, credential violations, lateral movement, internal reconnaissance, abnormal access to high-value resources, command and control and exfiltration activities.
You can find out more on the Niara website or at the company's stand at next week's RSA conference.
Photo credit: sommthink/Shutterstock
If you buy a used mobile phone you could be getting more than you bargained for according to security software company Avast. It seems that some phone owners are inadvertently pawning their porn.
Avast purchased 20 used smartphones from pawn shops in 4 cities -- New York, Paris, Barcelona and Berlin. The goal being to see if used phones are regularly being sold with previous owners’ personal information still retrievable on them.
After buying the phones it used widely available free data recovery software to see what was on them. It discovered that 12 of the phones hadn't been wiped clean, even though shop owners assured the buyers they had been. On them were more than 1,200 photos, more than 200 photos containing adult content, 149 pictures of children, over 300 emails and text messages, identity details of two previous owners and what is described as a 'very adult' video.
Of the phones that were factory reset, 50 percent still contained personal data as they were running an outdated version of Android that had an improperly functioning factory reset feature. Some of the previous owners had only deleted their files without doing a factory reset, which meant they could be recovered.
"Through our research, we noticed that some people simply forget to delete their personal data and perform the factory reset before selling the device," says Gagan Singh, president of mobile at Avast Software. "To ensure that all data is removed, a user needs to overwrite the phone’s files. Without this, a user’s personal data could easily end up in the hands of the next owner of the phone. In the end, users are responsible for cleaning all sensitive and personal data from their devices prior to sale, and they should never rely on a shop owner to remove remaining data prior to reselling the phones".
To find out more about the findings along with tips on how to dispose of an old phone safely on the Avast blog. You can also see an infographic of the findings below.
Photo credit: Africa Studio / Shutterstock
Effective cyber security is all about seeing threats and being able to respond to them quickly and effectively. Increasingly this means using the cloud to deliver intelligence.
CrowdStrike, a specialist in cloud-delivered protection, is launching a new version of its Falcon platform to deliver endpoint, detection and response functions along with advanced antivirus capabilities.
CrowdStrike's fully cloud-based Threat Graph model analyzes and correlates billions of events in real-time, spots anomalies, and detects behavioral patterns to track and stop both known and unknown threats. This model allows Falcon Host to act like a 'DVR,' providing retrospective visibility and unlimited cloud-recall capabilities. This forensic capacity helps cut the time and cost of incident response, while increasing the chances of containing and mitigating damage by allowing customers to search and query all endpoints in seconds.
Extension of the platform's APIs means customers can integrate existing third party intelligence and so don't waste their current security investments. Falcon Connector can also transmit Threat Graph information to a customer's preferred SIEM system.
There's a new ransomware blocking feature too, and added protection for Linux systems with Linux-specific behavioral defenses based on indicators of attack.
"Our enhancements of CrowdStrike's Falcon Platform reflect our core customer value for redefining next generation endpoint protection to stop breaches," says Dave Cole, CrowdStrike's chief product officer. "Continuing to advance IoA-based prevention with ransomware exploit blocking and machine learning capability are just a couple of the new features that we are announcing today. Expanding CrowdStrike Falcon’s sensor coverage to Linux platforms, combined with our established support for Windows and Mac, is another significant market-leading accomplishment that allows us to provide protection across all mainstream endpoint operating systems. We are committed to continuing to build new innovative capabilities to change the game in endpoint security and ensure that CrowdStrike customers are able to protect themselves against all threats, known and unknown, in the most effective and efficient manner possible".
You can find out more about the latest release on the CrowdStrike website.
Image Credit: Balefire / Shutterstock
As we're regularly being told, passwords on their own are no longer sufficient to ensure our security. Businesses are therefore on the lookout for new ways to identify users without making the sign in process overly complicated.
Adaptive authentication specialist SecureAuth is launching the latest version of its product that includes behavioral biometrics, a new risk analysis technology that performs keystroke analysis and mouse movement analysis to determine a user's legitimacy and build a completely unique behavior-based profile on each user device.
These profiles are compared to subsequent login attempts and if they don't match, SecureAuth IdP v9.0 will ask for multi-factor authentication (MFA) for that login to proceed. SecureAuth is the first identity management vendor to offer this capability as part of a comprehensive risk-based authentication process.
"Think of SecureAuth IdP as a bullet proof vest," says Craig Lund, SecureAuth's CEO. "It has multiple layers of protection, which creates a strong bulwark against cyber attacks. It’s harder to break through multiple layers of authentication compared to just one. In this case, one of those layers is created by behavioral biometric technology, which is unique in that it is influenced by social and psychological attributes. This makes it nearly impossible to copy or imitate somebody else’s behavior when using a device".
As well as using behavioral biometric technology to determine risk, SecureAuth IdP also uses device recognition, IP reputation, directory lookup, geo-location and geo-velocity. Features include a tailored login process so that organizations can adjust security requirements for different groups of users.
IdP only requires multifactor authentication when it detects that risk factors are present -- such as a mismatched behavioral profile. It offers more than 20 authentication methods ranging from SMS, telephony, and e-mail one-time passwords to push notifications, so an appropriate method can be matched with each use.
SecureAuth IdP will be on display at the RSA Conference in San Francisco next week or you can learn more on the company's website.
Photo Credit: JMiks/Shutterstock
Security teams often have to spend a lot of their time investigating incidents, which is time consuming and can distract from other tasks.
To improve the efficiency of security operations centers (SOCs), Israel-based SECDO is launching a new platform aimed at managed security service providers (MSSPs).
It provides advanced alert validation, investigation and remediation capabilities. The platform dramatically improves the efficiency of the SOC by automatically validating alerts from security event and information management (SIEM) systems, using unique thread-level endpoint activity data to identify false positives and prioritize true positives. Using SECDO, MSSPs will be able to handle the thousands of alerts that they receive each day, while meeting ever-more competitive SLAs for their customers.
"SECDO is a valuable platform for MSSPs who want to offer their customers advanced services while improving the efficiency and response times of their own SOC," says Shai Morag, CEO and Co-Founder of SECDO. "With SECDO's endpoint analytics, MSSP SOC teams can now understand the full context of every alert, visually investigate, and reduce the time and resources needed to identify and eradicate a breach".
The platform’s interactive data visualization technology enables SOC analysts to understand the 'who, what, where, when, and how' of every incident by showing the entire attack chain timeline back to the root cause. This enables first and second tier analysts to easily investigate and respond to threats without having to escalate to the next level. When an in-depth investigation is required, SECDO provides multi-dimensional, interactive search capabilities that can reduce hundreds of manual queries into a single visual search.
It uses SECDO's disruptive thread-level endpoint intelligence and causality analysis technologies to give service providers visibility into their customer’s environment. This allows MSSPs to offer the advanced threat protection, incident investigation and forensics services that are necessary to stay ahead in the security marketplace.
The platform has been in use for three months, with customers reporting positive results, you can find out more and request a demo on the SECDO website.
Photo credit: Alex Mit / Shutterstock
According to a new report by enterprise security specialist Vormetric, 85 percent of senior IT security executives worldwide say they are using sensitive data in the cloud, up from 54 percent last year.
But even as they move to adopt cloud services, and in some cases believe that cloud environments are more secure than their local IT infrastructure, enterprises remain concerned about the security of their information.
When respondents are asked about the top data security concerns for cloud services, 70 percent (75 percent in the US) name security breaches or attacks at the service provider. 66 percent cite increased vulnerabilities from shared infrastructure, 66 percent say lack of control over the location of data, and 65 percent select lack of a data privacy policy or privacy service level agreement.
When asked about changes that would increase their willingness to adopt cloud services, 48 percent asked for encryption of data with enterprise key control on their premises. 36 percent wanted detailed physical and IT security implementation information, 35 percent selected encryption of their organization's data within the service provider's infrastructure, and 27 percent also wanted exposure of security monitoring data for their information.
"Security is still an afterthought when it comes to adopting new technologies, often taking a back seat amidst the rush to stake a claim in a promising new market," says Garrett Bekker, senior analyst, information security, at 451 Research and the author of the report. "We found that enterprises are storing sensitive data in just these types of environments -- 85 percent in cloud, 50 percent in big data, and 33 percent in IoT. Many have strong concerns about the security of their data as a result".
With half of all respondents planning to store sensitive information within big data environments (up from 31 percent on last year), these become a much greater concern for enterprises as a possible point of compromise, and as a focus for compliance efforts. The biggest worries are the Security of the reports produced -- as they may include sensitive data, named by 42 percent of respondents, and that sensitive information may reside anywhere within the environment (41 percent).
The IoT raises similar concerns over the protection of sensitive data and privacy issues. Plus the overlap of IoT with big data has the potential to create a new class of risks.
You can find more information in the full report which is available to download from the Vormetric website.
Photo Credit: Jirsak/Shutterstock
The pace of modern app development often means that support can be something of an afterthought. New startup RevTwo is launching a platform that allows support to be built in to any app on any device.
The RevTwo In-App Support Platform modernizes the in-app support model by enabling users to connect with app evangelists and users from across the world for real-time support.
Typically, when app users encounter an issue they can't solve, they are forced to leave the app, search online, trawl through message boards and hope that someone else encountered the same problem. RevTwo flips that model on its head, enabling people to connect with other users, in-app, with the push of a button.
"Our in-app, community-based support will completely transform the user experience," says Jim Hansen, co-founder and chief technology officer of RevTwo. "From a teacher in Alabama helping a student in California solve a math problem to a professional gamer in Japan providing tips and tricks to a player in Holland, for the first time ever, users can get the help they need from their peers without ever leaving their apps".
As well as the community model, the RevTwo platform provides universal support at all stages of the app lifecycle. It includes free tools for developer support throughout testing that provide insight into problems at the software level -- preventing issues before production. In-app professional help desk support services are also available to connect users to a help desk within the app through audio, video and screen share, driving faster problem resolution.
To see inside an app, a developer simply bundles the RevTwo library into any iOS-based app (Android support on the way). Following the integration the app can open support sessions, initiate and respond to voice calls and interact with diagnostic tools like screen sharing, logging, database inspector and file browser.
Developers can use RevTwo for free with developer support through testing and community support for production. To discover more visit the company's website.
Image Credit: Rido / Shutterstock
A new report shows that almost three-quarters of mobile devices returned with problems to mobile network operators and manufacturers in Europe and North America have 'No Trouble Found'.
The quarterly trend report from Blancco Technology Group also finds that in Europe device failures soared during the second half of 2015 -- rising from 14 percent during the third quarter to 29 percent during the fourth quarter.
The company has used data collected from millions of iOS and Android smartphones and tablets that underwent testing on its SmartChk diagnostic platform. The report argues that user behavior is the cause of a substantial number of device performance problems, failures and 'NTF' returns, rather than hardware.
"The quantity and types of apps being used, app notification settings, location services settings and battery charging habits are just some examples of how user behavior impacts the day-to-day performance and long-term health of devices," says Pat Clawson, CEO of Blancco Technology Group. "Take Asia, for example, where app adoption is high and the most frequently used apps are in the social networking and messaging categories. When these users fail to close the 40+ apps installed on their devices, it eats into the performance, memory and battery life. And all the while, users presume hardware is to blame when behavior is actually the culprit. It's a paradoxical situation and it happens very often".
Among other findings are that of issues found during the fourth quarter of 2015, 85 percent were on Android devices, compared to just 15 percent for iOS devices. Samsung tops the list of Android device manufacturers with the highest failure rate (27 percent), followed by Lenovo (21 percent), Motorola (18 percent), Xiaomi (11 percent) and Asus (8 percent). The most common causes of device failures worldwide are camera, touch, battery charging, microphone and performance. In Asia, frequent use of social networking apps and messaging applications, such as Facebook, WhatsApp, WeChat and Line, affected device performance in the region. The increasing usage of emoji and productivity apps in Europe played a contributing role in the increase in device failure rates during the second half of 2015.
Clawson adds, "Being able to detect with certainty the causes and types of device problems to determine if they are fixable is important. For mobile network operators and manufacturers, it allows them to automate and scale the device diagnostics and repair process to deliver a consistent customer experience. It also helps enterprise businesses support the needs and increase the productivity of their mobile workforce".
More information on SmartChck and Blancco's other mobile solutions can be found on the company's website -- where you can also download the report -- or at its booth at MWC in Barcelona this week.
Image Credit: Bevan Goldswain / Shutterstock
Allowing the use of mobile devices and BYOD in the enterprise has led to new challenges for IT teams. Not lease of these is controlling which apps employees can access and how they can use them.
Security solutions provider OptioLabs is launching a new platform that will allow enterprises to create policies that control each of the 3,300 system methods in Android to provide targeted security protections.
Called OptioInsight, it allows IT staff to deploy a situationally-aware policy to achieve HIPAA, or FISMA compliance for their mobile devices. These sophisticated situational policies apply controls automatically, based on time, location, network and other factors -- enforcing strict controls only when they are needed, and still preserving an optimal mobile experience for the user. Being cloud-based it can be managed from any browser and can be hosted by OptioLabs or in a private cloud.
"The increasing speed and sophistication of mobile security threats can easily overwhelm even the best enterprise cybersecurity teams and put sensitive and critical data at risk," says Bill Anderson, Chief Product Officer of OptioLabs. "OptioInsight puts enterprise cybersecurity teams in control, giving them the ability to enforce -- based on policy – how specific applications are used throughout their environment".
Other features include context-sensitive security policies across Optio-ready devices. This means an enterprise can define security policies that adapt as the mobile user moves through different environments -- ensuring strong security when enterprise resources are used, but allowing the user full access at other times.
OptioInsight synchronizes with Active Directory to inherit user accounts and group assignments and will automatically update device policies for registered Enterprise users. It can also track system, application, device and user behavior for all Optio-ready devices to produce data analytics for emerging threats.
You can find out more about OptioInsight on the company's website.
Photo credit: Kirill__M / Shutterstock
Signature-based security could be virtually useless as 97 percent of malware is unique to a specific endpoint says a new report.
This is among the findings of the latest annual Webroot Threat Brief which shows that today's threats are truly global and highly dynamic. Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information.
Among other findings are that around 50 percent of Webroot users experienced a first contact with a zero-day phishing site, compared to approximately 30 percent in 2014. This indicates that zero-day phishing attacks are becoming the hacker’s choice for stealing identities.
Interestingly technology companies, including Google, Apple and Facebook, were targeted by more than twice as many phishing sites as financial institutions, such as PayPal, Wells Fargo, and Bank of America. These companies are targeted because the same login credentials are often used to access other websites, resulting in multiple compromised accounts with each phishing victim.
Criminals are using more IP addresses too, with 100,000 new addresses created per day in 2015, a significant increase from the 2014 average of 85,000 a day. This shows cybercriminals are relying less on the same list of IPs, and are expanding to new ones to avoid detection. The US continues to have the most malicious IP addresses of all countries. In 2015, it accounted for over 40 percent of all malicious addresses, a significant increase from 31 percent in 2014. Top countries hosting 75 percent of malicious IPs include the US, China, Japan, Germany, and the UK.
As with IP addresses, malicious URLs are largely hosted in the US (30 percent), followed by China (11 percent). The US is also by far the largest host of phishing sites, with 56 percent of sites within its borders.
"2015 was yet another record year for cybercrime, during which more malware, malicious IPs, websites, and mobile apps were discovered than in any previous year," says Hal Lonas, chief technology officer at Webroot. "It comes as no surprise to those of us in the Internet security industry that the cybercrime ecosystem continues to thrive, given new innovations and little in the way of risk for those who choose to participate. The continued onslaught of hacks, breaches, and social engineering scams targeting individuals, businesses, and government agencies alike has caused many in the security field to ask if it's truly possible to defend against a persistent attacker. We conclude that we can only succeed by being more innovative than our criminal opponents".
Webroot suggests that organizations need to bolster their security posture with next-generation endpoint protection and real-time, accurate, dynamic threat intelligence to protect themselves, their users, and their customers from cybercriminal activity.
The full Threat Brief is available to download from the Webroot site and you can see an infographic summary of the findings below.
Image Credit: wavebreakmedia / Shutterstock
According to new research over 90 percent of Android devices are running an out of date version of the OS. In addition, 32 percent of those in use in enterprises today are running version 4.0 or older of the operating system, leaving them highly susceptible to vulnerabilities like Stagefright.
The study by cloud based access provider Duo Security analyzed data from its installed base of over a million mobile devices. It reveals that the problem isn't just with Android, only 20 percent of iPhones run the latest Apple operating system version, iOS 9.2. Outdated iOS devices have well-known vulnerabilities such as Ins0mnia and Quicksand that make these devices susceptible to attacks.
Duo estimates that over 20 million mobile devices connected to enterprise networks are no longer supported by the device manufacturer and therefore can't be upgraded to the latest versions of the software, which would fix their vulnerabilities. In fact, there are many devices still on the market that can't receive updates, meaning that even a brand-new device may be a security concern for the enterprise.
"IT administrators need to gain visibility into the health of all devices accessing their critical applications so that they can better protect these apps and at the same time improve the overall hygiene of all the devices," says Ash Devata, VP of Product at Duo Security. "Our new functionality will enable IT admins to understand what devices are out of date regardless of what type of device it is. We can then give admins the power to restrict out of date systems from accessing corporate data, and all of this is done without having to install anything on the end user device".
Full findings of the report are available on the Duo website. Duo has also made available a free X-Ray app for Android to allow users to detect serious vulnerabilities.
Image Credit: Palto / Shutterstock
A mobile data breach could cost a large enterprise over $25 million (£18 million) according to a new report.
The study of security and IT leaders in Global 2000 companies, carried out by mobile security specialist Lookout and the Ponemon Institute, examines the risk introduced by employees accessing increasing amounts of corporate data via their mobile devices.
The report finds that for an enterprise, the economic risk of mobile data breaches, including direct operational costs, as well as potential maximum loss from non-compliance and reputational damage, could be as high as $25.7 million (£18.2 million).
It also shows that mobile data breaches are more common than many may think. Two-thirds (67 percent) of organizations report having had a data breach as a result of employees using their mobile devices to access the company's sensitive and confidential information. With an average of three percent of employees' mobile devices infected with malware at any point in time, that could be more than 1,700 mobile devices, in a typical large organisation, connecting to an enterprise network everyday.
"The mobile workforce is dragging companies into a world where 24/7 access to cloud-based services from any location is a basic requirement. Employees demand flexibility. They want simultaneous access to work apps like Salesforce and personal apps like Facebook," says Gert-Jan Schenk, Vice President of Lookout EMEA. "When you talk to IT and security leaders, their number one concern is balancing mobility with security. It is critical that they get mobile security right from the outset, particularly in light of the financial and reputational consequences if they don't".
Another issue highlighted by the report is IT and security leaders’ underestimation of how mobile their employees have become. For example, on average IT believes that only 19 percent of employees can access customer records via mobile while 43 percent of employees say they have access. With the risk of mobile data breaches this visibility gap introduces unacceptable risk.
More details of the study are available on the Lookout website.
Image Credit: Minerva Studio / Shutterstock
A new Android banking Trojan is now bypassing Google Play security measures -- the Acecard Trojan is capable of attacking users of nearly 50 different online financial applications and services.
During the last quarter of 2015 researchers at Kaspersky Lab detected an unusual increase in the number of mobile banking attacks in Australia. The suspicious activity was discovered to be the result of a single banking Trojan called Acecard.
The company describes Acecard as one of the most dangerous Trojans it's ever seen. It uses almost every malware functionality currently available -- from stealing a bank's text and voice messages to overlaying official app windows with false messages that simulate the official login page in an attempt to steal personal information and account details. The most recent versions of the Acecard family can attack the client applications of some 30 banks and payment systems. Considering that these Trojans are capable of overlaying any application on command, the overall number of attacked financial applications may be much higher.
Acecard is also able to overlay phishing windows on other applications including IM services WhatsApp, Viber, Instagram and Skype, social networks including Facebook and Twitter, the Gmail client, Google Play and Music, and the PayPal mobile app.
"This cybercriminal group uses virtually every available method to propagate the banking Trojan Acecard. It can be distributed under the guise of another program, via official app stores, or via other Trojans. The combination of Acecard's capabilities and methods of propagation make this mobile banker one of the most dangerous threats to users today," says Roman Unuchek Senior Malware Analyst at Kaspersky Lab USA.
Kaspersky Lab experts believe that Acecard was created by the same group of cybercriminals that was responsible for the first TOR Trojan for Android and the first mobile encryptor/ransomware. The reasoning for this is based on similar code lines and the use of the same command and control servers.
To prevent infection by Acecard, Kaspersky recommends not downloading applications you don't trust, not clicking suspicious links, installing a reputable security application and keeping it up to date.
You can find more details on the Securelist blog.
Image credit: wk1003mike / Shutterstock
DDoS attacks are one of the most worrying threats that enterprises face. Chinese hardware company Huawei and security specialist Nexusguard are launching a new joint solution that offers enterprises and internet service providers state-of-the-art DDoS protection using software-defined networking (SDN).
The companies will combine Nexusguard's cloud-enabled Origin Protection and Huawei's DDoS Protection System Appliances, giving customers low latency and multi-layered protection that can accurately and quickly defend their systems with hybrid implementations.
In the past, differing customer sizes and requirements meant different ISPs had to set up appliances and build their own DDoS mitigation solutions from the ground up. For service providers overwhelmed by DDoS attack traffic, Nexusguard’s Hybrid Cloud approach will mitigate smaller attacks locally with on-premise appliances, which will be followed by failover to the cloud once inbound traffic exceeds the local network capacity to handle the attack.
"Businesses look for advantages in technology that can support real-time traffic monitoring and protection with low latency, which is where we believe SDN will be the ultimate model for technology and solution providers in the future," says Liu Lizhu, general manager of the Firewall and Gateway Domain at Huawei. "With Nexusguard's purpose-built cloud DDoS mitigation expertise and our on-premise appliance protection, we can ensure customers enjoy the lowest latency and the quickest recovery from cyberattacks with a hybrid approach".
Benefits of the combined solution include low false-positives, keeping end user experiences intact, and mitigation capabilities for DDoS attacks of any size, using excess cloud capacity. It offers immediate protection, triggered by real-time attack monitoring, along with security across multiple layers safeguarding against all types of DDoS attack.
Both companies will be showcasing the joint solution at next week's RSA 2016 conference in San Francisco.
Image Credit: sibgat / Shutterstock
Most marketing email gets personalized using a static template which limits the amount of information that can be tweaked for each recipient.
Marketing automation company Boomtrain is launching a new platform, Boomtrain Editor, that adds advanced machine learning personalization regardless of email provider. It predicts the optimal email content for each recipient, and can then be applied by simply dragging and dropping it into a customizable template.
Rather than displaying the same message for all subscribers, content can be personalized with recommendations for each individual user, regardless of the number of recipients. It can turn existing HTML newsletters into a dynamic, 1:1 personalized template, without needing software specialists to help.
"You can go out and run predictive models on IBM's Watson or Google's TensorFlow, but if you don't have a team of engineers on staff, you won't be able to use it for practical marketing applications," says Nick Edwards, CEO of Boomtrain. "Boomtrain has bridged that gap to make advanced machine learning personalization accessible for marketers everywhere to leverage this new wave of data and technology".
In order to create a seamless process for executing email campaigns, Boomtrain has also announced a partnership with Iterable, a user engagement platform that powers marketing across email, mobile and web, to serve dynamic, personalized content to individual consumers through the Iterable email platform. Through this partnership, Boomtrain will create content within the email, while Iterable will be responsible for sending the actual message.
More information on Boomtrain Editor is available on the company's website.
Image Credit: Sarah Holmlund / Shutterstock
How much of your company's data do you actually use? According to search technology specialist Lucidworks, businesses typically only analyze around 10 percent of the data they collect.
The rest becomes what the company calls 'dark data' -- information that lurks unused. Much of this data is unstructured and doesn't fit into any convenient database format. This means that companies don't have the tools to make sense of it or simply find they have too much to handle.
Lucidworks reckons that 7.5 septillion (7,700,000,000,000,000,000,000) gigabytes of data are generated worldwide each day and a large proportion of that will go dark. This data may contain sensitive information or details that could be used to commit crime, so it needs to be looked after. But it also has the potential to uncover details of undetected fraud, or boost business by revealing patterns in consumer habits, or finding untapped sources of revenue.
There's an interactive graphic on the issue of dark data on the Lucidworks site. You can see a short extract from it below to give you a flavor.
Whilst businesses can call on expert resources to secure their systems, for many home users protecting a home network and the devices attached to it can be something of a dark art.
Finnish security company F-Secure is aiming to make securing systems simple even for the non-technical with its forthcoming SENSE product. We spoke to Mika Majapuro, F-Secure's director of product management, to find about more.
BN: Can you give us an overview of what SENSE is?
MM: We've been building F-Secure SENSE for around one and a half years, the reason we started the project was we know that people have more and more connected devices. With the Internet of Things they'll have many more in future thanks to technology like smart TVs and smart thermostats.
The bad news is that all of these connected devices are hackable and there are worries that maybe your TV or your child's toy could be spying on you. We wanted people to be able to run a connected home but stay safe, secure and private.
BN: How does it work?
MM: SENSE is a combination of a Wi-Fi router, endpoint security and cloud service. You take the sense device home and connect it to your existing router, it then creates a new Wi-Fi network to which you move all of your connected devices. SENSE can then monitor all of the traffic going in and out of your home. If it sees something suspicious it can send information to the cloud for analysis. If there's a problem then action can be taken to block the connection and notify the user that maybe their connected toaster is trying to send traffic to China or receiving traffic from a malicious website. It's a behavior and reputation based service.
For devices like PCs and phones we also install an endpoint app which provides security for when they are taken out of the home. This provides antivirus protection, blocks tracking attempts and so on.
BN: Once you've bought that SENSE hardware is there an ongoing subscription?
MM: Yes, you buy the hardware which should be about $199 and that includes 12 months of subscription. After that you pay $8 per month but that’s for an unlimited devices so it doesn't matter whether you have 20 devices or 200 it's the same price. Since it also replaces your traditional antivirus product the cost becomes very competitive.
BN: How easy is it to set the system up?
MM: For home users, setting up security can be a painful process. With SENSE we really wanted to make it easy to use so we've used focus groups and redone the setup process more times than I like to remember. The app also gives you valuable information about your connected home, how many devices you have, where they're connecting, how they're behaving and so on. There's also a simple display that tells you when your home is secure and which will alert you if something is going wrong.
BN: Tell us a bit more about the SENSE gadget?
MM: If you look at traditional routers it's safe to say they're not the best looking devices and are something which you probably want to hide. We've tried to make the SENSE hardware something that you'd be proud to own and keep visible. The display will show if attention is needed so you can then go to the app to find out what's happening.
There's nothing special in the hardware, it has a 1GHz dual-core CPU and 512MB of RAM, the real magic is in the software and the cloud service.
BN: Does it replace your existing wireless router?
MM: No, it's an add-on. You attach the SENSE device to the router you received from your ISP, either with Wi-Fi or Ethernet. It then sets up a new wireless network to which you'll need to move all of your devices, network attached storage and so on.
BN: When will it be available?
MM: We announced SENSE at a startup event in Helsinki last November. We’re still in the final stages of development but in Europe and North America you can pre-order the product on the website and it will start shipping in early summer.
Increased use of big data in IT management and other areas means that companies are on the look out for new tools to give them better insights from their information.
Behavioral analytics company Prelert is making it easier for Elasticsearch users to automate the analysis of large data sets with the launch of Behavioral Analytics for the Elastic Stack.
It's powered by Prelert's machine learning algorithms and capabilities, which have been proven in the company’s other analytics products including its widely deployed Anomaly Detective solution. Prelert’s analytics create accurate, always up-to-date statistical baselines of normal behaviors. From these baselines the software is able to detect, score and link unusual activity that could indicate IT operations problems, IT security incidents, or business interruptions.
Since the automated analysis flags real issues as they're happening, it eliminates the need for traditional data monitoring rules and thresholds that return false positives if set too strictly, miss activity if set too loosely, and become outdated over time. Prelert's analytics include new statistical influencer tracking, which provides contextual data for each detected anomaly, so the root cause of issues can be identified and resolved quickly.
"There's a whole new world of possibilities for the way users extract value from their data that’s being driven by combining the power of analytics with the speed of search," says Tanya Bragin, Director of Product Management at Elastic. "Prelert's automated behavioral analytics are a powerful addition to the Elastic Stack and further demonstrates how developers can build an application using Kibana’s UI framework".
Behavioral Analytics for the Elastic Stack is expected to be available for download next month but in the meantime you can get more information on the Prelert website.
Photo Credit: Sergey Nivens / Shutterstock
CRM systems have become essential tools for sales and marketing teams, giving them the ability to organize and automate the processes that build good customer relationships.
But off-the-shelf solutions don't always meet the needs of specialist industries. Insurance technology specialist Vertafore is launching its new Agency SalesTrack solution, built on Microsoft Dynamics CRM to cater specifically for the insurance sector.
"Built on Dynamics CRM, Vertafore's Agency SalesTrack solution addresses the key challenges insurance agents face today," says Tom Feher, US Financial Services Industry Director at Microsoft Corporation. "Working with the rich features and capabilities of Dynamics CRM, Vertafore's SalesTrack Solution provides a 360 view of their production pipeline as well as the details needed to service clients. This increases agent productivity by eliminating duplicate data entry, enabling agents to not only meet their sales quota, but also provide exemplary service to their clients".
SalesTrack integrates with Vertafore's existing AMS 360 product to to centralize customer information and increase visibility into the key performance indicators affecting insurance sales. It offers a comprehensive view of the entire customer journey, eliminating the need for duplicate data entry and the associated delays and errors.
"We evaluated the major software providers in the CRM space, and we are really excited to partner with Microsoft Dynamics," says Greg Wright, SVP, Agency and Carrier Solutions at Vertafore. "Together, we're developing solutions for the independent insurance channel at incredible speed. The launch of Vertafore Agency SalesTrack helps independent agencies adapt and meet the evolving need of consumers and the insured so producers can focus on what they do best: selling insurance".
For more information on Agency SalesTrack and to register for a webinar explaining how it works you can visit the Vertafore website.
Photo Credit: Mikko Lemola / Shutterstock
It seems that convenience trumps security when it comes to passwords. Although 73 percent of US consumers believe sharing login details is risky, 95 percent do share between one and six of their passwords with other people.
A new survey by LastPass also reveals that only 19 percent of respondents say they don't share passwords that would jeopardize their identity or financial information, leaving a scary 81 percent of people who would share them.
The study explored the password sharing habits of more than 1,000 US consumers of 18 or older. Among the key findings were that 59 percent use the same password on multiple sites, which means people are potentially exposing more online accounts than they realize through password sharing.
"Nearly all aspects of our lives have some online component and when you bring password sharing into the mix, all of that sensitive information is instantly compromised," says Joe Siegrist, VP and GM of LastPass. "We realize that at times, people and teams need access to the same accounts, so we created a new LastPass Sharing Center in our 4.0 version, allowing users to easily and securely share their passwords, giving them the peace of mind knowing their passwords are protected".
Other findings include that only 27 percent of respondents reset a password after sharing it with others. Younger generations are more trusting too, those aged 18-29 are the most likely to share passwords with friends. In fact, 40 percent said they’d shared a password with a friend as opposed to 15 percent of those aged 30-44, only 6 percent aged 45-59 and 8 percent aged 60+.
Password sharing isn't limited to personal accounts either. One in four respondents admit to sharing business passwords, classified as any password associated with their workplace. Additionally, 61 percent of respondents say they are more likely to share their work passwords than personal passwords.
You can find more details of the survey's findings in the infographic below.
Photo credit: shutteratakan / Shutterstock
According to the results of a new survey, while two thirds of US respondents say they would like extra layers of online privacy and security, their actions prove otherwise as few even use currently available tools.
The study by VPN provider Hide My Ass! has been used to categorize people into five different approaches to online life:
* Old School Sharers are hesitant to share personal information or participate regularly on social media and lack confidence that they are protected from threats.
* Cautious Contributors are apprehensive about new technology, but are more socially inclined and learn from the mistakes of the past.
* Online Nudists seek out and bare everything to their online community, craving a high amount of interaction with their peers through social media.
* Social Savvy Butterflies are active in and seek interaction from online communities, but have stepped up their game and take precautions to ensure their personal information stays safe.
* The Digitally Enlightened employ the highest levels of security, which enables them to safely maintain their highly active digital lives.
Among the survey's findings are that 63 percent of respondents have experienced online security issues, but, of those, only 56 percent have made permanent behavior changes afterwards. Nearly one in four people (24 percent) use unsecured public Wi-Fi, leaving their information open to prying eyes, quite often or all the time.
Take up of existing security tools is depressingly low, only 16 percent utilize privacy-enhancing browser plug-ins, just 13 percent use two-factor authentication and a mere 11 percent use a VPN. In fact 44 percent are not at all familiar with VPNs and a mere four percent use anonymity software (such as Tor).
While 70 percent say that the risk of exposing personal information online reduces their level of social media use and presence, only a quarter have strict privacy restrictions in place on their social media accounts. Also while two thirds say they are likely to shred physical documents containing personal information they are happy to post details online including their email addresses (51 percent), home addresses (26 percent) and personal phone numbers (21 percent).
"Even with the NSA revelations and a seemingly endless onslaught of celebrity hacks and public data breaches, Americans still turn a blind eye to their vulnerability online," says Danvers Baillieu, the chief operating officer of Hide My Ass! "While many people say they want to protect themselves online, it is difficult for them to sacrifice things like their level of social presence. For too many, the gratification of a ‘like’ severely outweighs the investment in building a digitally secure life. When it comes to choosing either security or convenience, the latter almost always wins".
You can find a summary of the findings in infographic form below.
strong>Image Credit: jurgenfr / Shutterstock
Many IT personnel don't follow the same security protocols they’re expected to enforce according to the results of a new survey of over 500 professionals working in IT security roles.
The study by Absolute Software Corporation shows that 45 percent of IT professionals admitted to knowingly circumventing their own organization's security policies. In addition 33 percent of respondents admitted to successfully hacking their own or another organization.
"Given that IT is the security gatekeeper for an organization, it was alarming to see such high incidents of non-compliant behavior by IT personnel," says Stephen Midgley, vice president, Global Marketing at Absolute. "Even if these actions are being performed to validate existing infrastructure, senior leadership should be aware that this activity is occurring. It may also be worthwhile to consider third-party audits to ensure adherence with corporate security policies".
Security remains at the top of the IT spending list, with 87 percent of respondents expecting increased investment in security this year. Despite prioritizing security and increasing budgets, IT departments believe that employees represent the greatest security risk to an organization (46 percent). This may be related to the fact that on average, 33 percent of all security protocols are not being followed by staff. It may also explain the high incidents of security breaches, with 38 percent of respondents experiencing a data breach within the past year.
Younger professionals are also likely to show a more casual attitude to security according to the findings. Among IT professionals aged 18-44, 41 percent are likely to hack their own organization compared to just 12 percent of those in the 45+ age group. 92 percent of 18-44 year-olds say they are confident in containing a data breach, compared to 79 percent of 45+ professionals.
"Despite marked improvements, businesses are still very susceptible to attack," adds Midgley. "The gaps in current data breach response plans and in upholding general best practice policies must be addressed".
The full report is is available to download from the Absolute website.
Photo Credit: Alexander Kirch/Shutterstock
Traditional endpoint security often ends up generating lots of false alerts which take up valuable support time to investigate and resolve.
Anti-malware specialist Malwarebytes is aiming to make things easier for businesses with the launch of its latest Breach Remediation product, a platform that improves organizations' ability to remove advanced threats from their endpoint systems.
It uses a scanning engine that detects and removes infections and related artifacts simultaneously across all endpoints on the network. Malwarebytes Breach Remediation scans network endpoints looking for suspicious files or anomalies and, when found, pieces together all of the threat traces allowing it to automatically fix other compromised systems on the same network.
"Traditional breach remediation involves an incident responder running to each computer to put out cyber fires, one at a time," says Marcin Kleczynski, CEO of Malwarebytes. "Three hours later the same security team member runs to put out another fire. This inefficient way of 'solving' the issue hasn't evolved for decades. Now, Malwarebytes and our integration partners are creating an automated sprinkler system that enables the whole enterprise to put out fires as they appear across thousands of endpoints".
In addition using its own behavioral rules to identify compromised endpoints, Malwarebytes Breach Remediation can read custom indicators of compromise (IOC) from third party sources, including Mandiant, Lastline and Fidelis, as well as the Open Indicators of Compromise (OpenIOC) framework, to hunt for new and undetected threats.
The product is available now from authorized resellers and will be shown at the RSA Conference in San Francisco from 29 February to 4 March. For more information you can visit the Malwarebytes website.
Photo Credit: Palto/Shutterstock
Identity and access management (IAM) is a growing field, expected to be worth around $18 billion by 2019 according to a recent report.
This is partly down to cloud growth creating the need for a secure solution that can scale quickly, in on-premise environments and across cloud applications, without additional costs for installation and extra hardware.
IAM solutions company IDdriven is entering this market with its new Identity as a Service (IDaaS) solution. This aims to offer an easy-to-implement and cost-effective way for companies of all sizes to secure and manage their digital access points.
"My team and I spent 24 months engineering a product that we felt encompassed and addressed all of the technical elements currently missing from IDaaS solutions on the market," says Arend Verweij, CEO of IDdriven. "This is reflected in the core features and delivery of IDdriven. We offer scalable pricing, access control based on company role and location, along with analytics and reporting on use and threats. These features, among others, give our company a massive competitive edge in a crowded marketplace".
IDdriven is subscription-based, so that businesses of all sizes can secure their digital access, cost-effectively. It also integrates seamlessly with existing ID management systems, to add new functionality while getting the most out of existing investments.
It has a robust and secure back end running an easy-to-use UI, specifically designed to be accessible to all users, regardless of their experience level. Role and zone-based access control delivers the ability to manage the identities and access rights of employees based on their company role and precise location, anywhere in the world and on all devices. A self-service feature gives added flexibility, without risking security, by enabling employees to request access to applications from a central service desk as their job roles evolve.
You can find out more and request a demo on the IDdriven website.
Image Credit: Kirill Wright / Shutterstock
Keeping systems secure has become more complicated as companies adopt cloud and hybrid environments for their systems.
To eliminate the need for multiple different security products and give users a single-pane view into workloads, infrastructure monitoring, vulnerability management, threat intelligence and compliance reporting, Threat Stack is launching a new Cloud Security Platform.
Threat Stack CSP gives users the immediate visibility and vital insights needed to operate efficiently, prevent data loss and identify and verify threats, while keeping data secure and compliant.
"We recognized an opportunity to evolve with the many companies looking to move into or expand within the cloud. Today’s security needs go beyond singular point solutions, so we have answered the market's requests with a complete security platform which will not only scale, but meet all of the immediate and future needs of our customers," says Brian M Ahern, chairman and CEO of Threat Stack. "This integrated platform approach will save our clients money, as well as organizational effort to manage security and compliance initiatives".
Key features include workload insights to help organizations verify whether their environments have been compromised by insider threats and/or data loss by tracking suspicious user activity, tracking connections to command and control servers and tracking access to secret configuration files. Tracking changes to infrastructure in real-time and generating infrastructure alerts based on user, event name, counts of events, and source IP means changes to a software-defined infrastructure won’t occur without security teams knowing about them.
Threat Stack CSP examines package information and tells the user if there is anything vulnerable. It then organizes workflows around what’s important based on common vulnerabilities and exposure (CVEs). Threat Intelligence lets companies know when workloads are communicating to known bad hosts, and receive granular alerts about who servers are talking to.
There's also real-time visibility, detailed audit trails and built-in compliance reporting provide the historical record companies need to meet compliance regulations and ensure data and infrastructure are protected.
Threat Stack CSP is available now and you can find out more on the company's website.
Photo Credit: Marynchenko Oleksandr / Shutterstock
As we use the internet we give away information to lots of sites from shopping portals to search engines. The growth of the Internet of Things is likely to see a further boost in the amount of data held and shared about us.
The Warwick Manufacturing Group (WMG) at the University of Warwick in the UK is working on £1.2 million HAT (Hub-of-all-things) research project to develop a platform technology where individuals can keep all their personal data in one place.
Funded by the Research Councils UK Digital Economy Programme and working in conjunction with industry and commercial partners, the research project has developed a personal data platform to perform all four key operations on personal data: collect, control, re-combine, contextualize and share.
"Now is the time to wake people up to just how much personal data they pour online and empower them to use that data to benefit them as much as its benefiting the businesses that are harvesting it," says Professor Irene Ng of WMG. "With the internet of things growing as a concept people need to get as much utility out of their own data as the product providers and utilities that will increasingly be taking that data".
A HAT Foundation will develop the next phase of the technology, taking over from the HAT research project team in WMG to roll-out the HAT globally in 2016. The Foundation will scale-up the HAT ecosystem and build a community of HAT users, to promote widespread take-up of HATs by individuals.
"The data on your HAT is owned by you and can be recombined by you so that you can make it meaningful and useful for decision-making. The HAT is also a fully scalable personal data platform for firms to offer you services for your data in a privacy-preserving way, as well as allowing you to track and creatively organize your data for better informed decisions in your lives," adds Professor Ng. "Most importantly, I believe that the HAT will start a movement for individuals to claim our personal data, as we believe it is now time for us to gain control of our digital lives and put ourselves, as individuals, at the center of the growing data exchange in the sharing economy".
You can find out more about the project on the HAT Foundation website.
Photo Credit: jazzerup/Shutterstock
Some of the latest cyber attacks seek to steal information using man-in-the-browser (MITB) attacks. These represent a dangerous trend because they circumvent even the strongest authentication techniques by hijacking the session after the user has authenticated a bank or other site.
Threat intelligence start up buguroo is looking to combat this with its new online fraud detection solution that can detect hijacked sessions in real time and stop them before any money leaves the bank.
The company's new bugFraud Defense technology is entirely host- and cloud-based and doesn't require any action, such as installing software or an agent, by an end-user client in order to be protected. The buguroo software is transparent to the user, requires minimal resources and doesn't degrade the user experience or performance.
"Any online fraud detection solution that still relies on signatures or requires users to take action is based on a failed model," says Pablo de la Riva Ferrezuelo, CTO and founder of buguroo. "Industry research shows that 'opt-in' models that require installing client-side software at best get low single digit percentage participation. Study after study shows users expect their service providers to protect them, and they are not willing to help. Period. That's what we do".
The solution is implemented at web server level for both development and security teams. It then requires only a lightweight modification in regular server content to link online sessions to the cloud-based fraud detection engine.
Available immediately in the US, Europe and Latin America, buguroo bugFraud Defense can be bought as a standalone product or as part of bugThreats, the company's comprehensive threat intelligence platform, also announced today. The company is targeting those sectors most commonly attacked by cyber criminals, banking, social networking and e-commerce. More information is available on the buguroo website.
Photo credit: Lichtmeister / Shutterstock
More and more organizations are seeing the benefits of adopting the hybrid cloud, but they don’t want to risk sacrificing the security advantages of more traditional systems.
To help businesses tap into hybrid cloud without sacrificing security, IBM is announcing a new mainframe, the z13s. Building on the mainframe’s world-class performance and security profile, the z13s features new embedded security technologies, enhanced data encryption and tighter integrations with IBM Security solutions.
The z13s provides the foundation for a more secure, end-to-end hybrid cloud environment, allowing organizations to protect their most sensitive data without sacrificing performance. Features include a new cryptographic co-processor and hardware-accelerated cryptographic coprocessor cards provide encryption up to two times faster, so users can increase workload security without compromising throughput and response time.
The new z13s has up to 4TB of memory (eight times more than previous single-frame mainframes) along with faster processing speeds and sophisticated analytic capabilities. IBM Multi-factor Authentication (MFA) for z/OS has been integrated into the operating system, adding to overall security by requiring users to enter a second form of identification, such as a PIN or randomly generated token, to gain access to the system.
It also has IBM's Security Identity Governance and Intelligence software which helps prevent data loss by governing and auditing device access. Integrated into the mainframe, QRadar and Identity Governance use real-time alerts to focus on identified critical security threats, while Security Guardium uses analytics to help ensure data integrity by providing intelligent data monitoring.
"Fast and secure transaction processing is core to the IBM mainframe, helping clients grow their digital business in a hybrid cloud environment," says Tom Rosamilia, senior vice president, IBM Systems. "With the new IBM z13s, clients no longer have to choose between security and performance. This speed of secure transactions, coupled with new analytics technology helping to detect malicious activity and integrated IBM Security offerings, will help mid-sized clients grow their organization with peace of mind".
New z13s systems will be available from next month and you can find out more about IBM's z Systems portfolio on the company's website.
Only around two percent of free to play game users spend money making in-game purchases. A new report into buying habits from gaming analytics specialist SOOMLA reveals the -- perhaps unsurprising -- information that those who made an in-app purchase in one game are six times more likely to do so in another.
Yaniv Nizan, Co-founder and CEO of SOOMLA, says, "Attracting payers to your game is like finding a needle in a haystack, but when crossing in-app purchase data from thousands of other games, our payer prediction technology reveals which user segments will eventually convert and what they're likely to buy".
Other insights from the report include the fact that quick payers (those who make a first in-app purchase within 24 hours of install) are nine times more likely to pay in another game. Plus over 40 percent of users who paid $25 or more in one game, will also pay in another game.
For each in-game item users purchase with real currency, an average of 18 additional items are purchased with virtual currency. And while 71 percent of in-game purchases are for 'single use' items, like extra time or ammunition, it's 'lifetime' items such as characters, level packs or advert removal, that account for 65 percent of revenue.
Looking at usage patterns, daily active users increase by as much as 33 percent at weekends, and this occurs primarily on phones, although sessions on tablets are often longer in duration. Patterns differ across game genres as well, with strategy games boasting the highest average session duration of 11 minutes -- 2.6 times more than for other genres. Seasonal factors are at work too with developers who market their apps in time for the holiday season achieving an average revenue per paying user increase in December of 83 percent above the annual average.
If you want more information the full report is available to download from the SOOMLA website.
Photo credit: Mmaxer / Shutterstock
When people are booking travel, companies like travel agencies, hotel chains and airlines have an opportunity to gain a loyal customer.
But a new survey of more than 500 travelers from data science specialist Boxever suggests that the window to turn searchers into bookers and beat the competition is a narrow one.
While you might think that price is a driving factor, only 47 percent of those surveyed say they prefer airlines and online travel agencies to present the cheapest flights first in online search results. The results show that almost a third of travelers want the best, most relevant options presented first, those that take into account a range of key elements including price, timing, duration, personal preferences, past travel history and needs.
A personalized booking experience is important too, 85 percent say they would value travel websites that remember their personal preferences and automatically present the best and most relevant options.
There's also a demand for a more connected experience, 54 percent of frequent travelers would like airlines, hotels, ground transportation providers and other travel companies to automatically share their travel information. People say they are willing to provide more information about themselves if it leads to a better travel experience.
The opportunity to sell extras is there but it's important that it’s presented early in the booking process. 48 percent of travelers who purchase extras or services do so when booking, but just 16 percent will add extras -- like Wi-Fi or a seat upgrade -- in the days before a flight, and even fewer wait until they actually arrive at the airport.
Respondents also displayed a reluctance to respond to promotional messages. 38 percent say they almost never check the promotions or adverts tab in their personal email, nine percent only check it a few times a year and 13 percent a couple of times a month. However, 33 percent say they would consider moving a company’s mail to their main inbox if the content was consistently targeted to their needs and preferences, and not the marketing priorities of the company.
The full report is available to download from the Boxever website.
Photo Credit: Ilin Sergey/Shutterstock
Hackers are constantly seeking new ways to attack systems and gain insider access to data. A new survey from IT security company Balabit reveals the 10 most popular hacking methods to help companies understand how to protect themselves.
The survey of almost 500 IT security practitioners reveals that social engineering is the most popular means of attack. Hackers aim to get a 'low level' insider user account by means of phishing and escalate its privileges.
"Traditional access control tools and anti-malware solutions are necessary, but these only protect companies’ sensitive assets while hackers are outside of the network," says Zoltán Györkő, CEO at Balabit. "Once they manage to break into the system, even gaining a low level access, they can easily escalate their rights and gain privileged or root access in the corporate network. Once it happens, the enemy is inside and poses a much higher risk as they seem to be one of us".
Compromised accounts, such as those with weak passwords, is the second most popular route. If users have the same password on work and personal accounts the attacker only needs to discover one, from a social network account say, to open up corporate systems.
Third place is taken by web-based attacks such as SQL injections. The quality of code in many applications is still questionable from a security point of view, and there are many automated scanners from which attackers can easily detect vulnerable applications.
"The highest risk to corporations is when outside attackers gain insider access, as they can stay undetected within the network for months," says Györkő. "Balabit aims to support organizations to know their enemy by knowing who is behind their user accounts, and determining whether it is a legitimate user or a masked hacker. This should be the fundamental priority in every kind of organization's IT security strategy".
You can see the full top 10 in the infographic below.
Photo Credit: igor.stevanovic/Shutterstock
Content filters are supposed to protect you from bad stuff, but they can have unexpected side effects and block things you want to access.
As we approach Valentine's Day a new survey by UK broadband comparison site Broadband Genie has discovered that filters may be preventing Brits from finding love by blocking online dating sites.
As part of prime minister David Cameron's bid to protect children from adult content, ISPs are now required to have 'family-friendly' web filters automatically enabled. The filters can block a wide array of sites, from online dating to pornography, but there is skepticism about their effectiveness and concerns about how sites are classified.
The company revealed last year that 46 percent of users may have their filters activated, meaning many could struggle to access online dating services. But these latest results show that 73 percent of people surveyed wouldn't know how to access online dating websites if they'd been blocked by their ISP's content filter.
"Not only are there questions on the effectiveness of the filters, but the sheer amount of confusion they're causing is very worrying indeed," says Rob Hilborn, Head of Strategy at Broadband Genie. "The opt out nature of the filters means ISPs now have a much bigger responsibility to provide users with accessible information and simple processes to make a decision on opting out if they should want to".
Respondents to the survey are divided on whether dating sites should be blocked. A majority (60 percent) say online dating websites shouldn't be blocked by default, however, 29 percent think dating sites don't do enough to stop children from accessing them, and 54 percent believe dating sites pose a threat to children.
Hilborn concludes, "It's incredibly important we put the correct measures in place to protect children online, whether that's through web blocking tools or better education. However, we shouldn't be damaging legitimate businesses through poorly executed and confusing blanket filters which ignore how people actually use the internet".
You can read more on the report's findings on the Broadband Genie blog.
Photo Credit: SueC/Shutterstock
Messaging and infrastructure security specialist Cloudmark has released its Annual Global Threat Report for 2015 which reveals the biggest current threats based on its crowd sourced security platform, which analyses user behavior from more than a billion subscribers.
Top of the list is the Swizzor malware which delivers unsolicited ads, modifying browser settings without user permission. This silent threat delivers booby-trapped emails to unsuspecting users with varying subject lines. Each email contains a zip file carrying the malware payload, this uses a simple domain generation algorithm for command and control synchronization to create a large number of domains that then clash with legitimate websites and make it difficult for them to be taken down.
Senior marketing consultant Pam Strayer writing on Cloudmark's blog says, "This under-the-radar malware uses novel URL naming conventions with common, simple words to disguise itself as normal traffic. Appearing as normal email traffic, the malware attempts to subvert typical email security and character distribution analysis".
Shortened links were another major concern in 2015 with 25,000 different malicious links detected, of which 97 percent are email spam. Spammers are using this method as an easy way to generate an unlimited number of call-to-action URLs that redirect to a server hosting storefronts and spam content. By using multiple links it's harder for spam filtering to detect them all. This activity also reflects badly on major brands, the CNN.it URL shortener for example has been abused, peaking at 8,800 malicious URLs in a single day on 11th Jan 2016.
Cloudmark reports that 91 percent of firms have experienced a spear phishing attack and that this is costing companies $1.6m annually. In a surprising development the report also shows that Germany has become the biggest spammer in Europe, sending more junk email than Russia, India and China.
Cloudmark expects that as the Internet of Things creates more uses for connected devices and intelligence, criminals will find a way to take advantage for malicious purposes. For example a home security system could be hacked and instructed to unlock a door to allow a thief to enter -- or perhaps lock a victim in. Other possibilities include, spying on conversations, or filming people in the privacy of their homes using smart TVs connected to webcams.
Other predictions are that zero day exploits will become so valuable that they may be deliberately introduced by developers so that friends can claim the bug bounty. The report also forecasts that the UK's Investigatory Powers Bill will cause other major Internet companies to follow Yahoo's lead and move their operations out of the UK to avoid being subject to this law.
The full report is available to download from the Cloudmark website.
Image Credit: underverse /Shutterstock
It's coming up to Valentine's Day, so inevitably the IT industry turns its thoughts towards dating apps. Two new reports show that the apps may not be living up to expectations, and that users of them could be revealing more than they intend to.
New research from app quality researcher Applause shows that consumers are more dissatisfied with dating apps than any other type.
The research looked at 97 apps, with a minimum of 2,000 app store reviews, which received a quality score based on consumer sentiment on a 0-100 point scale (100 being the best score). Overall, the dating apps lagged all other apps in quality by 23 points.
Just 11 dating apps earned quality scores of 50 or more with more than 10,000 app store reviews, including OKCupid and GROWLr by Initech. Tinder dropped by over 10 points in the last year, since Applause's first report on the category last February.
Consumers have high expectations when it comes to their dating app's style, privacy and security. The report concludes that, "Brands looking to improve their app quality in the eyes of users would be wise to invest in usability and security audits to prioritize product improvements". The full version is available on the Applause website.
As if that wasn’t bad enough news for the industry, software management specialist Flexera has issued a report which shows that many popular dating apps could present a security risk for enterprises when installed on BYOD devices.
Of the 25 popular Apple iOS dating apps tested 88 percent, including Grindr, OKCupid and Tinder, are capable of accessing a device's location services. 76 percent support ad networks and 60 percent are capable of accessing the device's social networking apps as well as SMS/Texting functions.
36 percent, including Grindr, Lovestruck and OKCupid, are capable of accessing the device's calendar, and 24 percent, including Blendr, Hinge and Tinder, are capable of accessing the address book.
The full report is available on the Flexera website and there’s an infographic summary of the findings below.
Photo Credit: JoeyBear/Shutterstock
Widely used by cyber criminals to introduce malware onto systems, the Dridex banking trojan has been subject to a number of high profile investigations, and a takedown by US authorities last year.
These things don't stay dead for long, however, and Dridex is back in business. But in an interesting new twist it seems that the Dridex botnet has been hijacked to deliver the free Avira antivirus program rather than its more usual malicious payload.
Dridex is spread by spam, usually using a Word document with malicious macros. Once the file has been opened, the macros download the payload from a remote server, and the computer is infected. In the latest version though the links have been modified to deliver Avira instead.
"The content behind the malware download URL has been replaced, it's now providing an original, up-to-date Avira web installer instead of the usual Dridex loader," says Moritz Kroll, malware expert at Avira.
The company denies that it's behind the modification itself. "We still don't know exactly who is doing this with our installer and why -- but we have some theories," says Kroll. "This is certainly not something we are doing ourselves".
Explanations as to why this is happening include that it's an attempt to confuse detection processes. It could also be the work of white hat hackers who want their identities to remain secret. "While what they are doing is fundamentally helpful, it is also technically illegal in most countries, so they probably don't want to be known or identifiable," adds Kroll.
You can find out more about this unusual development on the Avira blog.
Image Credit: Julien Tromeur/ Shutterstock
The UK government has today announced that it will work with Openreach -- BT's local access network business -- and the Home Builders Federation (HBF) on an agreement to deliver superfast broadband connectivity to new build properties in the UK.
The deal will mean that fibre-based broadband is offered to all new developments either for free or as part of a co-funded initiative.
Openreach will offer an online planning tool for homebuilders. This will tell them whether properties in any given development can be connected to fibre for free, or if a contribution is needed from the developer to jointly fund the deployment of the local fibre network. Openreach says it will make a 'significant contribution' to the installation costs before seeking funds from developers.
"This is an important step towards bringing fibre broadband to as many new build properties as possible," says Clive Selley, CEO of Openreach. "We recognise that high speed broadband connectivity is a major factor for homeowners when deciding to buy a house. That's why we’re offering to deliver fibre to all new build developments either for free or as a co-funded model".
The announcement has met with a luke warm response in some quarters, however. Dan Howdle, consumer telecoms expert at broadband and TV advice site Cable.co.uk says, "What is the purpose of a network provider making it easier for developers to install proper broadband infrastructure if it still remains the homebuilder’s choice as to whether or not to take action? These measures are arbitrary and unlikely to have any effect. They comprise neither legislative enforcement of superfast for new builds, nor any obligation for homebuilders to inform buyers they face years of broadband misery".
Howdle continues, "Today's announcement allows homebuilders to continue to do exactly what they have been doing: to sell homes with little or no broadband connectivity and without forewarning their buyers. As such, it is unlikely to appease the many thousands of families forced to choose between living with little or no connectivity, or selling up and moving on".
More details of the announcement can be found on the UK government's website.
Image Credit: Peter Bernik / Shutterstock
You may be aware of risks and problems in your own business, but increasingly it's possible to be exposed to issues by other organizations that you deal with, particularly if you're buying in IT services.
How can enterprises deal with these threats and ensure that their data and that of their customers is kept safe at all stages of the supply chain? We spoke to Dean Coleman, head of service delivery at service management and support specialist Sunrise Software, to find out.
BN: How difficult is it for larger organizations to manage problems that might occur further down the supply chain?
DC: It can be quite difficult, historically most organizations have a handle on risk in terms of what's going on in the business, financial targets and so on. But when it comes to IT risks and the supply chain providing IT they don't have the same visibility. These days IT is everywhere and businesses depend on it so IT problems have a larger impact. The understanding of risk needs to be something that key decision makers are more aware of.
BN: Is this a particular problem when dealing with smaller companies who might not have resources in house?
DC: Yes, from the supplier side of the fence we see that smaller organizations often don't have the skills in house to deal with security, infrastructure, and so on. They rely heavily on these services but don't see them as a core part of their business. Because they don't have the skills and resources they will often turn to third parties to manage these things for them. However, in some cases the third parties also don't do a very good job, they’ll be providing reactive services rather than the proactive ones that are really needed to predict problems based on risk.
BN: Is this something larger companies need to address in their service agreements with smaller ones?
DC: Definitely, it's essential that they do. They should be offering services that highlight back to their customers what the potential risks are and what the impact of those risks could be. They also need to highlight where changes and improvements are needed and where investments will be most effective. Information from service providers can allow businesses to make effective decisions.
BN: Is it about more transparency at all levels?
DC: Not only does the customer benefit from having better information to make decisions, it helps the service providers themselves because they're highlighting the risks of, say, a server failure. While service providers might be responsible for keeping systems up and running they don’t necessarily have direct control of the hardware and infrastructure involved. This can leave them in a position where they can highlight a risk -- like a server running short of disk space -- but it's down to the customer to take action.
BN: How much emphasis should there be on education since the human factor is often the weakest link?
DC: There is an element of that, education is always key when it comes to IT. People need to be aware of issues like phishing, although services like filtering are now very effective there’s always a risk of things like fake invoices getting through and catching users unawares.
BN: What challenges will service providers face in future?
DC: One of the struggles for service providers is how they manage risks, keep track of them and make sure their customers are aware of them. They need to regularly report back to customers with risk assessments and the potential impact they can have, plus recommended courses of action. Most providers will now have very good tools to ensure that systems are kept up to date rather than relying on spreadsheets and older methods. they’re now able to link risks not only to infrastructure but to specific services or people they could directly affect.
BN: Does this ultimately lead to providing a better service because you have a more resilient system?
DC: Yes, if you're aware of and managing the risks and have plans to mitigate problems then the services you provide should improve. The availability should increase because you’re taking a more proactive approach, and as a service provider it also leads to opportunity for more revenue, selling services, technology, project management and so on. Greater transparency leads to a better relationship with the customer and the opportunity to quote for more business.
Image Credit: jannoon028 / Shutterstock
OnePlus may not be a name that springs instantly to mind when you think of smartphones, but it really should be. It is a Chinese company that is fast developing a reputation for turning out quality handsets at something of a bargain price.
The company's latest OnePlus X model starts at around £200 which is only about £40 below the price of its flagship, the better specified OnePlus 2 model, so does it live up to the company’s claims that this is an affordable phone with premium features?
In the Box
You get a nicely presented package which makes it feel like you’re getting a quality product from the off. Lift off the lid and you find the phone sitting on top of a red box which contains the charger, instructions, a clear screen protector and a rubber sleeve.
The phone itself looks smart with milled edges that catch the light and a shiny glass black back panel -- though this does show every fingerprint. It’s just under 7mm thick and weighs a relatively lightweight 138 grams. There’s a limited edition Ceramic version of the phone available too, but in appearance it’s not too different from the black glass of our review unit and its functionality is the same.
Power and volume switches are on the right-hand edge; again, these have a machined finish that makes them feel a cut above the plastic buttons on, say, a Nexus 5X. The combined SIM card and memory card slot, accessed in the usual way by poking a tool into a little hole, is also on the right.
On the left is a three position Alert Slider; this is a novel touch that lets you quickly set the phone to silent, priority or tell-me-everything modes in a single action. It’s handy for when you’re going into meetings for example allowing you to quickly silence the phone without having to access the screen. On the bottom edge are the speaker grilles and a standard microUSB port, the headphone socket is at the top left. Unlike the OnePlus 2 the X lacks a fingerprint scanner.
There are hardware buttons at the base of the screen for the usual back, home and recent apps functions. These are very faint and quite hard to see, but you can opt to use soft buttons instead; these nibble away a bit of your screen space. Like the Nexus 5X, the phone is a nice size to hold and operate one-handed thanks to a 5-inch screen.
Under the skin is a Qualcomm Snapdragon 801 quad-core processor, 3GB of RAM, 16GB of storage and an Adreno 330 graphics processor. If you need more space you can add a microSD card to expand the storage up to 128GB.
There’s a 13MP rear camera and an 8MP front and the display offers 1,920 x 1,080 resolution. It’s all powered by a 2,525mAh battery which, depending on how you use it, should get you a couple of days between charges. It’s a dual-SIM phone too, connectivity is via 4G, Wi-Fi and Bluetooth, but you don’t get NFC.
The OnePlus X runs the previous generation Android 5.1.1 Lollipop, and it has OnePlus’ Oxygen user interface. This doesn’t make many changes to stock Android other than adding light and dark menu options, shortcuts to apps you use frequently and some tweaks to app management. It’s largely free of bloatware though, with the only installed apps being the SwiftKey keyboard, a custom file manager, Google Office apps and a OnePlus Radio app.
Business Features
The Alert Slider is a clever extra for busy executives who don’t want to be interrupted by their phone in meetings -- or perhaps when entertaining clients at the opera. Move the switch to one of its three positions and the phone just gives a little buzz and displays a message on the screen to acknowledge the instruction.
The dual-SIM feature is useful if you want to have access to separate business and personal networks on the same handset. However, one of the SIM slots doubles as a microSD card slot; a neat design, but it means you can’t have more storage and two SIMs installed at the same time.
The Oxygen UI’s app management feature gives you the ability to control permissions for individual apps, something that’s standard in Android Marshmallow, but not in Lollipop. This helps prevent data leaks by keeping your information private, limiting what information and hardware features each app is allowed to access without preventing you from using its features.
The Oxygen skin also lets you assign shortcuts to the physical home, back and recent apps buttons. You can have up to two shortcuts on each one, useful for apps that you use on a regular basis. Google Office apps for Docs, Sheets and Slides are pre-installed allowing you to work when you’re out of the office and access your data stored in the cloud.
In Use
The OnePlus X is a good size for ease of one-handed use and is nicely weighted without being too heavy. It also looks and feels like a much more expensive piece of kit, using it back-to-back after the Nexus 5X there’s no doubt that in a blind test you’d say the OnePlus was a much costlier device.
The phone feels nice in your hand too and the machined edges make it easy to grip. It does lack some hardware options you’ll find on pricer models, a fingerprint scanner and NFC communication being the main missing features.
Having a standard USB port means you’re more likely to already have adaptors, car chargers, etc that will fit, but on the other hand you miss out on USB-C features like faster file transfers. The supplied plastic cover feels a bit tacky, but it does help protect the edges and back of the phone from knocks and scratches and helps you to grip the handset. A selection of other covers is available from the OnePlus website if you fancy something a bit more stylish.
The OnePlus X’s Snapdragon 801 processor spec is one you’d have seen in the priciest flagship phones just a year or so ago. But despite the fact that it isn’t the very latest in CPU technology it feels easily fast enough to cope with day-to-day tasks. It streams video smoothly, opens apps fast and never feels like it’s struggling.
The display is a real high point of this phone, you often get LCD screens at this price point but the OnePlus uses AMOLED. What this means on a technical level is that the individual pixels are illuminated rather than the screen being cross lit as with an LCD display. In practice this translates to a display that delivers bright, vibrant colors and superb contrast, which means deep blacks. This combined with the black of the handset really seems to have colors zinging out from the screen.
Combine this with 440ppi pixel density that delivers nice sharp text and images and you have what is probably one of the best displays of any phone in this price bracket. In fact the display here is rather better than that on the more expensive OnePlus 2.
The physical buttons below the screen on the other hand are very faint and there’s no illumination option so you may well find yourself sacrificing some screen space to the soft buttons for the sake of ease of use. The screen has an auto brightness setting, but it does seem to make things a little too bright indoors; you’ll probably end up finding a comfortable setting for most conditions and turning the automatic option off.
Of course you’ll want to use headphones for serious listening, but the speaker -- yes, speaker, although there are two grilles on the bottom of the phone there is only one -- on the OnePlus is actually pretty good, delivering a clear sound at everyday volume levels.
It begins to sound a bit harsh if you crank things up higher, but that’s carping as few phones offer hi-fi speaker quality. The OnePlus Radio app lets you receive FM stations, it uses the headphone cable as an antenna so you can’t listen via the speakers when using it.
The Oxygen interface doesn’t mess too much with the Android user experience. As standard it has a dark theme which nicely shows off the capabilities of the phone’s screen. Probably the most useful feature it offers is frequently used shortcuts which can be found by swiping right from the home screen.
This gets automatically populated with apps and contacts according to use, rather like the frequently visited sites on your Google home page, you can also take control yourself and add widgets here for specific apps making it a good aid to everyday use.
Oxygen does have some odd omissions too, there’s no Gallery app, for example, meaning you have to find your photos and videos via the Files app. Oxygen is quite tweakable, however, so you should have no problem customizing it to fit in with the way you want to work.
Out of the box the OnePlus X comes with a number of gesture controls enabled. You can draw an "O" to launch the camera app for example or slide two fingers down the screen to pause playback of music or videos. You can turn these gestures on and off according to taste.
The rear camera delivers okay results though there’s no image stabilization and the f2.2 lens is slower than the one on its OnePlus 2 brother. You simply tap on the screen to focus, this also brings up a little gear wheel icon which you can drag around to adjust the exposure.
In low light it automatically cranks up the ISO level, this delivers clear images -- without using flash on many occasions -- but at the expense of some graininess. You also get some extra shooting modes built in including HDR for balancing detail and shadow, and a Beauty mode for enhancing portraits.
There’s also something called Clear Image which creates a higher res picture by stitching 10 images together. This takes just a couple of seconds to do and although it sounds gimmicky it delivers surprisingly good results.
There’s no 4K on offer, but you can capture video at 720P or 1080P. The 8MP front camera is not brilliant, but is fine for selfies and video calls. You do get a selection of basic editing functions which allow you to carry out simple fixes like adjusting brightness and cropping images, as well as adding some effects. It’s never going to get keen photographers excited, but the OnePlus X camera delivers perfectly good everyday snapshots.
Conclusion
Although it only costs £199/$249, the OnePlus X pulls off the trick of looking and feeling like a much more expensive phone, a result of the glass back and nicely machined metal components. There are no plasticky budget overtones here and the quality of the screen adds to the overall good impression too.
That said it’s not perfect, having to sacrifice the dual-SIM capability for extra storage is a bit frustrating, and the lack of NFC means no using Android Pay or quickly swapping data with other handsets. Other more minor frustrations include the hard to see hardware buttons below the screen and the fact that the back quickly becomes covered in fingerprints making the phone look rather scruffy.
There’s no doubt that this is an impressive phone for the price and one that you won’t be ashamed to whip out in high-level meetings -- or for that matter in the pub. Whether you buy one really depends on how you’re going to use it.
Given that the OnePlus 2, which does come with a fingerprint scanner and has a better camera, but still no NFC, only costs £40 more you might want to weigh up which is the better option depending on which features really matter to you.
Pros
Cons
ITProPortal Review: 7/10
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
OnePlus may not be a name that springs instantly to mind when you think of smartphones, but it really should be. It is a Chinese company that is fast developing a reputation for turning out quality handsets at something of a bargain price.
The company's latest OnePlus X model starts at around £200 which is only about £40 below the price of its flagship, the better specified OnePlus 2 model, so does it live up to the company’s claims that this is an affordable phone with premium features?
In the Box
You get a nicely presented package which makes it feel like you’re getting a quality product from the off. Lift off the lid and you find the phone sitting on top of a red box which contains the charger, instructions, a clear screen protector and a rubber sleeve.
The phone itself looks smart with milled edges that catch the light and a shiny glass black back panel -- though this does show every fingerprint. It’s just under 7mm thick and weighs a relatively lightweight 138 grams. There’s a limited edition Ceramic version of the phone available too, but in appearance it’s not too different from the black glass of our review unit and its functionality is the same.
Power and volume switches are on the right-hand edge; again, these have a machined finish that makes them feel a cut above the plastic buttons on, say, a Nexus 5X. The combined SIM card and memory card slot, accessed in the usual way by poking a tool into a little hole, is also on the right.
On the left is a three position Alert Slider; this is a novel touch that lets you quickly set the phone to silent, priority or tell-me-everything modes in a single action. It’s handy for when you’re going into meetings for example allowing you to quickly silence the phone without having to access the screen. On the bottom edge are the speaker grilles and a standard microUSB port, the headphone socket is at the top left. Unlike the OnePlus 2 the X lacks a fingerprint scanner.
There are hardware buttons at the base of the screen for the usual back, home and recent apps functions. These are very faint and quite hard to see, but you can opt to use soft buttons instead; these nibble away a bit of your screen space. Like the Nexus 5X, the phone is a nice size to hold and operate one-handed thanks to a 5-inch screen.
Under the skin is a Qualcomm Snapdragon 801 quad-core processor, 3GB of RAM, 16GB of storage and an Adreno 330 graphics processor. If you need more space you can add a microSD card to expand the storage up to 128GB.
There’s a 13MP rear camera and an 8MP front and the display offers 1,920 x 1,080 resolution. It’s all powered by a 2,525mAh battery which, depending on how you use it, should get you a couple of days between charges. It’s a dual-SIM phone too, connectivity is via 4G, Wi-Fi and Bluetooth, but you don’t get NFC.
The OnePlus X runs the previous generation Android 5.1.1 Lollipop, and it has OnePlus’ Oxygen user interface. This doesn’t make many changes to stock Android other than adding light and dark menu options, shortcuts to apps you use frequently and some tweaks to app management. It’s largely free of bloatware though, with the only installed apps being the SwiftKey keyboard, a custom file manager, Google Office apps and a OnePlus Radio app.
Business Features
The Alert Slider is a clever extra for busy executives who don’t want to be interrupted by their phone in meetings -- or perhaps when entertaining clients at the opera. Move the switch to one of its three positions and the phone just gives a little buzz and displays a message on the screen to acknowledge the instruction.
The dual-SIM feature is useful if you want to have access to separate business and personal networks on the same handset. However, one of the SIM slots doubles as a microSD card slot; a neat design, but it means you can’t have more storage and two SIMs installed at the same time.
The Oxygen UI’s app management feature gives you the ability to control permissions for individual apps, something that’s standard in Android Marshmallow, but not in Lollipop. This helps prevent data leaks by keeping your information private, limiting what information and hardware features each app is allowed to access without preventing you from using its features.
The Oxygen skin also lets you assign shortcuts to the physical home, back and recent apps buttons. You can have up to two shortcuts on each one, useful for apps that you use on a regular basis. Google Office apps for Docs, Sheets and Slides are pre-installed allowing you to work when you’re out of the office and access your data stored in the cloud.
In Use
The OnePlus X is a good size for ease of one-handed use and is nicely weighted without being too heavy. It also looks and feels like a much more expensive piece of kit, using it back-to-back after the Nexus 5X there’s no doubt that in a blind test you’d say the OnePlus was a much costlier device.
The phone feels nice in your hand too and the machined edges make it easy to grip. It does lack some hardware options you’ll find on pricer models, a fingerprint scanner and NFC communication being the main missing features.
Having a standard USB port means you’re more likely to already have adaptors, car chargers, etc that will fit, but on the other hand you miss out on USB-C features like faster file transfers. The supplied plastic cover feels a bit tacky, but it does help protect the edges and back of the phone from knocks and scratches and helps you to grip the handset. A selection of other covers is available from the OnePlus website if you fancy something a bit more stylish.
The OnePlus X’s Snapdragon 801 processor spec is one you’d have seen in the priciest flagship phones just a year or so ago. But despite the fact that it isn’t the very latest in CPU technology it feels easily fast enough to cope with day-to-day tasks. It streams video smoothly, opens apps fast and never feels like it’s struggling.
The display is a real high point of this phone, you often get LCD screens at this price point but the OnePlus uses AMOLED. What this means on a technical level is that the individual pixels are illuminated rather than the screen being cross lit as with an LCD display. In practice this translates to a display that delivers bright, vibrant colors and superb contrast, which means deep blacks. This combined with the black of the handset really seems to have colors zinging out from the screen.
Combine this with 440ppi pixel density that delivers nice sharp text and images and you have what is probably one of the best displays of any phone in this price bracket. In fact the display here is rather better than that on the more expensive OnePlus 2.
The physical buttons below the screen on the other hand are very faint and there’s no illumination option so you may well find yourself sacrificing some screen space to the soft buttons for the sake of ease of use. The screen has an auto brightness setting, but it does seem to make things a little too bright indoors; you’ll probably end up finding a comfortable setting for most conditions and turning the automatic option off.
Of course you’ll want to use headphones for serious listening, but the speaker -- yes, speaker, although there are two grilles on the bottom of the phone there is only one -- on the OnePlus is actually pretty good, delivering a clear sound at everyday volume levels.
It begins to sound a bit harsh if you crank things up higher, but that’s carping as few phones offer hi-fi speaker quality. The OnePlus Radio app lets you receive FM stations, it uses the headphone cable as an antenna so you can’t listen via the speakers when using it.
The Oxygen interface doesn’t mess too much with the Android user experience. As standard it has a dark theme which nicely shows off the capabilities of the phone’s screen. Probably the most useful feature it offers is frequently used shortcuts which can be found by swiping right from the home screen.
This gets automatically populated with apps and contacts according to use, rather like the frequently visited sites on your Google home page, you can also take control yourself and add widgets here for specific apps making it a good aid to everyday use.
Oxygen does have some odd omissions too, there’s no Gallery app, for example, meaning you have to find your photos and videos via the Files app. Oxygen is quite tweakable, however, so you should have no problem customizing it to fit in with the way you want to work.
Out of the box the OnePlus X comes with a number of gesture controls enabled. You can draw an "O" to launch the camera app for example or slide two fingers down the screen to pause playback of music or videos. You can turn these gestures on and off according to taste.
The rear camera delivers okay results though there’s no image stabilization and the f2.2 lens is slower than the one on its OnePlus 2 brother. You simply tap on the screen to focus, this also brings up a little gear wheel icon which you can drag around to adjust the exposure.
In low light it automatically cranks up the ISO level, this delivers clear images -- without using flash on many occasions -- but at the expense of some graininess. You also get some extra shooting modes built in including HDR for balancing detail and shadow, and a Beauty mode for enhancing portraits.
There’s also something called Clear Image which creates a higher res picture by stitching 10 images together. This takes just a couple of seconds to do and although it sounds gimmicky it delivers surprisingly good results.
There’s no 4K on offer, but you can capture video at 720P or 1080P. The 8MP front camera is not brilliant, but is fine for selfies and video calls. You do get a selection of basic editing functions which allow you to carry out simple fixes like adjusting brightness and cropping images, as well as adding some effects. It’s never going to get keen photographers excited, but the OnePlus X camera delivers perfectly good everyday snapshots.
Conclusion
Although it only costs £199/$249, the OnePlus X pulls off the trick of looking and feeling like a much more expensive phone, a result of the glass back and nicely machined metal components. There are no plasticky budget overtones here and the quality of the screen adds to the overall good impression too.
That said it’s not perfect, having to sacrifice the dual-SIM capability for extra storage is a bit frustrating, and the lack of NFC means no using Android Pay or quickly swapping data with other handsets. Other more minor frustrations include the hard to see hardware buttons below the screen and the fact that the back quickly becomes covered in fingerprints making the phone look rather scruffy.
There’s no doubt that this is an impressive phone for the price and one that you won’t be ashamed to whip out in high-level meetings -- or for that matter in the pub. Whether you buy one really depends on how you’re going to use it.
Given that the OnePlus 2, which does come with a fingerprint scanner and has a better camera, but still no NFC, only costs £40 more you might want to weigh up which is the better option depending on which features really matter to you.
Pros
Cons
ITProPortal Review: 7/10
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Accurately modeling consumer behavior and the events that drive and inhibit sales is a tricky problem for retailers.
Specialist in IT operation and security analytics Prelert, has turned its expertise on the problem and is launching a new Retail Order Analytics solution. It's aimed at helping online and multichannel retailers to identify technical and operational issues as they're happening in order to stem losses and protect revenue streams.
Built using unsupervised machine learning technology, Prelert's solution automates data analysis and detects the periodic nature of daily and weekly order cycles. It adapts to changing data patterns that may result over time due to factors like a new product becoming available or current events that cause a spike in product interest.
"A significant drop in the number of orders taken by an e-commerce site during a particular day might be obvious in retrospect, but can be very difficult to catch in near real time without automated machine learning. Static thresholds and even moving averages can’t reliably identify issues," says Mark Jaffe, CEO of Prelert. "Our anomaly detection algorithms have been proven to work and provide significant ROI within hundreds of progressive IT organizations around the globe. We can provide the same value now for retail and e-commerce organizations, with a solution tailored specifically for them".
Unlike other solutions which require data to be moved or batch uploaded, Prelert is designed to be easy to deploy, bringing analytics to where an organization's data already resides and analyzing it in near real time. In addition, an open API allows developers to use Prelert in their own products or environments.
For more information on Prelert's Retail Order Analytics you can visit the company's website.
Image credit: iQoncept/Shutterstock
Interaction at work has been changed in recent years thanks to tools like Slack, but what do IT managers look for when sourcing communication tools?
According to the results of a new survey of 250 IT managers by West Unified Communications more than half believe that relying on best-of-breed communication and collaboration tools is more important than adopting solutions from the same vendor.
Other findings are that the adoption of video technology is on the rise. More than one-third of IT managers (36 percent) expect to implement or expand their video capabilities in the next three years, but cite it as one of the most difficult technologies for IT departments to maintain.
The top reason for delaying unified communication deployment, according to 52 percent of respondents, is not cost or budget, but that a technology isn't a ‘must have’ priority. The top technology is still audio conferencing, used by 79 percent, followed by web conferencing (76 percent) and instant messaging (73 percent).
More on the survey's findings is available on the westUC website and there's a summary in infographic form below.
Photo credit: Everett Collection / Shutterstock
As businesses adopt the cloud for increased flexibility and reliability, public cloud services are increasingly being used as a protection platform to provide backup, archiving and disaster recovery.
Data protection specialist Druva has recognized the importance of this market and is adding disaster recovery capability to its Phoenix product to offer a converged cloud solution.
Druva Phoenix is built on Amazon Web Services and makes use of the public cloud’s elasticity, global presence and security, meaning companies can store, protect and manage large volumes of data simply, efficiently and effectively.
"Companies have been forced to juggle multiple hardware and software resources -- including on-site tape, secondary disk hardware and backup software -- to manage, protect and secure data. This has created organizational silos and significant expense. Phoenix has been designed as a one-stop-shop for on-demand, infrastructure data protection services," says Jaspreet Singh, CEO, Druva. "By adding DR to Phoenix's existing public cloud backup and archival capabilities, these silos are eliminated saving enterprises money and resources".
Phoenix's new DR capability allows organizations to continuously back up their VMware environments. They can automatically recover and spin-up their virtual machines in the AWS public cloud when disaster strikes, ensuring business continuity. It helps save on costs too by eliminating the need for additional dedicated on premise software, storage or hardware. Thanks to advanced configuration settings, Phoenix users can set up detailed polices to automate network and security failover to a DR environment, significantly reducing downtime. In addition, administrators can create multiple copies of virtual machines across geographies and accounts for test and development.
More details on the latest capabilities in Phoenix are available on the Druva website.
Photo Credit: Andreas Weitzmann/Shutterstock
Companies increasingly face demands to keep documents in order to satisfy legal and compliance requirements. This can present problems in deciding what to keep but also in keeping up with the latest regulations.
The latest EU/US Data Transfer negotiations for example are causing businesses to re-think their current business processes and data governance strategy in order to address these changes.
Compliance and archiving specialist Actiance is launching a new version of its Alcatraz product offering on-demand preservation capabilities so that organizations can hold, capture, search, and review content across more than 70 communications channels.
This allows legal departments to effectively manage eDiscovery requirements, while mitigating risks that may arise during the critical collection and preservation steps, as well as complying with new Federal Rules of Civil Procedure (FRCP) regulations.
"The standards for legal preservation have become better defined, posing greater challenges for customers who face frequent, unpredictable legal discovery," says Kailash Ambwani, president and CEO, Actiance. "Actiance's On-Demand Preservation capabilities provide a gold standard in proving that a firm has taken the reasonable steps required by the Federal rules to collect and preserve all information that may be relevant for litigation".
The software uses a modern, tamper-proof data store so that legal teams can upload content from communication and social channels to automatically place under legal hold when required for eDiscovery. Electronically stored information is then immediately available for legal teams to conduct searches, filter unneeded content, and export data for review. With built-in, easy-to-use eDiscovery features, legal teams are able to manage collection and preservation tasks without relying on IT staff.
Alcatraz and its enhanced features will be showcased at LegalTech in New York this week and you can find out more on the Actiance website.
Image Credit: Constantine Pankin / Shutterstock
Endpoint security and digital investigations specialist Guidance Software is launching a new solution to help organizations identify and classify confidential data.
EnForce Risk Manager allows organizations to reduce their surface area of risk, limiting the potential damage from breaches and improving their ability to comply with global data protection rules.
The software allows enterprises to identify the most commonly compromised data anywhere it's stored, including file shares, email sources, servers, databases and all types of endpoints. They can then categorize that data for review and validation, and automatically address issues through digital removal and other control actions.
"The amount of data stored on electronic systems today is growing at an exponential rate. And as we've learned from high-profile breaches that compromised sensitive information, including health records and credit card information, the ability to mitigate risk remains challenging," says Ken Basore, senior vice president of product engineering, Guidance Software. "In conversations with our customers, the need to combine data management, e-discovery, privacy and security, as well as policies, into proactive, corporate-wide information governance has repeatedly arisen. With EnForce, Guidance Software is committed to reducing business risks, decreasing storage and information technology costs, and providing greater peace of mind to our customers".
EnForce Risk Manager better equips organizations to comply with external data privacy regulations and polices such as HIPAA (Health Insurance Portability and Accountability Act) and PCI DSS (Payment Card Industry Data Security Standard), as well as with internal policies.
By identifying and systematically deleting data that is old, no longer needed or has no current business value, organizations can also reduce current and future storage costs. Removing old data will leave businesses with higher quality information to help them make more accurate and better informed business decisions.
Guidance Software will be previewing EnForce Risk Manager at LegalTech, from February 2-4, in New York. The product will be generally available later this year, for more information visit the company's website.
Photo credit: Olivier Le Moal / Shutterstock
The majority of tablets are aimed at consumers and, therefore, business features can sometimes feel a little tacked on. Some manufacturers take a different approach, however, and there is little doubt that latest second generation of ThinkPad 10 from Lenovo is not aimed squarely at business users.
It runs 64-bit Windows 10, has Trusted Platform Module encryption and other features and options that will make it an attractive corporate choice. Add in the fact that it is solidly built and has lots of accessories available to improve its usefulness as a business tool and it looks even more impressive, and even more similar to the Microsoft Surface. So, is this a better option for serious tablet users than a device based around a mobile OS, like Android?
In the Box
The ThinkPad 10 comes in both 2GB and 4GB memory versions, and both are powered by the quad-core Intel Atom x7-Z8700 Processor with 2MB of cache and integrated HD graphics.
The 2GB versions come with 64GB of on-board storage while 4GB models have 128GB; in either case you can extend this by adding a microSD card. The 4GB versions are available with or without mobile web access, although it is only 3G; if you do opt for the mobile version you also get Windows 10 Pro installed as opposed to the Windows 10 Home version on the other models.
The front camera is 1.5MP and the rear is 5MP and it comes with auto-focus and flash; it is capable of recording 1080p video too. The tablet has a 10.1 inch multi-touch Gorilla Glass screen with 1920 x 1200 resolution. Connectivity is via 802.11 a/c Wi-Fi, Bluetooth 4.0, and, in the top versions, 3G mobile.
There is a built in Swipe fingerprint reader on all versions. Optional extras on offer include a built-in SmartCard reader, NFC, and the ThinkPad Pen Pro with WRITEit allowing you to use stylus input.
As standard you do not get a lot in the box other than the tablet itself and a mains charger. This does not have a standard USB connection but uses a proprietary plug so you will need to make sure you have the charger with you if you are out and about and likely to run short of juice. Talking of which the battery should be able to deliver up to 10 hours of life on a full charge.
As to the design of the tablet itself, there is a power switch on the top edge, on the right are volume controls, microSD and SIM card slots plus ports for HDMI, USB 3.0, headphones and power. On the left-hand side is a Kensington lock slot, and on the bottom edge are the connectors for a case/keyboard or docking station. The fingerprint sensor is on the back and is positioned so that it falls neatly under your right forefinger when you are holding the device in landscape format.
Business Features
The ThinkPad will attract business users for a number of reasons. Most obviously because it runs the familiar Windows platform, so compatibility with MS Office documents is assured and users can easily sync system settings via their Windows ID.
Trusted Platform Module encryption ensures that your data stays secure and for those wanting even more protection there is the option of a smart card reader to augment the standard fingerprint scanner. Other attractive add-ons for business users include the Folio Keyboard, which is a keyboard, touchpad and case combined, allowing you to use the device like a conventional laptop.
There is also the option of the Pen Pro stylus, plus a desktop dock that offers keyboard, mouse, USB, HDMI and audio ports as well as an Ethernet connector so you can use the machine in the office. The Pen Pro comes with a holder to keep it safe but this attaches to the USB port thus denying you access to it for other purposes. You can see from this collection that Lenovo is serious about cracking the business market -- though of course all of these things ramp up the cost of the device.
There are a couple of useful pre-installed apps too. REACHit allows you to search for files across all of your devices and cloud storage from a single screen, and SHAREit which is a cross-platform file transfer tool.
Order direct from the Lenovo website and you can mix and match the options you want, and add software, upgrading from Windows 10 Home to Windows 10 Pro, for example, or adding Office. The problem is that once you have built it up you could have bought a decent laptop for the same money.
In Use
The back of the ThinkPad has a smooth matt finish which feels nice to the touch, though it does tend to show marks and fingerprints. It has a red power LED that forms the dot over the "i" in the ThinkPad logo, which is a pleasing design feature. There is also a subtle red highlight around the rear camera lens.
The back does look a bit busy though, with copyright information and an Intel Inside and Lenovo logos printed on it, plus the fingerprint scanner, NFC touchpoint and speaker recesses. There is a slight design quirk in that the top corners are rounded, while the bottom ones are square; this, presumably, is to aid docking, attaching keyboards, etc, but it does make the tablet look a little odd, as though it is part of something else.
It may not be the best looking tablet in the world then, but there is no doubt that it feels rugged and is likely to survive the day-to-day rigors of corporate life. Lenovo’s website makes much of its premium construction, stress testing and reliability. The buttons for power and volume are plastic, but they do not feel cheap.
The ThinkPad is a relatively heavy beast compared to, say, a Galaxy Tab. It weighs almost 600 grammes (1 pound 5 ounces in old money) and you would not want to hold it one-handed for long. It also gets quite warm in operation at around the bottom right corner, particularly when it is charging, and this is just the spot at which you hold it.
The tablet boots up and shuts down very quickly and it copes well with most everyday tasks, including music and video streaming, without breaking a sweat. It also switches between open apps with minimal lag. The ThinkPad 10 copes well with legacy Windows programs too, which can sometimes be rendered uncomfortably small on tablet screens. When you turn it from landscape to portrait, however, there is always a slight delay before the screen decides to reorient itself.
It has a wide black bezel around the screen, which makes the tablet feel rather larger than it needs to be, but you quickly get used to this and, on the flip side, it does make it easy to hold without accidentally triggering functions. The Windows logo below the screen is not there just for show; it also acts as a Windows Start button, which is a neat touch.
You get the advantage of a full-sized USB 3.0 connector; however, it is hidden under a little rubber cover which is quite fiddly to open and is not tethered to the chassis, so you will no doubt end up losing it. If you have an NFC enabled version, the touch point is just below the camera and is marked with a small label for ease of location.
The screen itself is one of the ThinkPad’s most impressive features; it is bright and responds well and accurately to touch inputs. It delivers smooth video playback too and if you are apt to play Candy Crush under the table during boring meetings it will not disappoint there either. The resolution is good and the size feels just about right, making use of the on-screen keyboard comfortable with minimal risk of mistyping.
The speakers are on the back, down towards the bottom edge, which makes them easy to cover with your hand when you are holding the device. Sound quality is okay, though it is not room-filling, but it has enough bass response to allow you to feel a slight vibration through your fingers.
Although it is only 5 megapixel, the ThinkPad’s rear camera captures pictures that are sharp and bright with good levels of detail and accurate colors. It is at least as good as most tablet cameras, though it does not compare to those found on the latest smartphones. Things can be a bit grainy in low light if you opt not to use use the flash, and this is even more pronounced on the rear camera, but it is good enough for video calling.
It comes with some Lenovo programs pre-installed, including Companion, Lenovo ID, and the REACHit and SHAREit apps mentioned above. There is also a trial of McAfee LiveSafe installed, but otherwise the ThinkPad is commendably free of bloatware. You can opt for various software packages when ordering, including Office -- or an Office 365 subscription -- Photoshop Elements and various security options.
One of the attractions of the ThinkPad is that it allows you to operate in the familiar home comfort of Windows, but that is also a source of some of its frustrations. The on-screen keyboard, for example, has big buttons, but to access numbers you either need to switch to numeric mode or use a less than intuitive press and hold technique.
Also, when you press on an input field the keyboard does not automatically appear as it does on Android, you have to start it manually. The Camera app too feels rather underdeveloped compared to those on other platforms. You can address some of these issues with a visit to the Windows Store, but even so there is not the choice of alternatives that you get on iOS or Android.
There is a wide selection of accessories available for the ThinkPad, mostly aimed at business use as we noted above. For more general users -- particularly those who use the camera a lot -- there is a Quickshot cover that has a neat fold-down corner, which exposes the camera lens and launches the camera app. It also has a magnetic closure that automatically puts the tablet into sleep mode when closed and wakes it again when opened.
Conclusion
As a tablet in its own right the ThinkPad 10 has a lot to like, but is let down by one or two minor niggles; but, to be fair, some of those are down to Windows rather than the device itself. It is an attractive business proposition though, thanks to the compatibility of its Windows OS, its security features and the availability of accessories that allow you to effectively bridge the laptop/tablet gap.
The 2GB version costs £459.99, while the top of the range 4GB smart card version is £709.99. This makes the Lenovo look a bit pricey against Android tablets, especially of you start adding keyboards and styluses, but then it is not really a direct competitor. It is a machine that is more likely to be bought by companies to equip their employees, rather than by BYOD or personal users.
Looked at in that light, the ThinkPad 10 is a robust device that offers an alternative to the Microsoft Surface. It lacks the Surface Pro 4’s faster Core CPU, but otherwise offers a similar spec at a slightly lower price point, though with either machine you will pay extra if you want to add a keyboard. Even so, if you are looking for a tablet that can serve as a viable laptop substitute, the ThinkPad 10 is worth adding to your shortlist.
That said, there are plenty of alternatives in the form of laptops that use 360 degree hinges or detachable screens to give similar functionality, plus, up at the top of the ThinkPad’s price range, you are getting close to the Surface Pro 4 with its larger screen and faster Core CPU.
Pros
Cons
8/10
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Employers are offering salaries up by 14 percent on average for IT security specialists in the light of the growing threat posed by cyber crime.
A Global Salary Survey by UK specialist recruitment company Robert Walters also sees salaries for developers increasing as major employers look to overhaul their online presence.
Developer salaries are set to grow nine percent this year as against five percent for the industry as a whole, thanks to digital transformation projects in large companies, many of them driven by a new emphasis on data security.
It's security roles that see the biggest increases though with heads of cyber security and security analyst roles seeing 18 percent increases. Even junior security support positions are set to have seven percent growth.
"Over the last year we've seen a massive increase in both permanent and interim cyber security roles due largely to the ongoing threat around IT and cyber crime. The challenges facing companies continue to grow in volume and complexity as cyber security threats constantly evolve," says Steve Corbett, Associate Director, IT recruitment at Robert Walters. "The impact of high profile IT security breaches involving attacks on major companies has served to bring this emerging threat into the public eye, increasing pressure from regulators and legislators on companies to have a dedicated cyber security representative and to meet specific standards of security".
More detail on the survey results is available to download from the Robert Walters website.
Photo credit: beeboys / Shutterstock
Do you find that you don't remember facts any more because you know you can easily look them up online? Or does using phones and gadgets late at night make it harder for you to sleep?
According to an infographic from London-based support specialist Conosco these are just some of the ways in which technology is harmful to our minds.
Everyday mobile phone use for example can lead to stress, depression and anxiety, and holding the handset close to your ear increases activity in the brain region nearest the antenna. Use of tech by children leads to a shorter attention span and socializing via online media affects the way they form relationships in the real world.
Carrying out tasks online affects learning because information is no longer delivered in a linear way. Information overload is damaging our capacity for reflection and it also discourages deliberation, so that we're likely to make decisions faster, and make mistakes in the process.
Technology can also create dangerous distractions. Satellite navigation for example can make drivers less able to concentrate on what's going on around them.
The full infographic is below. If your attention span is sufficient to let you read to the end, let us know how technology has affected your life. Now, what was I doing...?
Photo Credit: CREATISTA/Shutterstock
Small businesses make up around 17 percent of the total PC market, yet often they don’t have dedicated resources to manage their systems.
Chip maker Intel has spotted an opportunity here and is launching its Small Business Advantage program, offering a blend of systems management and business collaboration.
SBA automates PC maintenance tasks to keep systems up to date with minimal interruption. It also enhances security by monitoring software for compromise and offering a USB blocker to help keep out viruses and stop unauthorized file transfers.
It helps staff work together too with built-in chat, file sharing and screen sharing for instant collaboration. This offers a more secure solution than using consumer tools. There's an optional Companion App -- supported on Windows, Android, and iOS platforms -- which keeps mobile users connected when they are on-the-go.
"Small businesses are very focussed on their own business, not on the latest technology and they're not buying PCs all the time. We tried to build something that was very easy to use and that integrated all of the tools they need," says Chad Constant Director of Business Client Marketing at Intel. "If they buy a PC that's SBA capable from one of our OEM partners they get this solution which can then be downloaded to other machines in the business".
SBA runs on Core i3 and above systems. It can also be added to a network in the form of a headless appliance that can relay traffic across the internet, allowing mobile users to access their work data, and will be able to deliver future small business capabilities.
SBA is available though Intel's OEM channel partners with no ongoing cost once installed. You can find out more on the Intel site.
More than three out of four IT decision makers are interested in running stateful applications like databases within containers, according to a recent survey.
Silicon Valley-based containerized data platform specialist Robin Systems conducted the survey in December 2015 with more than 200 respondents from industries including retail, banking and finance, manufacturing, and Internet infrastructure.
The results show that 81 percent of respondents expect their companies to increase investment in container-based technology. Workload consolidation and lower performance overhead, as compared to traditional virtualization, are the key motivation for 78.5 percent of those who expressed interest in running databases within containers. Performance was cited by more than half (53 percent) of respondents.
Among other findings are that enterprise container adoption continues to grow, with 35 percent of respondents already using containers in production while 26 percent are experimenting with them. A majority of respondents reported deploying both stateful and stateless applications within their containers.
Containers are emerging as the preferred platform for running databases too, with approximately half of respondents doing so. About 40 percent of respondents say they have deployed big data applications such as Hadoop and Spark within containers.
Docker is being adopted quickly, but LXC and LXD remain as the preferred containerization technology for data-centric applications, with 60 percent citing their use. AWS EBS is the most popular storage backend for containers at 30 percent, reflecting widespread container adoption for cloud-native applications.
When it comes to on premise storage infrastructure, respondents were essentially split between Storage Area Network (SAN) and Direct Attached Storage (DAS), both of which are used by about 20 percent of respondents.
"Containers are a natural platform for running performance sensitive applications such as databases, as they enable consolidation without compromising performance or predictability", says Partha Seetala, chief technology officer at Robin. "This aligns perfectly with our vision of providing enterprises a high-performance and elastic containerized platform for stateful and mission-critical applications".
More information on database containerization is available on the Robin Systems website.
Image Credit: wavebreakmedia / Shutterstock
Intranets are increasingly common, even in smaller companies, allowing employees easy access to shared resources
For Office 365 users wanting to exploit the power of intranets, Florida based MessageOps is launching ROOT, a SharePoint intranet platform. ROOT is a feature-rich intranet portal that gives customers an opportunity to create a more collaborative working environment, and give their employees a central access point to important company information and apps.
"We designed this portal to make it easier for businesses to unify messaging and access the tools they need to be more productive," says Chris Pyle President and CEO of Champion Solutions Group and MessageOps. "The platform modernizes the workplace and allows companies to think with one mind and speak with one voice regarding corporate and departmental goals, marketing, and social messaging. All these capabilities not only drive results, but also employee satisfaction".
ROOT boosts productivity by enabling employees to obtain the tools they need to perform their daily tasks, such as a sophisticated search feature (by people, department or skillset), access to company goals and objectives, corporate events calendar, and departmental requests. The departmental request widget improves transparency and streamlines workflows by tracking the status of requests and enabling managers of the department to see open, in progress, and closed requests by category and person.
It also includes a recognition feed for shout-outs, employee anniversaries, and birthdays to drive loyalty and engagement. There are widgets for social networking (LinkedIn, Twitter, Facebook), blogs, weather, tip of the day, application feeds, and more.
ROOT is scalable across any sized enterprise, works across different devices and can be up and running quickly. You can find out more and take a tour of the product on the MessageOps website.
Image Credit: Tischenko Irina / Shutterstock
Canonical, the company behind Ubuntu Linux, has announced a collaboration with Oracle to make Ubuntu images available on Oracle Cloud.
Under the deal, Certified Ubuntu images will be available on the Oracle Cloud Marketplace, providing Oracle enterprise customers with increased choice and new and innovative ways to manage and scale their enterprise workloads, using the number one cloud operating system.
Certified Ubuntu images are continually maintained and tested by Canonical and the latest versions are made available on the Oracle Cloud Marketplace within minutes of their official release.
Udi Nachmany, head of Certified Public Cloud at Canonical says, "Aside from the obvious cost savings inherent in open source cloud development, one of the key benefits of using official Ubuntu images is that customers use the same operating system at scale in production as in development, at no additional cost -- which dramatically simplifies cross-substrate management, migration and re-engineering. Organizations may want to deploy their servers on-premises, develop their own private cloud in-house, or use the Oracle Cloud. Ubuntu offers this flexibility".
For enterprise cloud customers Ubuntu brings the benefit of regular updates to ensure they're running the latest features, compliance accreditations and security updates. There are archive mirrors for faster retrieval of updates and access to Canonical for support.
"This relationship signifies our strategy to broaden the range of options for enterprise customers, giving them more choice and flexibility when choosing cloud technologies," says Sanjay Sinha, vice president, Platform Products at Oracle. "We recognise there is a growing demand for innovative new cloud solutions and we are excited to have Canonical offer certified Ubuntu images in the Oracle Cloud Marketplace".
Canonical is a Gold level member of Oracle PartnerNetwork and Ubuntu is available now on the Oracle Cloud Marketplace.
According to a new report from security awareness specialist Wombat Security phishing attacks are on the rise and are supported by increasingly aggressive social engineering practices that make them more difficult to prevent.
Organizations surveyed indicated they have suffered malware infections (42 percent), compromised accounts (22 percent), and loss of data (4 percent) as a direct result of successful phishing attacks.
"Phishing continues to be a highly effective attack vector that is increasingly responsible for a significant percentage of data breaches in the market today," says Trevor Hawthorn, CTO of Wombat. "In spite of continued investments in a number of popular security technologies, phishing messages continue to reach end users and can result in serious damages to a company’s critical data and reputation. Our methods have shown that a Continuous Training Methodology which educates end users on cybersecurity threats changes employee behavior and reduces risk within an organization".
The survey reveals that the most popular phishing attack templates with the highest click rates include items employees expected to see in their work email such as an HR document, or a shipping confirmation. For example, the survey found that employees were more cautious when receiving 'consumer' emails on topics like gift card notifications, or social networking accounts. However, an 'urgent email password change request' had a 28 percent average click rate.
Other findings show that spear phishers often go to great lengths to gather information on key people within an organization. Emails personalized with a first name had click rates 19 percent higher than those with no personalization. Click rates also vary between industries. Telecommunications and professional services workers click phishing emails more than those in other industries.
To find out more you can download the full 2016 State of the Phish report from the Wombat Security site.
Image Credit: Maksim Kabakou / Shutterstock
In the last year there have been a number of data breaches involving the healthcare industry. These included high profile attacks such as those on Premera Blue Cross and Anthem compromising millions of records.
According to the 2016 Healthcare Breach Report from cloud access specialist Bitglass more than 111 million individuals' data was lost due to hacking or IT incidents in the US alone.
According to the findings 98 percent of record leaks were due to large-scale breaches targeting the healthcare industry. These high-profile attacks were the largest source of healthcare data loss and indicate that cyber attackers are increasingly targeting medical data.
"The 80 percent increase in data breach hacks in 2015 makes it clear that hackers are targeting healthcare with large-scale attacks affecting one in three Americans," said Nat Kausik, CEO, Bitglass. "As the IoT revolution compounds the problem with real-time patient data, healthcare organizations must embrace innovative data security technologies to meet security and compliance requirements".
The reason for the surge in attacks is that protected health information (PHI) -- which includes sensitive information such as social security numbers, medical record data, and date of birth -- has a high value on the black market.
When credit card breaches occur, issuers can simply terminate all transactions and individuals benefit from laws that limit their liability. However, victims have little recourse when subjected to identity theft via PHI leaks, and many are not promptly informed by providers that their data has been compromised. While criminals often make use of healthcare data for the purposes of identity theft, they can also leverage it to access medical care in the victim's name or to conduct corporate extortion.
More information can be found in the full report which is available to download from the Bitglass website.
Image Credit: Rob Hyron / Shutterstock
As individuals, the amount of personal data we have online has grown thanks to social networking and the number of organizations that encourage us to do business via the internet.
It's set to grow still more as the Internet of Things takes off, and this presents problems when it comes to sharing information. Conventional solutions rely on checkboxes or cookies, but these struggle to cope with current demands.
Access management specialist ForgeRock is launching its new Identity Management Platform, which includes the industry's first use of continuous security and consumer-facing privacy protection to guard data.
"In an era of very public data breaches and heightened consumer awareness, 'fostering trusted digital relationships' can't be considered a buzz phrase. Privacy strategy must include a consent-to-share strategy that looks after the top line of the business," says Mike Ellis, CEO of ForgeRock. "The UMA (User Managed Access) standard was created to give an individual a unified control point for authorizing who and what can get access to their digital data, content and services, no matter where all those things live. The new ForgeRock Identity Platform enables private and public organizations to quickly deploy secure identity services based on UMA principles".
The platform uses 'continuous security' which enables organizations to apply contextual identity, adaptive risk and multi-factor authentication at the time a user authenticates as well as at any point during a digital session. This ensures the authenticity of users, devices, things and services at all times and cuts the risk whenever an anomaly is detected.
By employing the UMA standard it makes it possible for organizations to comply with shifting privacy regulations and establish trusted digital relationships. The new software capabilities make it easy for businesses to comply with data privacy regulations, such as Safe Harbor and the forthcoming EU General Data Protection Regulation (GDPR).
More information on the platform is available on the ForgeRock website.
Photo Credit: Pavel Ignatov/Shutterstock
It's easy to set rules for handling privileged account passwords, but harder to ensure that they're being followed and that they meet best practice and security guidelines.
IT security specialist Thycotic is aiming to help organizations by launching a free online tool that demonstrates how companies compare to other, similarly-sized, organizations when meeting password management practices.
Privileged accounts have become valuable tools for hackers. In a study conducted in conjunction with the 2015 Black Hat Conference, 75 percent of attendees surveyed revealed that privileged accounts are easier to compromise today than they were two years ago. These accounts, used by system administrators, third-party and cloud service providers, along with application and business users, exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system in operation today. Therefore, businesses of all sizes need to take their privileged account management (PAM) seriously.
"Many IT executives and security professionals have documented and trained their employees on how to protect personal passwords. However, in spite of the even higher vulnerability of privileged account passwords, not all IT professionals have knowledge of privileged account best practices," says Thycotic Founder and CTO Jonathan Cogley. "Furthermore, organizations that understand privileged account best practices often have no idea if those practices are being followed or if their current practices enable them to restore normal business operations within SLAs should a breach occur. Additionally, they have no understanding of how their practices compare to companies in their peer group".
The tool can be accessed on the Thycotic website and provides users with an immediate grade (from A to F) based on how well their privileged password security practices match up against PAM best practices. Participants are able to quickly understand how and where to focus their time, money and resources in order to improve privileged account defenses.
Photo credit: Ai825 / Shutterstock
According to new research from data intelligence specialist Blazent there's a major disconnect between executive attitudes to data quality and the effect that bad data can have on the business.
Based on a study by 451 Research of 200 C-level and senior IT leaders, the report reveals that fewer than half (40 percent) of C-level executives and data scientists are 'very confident' in their organization's data quality. Yet a majority (94 percent) recognize the impact poor data quality has on business outcomes.
Areas that can be affected by poor quality data include lost revenue (42 percent) and bad decision-making (39 percent). When asked about the root causes for poor data quality, nearly half (47 percent) of respondents cited data migration as a leading cause.
In large enterprises it's IT which still bears the burden of keeping data clean (79 percent) despite the introduction of data scientists (26 percent). In cases where costly data scientists are involved, one-third report spending up to 90 percent of their time on cleaning up raw data. In addition, the challenge of maintaining data quality is exacerbated by conventional methods used to ensure data quality. 41 percent rely on applications to validate data, 38 percent manually cleanse data and a worrying 10 percent either don't know what they're doing or employ a 'hope for the best' approach.
"After listening to customers for over 15 years, we've developed an acute understanding of the pain and loss poor quality data can have on a business," says Gary Oliver, CEO at Blazent. "While data scientists became one of the most coveted roles in IT this past year, the reality is that CIOs and IT leaders still carry the burden of maintaining the proper checks and balances for data quality, and it will be incumbent on them to solve this unwieldy problem as data volumes continue to escalate".
Despite the problems maintaining quality, the importance of good data is widely recognized. 81 percent of respondents say they use data analytics to uncover new revenue opportunities, and it's perceived as having a direct impact on increased revenues (51 percent) and lower costs (49 percent). The amount of data is growing too, with 95 percent expecting data sources and volumes to triple in the next 12 months.
More information on the findings can be found on the Blazent website.
Image Credit: alphaspirit / Shutterstock
With more and more systems moving to cloud delivery models it's not surprising that disaster recovery services should follow suit.
California-based HotLink is joining the trend with the launch of its new HotLink Managed DRaaS (Disaster Recovery as a Service) using Amazon Web Services (AWS) to provide VMware data protection and cost-effective business resiliency.
Recent research from the Disaster Recovery Preparedness Council shows that 73 percent of companies are failing in terms of disaster readiness, and that 58 percent rarely or never test their DR plans because it's too difficult and expensive. HotLink's new Managed DRaaS is designed to provide IT organizations with the technology, skilled resources, cloud knowledge, hybrid IT experience, methodology and continuous service delivery needed to ensure their environments are protected -- whether the disruption is a security breach, networking failure, software issue, human error or other unexpected condition.
"HotLink Managed DRaaS provides an affordable and accessible insurance policy that ensures customers' environments can be seamlessly restored and readily managed in the event of a failure, using IT's existing VMware management tools and methodologies. This is a first in the industry," says Lynn LeBlanc, CEO of HotLink. "Companies want a 'set it and forget it' solution for DR/BC (Disaster Recovery/Business Continuity), and that's exactly what our new service provides. Most importantly, the new HotLink Managed DRaaS solution is dramatically more affordable than other fully-managed DR/BC options because HotLink leverages the public cloud economics of AWS as the DR/BC infrastructure".
Product features include continuous monitoring and testing to ensure systematic validation of the DR/BC site. This includes the status of all protected workloads by restore point so that recovery plans are deployed as expected and are fully functional.
It delivers easy-to-understand reporting on the entire DR/BC site status, as well as notification of any irregularities that need customer attention. Protected workloads, file servers and database servers can all be recovered from AWS within minutes of a failure.
A unified management platform extends customers' existing VMware infrastructure to the AWS DR/BC site in the event of a failure. It also allows recovery plans to be built using VMware vCenter-compatible tools.
Customers can select the optimal service level to meet their business needs and budgetary requirements. Options are available spanning weekly, daily and 24/7 service level delivery.
For more information and pricing you can visit the HotLink website.
Photo Credit: Olivier Le Moal/Shutterstock
The final quarter of last year saw Turkey suffer an onslaught of denial of service attacks, the number growing ten-fold to more than 30,000 events per day, according to security company Nexusguard.
The company's Q4 2015 Threat Report shows that 81 percent of the top 10 attack destinations were Turkish-based IP addresses. It's thought that the spike in attacks could be related to rising tensions between Russia and Turkey.
Observed attacks against Turkey started on November 13 and peaked on December 27. The widespread shutdown for IPs in Turkey contributed to a large spike in domain name system (DNS) attacks measured between September 30 and December 31, 2015. Of the 216,102 attacks measured, more than 69 percent were DNS attacks, overtaking other reflection methods like network time protocol (NTP) and CHARGEN vulnerabilities. DNS amplification attacks can overload IP addresses with requests, resulting in outages for the target. Nexusguard’s research shows that countrywide attacks could result in collateral damage to other customers or even whole municipalities that may share domains with the victims.
"As warfare among countries and other opposing organizations blurs the lines between physical and cyber security, companies with online presences can be caught in the crosshairs," says Bill Barry, executive vice president of global strategy at Nexusguard. "With DDoS attacks escalating and diversifying in 2016, we’re finding that websites can be affected by geopolitical events even if they're not part of the feud. Businesses must have continuity plans in place with a mitigation approach to plan for this type of collateral damage".
More information on the latest DDoS trends is available on the Nexusguard website.
Photo Credit: Fabio Berti/Shutterstock
Back in August last year we reported on IBM's bid to take a slice of the enterprise Linux market with the launch of a range of dedicated mainframes.
Today the company is announcing an expansion of its Linux ecosystem along with new hybrid cloud capabilities to allow organizations to develop, deploy and manage applications for the cloud more easily and with robust security.
IBM is optimizing its Cloudant NoSQL database and StrongLoop API development technologies into LinuxONE to enable clients to develop, deploy and manage applications for the cloud quickly and easily. The new features don't require developers to convert languages, improving time taken for development and deployment.
In addition Big Blue is expanding its supported software and capabilities for LinuxONE. It recently ported the Google developed Go programming language, designed for building simple, reliable and efficient software. IBM will begin contributing code to the Go community in the summer.
It's also been working with SUSE to collaborate on technologies in the OpenStack space. SUSE tools will be employed to manage public, private and hybrid clouds running on LinuxONE. In addition, IBM has proved that its LinuxONE Emperor system is capable of supporting up to one million Docker containers -- enabling businesses to unlock insights from massive volumes of data generated by the Internet of Things.
Canonical is offering its Ubuntu Linux distribution and cloud tool sets to LinuxONE clients too. In coming months this will enable them to take advantage of LXD, a hypervisor designed for Docker and full system containers. With the addition of Ubuntu to the existing SUSE and Red Hat distributions, enterprises now have a third option for acquiring the LinuxONE system.
"IBM is strengthening its expansion into the open community, providing developers more choice and flexibility with LinuxONE," says Ross Mauri, general manager, IBM z Systems and LinuxONE. "The platform's broadened ecosystem and new hybrid cloud capabilities underscore the security, efficiency and performance that clients need, while delivering the flexibility and possibilities of open source they love".
More information on the IBM LinuxONE portfolio of products is available on the company's website.
We live in a world where we increasingly expect everything to interface with everything else. New cars come with Bluetooth and wireless connections for example to access information from your phone, and audio systems are able to stream music around your home.
But what if you have an older car, or if you want to link a smartphone to your non-smart home Hi-Fi? Inateck has an answer in the form of the BR1002, a neat little gadget that can turn your older devices into Bluetooth enabled ones.
It's about the size of the sort of remote plipper that you use to lock and unlock a car. Controls are simple, a switch on the side to change between transmit and receive modes and a red button on the front for pairing. On top are a USB port for charging and a 3.5mm jack for connecting to your audio device. There's a printed -- although rather badly translated in places -- instruction leaflet that explains how it works.
Plug it into a USB port and a white ring around the button lights up to show it's charging. A full charge takes around two hours and will give you roughly six hours use as a receiver or eight as a transmitter. It'll beep to tell you the battery is running low. Pairing is simple, hold down the red button for a few seconds until two white LEDs flash and it should be visible to other devices. It'll automatically pair to the last used device when powered on. You can only pair one device at a time, however.
So what can you do with it? Basically the BR1002 lets you turn any device with a 3.5mm audio connector into a Bluetooth enabled one. In receiver mode you can stream music to your car from your phone, or turn an old pair of headphones into wireless ones, or in transmitter mode send sound from your old Walkman to your PC.
It works well in practice with a stable connection and only a very occasional glitch in the audio stream. The audio cable is very short but that shouldn't be a problem for the type of use the device will be put to. That and the fact you can only pair one device at a time are the only real drawbacks to the BR1002. At $21.99 on Amazon it's an inexpensive, versatile and easy to use gadget.
More information is available on the Inateck website.
DDoS attacks are one of the greatest threats that companies face and can lead to financial losses and damage to customer relationships.
But how exactly do these attacks work? Cloud delivery security company Incapsula has put together an infographic explaining the anatomy of an attack.
It looks at the victims of attacks as well as those who facilitate them. These include the 'arms dealers' who supply the software and tools to launch attacks, and also the types of cyber criminals who use them, ranging from hacktivists trying to make a political point -- hello Anonymous -- to script kiddies mounting attacks just for the fun of it.
The graphic also looks at the costs of attacks both in financial terms and in disruption to the business.
You can see the full infographic below.
Photo Credit: Duc Dao / Shutterstock
The Internet of Things is usually thought of in terms of its impact on consumers, but it has an impact on business users too.
UK support company Supreme Systems has produced an infographic looking at what the IoT can do for smaller businesses.
It looks at the areas where the IoT can benefit businesses including customer satisfaction, financial performance and overall efficiency. The graphic also covers how the IoT can open up new opportunities for research and product development.
The factors to consider when deploying the IoT are considered too, including security, open source and proprietary standards and more.
You can see more in the full infographic below.
A new report from application delivery and cyber security specialist Radware suggests that the human element will increasingly be excluded from security as 2016 brings a 'battle of the bots'.
It finds that throughout 2015, no industry was immune to cyber attacks, and few were prepared for them. In 2016, attacks are predicted to become even more aggressive with the arrival of Advanced Persistent Denial of Service (APDoS) attacks and an increase in volume and scope of sophisticated bot-generated assaults against web application infrastructure.
"The front lines of information security will not include humans," says Carl Herberger, vice president of security solutions at Radware. "As defenses continue to succumb to an endless flood of sophisticated, automated attacks and an infinite number of new attack techniques, the idea of humans having the ability to deploy detection technologies and choreograph responses in real-time will disappear. We are approaching the fall of human cyber defenses and the rise of cyber botted-defense".
Other findings include the likelihood of an increase in frequency of ransom demands as attackers focus their demands toward service providers and leverage both DDoS and SSL flood attacks when payment is not made. New techniques like burst attacks, APDoS attacks, an increase in volumetric pipe attacks, and dynamic IP attacks will make it harder to defend using mostly manual solutions.
The report also shows that many companies are still ill-prepared for cyber attacks. While more than 60 percent say they are extremely or very well prepared to safeguard against unauthorized access and worm and virus damage, the same proportion of respondents say they're somewhat or not very prepared against advanced persistent threats and information theft. For DDoS attacks results split almost evenly between prepared and not prepared.
"In 2015, cyber-attacks became the new normal, as 90 percent of organizations surveyed experienced them in varying degrees," adds Herberger. "Organizations should prepare for the challenges that will lie ahead in 2016, laying the groundwork now to fight back against new methods and motivation".
The full report, including recommendations on how companies can protect themselves, is available to download from the Radware site and there's a summary of the findings in infographic form below.
Photo Credit: Vladru/Shutterstock
According to a new report 92 percent of executives believe regulators and investors will expect companies to manage their cyber security risk exposure, yet only 45 percent are confident in their security posture.
This is among the findings of the Cisco 2016 Annual Security Report which looks at the challenges businesses have in the face of a growing number of cyber threats.
Among other highlights of the report are the problems of an ageing infrastructure. Between 2014 and 2015, the number of organizations that said their security infrastructure was up-to-date dropped by 10 percent. The survey also discovered that 92 percent of internet devices are running known vulnerabilities. Worse than that, 31 percent of all devices analyzed are no longer supported or maintained by the vendor.
Cisco also identifies the risk that SMBs present to the supply chain. From 2014 to 2015 the number of SMBs that used web security dropped by more than 10 percent. This presents a potential risk to larger enterprises due to structural weaknesses. SMBs often lack the resources for an effective security posture, they are improving their security approach, in part, by outsourcing, which is up to 23 percent in 2015 over 14 percent the previous year.
Malicious browser extensions are identified as a potential source of major data leaks, although they’re often viewed by security teams as a low-level threat. This threat affects more than 85 percent of organizations. Adware, malvertising, and even common websites or obituary columns have led to breaches for those who don't regularly update their software.
"Security is resiliency by design, privacy in mind, and trust transparently seen," says John N Stewart, senior vice president, chief security and trust officer at Cisco. "With IoT and digitization taking hold in every business, technology capability must be built, bought, and operated with each of these elements in mind. We cannot create more technical debt. Instead, we must meet the challenge head on today".
The full report has much more information and is available to download from the Cisco website.
Photo Credit: watcharakun / Shutterstock
A new survey from IT management specialist Kaseya reveals a continued surge in overall growth for managed service providers (MSPs), especially for those offering security services.
Kaseya's Global Pricing Survey gathers data from more than 400 MSPs across 30 countries and offers unique visibility into the IT services they offer their clients. It finds that the majority of MSPs have experienced more than 20 percent growth over the past three years.
The results reveal that high growth MSPs offer more emerging services than their lower growth counterparts, including cloud monitoring and hosting services for customer owned equipment. In addition almost all high growth MSPs deliver a strong portfolio of services such as cloud, backup and recovery, and desktop and server management.
High-growth MSPs rate services such as security as a key competitive advantage in the coming year, as heightened security risks came in as the top client demand for 2016. However, only slightly more than a third of respondents are offering one of the faster growing security segments, identity and access management (IAM) technology. The respondents that do offer IAM, though, report a double-digit annual growth rate over the past three years.
"As the leading provider of IT management, security and automation technology to MSPs, Kaseya is in the enviable position of being the vendor that others look to for information on what separates a successful MSP from the pack. Having been on both sides (MSP and vendor), I know first hand that successful MSPs have bolder strategies and put their customers' concerns first," says Miguel Lopez, Kaseya’s SVP and GM of MSPs. "At Kaseya, we base our own customer success model on our customers’ year-over-year growth rather than our own company’s sales. It turns out that the most successful MSPs follow the same model for their users. Kaseya's annual MSP pricing survey provides the industry with a tool to use to evaluate what company success looks like, and highlights the areas the most successful thrive at".
Other findings include that high growth MSPs are able to charge more for their technicians and have a higher variance of what they charge for level one, two and three technicians. Higher growth MSPs also charge more on average for ongoing server support and maintenance per month. They're also more than twice as likely to offer cloud monitoring services than lesser growth providers.
In addition 85 percent of high growth MSPs are more likely to provide hosting services for customer-owned equipment. Plus almost three quarters of high growth MSPs offer desktop security services.
More information and analysis of the report's findings can be found on the Kaseya blog.
Image Credit: Manczurov / Shutterstock
Cloud analytics specialist Birst is releasing new capabilities for its Networked BI Platform aimed at empowering end users in the enterprise to work with data effectively.
New features include Birst Mobile for Android, Collaboration, and End-User Data Preparation. The networked BI Platform is aimed at creating a network of interwoven BI instances that share a common analytical fabric, eliminating data silos to ensure collaboration and accelerate the delivery of BI across the enterprise.
End-User Data Preparation gives users the ability to rapidly refine their own data, analyze it by itself, or blend it with data from other people in the BI network. Individuals can glean insights on their own while also staying networked and connected to other users. This eliminates the silos that emerge from analyzing data on a desktop and ensures one seamless connection.
Birst's Collaboration capability enables any user in the network to collaborate through in-context discussion threads that mimic their daily social media interactions. User posts, within Birst, capture the data in context, ensuring that users can see the data as it was when the original posts were created.
Additionally, Birst Mobile for Android enables users anywhere to access the same data whether on a desktop, laptop or mobile. Offline capabilities automatically sync data and content so business users are able to view mobile analytics even when not connected.
"Birst's revolutionary approach to BI allows for agility, so business users can operate in their own personal BI sandbox while staying connected across the entire enterprise," says Brad Peters, Chief Product Officer, Birst. "Unlike traditional approaches, Birst’s Networked BI Platform helps business leaders empower users to work freely with data, while delivering trust, governance and agility at scale".
More information about the latest platform can be found on the Birst website.
Image Credit: Syda Productions / Shutterstock
A new survey of IT professionals from large organizations reveals higher than anticipated momentum for the adoption of Windows 10, with 63 percent of respondents expecting to run Windows 10 on a significant number of systems this year. The study from systems management specialist Adaptiva shows that of those IT departments that piloted Windows 10, nearly half (40 percent) have now deployed it on 50 percent or more of their systems, indicating strong confidence levels and unprecedented adoption of the new operating system.
The large scale movement to Windows 10 is fueling high demand for the new version of Microsoft Systems Center Configuration Manager (ConfigMgr), software used to distribute and update operating systems and other software. Roughly two-thirds (65 percent) of those moving to the new ConfigMgr released in December cited deployment, updating, and management of Windows 10 as their biggest motivators for upgrading. The announcement earlier this month that Windows 8 will no longer receive security patches is also thought to be accelerating the drive to Windows 10.
"The survey results underscore the surge in Windows 10 interest we are seeing from enterprises as well as the concerns they have about keeping pace with the frequent updates," says Jim Souders, chief operating officer at Adaptiva. "The new Microsoft ConfigMgr and Windows 10 releases are ushering in a need for a more automated, intelligent approach to systems management that reduces the time and complexity necessary to keep software and systems secure and up to date".
Photo credit: XiXinXing / Shutterstock
The cloud is changing the way businesses and IT teams operate and a new survey from industry specialist BetterCloud reveals the extent of the shift.
Based on a survey of 1,500 IT professionals it shows that of organizations started in the last two years 61 percent have begun their operations in the cloud. In addition 59 percent of IT professionals say the cloud has changed the structure and responsibilities of their team in the past year.
Smaller businesses with less than 1,000 employees are heading the dash skywards, with 51 percent reporting that they expect to have all of their systems in the cloud by 2020. This compares to 32 percent of mid-market businesses and only 21 percent of enterprises.
The report also shows up some interesting facts on the path companies have taken to the cloud. Before moving to Google Apps 49 percent of customers came from Exchange, 35 percent had no previous platform, seven percent came from Lotus Notes, five percent from Office 365 and four percent from Novell Groupwise.
Comparing this to Office 365, 70 percent of current customers came from Exchange, 13 percent came from Google Apps, eight percent had no previous platform, six percent came from Lotus Notes and three percent came from Novell Groupwise.
It can take up to a year to choose and move to a cloud system and there are some surprising factors in adoption rates, including the age range of employees. Companies with an average employee population aged between 18 and 20 had on average three cloud apps in 2015 and are expected to have five by 2017. Those with more experienced employees in the 35 -- 44 age range however had six cloud apps in 2015 but are expected to have 15 by 2017.
You can find much more information in the full 2016 State of Cloud IT report on the BetterCloud blog.
Image Credit: ND Johnston/Shutterstock
A new report from marketing technology company IgnitionOne reveals the latest trends in digital advertising spend for the final quarter of 2015.
Among its key findings are that Google passed Facebook in growth and conversions, seeing an increase of 37 percent in programmatic display advertising spend and a 34 percent increase in conversions. In comparison, Facebook saw an increase of 22 percent in growth and 17 percent in conversions.
Other findings are that in the US paid search has continued the consistent growth seen over the past several years, with an 18 percent increase year on year. In addition following steady drops seen in the past three out of four quarters, impressions are on the rise, with a year on year increase of 7 percent. This is somewhat unexpected after Q3 2015, which saw them down by 21 percent.
"The overall increase is due in part to the rise in both Google Partner Network activity and impressions from Google shopping ads", says IgnitionOne’s Marketing Content Manager Rachel Peterson writing on the company’s blog. "Google’s shift to shopping ads in a carousel format has led to an overall increase in impressions, but a decrease in CPC (Cost per Click) growth, particularly in mobile, which saw CPCs down by 21 percent".
Cyber Monday continues to drive Thanksgiving shopping trends, seeing an impressive 107 percent increase in spend compared to normal baseline activity. Automotive advertising was strong in the final quarter too, with a 66 percent increase in spend and 58 percent increase in clicks over the previous year.
The full report is available to download from the IgnitionOne website.
Photo Credit: mtkang / Shutterstock
We all know that cyber attacks can be enormously disruptive, but how far would companies go to prevent an attack?
A new survey by the Cloud Security Alliance and Skyhigh Networks reveals that 24.6 percent of companies would be willing to pay a ransom to hackers to prevent a cyber attack and 14 percent would pay more than $1 million.
The report also shows a high level of confidence in the cloud which is seen as being more secure than on-site systems. That said, a lack of skilled security professionals is seen as being a barrier to companies seeking to prevent cloud data loss.
"It's shocking that so many companies are willing to pay even a penny’s ransom, and would trust hackers not to follow through with an attack. The idea that some would pay more than $1m is downright staggering. There are no guarantees at any price, and there is no way back once the payment is made," says Nigel Hawthorn, Skyhigh Networks' Chief European spokesperson. "Examples of companies refusing to pay up, such as Meetup.com, are few and far between. As such, hackers are increasingly confident they can hold businesses over a barrel, that they can execute crippling cyberattacks and that most businesses would rather pay up than put up. There will be several high profile examples of ransomware in 2016, and countless unreported incidents on top of that".
The European Cloud Adoption and Risk report also reveals that by the end of 2015, for the first time ever, the average European enterprise now uses more than 1,000 cloud applications -- with some companies using as many as 6,000. It shows a rise in EU-based cloud services too, which nearly doubled over a six month period (from 14.3 percent to 27 percent of services). Worryingly though only 8.1 percent of the 16,000 services analysed met enterprise requirements for data and privacy.
More information is available in the full report which can be downloaded from the Skyhigh website.
Photo credit: Fabio Alcini / Shutterstock
Storage has undergone some major changes in recent years. The growth of cloud usage, the Internet of Things and the exploitation of big data have all meant increased demand and a shift towards different solutions. But how has this affected the storage industry and and what further changes can we expect to see?
We spoke to Mark Lewis, Chairman and CEO of storage specialist Formation Data Systems to get his view on how the industry is evolving.
BN: How much has the rapid growth of cloud computing affected the storage business?
ML: Cloud computing represents a major disruption in how infrastructure is delivered and clearly represents a model of what enterprises need to do in order to remain competitive. If you look closely at how Google, Amazon, LinkedIn and the other cloud leaders built their massive cloud infrastructures you’ll note that they didn't use any proprietary storage technology from the traditional enterprise vendors like EMC, NetApp or Hitachi. The reason behind this is pretty simple; all you have to do is to look at the economics of trying to deliver web-scale infrastructure that provides the agility, flexibility and performance needed to deliver enterprise-grade infrastructure. Existing storage technologies couldn't deliver anything even close to what is needed to be competitive. The cloud service providers knew that the only way they could achieve these goals was to write their own custom software that will run on industry standard compute infrastructure. Enterprise IT is faced with the same challenges today, but they clearly don't have the resources to build their own storage software stack, so a software-defined solution like Formation is very attractive.
BN: How will the increase in unstructured data from the IoT and other sources impact storage demands?
ML: Unstructured data from multiple sources has already been placing incredible pressure on Enterprise IT managers for years, and this will only increase with the onset of a completely new class of devices and applications that will generate massive amounts of unstructured data. IoT is a good example, but there are many more that are relevant in the enterprise. So, in order to manage this new class of unstructured data in the enterprise, it must be classified, stored, protected and analyzed as part of their normal business processes. This means that the data should be replicated, backed up and subjected to the same standards that structured data has been subjected to for decades. Here's the problem -- how can an IT manager continue to build out more silos of data storage using traditional technologies with flat or declining budgets. The short answer is that you can't. An entirely new method is needed to be able to support multiple data types on the same platform, apply enterprise grade functions such as replication, snapshots and backup, but do so using industry standard hardware and intelligent software-defined storage platforms. Enterprises need to approach the problem the same way that the cloud guys did in order to survive. Otherwise, they'll drown in all the data being generated.
BN: Can enterprises save on costs by optimizing their storage use?
ML: Optimizing existing storage platforms can provide only incremental benefits, but won’t solve the problems that we discussed earlier. We keep hearing from our customers that they don't need 10 percent cost savings; they are looking for a 10X order of magnitude in TCO reduction. This is why many have shifted newer workloads over to AWS, Google or Microsoft, because as we discussed, this is where a lot of the growth will come from. But the problem that is being created is that you’re managing legacy workloads in your data center and newer workloads in the cloud. It's not very streamlined and creates even higher levels of inefficiency and complexity. Formation has performed very detailed analysis on TCO reduction on our software-defined storage solution as compared to traditional storage arrays and we've proven that an enterprise can realize anywhere between four to seventeen times (4-17x) TCO reduction using our platform versus traditional storage technologies. This level of cost reduction means that users can run on-premise storage for less than what it would cost to manage the same amount of storage in the cloud. As the capacities increase, so do the savings
BN: Isn't there a danger of introducing greater complexity?
ML: It's actually the exact opposite. When done correctly, consolidation of multiple workloads on a single system will remove complexity, simplify operations and provide higher levels of efficiency. Rather than having four or five ways to provision, manage, report and protect your data, you now have a single way to do it. Because we've built the FormationOne platform using cloud and web-scale methodologies, the system is extremely simple to operate and scales seamlessly to support very large environments.
BN: What do you think will be the major trends in storage in 2016?
ML: Software based infrastructure will move from trials and labs into mainstream production, especially in storage. As we discussed, the growth in data are there and the economic are too compelling to not take advantage. We’re seeing evidence of this in the field and many of the customers that we're working with now are looking at how to deploy true software-defined storage.
Photo Credit: wavebreakmedia/Shutterstock
Using a mouse for long periods can be uncomfortable and in severe cases may even lead to repetitive strain injury.
There are various pieces of kit on the market to help you avoid this including ergonomically designed mice and wrist rests. Taking a slightly different and more innovative approach to the problem is the Penclic which is a sort of fusion of mouse and pen.
It looks rather like one of those pens you find chained to the counter in banks, but is attached to its base with a ball joint. The base, which is shaped like a small mouse, houses a rechargeable battery and has an LED that glows green to indicate it’s charging and changes to red when it needs charging. On the underside are an on/off switch a button to sync with reciever and a +/- button to adjust the DPI setting for sensitivity.
The base and the top are shiny plastic with the bit where you hold it and click the buttons in a smooth matt finish. A slim chrome band between the top and bottom sections of the pen adds a touch of bling.
In the smart plastic package you get the Penclic itself, a USB receiver for wireless operation, a retractable cable for charging and a cloth pouch to carry it all around in. There are some basic multilingual instructions that explain how to get started. It will work with Windows, Mac and Linux systems and there’s no driver installation required.
In Use
The base of the Penclic works like a normal infra red mouse, the difference being that the scroll wheel and left and right buttons are relocated to the pen. You hold it just like you would a normal writing implement and it can be used either left or right-handed.
The charger cable has a microUSB connector at the mouse end and this is a bit fiddly to attach, you’re also not quite sure if you’ve pushed it home far enough. Once you’ve charged the battery, setting up is easy: plug the receiver into a USB port on your PC, press the button on top, press the corresponding button under the mouse, the LED flashes red for a few seconds and you’re good to go, there’s no need to install any software as it uses the standard mouse drivers.
After rebooting or recovering from sleep mode you need to press the mouse’s connect button again to re-establish a link. The +/- switch lets you change from the standard 1200 DPI setting to 800 or 1600.
Using the Penclic feels a little weird at first and you need to take some time to find a comfortable way of holding the device and moving it without pressing buttons by accident. With a normal pen-like grip your index finger sits over one button and your thumb over the other with your first finger on the scroll wheel. It’s slightly confusing, however, as on the standard setup the right button left-clicks and the left button right-clicks.
You can of course reverse this from the Windows settings, but -- for right-handed users at least -- the way Penclic does it actually makes sense after a while as the index finger click to select text or press on-screen buttons feels like a more natural action.
Once you get used to it you’ll find the Penclic is nicely sensitive. It does feel very light though which means it’s easy to move it more than you intend even on the lower sensitivity setting. It’s also quite easy to squeeze the pen and click both buttons together until you adapt to using it. The scroll wheel’s middle button click action is a bit stiff which means it’s easy to move the mouse by accident when you select it.
The physical advantage to using the Penclic is that your arm and wrist adopt a more natural angle and you can rest the base of your palm on the desk to provide support. It’s fine to use for long periods with no resulting aches and pains.
Depending on how much you use the R3 you can get up to a month on a full battery charge, the LED flashes red to warn you when it’s running low. If you get caught out you can use a standard AAA battery to power the device temporarily until you can recharge it.
Conclusion
It takes time to adapt to how the Penclic works and build up your levels of accuracy. Once you do it works perfectly well allowing you to accurately position the cursor. The unorthodox button arrangement takes a little longer to get used to but it makes sense once you’ve been using it for a while.
It does only have the standard buttons so it won’t replace your sophisticated gaming mouse, but then that isn’t the market here. For standard office use it’s perfectly fine and comfortable to use. It’s also quite good for use with graphics programs too as it has a natural, pencil-like, feel.
The Penclic R3 isn’t cheap at £59.99 but if it saves you from RSI it could be well worth the money.
Pros
Easy to set up
Accurate movement
Long battery life
Cons
Unorthodox button layout
Very light
Fiddly charge cable
ITProPortal Review: 8/10
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
A new malware campaign is aiming specifically at businesses and consumers using the WhatsApp mobile messaging service.
Uncovered by researchers at Comodo Labs the campaign uses emails masquerading as WhatsApp content. These have an attached zip file containing a malware executable.
The emails have a variety of subject lines including, "You have obtained a voice notification," and "An audio memo was missed," each followed by a short string of random characters which are probably used to identify the recipient.
If the zip file in the email is opened and executed, the malware is installed on the PC. It's a variant of the 'Nivdort' family. When run it replicates itself into different system folders, as well as adding itself into an auto-run in the computer's registry.
"Cybercriminals are becoming more and more like marketers - trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware," says Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs. "As a company, Comodo is working diligently in creating innovative technology solutions that stay a step ahead of the cybercriminals, protect and secure endpoints, and keep enterprises and IT environments safe".
More details of the attack are available on the Comodo blog.
Photo Credit: Balefire/Shutterstock
Crowdfunding has become a popular way for smaller businesses and independent designers to gain backing for their projects. Now though funding platform Indiegogo is turning its sights on bigger business.
It's launching a new Enterprise Crowdfunding service to provide large corporations with specific services for engaging with Indiegogo's audience of early adopters, entrepreneurs and makers. This will allow enterprises to validate and optimize product concepts, as well as source new innovations.
"We created Indiegogo to empower anyone, anywhere to raise funds for their ideas, from the inventor working out of her garage to the largest Fortune 500 companies looking to create innovative new products that line up with what customers really want," says Indiegogo CEO Slava Rubin. "Some of the world's most successful companies are already using Indiegogo for product development, market research, and to support causes important to them. Now we’re taking that a step further with Enterprise Crowdfunding".
A number of large companies have announced milestone Indiegogo campaigns. Among these are games maker Hasbro which selected the family-friendly card game 'Irresponsibility' as the winner of its first campaign and is planning future challenges for 2016.
Harman International Industries will launch an Indiegogo campaign to evaluate the market potential for a new selective noise cancellation technology for its line of JBL headphones. Also Shock Top helped pioneer Indiegogo's enterprise platform with its 'Shock the Drought' initiative, launched in August 2015 to identify, fund and bring new water-saving technologies to market in response to the California drought.
"We set out to help California during one of the worst droughts in history, and Indiegogo proved to be a great partner and resource for inventions with the potential to make a big impact on water conservation," says Jake Kirsch, Vice President of Shock Top.
You can find more about the Indiegogo program for enterprises on the company's website.
Photo credit: Andrey_Popov / Shutterstock
Blackphone is marketed as the most secure Android phone available so it's bad news that researchers at endpoint protection specialist SentinelOne have uncovered a vulnerability in the Blackphone One that would allow some of the phone’s protection features to be bypassed.
The vulnerability means that apps could be installed without asking for permissions, so they could access features and information on the phone without the user’s knowledge.
Among things the vulnerability would permit are, sending and receiving text messages without the user’s knowledge, checking the state of phone calls silently (what number the call is connected to and was it incoming or outgoing), and forcing conference calls with other numbers.
SentinelOne's director of mobile research Tim Strazzere says, "The issue lets you talk directly to the modem at the firmware level, so Android doesn't know what's going on. This also means that the user wouldn't know if, for example, call forwarding had been set up".
The vulnerability arises through a socket that has been left open and accessible on the Blackphone. Although it hasn't been seen in the wild it could be exploited using a malicious app.
Once SentinelOne had validated its findings it reported them to SilentCircle, Blackphone's parent company, and it has now been fixed via SilentCircle’s bug bounty program.
Strazzere notes on the SentinelOne blog, "This vulnerability illustrates the breadth and depth of the attack surface on this and other devices. It also raises some important considerations for security professionals. First, even the most 'secure' systems can be vulnerable to attacks. Second, the increasing proportion of third party technology (hardware, drivers, software libraries, etc.) used in today’s devices makes detecting and remediating flaws more difficult than ever. And finally, virtually all vulnerabilities require some form of malware in order to be remotely exploited. Monitoring processes on a device can provide an important layer of detection and response when apparently legitimate requests to perform system functions originate from anomalous sources".
Image credit: Brilliant Eye/Shutterstock
Overall mobile app usage grew by 58 percent in 2015 according to the latest figures from Flurry, Yahoo's mobile advertising and analytics platform, which tracked over 3.2 trillion sessions over the course of the year.
With the exception of games, which showed a one percent drop, every app category posted year-on-year growth. Personalization leads the way, up 322 percent, news and magazines are up 135 percent, and productivity also shows triple-digit growth up 125 percent.
Writing on the Flurry Tumblr, Simon Khalaf, SVP, Product and Engineering, Publisher Products at Yahoo says, "What was even more impressive is the majority of that growth rate came from existing users versus new users. In fact, in 2015, we estimate that 40 percent of the 58 percent total growth in sessions came from existing users, compared to 20 percent in 2014 and 10 percent in 2013".
Looked at by devices, news and magazine apps, sports apps, and music, media, and entertainment apps all saw faster growth on phablets -- a spectacular 721 percent in the case of news and magazines.
Time spent using mobile devices is up too, increased by 117 percent overall. Once again phablets lead the way with a 334 percent growth in usage as compared to 85 percent on medium phones and 81 percent on small tablets.
More details on the findings can be found on the Flurry Tumblr blog.
Photo Credit: 3Dstock / Shutterstock
Unlike other countries, notably the UK and China, that have been busy passing laws to allow them to snoop on encrypted communication, the Dutch government has decided that strong encryption is vital to the health of its digital economy and the privacy of its citizens.
The country's minister of security and justice Ard van der Steur writes in an official statement that the Dutch executive cabinet endorses, "...the importance of strong encryption for Internet security to support the protection of privacy for citizens, companies, the government, and the entire Dutch economy. Therefore, the government believes that it is currently not desirable to take legal measures against the development, availability and use of encryption within the Netherlands".
The minister points out the weakened encryption won't make the world a safer place as it will give criminal organizations easier access to sensitive data, adding, "Confidence in secure communication and storage data is essential for the future growth potential of the Dutch economy, which is mainly in the digital economy".
The move has been welcomed by security professionals. "The decisive announcement from the Netherlands to maintain strong encryption and avoid implementing back-door access sets a powerful example that other world governments should follow," says Dr Nithin Thomas, Co-Founder and CEO of secure data transmission specialist SQR Systems. "Creating back doors in encryption technology would just as readily create access for hackers as it would intelligence services, leaving everything from individual financial data to national secrets at risk".
Whether other governments will be willing to adopt the Netherlands' enlightened approach to encrypted communication we'll have to wait and see, but we're not holding our breath.
Photo Credit: Kutlayev Dmitry/Shutterstock
Phones have been gradually getting bigger in the past few years. That makes for better displays for watching videos and viewing documents and web pages, but there’s a downside too.
For many people it makes them more awkward to carry around and can mean they’re harder to use as a phone because you need two hands to operate them.
Bucking the trend somewhat the latest Nexus 5X is at the compact end of Google’s smartphone range, with a 5.2-inch display. It would be easy to dismiss this phone as a budget option, but in fact although it’s small it isn’t short of features and it has a lot to offer for business and personal users alike, so let’s take a closer look at its features and how it works.
In the Box
Although it’s sold under the Google name, the Nexus 5X is actually manufactured by South Korean electronics giant LG and it has that company’s subtle branding on the back. The package is pretty minimalist and contains just the phone itself plus a mains charger and USB cable. Note though that the cable is USB-C at both ends rather than the more usual standard USB to microUSB that you get on Android phones. So if you want to connect it to your PC you’ll need an adaptor, Google will sell you one for an extra £10.99.
There are no printed instructions included, just a card with graphics explaining how to insert a SIM card and connect the charger. You do get a little tool in the pack to allow you to open the nanoSIM slot.
The design of the phone is quite smart with an all-glass front that has no physical buttons and is pierced by speaker and mic grilles top and bottom. Its slim at just under 8mm, slightly more if you take into account the bulge around the camera lens. There’s a thin black plastic surround which has power and volume buttons on the right-hand edge and the SIM card slot on the left. USB and headphone connectors are on the bottom edge. The back, white (quartz in Google speak) on our review unit but blue and black versions are available too, has a slightly raised area around the camera lens and below that a ring surrounding the fingerprint sensor.
The back is plastic but it has a smooth matt finish which is pleasant to touch and has rounded edges so it’s comfortable to hold too. Viewed from the edge the black and white combination makes it look like a thin Liquorice Allsort.
The screen has a 1920 x 1080 resolution (1080p) and narrow edges at the sides which provide a good usable area. Under the skin there’s a 1.8GHz hexa-core processor (Qualcomm Snapdragon, with four cores at 1.4Ghz and two at 1.8GHz, for people who like to know these things), plus an Adreno GPU, you get 2GB of RAM and either 16 or 32GB of storage. Our review unit was the 32GB version, note though that there’s no SD card slot so you can’t add extra storage later.
It has 12.3MP rear and 5MP front cameras, a 2,700 mAh battery and a variety of sensors including an accelerometer, gyroscope, barometer and proximity sensor. Connectivity is via 4G, Wi-Fi (up to 802.11 a/c) and Bluetooth 4.2, plus NFC. It runs the latest Android 6.0 Marshmallow and comes unlocked so it can be used on any mobile network.
Business Features
The Nexus 5X isn’t really aimed at business users but it does nonetheless have a number of features that would make it attractive to them. It offers good battery life that will get you through a full day of moderately heavy use and if you do need to charge it you can do so quickly, allowing people on the move to take advantage of quick pit stops -- provided they remember the USB-C charger.
The fact that it’s unlocked is useful too as you can use your preferred network and take advantage of whatever contracts you may already have in place. The inclusion of a fingerprint reader makes for better security and the fact that it comes with standard Android gives you a blank canvas for your business apps. Marshmallow’s app permissions feature lets you tell an app it can access stuff like location only when it actually needs it, rather than you granting blanket access at installation. This should help prevent unintended data leaks through badly written apps.
The downside for serious business use is that memory is limited and storage is not expandable so if you want to carry large amounts of business data around with you you’re going to need to look elsewhere.
In Use
With its plastic back and relatively light weight -- only 136 grammes -- it’s hard to get away from the fact that the Nexus 5X looks and feels a bit cheap at first, the power and volume buttons don’t help this impression as they have hard edges and lack positive feel. Don’t let that put you off, however, because there’s quite a lot to like.
The 5.2-inch screen means it’s comfortable to hold in one hand, with everything no more than a thumb’s span away, in this respect it’s easier to use than the larger 5.7-inch Nexus 6P. It’s also easy to slip into a pocket without it feeling too bulky or spoiling the line of your expensive tailoring.
That screen works well too with bright colors, strong contrast and good touch response though the slight vibration you get when typing to tell you a press has registered is so subtle as to be almost unnoticeable. The Nexus 5X has an Ambient Display feature that wakes the screen in greyscale when the phone is picked up or a notification message arrives. It also has adaptive brightness that optimizes the screen brightness settings to suit the available light levels. Turning this off gives you a brighter display most of the time but at the expense of battery life.
What you enjoy in vision you miss out on in sound. The single speaker is just about acceptable for ring tones or making phone calls but if you want to listen to music or watch videos you will need to use headphones in order to get decent audio quality.
Whilst it may be inconvenient in terms of what you can connect it to just at the moment -- until the standard becomes more commonplace -- one of the advantages of using USB-C is that there’s no ‘wrong way’ to connect it. The plugs work either way around so it’s less fiddly to hook things up. Its other big advantage is it enables fast charging. With the supplied charger you can plug the phone in for around 15 to 20 minutes and it gives you about a quarter of the battery capacity back, enough for three hours or so of use. Under two hours charging time will give you a completely full battery. There’s no wireless charging option though which represents a step back from the older Nexus 5.
Unusually the fingerprint sensor is located on the back rather than the front of the device, but this actually works very well being perfectly positioned to rest your index finger on when you’re using the phone. It also has that raised ring around it making it easy to locate just by touch and it unlocks the phone fast with a single press. Training it to accept new prints is also quick and easy and you can set a backup pin, gesture or password just in case.
The 12.3MP rear camera is quite impressive and takes some decent pictures even in relatively poor lighting conditions, there is a built-in flash too. You can shoot 4K video as well, though that will eat up your available storage pretty quickly at 300MB a minute, and it’s easy to switch to video mode by swiping the screen. The camera lacks features like image stabilization and burst mode that are present on the larger Nexus 6P though. The camera app too is rather limited with just a few features like lens blur, panorama and photosphere, plus an HDR mode. A useful function is that double pressing the power button when the screen is off will immediately put the phone straight into camera mode so you can quickly grab a shot. The front camera is only 5MP, but fine for making video calls, taking selfies and the like.
If you haven’t used Android Marshmallow before you won’t find it too much of a culture shock over earlier versions of the OS. It does have some nice touches though, in particular the app screen that scrolls vertically rather than sideways, making it easier to find things and better to use one-handed, and the app permissions system which makes for improved security by only allowing app access to hardware features when they’re actually required. It also has a clever ‘Now on Tap’ function that lets you Google whatever it is you’re currently looking at on screen, in any app, simply by holding down the phone’s home button. This is handy for looking up how to use a function of the settings menu for example.
You might expect that with only 2GB of RAM on board, performance would be the Nexus 5X’s Achilles heel, but in fact it’s pretty good. Moving around the interface is fluid and fast and you never feel that you’re having to wait for the phone to catch up. It does take a little while to boot up after it’s been powered off but that’s a minor niggle. That said, whilst 2GB of RAM may be okay now, plenty of other phones are coming with 4GB or more as standard and app developers will soon start to take advantage of the extra. This may not, therefore, be a phone to buy for the long term.
The battery will give you around eight hours of continuous use on a full charge so it should be fine for a working day. Standby time is more impressive though, Google quotes up to 420 hours, in part due to Marshmallow’s Doze feature which puts apps into sleep mode when it detects that the phone is stationary for a time, thus reducing power usage.
Conclusion
Overall the Nexus 5X is a bit of a mixed bag. With its plastic back and light weight it does look and feel rather cheap, particularly the power and volume buttons, but it’s actually quite robust and the smooth plastic back resists fingerprints well. It also has some good features, the screen for example is impressive and the well placed fingerprint reader makes for ease of use.
Camera performance is good too and overall it’s a nice size, balancing usability and portability. Plus of course it has the latest Marshmallow version of Android and being from Google you get it in its pure form with no bloatware and no re-skin. Perhaps the biggest drawback is the 2GB memory which limits future proofing, you’ll almost certainly want to spend the extra £40 to get 32GB of storage too.
Using USB-C only for charging is no doubt good for the long term, though a bit annoying at the moment if you’re caught with a low battery and don’t have the supplied charger with you. It’s a shame they didn’t provide an adaptor to let you use a standard USB socket rather than only offering it as an extra.
The Nexus 5X Starts at £304 for the 16GB version, the 32GB as tested is £344. That makes it competitively priced if not especially cheap. There’s a lot of competition at this end of the market and phones like the Moto X Play and OnePlus X offer similar feature sets for slightly less money.
However, the Nexus 5X is well worth including on your shortlist and with no network restrictions and an unmolested version of Android it’s a blank canvas for you to personalize to your own taste.
Pros
Quick charging
Good battery life
Android Marshmallow
Cons
Only 2GB of RAM
No SD card slot
USB-C only
ITProPortal Review: 7/10
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
It's an increasingly rare business today that has all of its IT on its own premises. The cloud has led to many systems being moved off site and also contributed to the growth of shadow systems.
How can business manage these challenges and make sure that they're not putting their information at risk? We spoke to John Purrier, cloud visionary and CTO of business automation company Automic Software to find out.
BN: Is there an increasingly blurred boundary between private and public clouds?
JP: We are definitely seeing an accelerated convergence between traditional on-premises data centers and multi-tenant public clouds, giving rise as well to managed single tenant hosting and single tenant isolation on public cloud infrastructures. Private data centers are increasingly being managed and consumed through cloud and DevOps technologies, and the public clouds have made great strides in security, data protection, and the ability to isolate tenants from one another for both security and performance considerations. Over time, this convergence will provide greater choice to enterprise IT organizations in allowing them to place workloads and data where it makes most business sense rather than being forced by the technology architectures.
BN: We're seeing more and more analytics solutions aimed at systems management. Is this the future and can we expect more automation?
JP: This is one of the most exciting aspects of the digital transformation taking place. We are moving toward more dynamic and real-time analytic feedback into the automation processes controlling IT workflow and management. This allows the control systems to make decisions on workload placement, environment creation/destruction, data storage, network routing, etc. based on the actual state of the entire IT environment rather than following statically defined scripts. As we increasingly instrument our networks and environments, such as with the Internet of Things (IoT), we will increasingly use this real-time data to continually improve business efficiency through automation.
BN: What are the biggest challenges for companies considering a shift to the cloud?
JP: As enterprises look to make their own digital transformations there are a few critical questions to be answered:
1. Adopting cloud technologies and potentially moving applications and data outside of the corporate firewall is a technical challenge, but the larger challenge is cultural. The move to the cloud requires process and procedures that need to be made integral to the IT and company culture to be successful. The internal evangelism and adoption of cultural change is probably the biggest challenge.
2. A realistic inventory of existing systems and processes needs to be done, and decisions made as to whether current applications and data systems a) stay where they are and are maintained, b) moved to cloud architecture and frameworks, perhaps through PaaS or other application tooling, c) sunsetted and retired, or d) re-implemented as cloud-native applications. Orchestration automation is a valuable tool in making the existing systems continue to run seamlessly while investing development and operational resources toward the cloud-based systems.
3. In working with Enterprises on their application journey to the cloud common patterns for best practices have emerged. Taking significant, but non-business critical applications such as marketing sites, brochure sites, and short lived campaigns initially and running these as pilots gives teams a good feel for new cloud-based processes and tools. These pilots also allow for simultaneous deployment of DevOps tooling and processes. Through an iterative cycle of develop/deploy/retrospective-learning organizations find their own rhythm and cadence for cloud-based deployments.
After the pilot period then the processes can be scaled up to rapidly move more applications, moving from non-business critical to mission critical. At this point it is critical to have a solid DevOps and Operational automation strategy and implementation to ensure repeatable and reliable deployment pipeline processes.
4. Understand that cloud system management, orchestration, and automation tooling will increasingly allow multiple data centers and multiple cloud infrastructures to be part of an overall Enterprise IT solution. This will allow truly level playing fields amongst the providers, preventing lock-in and giving the Enterprises the governance, insight, and control they need to accelerate their business.
BN: What do IT managers need to look for in potential cloud providers?
JP: It is key that IT managers understand the network security, tenant isolation, and data security models of the cloud providers they are thinking of engaging with. Additionally, if applicable, CSP policies allowing data sovereignty and regulatory compliance should be explored. These are the big concerns many Enterprises have with going outside of their own firewalls. Next up would be performance and uptime SLA agreements, along with support policies and issue escalations.
BN: How should providers address legitimate concerns over the security of data and meeting compliance requirements?
JP: These are, and have been, the focus of cloud providers for several years. The fact is that CSP's at any kind of scale have more network engineers, security engineers, compliance experts, and operational personnel than most companies that run their own data centers. The providers should be able to walk through their policies, technology, and remediation systems in detail to any customer who wants assurance that the infrastructure meets their requirements.
There may always be some combination of requirements that make a company invest in their own data centers and operational teams. This is OK, not everything needs to be run outside the firewall. However, in order to make this truly viable the automation and orchestration systems that provide the governance and points of control to the business need to be architected to be multi-DC and multi-cloud capable.
BN: Do we need to see board level management getting more in touch with how their companies handle IT requirements?
JP: Senior management need to be a strong advocates toward the cultural, procedural, and technological shifts that the digital transformation of their business will require. In order to be competitive going forward all businesses need to accelerate their internal IT operations in order to bring more value to the business. The enterprise IT path forward will increasingly be collaborations between business requirements, development, and operational teams facilitated through automation, analytics, and distributed computing and cloud infrastructures.
Photo Credit: nopporn/Shutterstock
The eDiscovery process of extracting data for regulatory or legal purposes is generally seen as a bit of a niche in the IT field.
However, a new study by research specialists IDC forecasts that the market for worldwide eDiscovery services reached $8.2 billion at the end of 2015. This combined with an eDiscovery software market of just over $2 billion means the global eDiscovery market has passed the $10 billion threshold.
"Increased litigation and regulation coupled with expanding use cases for eDiscovery software will continue to drive moderate growth in the worldwide eDiscovery market," says Sean Pike, Program Director in IDC's Security Products group and leader of IDC's eDiscovery and Information Governance research program. "The data solution market, however, is maturing rapidly as buyers search for automation to solve well-defined problems. To meet maturing needs, eDiscovery solution and service providers are already creating robust strategies to use existing search and analytics competencies to compete in the white hot content analytics and cognitive solution markets".
The Americas region is still the largest market for eDiscovery, and is expected to remain so, but there's been a growth in international demand over the past year. Europe and Asia are both seeing an uptick in demand for eDiscovery services. By 2019, IDC expects Europe to make up almost 23 percent of the market and Asia just over seven percent.
There's also been some consolidation in the market with service providers and technology solution companies pairing off. In addition solution providers are buying capabilities as bolt-on functionality for existing products or services, in an effort to gain or hold onto market share. Software and service provider companies see analytics companies as posing the largest threat to existing market opportunity.
The full Worldwide eDiscovery Services Forecast is available from the IDC website.
Image credit: sommthink/Shutterstock
Recent research from Intel suggests that, despite the availability of automated solutions for data center infrastructure management (DCIM), many businesses are still using manual procedures to do their capacity planning and forecasting.
To get an insider perspective on how managers can better exploit the benefits of DCIM products to streamline their operations we spoke to Jeff Klaus, General Manager of Intel Data Center Solutions.
BN: According to your recent research, 40 percent of data center managers still use manual processes to conduct capacity planning and forecasting. Why is this number so high?
JK: This number is indeed high, however data center managers are not happy with using manual methods today but are doing so because of a lack of good and simple solutions that can provide them accurate data to help them automate their manual processes. Among main barriers for DCIM adoption, current solutions are expensive, complex, and not easy to use by the end users, which all contribute to why this number is still very high.
BN: Does this show that the benefits of DCIM solutions are failing to get across?
JK: DCIM adoption appears to be slower than predicted and this should be a wake-up call for the solutions providers. We all would like to see broader DCIM adoption by end users in 2016, but for that to happen, DCIM vendors will need to listen to their customers, address their key concerns, including power and thermal management, and ways to automate manual processes, and do a better job in articulating and proving DCIM solution value and ROI for the end user. The vendors will also need to address general concerns related to their solutions, like lower costs, simplifying the solutions, and investing in its ease of use. We're still very optimistic about DCIM as the data center managers clearly say they need such tools, it’s just a matter of listening to them and providing them the right solution that will help them better manage their infrastructure and help them automate the manual processes that currently take up 40-60 percent of their time.
BN: Why should companies consider DCIM if they haven't already?
JK: Companies' need for DCIM is still there and challenges in managing the complex infrastructure today are not going to disappear. They will actually get more complex as IT devices continue to add telemetry. Thus, companies still need to evaluate tools and solutions that will help them better manage their infrastructure, automate manual processes, improve their capacity planning and provisioning process, improve their agility, improve thermal profile in their datacenters, identify and predict power and thermal issues, and improve datacenter efficiency. DCIM vendors are also aware to the slow adoption of their solutions and better understand the customers’ needs and concerns today. They’re constantly improving their solutions, ensuring they solve their customers’ problems, making them simpler and easier to use and maintain, and even lowering the solution cost.
BN: Are you seeing DCIM moving into new industries and how are they benefiting from the technology?
JK: I think that most DCIM vendors realize the importance of granular and accurate data as part of their solution, regardless of the industry. The solution can have great 3D layout and strong analytics features, however, if the data it visualizes or analyzes is not accurate then the result is not good or compelling for the customer. Luckily, the hardware vendors realized their customers’ needs 5-7 years ago, and since then we see more and more intelligent devices that can report accurate metrics related to their power consumption, thermals, utilization, airflow, and more. I expect that this year we'll see more DCIM vendors listen to their customers and integrate such technologies as part of their solutions, provide accurate data and analytics to their customers, and allow them to automate their current manual processes which will help the technology penetrate new industries and obtain broader adoption.
BN: What changes will we see in the DCIM marketplace in 2016?
JK: We will continue to see some consolidation in this market and expect to see a few exits and merges occur. The vendors who will stay are the ones that react to their customers' requirements and make the required changes in their solutions to fit their customers’ needs. We will also see continued price decline and, hopefully, simplified solutions that are easier to deploy, use, and maintain.
Photo Credit: dotshock/Shutterstock
We've already seen a big increase in DDoS attacks in the past year and according to the latest predictions these are set to continue and become more sinister in nature as we move into 2016.
Security specialist Corero foresees a rise in 'Dark DDoS' attacks used as various smokescreens to distract victims while other attacks infiltrate corporate networks to steal sensitive data.
Dave Larson, COO at Corero Network Security, says, "The highly sophisticated, adaptive and powerful Dark DDoS attack will grow exponentially next year as criminals build on their previous successes of using DDoS attacks as a distraction technique. The Carphone Warehouse attack in August was interesting because it was one of the first publicly reported cases of Dark DDoS in the public domain. This is a new frontier for DDoS attacks and a growing threat for any Internet-connected business that is housing sensitive data, such as credit card details or other personally identifiable information".
It also predicts a rise in DDoS-as-a-service cyber crime business models, where it's possible to pay to have victims hit for as little as $6.00 per month. This means less sophisticated cyber crime actors can readily become DDoS adversaries.
During October 2015, 10 percent of Corero's customer base was faced with extortion attempts, which threatened to take down or to continue an attack on their websites unless a ransom demand was paid. If the volume of DDoS attacks continues to grow at the current rate of 32 percent per quarter, according to Corero’s latest Trends and Analysis Report, the volume of Bitcoin ransom demands could triple to 30 percent by the same time next year.
Corero also anticipates 2016 will see ISPs come under pressure to provide DDoS mitigation services to their customers. In a survey conducted this autumn, Corero revealed that three quarters of enterprise customers would like their ISP to provide additional security services to eliminate DDoS traffic from entering their networks.
"The current status quo allows malicious traffic carrying DDoS threats to flow freely over most provider networks," says Larson. "As a result, most customers end up paying their provider for bandwidth that delivers potentially dangerous Internet content. But the technology exists for ISPs to turn this problem into a business opportunity. By providing DDoS mitigation tools as a service, deployed at the Internet edge, they can defeat this problem before it enters their customers’ networks".
More information on the changing DDoS landscape and lessons learned fron 2015’a attacks is available on the Corero blog.
Photo Credit: Duc Dao / Shutterstock
The growing maturity of the cloud has been one of the major trends of the past year and this is something that looks set to continue into next year.
There will be new challenges, however, and we've looked at what some of the industry's experts think the cloud will have in store for 2016.
Rohit Gupta, founder and CEO of cloud security specialist Palerra thinks APIs will gain in importance, "We expect to see cloud vendors selling APIs as new revenue streams. SaaS, PaaS, and IaaS vendors will be pressured to provide rich sets of APIs, enabling security vendors and application vendors to provide value added services".
The cloud may become more localized says Blazent's CTO, Michael Ludwig, "Increasing cloud adoption will push major cloud providers to consider regionalized service approaches due to network bandwidth concerns among enterprise customers". He also believes that self-service big data as a service (BdaaS) portals are going to make information and insights more readily available across the enterprise.
According to application performance specialist Riverbed, "More and more IT assets will be pushed into the cloud, and more users will work outside premises. We'll see more companies operate exclusively in the cloud, but enterprises will continue to leverage the hybrid cloud model with overall cloud usage increasing across the network". This will mean that organizations will need to look for solutions that provide greater visibility into performance, security and end-user experience for applications.
Marc Crespi, CEO and co-founder of OneCloud Software, expects the hybrid cloud to gain in importance, "In 2016 we are going to see accelerated adoption of hybrid cloud deployments because we will see more technologies that remove the barriers to leveraging public cloud. For example, these technologies will bring a simplified approach to creating a unified hybrid cloud management platform from disparate tools. The outcome will be a secure and scalable architecture that makes it possible for IT to add the public cloud to their 2016 plan".
Crespi also believes the cloud will change the disaster recovery industry, "With the cloud, disaster recovery doesn't take up any room and can be done affordably, simply and quickly. With the cloud, DR becomes a no brainer".
"The cloud office wars between Google and Microsoft will continue, but partners are going to need to support both suites in order to be successful, because it will become clear that both platforms serve specific market segments better than the other," says David Politis, CEO of BetterCloud. He also predicts that 2016 could become a golden age of IT. "This is the year when shadow IT will actually be embraced and seen as an opportunity to truly affect change in an organization. CIOs will be pushed to the cloud by their user populations, by their CEOs, and even by their boards as the market continues to produce success stories of organizations transforming the way they work by moving to the cloud".
Of course security issues impact on the cloud too and cyber security association ISACA predicts that, "Hackers will increasingly have cloud providers in their crosshairs, as organizations move more pervasively to cloud. This year we saw cloud providers take more responsibility for storing customer data. Because more data is shifting outside of organizations, 2016 will bring with it more attempts from cyber criminals to gain direct access to that pool of information".
Jeff Denworth, SVP of Marketing at cloud storage company CTERA expects that security concerns will have a positive effect, "IaaS will become more secure than an average private data center -- Amazon and AWS will elevate 'all-in' deal making to a feverish high. But in the meantime, just as organizations had dual-vendor strategies for IT hardware and software, this will emerge as a risk management policy for cloud operations".
The cloud then will continue to be a major factor in IT provision and we're likely to see more businesses moving away from running their own data centers to embrace an all-cloud future.
Image Credit: leolintang/Shutterstock
It's the time of year when companies inevitably turn to their crystal balls and try to predict what the coming year will have in store.
Where security is concerned there's a focus across the board on the evolving threat landscape and the tools needed to deal with it. We've brought together predictions from some of the leading industry experts.
Andrzej Kawalec, CTO for HPE Security Services at Hewlett Packard Enterprise says, "2016 will bring a shift in how organizations protect their data. New cybersecurity tools and techniques will focus on applying big data analytics and automation to the threat landscape, as well as internal users and operations. Additionally, new methods for managing user identity will cross into biometrics and across cloud platforms, and we will see the increasing adoption of advanced consumer security and identity products and services".
But whilst new techniques are used old threats will continue to be a problem. Kawalec adds, "A large and worrying proportion of attacks will continue to prey on old vulnerabilities in standard software and operating systems versions that are poorly managed and updated. New vulnerabilities in mobile devices, operating systems and applications will outstrip more traditional areas of focus".
Mobile security will continue to be a problem too. Zimperium's Joshua Drake, VP of platform research and exploitation, thinks that iOS will be targeted more in the coming year, "iOS security will take center stage with more iOS kernel exploits and jailbreaks for iOS 9.2 and 9.3. We'll also see another Airdrop-esque attack, potentially through AirPlay or Continuity/Handoff".
He also predicts that Android's continued lack of timely updates will be a problem and that more exploits will take advantage of the shared address space ASLR weakness to gain system privileges. On a brighter note Drake believes, "More vulnerabilities will be publicly disclosed due to the expansion of bug bounty programs as more companies realize the value and build the internal acumen to digest the results. Legislative changes will also have a positive impact."
The IoT is also likely to become more of an attack target for cyber criminals. "Adversaries will exploit the influx of connected devices -- everything from watches to cars to critical national infrastructure -- to obtain personal and sensitive information. IoT represents the next battleground as we move towards smarter environments and adversaries advance their tactics to take advantage of new vulnerabilities that arise," says HP Enterprise's Kawalec.
Dmitri Alperovitch, CTO and Co-founder of Crowdstrike and RSA Conference Advisory Board member, believes data will be increasingly weaponized, "Use of data as weapon will be a major problem in 2016. In the past, data has been taken, destroyed or encrypted, but increasingly we’re seeing breaches during which data is leaked publicly in order to cause significant damage to a business, reputations, or even the government (eg, Sony, Ashley Madison, etc.). Criminals and hacktivists are now stealing data and threatening to place it on public websites for others to see. In conjunction with this, hackers are building massive databases that include multiple types of data (insurance, health, credit card) to present a 'full picture' of an individual. It's one thing to have your data stolen and another to have it used against you. We'll continue to see individuals', corporations' and public entities' info used against them as a weapon in 2016".
To help combat threats Stephen Cox, chief security architect at SecureAuth believes we'll see changes in authentication methods, "Biometrics will take a larger role as a second factor as organizations grow more and more distrustful of the password. The ubiquity of personal devices with biometrics sensors will make this possible. Open standards friendly to biometric privacy, such as FIDO, will help adoption".
Cox also says that 2016 will be the year of adaptive authentication, "In many attacks we saw in 2015, attackers were not using malware, they were simply using stolen credentials to log into the environment. With organizations moving to the cloud, there will be an increasing number of authentication touch points in an organization, and those will need to be protected with technology that can rapidly identify and respond to threats".
HP's Kawalec also predicts that senior managers will become more involved in security issues, "In light of the frequent and destructive data breaches we've seen over the last two years, CEOs will be at the forefront in leading the response to a cyber breach. Increasingly we will see these breaches fought in courtrooms and newsrooms, as well as on laptops and networks. Cyber risk will be top-of-mind for boards, elevating the CISO beyond traditional IT. And with this, enterprises will be increasingly responsible for the information security of consumer data".
Steve Lowing, the Director of Product Management at Promisec shares this view and adds that, "The Endpoint Detection and Remediation Market will grow as companies try to stay ahead of threats, and companies will place an importance on encrypting sensitive data due to the rise in ransomware. Companies will have to make sure their remote employees aren't working with confidential corporate data on old, vulnerable OS releases".
Whatever the experts predict you can be sure that security threats aren't going away and that something will come along to make new headlines.
Photo Credit: Anneka/Shutterstock
More and more businesses are rushing to embrace mobile apps, but in large companies where hundreds of apps need to be rolled out this can present major headaches for administrators.
We spoke to Chris Isbrecht of IBM Security's MaaS360 team to find out about some of the challenges of scaling mobile to large enterprises, as well as how they can be addressed.
BN: Has mobile become a key part of driving greater productivity in enterprises?
CI: Mobile has become the primary way organizations communicate with employees, partners and customers. In this digital age, organizations are increasingly embracing mobile apps as a way to improve productivity and meet employee requests to seamlessly work anywhere.
Given the "app overload" with today's mobile devices, there's a well-defined need for businesses to leverage apps that stand out from the crowd. There's an appetite for mobile apps that are tailored to respective businesses, optimized for end-user engagement, integrated with enterprise and third-party data and designed for dependable access.
BN: How easy is it for large scale mobile app deployments to go wrong?
CI: Since most organizations aren't properly educated on the fundamentals of app scaling, it's particularly easy for missteps to occur. Unfortunately, organizations don't prioritize the user experience for deployments, which leads them to ignore the importance of user self-service. IT assumes that they need to be the ones always pushing the button. Businesses also tend to deploy a solution to a small pilot group and mistakenly think that will scale and support their entire population of users, but it’s far from the case.
I would recommend organizations formally poll users -- or use asset inventory -- to understand the apps their users are utilizing. For corporate sponsored apps, they should advertise them to users and customize descriptions, so employees understand the importance of apps in their specific catalogs. IT should also ensure they have group-based deployments to target specific users and enable administrators to target users with predefined bundles of applications that can be installed with a single click.
BN: What tools can businesses use to manage large scale app roll outs?
CI: When a customer starts managing a significant amount of apps, it's critical that their management tools scale for both the IT administrator and end-user. This means a company cannot get by without implementing an enterprise mobility management solution (EMM), which provides Mobile Application Management (MAM) capabilities. Attempting to do it with other tools might work with fewer apps but, not at scale.
EMM provides administrators with the ability to create a corporate app catalog, distribute corporate apps and leverage volume purchase programs. With larger deployments, supporting user groups -- through Active Directory -- drastically improves management and providers a better user experience.
With IBM MaaS360, we have customers that are successfully managing close to 1,000 applications in their corporate app catalog. It’s not just one operating system, there are companies managing over 500+ iOS and 500+ Android apps for their businesses and users.
The end-user needs a top-notch experience. When they enroll their device for EMM, they should instantly get the apps they need to be productive. If the admin leveraged Active Directory groups, apps are usually pushed down to the user automatically and they do not need to request them. If they don’t see the app they need, they need a one-stop shop to get them.
That is why a corporate app store is essential for success. Having an app store where users can search for corporate authorized apps -- while being able to review the app's rating and co-worker comments -- is a powerful, self-service tool. This keeps users happy and simplifies how they get supported apps.
BN: What role does user self-service have to play?
CI: Self-Service is vital because it increases efficiency -- by saving your support team day-to-day tasks -- and keeps users engaged and educated on the apps available to them. When a user understands what apps are available and grasps how to get them immediately, it's going to positively impact the business by saving IT a tremendous amount of time. Otherwise, IT support would be overwhelmed with hundreds of daily tasks around large scale deployments.
BN: How do user groups fit into the process?
CI: It's important to limit users' access to application catalogs because the objective is to maintain user productivity with the applications provided via the catalog. For example, we manage 75,000 devices for a large company with an application catalog that spans 1,000 public and private applications. The key for implementation is to limit the scope of apps to users based on employee function and then provide them with the tools to search, sort and filter apps that bolster productivity. Otherwise, pushing 1,000 apps to a device leads to end-user confusion, frustration and a loss in productivity.
BN: What can we expect to see in the enterprise mobile landscape in 2016?
CI: On a completely separate note, I think the industry will have to closely monitor the growth of mobile malware in 2016. This past year, we witnessed a significant uptick in mobile security incidents -- Stagefright, KeyRaider , XcodeGhost and YiSpecter just to name a few -- and it's eerily similar to the benign viruses that threatened PCs in the '90s before rocking the IT world in the early 2000's.
Remember when the ILOVEYOU virus infected millions of unsuspecting users, resulted in billions of dollars in economic damage and transformed PC security?
While the rise of mobile malware has been predicted for years, it's nearly certain that we’ll experience a mobile malware problem in the coming year. Businesses will need protection and it's crucial that they employ the appropriate, mobile threat management solution, which ties to a broader enterprise mobility management product. This will allow for the immediate detection and remediation of mobile malware -- before it's too late.
Image Credit: Sergey Nivens / Shutterstock
Let’s face it, backups are pretty boring, which is probably the reason why they often get overlooked and people find themselves staring into the abyss of lost data. Part of the reason why so many of us hate backups is that the software used often seems to overcomplicate things with lots of options that many people never use.
Bvckup 2 aims to change all of this with a backup solution that’s clean, simple to use, elegant and fast. Produced by Swiss company Pipemetrics, Bvckup 2 is small -- the installer is less than 2MB in size - but packs in a surprising amount of sophistication.
Getting Started
On installation it automatically detects whether you have a 32 or 64-bit system and proceeds accordingly. The ease of use continues on the first run when the only option you get is Add new backup. Click this and you can choose a source and destination for your save. If you want to you can stop there and simply run the backup job -- it’s as easy as that -- but there are other options if you need them.
It’s designed to be fast and starting from scratch in our tests it saved 1.3GB of files to an external USB 2.0 drive in just two minutes. After the initial backup of course it’s quicker still as it will only save changes. It uses multiple read/write requests in parallel to speed up the transfer process and is able to run intensive tasks on multiple CPU cores, but scale back its activity when the PC is under load. This means you can leave it running in the background while still using your PC for other tasks.
One of the other reasons it’s so fast is its single-minded approach. It creates a mirror from one location to another, it doesn’t do anything clever like a two-way sync or a system backup and it doesn’t encrypt or compress data along the way.
You can have it run tasks on a regular timed schedule or it can continually monitor files and folders for changes in real time. It also uses what’s called Delta copying which means it will save only the parts of a file that have changed rather than copy the whole thing each time, further improving performance. A backup can be pinned to a specific removable destination -- it tracks drives by their unique hardware ID not just the Windows-assigned drive letter -- so that it will only run when the target is available, and of course you can save to networked or cloud storage.
Business Features
All of this simplicity might make you think that Bvckup 2 is mainly for home users. However, it has a lot of features that make it attractive for enterprise users too. It can cope with multi-million item backups making it suitable for large systems and it can run multiple jobs in sequence or all at once.
When running a job it creates a backup plan, you can do a simulated run and view this without actually executing it, so it’s good for satisfying compliance requirements. It uses Windows’ shadow copy service to allow it to save locked files. Saves of deleted items don’t have to remain cluttering up the main backup, they can be moved to an archive folder from where they can be retained for compliance or deleted after a period of time.
You can set the program to run a command before and/or after the backup, so you could shut the machine down after saving for example. You can also get it to send an email on completion allowing admins to see that remote systems are being properly backed up.
As we pointed out above there’s no encryption or compression so it may not be suitable for handling sensitive data, unless of course the files you’re saving are already encrypted in which case they’re simply mirrored as they are. Lack of compression of course means your backup storage needs to match the size of the original.
Conclusion
Licences for Bvckup 2 start at $39.95 (around £26.50) for the professional version and discounts are available for volume orders. For $19.95 (£13.23) you can buy it to protect your home PC too. If you want to try it out there’s a fully functional two-week trial available to download from Bvckup2.com. Currently it’s only available for Windows and will run on XP or later.
There are more complex backup programs out there, but that’s not really the point. What Bvckup 2 does is focus on doing a single task and doing it well with minimal hassle. It’s almost enough to make backing up your system a pleasure.
Pros
Cons
Review: 8/10
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Photo credit scyther5 / Shutterstock
Tablets are often seen as a consumer device, allowing you to update Facebook from the sofa while you watch TV, or catch up with iPlayer in bed. But they’re increasingly finding a place in the business world too, allowing mobile workers to catch up with emails or update documents on the move. They can also be a viable laptop replacement for tasks like making sales presentations.
The iPad remains popular, since it popularized the tablet format, but of late, Android devices have been catching up in terms of quality and capability. Samsung has long been one of the biggest players in the Android tablet market and its latest premium tablet, and the Galaxy Tab S2 is clear evidence of the company’s intention to park its tank on the iPad’s lawn. But how well does it succeed and what does it have to offer to tempt business users away from buying the Apple device?
In the Box
The package is fairly minimal, you get a white cardboard box and it just contains the tablet itself, with a USB cable and a mains power adaptor. Both of these are white too -- far be it from us to suggest that there’s an attempt to make this like like an Apple device here. It has a clever mains adaptor design which reduces in bulk by means of sliding down the earth pin and which makes it easier to slip into a bag or pocket. Documentation is limited to a brief Quick Start leaflet that explains the position of the main controls and how to charge the device.
First impressions when you lift it out of the box are that the tablet is nicely weighty and our review unit, in the Gold color option, looks smart with a light grey/beige surround to the Gorilla Glass screen and a shiny metal bezel around the edge. The back is smooth and has a metallic finish, which just about looks gold in the right light, though it is in fact plastic which lets down the premium feel a little bit.
What you do notice is that it’s a svelte 5.6mm thick which makes it easy to slip into a satchel or pouch. It also means it’s almost 2mm thinner than an iPad Air and 0.5mm thinner than an iPad Air 2, it also weighs over 70 grams less than the Air and 45 grams less than the Air 2. First blood to Samsung in terms of the size of the device then. The right-hand edge has the power button at the top and the volume control below it, plus a Micro SD card slot -- you need a paper clip or the little tool provided in the box to open this. On the front below the screen are the Home button, that also wakes the screen from standby and acts as a fingerprint reader, which is flanked by touch sensors for the back and recent apps functions. On the bottom edge are the USB and headphone connectors and the speakers.
The Galaxy Tab S2 is powered by an octa-core chipset with 1.9 and 1.3 GHz quad-core CPUs and has 3GB of RAM. You get 32GB of onboard storage as standard, expandable by up to 128GB via an SD card. 64GB versions are available too. Our review unit was the 9.7-inch version, though a smaller 8-inch model is also on offer. The star of the show is undoubtedly the impressive Super AMOLED HD screen which has 2048 x 1536 resolution. Other hardware features include 802.11 a/b/g/n/ac Wi-Fi which has MIMO ability for better signal reliability, plus Bluetooth 4.1 with the BLE low-energy function to prevent it from taking too much out of the battery life. You can also get a 4G version should you need connectivity when your out and about with no Wi-Fi access. It has a 5,870MAh battery which promises a decent amount of use between charges. The battery is not removable, however, so it will mean a return to the supplier should it ever need replacing.
The Galaxy Tab S2 has a pair of cameras, the rear one being 8MP -- the same as, you guessed it, the iPad Air 2 -- and the front 2.1MP -- better than the Air 2’s 1.2MP.
Start it up and you find it’s running the not-quite-latest Android 5.0.2 Lollipop, though an update to Marshmallow should be on the horizon. It has Samsung’s TouchWiz user interface rather than the standard Android one and there’s a minimum of bloatware installed. Useful apps that are included are Microsoft’s Office suite, plus Samsung’s Smart Manager to help optimize the device, and a handy multi-window feature. The latter is similar to the Windows’ Snap feature, allowing you to display two windows side by side and therefore make full use of that big screen. You also get a Briefing app that displays the latest news stories, weather, etc in an easy to access format. Most of the pre-installed stuff can be uninstalled if you don’t require it.
Business Features
The fingerprint scanner obviously makes for good security. You can store up to three prints allowing you a choice of fingers to use and there’s a password backup option should all of your chosen digits be out of action. It takes a little time to train the scanner for each print as you have to stroke your finger across the sensor several times to ensure it sees all areas of the print. Once it’s set up though the scanning generally works well, though it is sensitive to moisture, struggling to authenticate after you’ve washed your hands or been out in the rain and not thoroughly dried your finger tips for example.
The S2 comes with access to Samsung’s KNOX enterprise security suite which allows users to access confidential email and apps securely. It also allows the separation of enterprise and personal information on the device making mobile and BYOD management easier. There are a range of KNOX certified apps available via a separate store, ensuring that users can access the latest tools in a safe, secure environment.
KNOX works with most popular mobile device management (MDM) solutions so IT staff can manage devices remotely and even have the ability to wipe them in the event of theft or loss. KNOX allows the use of VPN connections to protect data in transit too.
The Microsoft Office package gives you access to 100GB of One Drive storage free for two years. This makes the S2 an attractive business tool, allowing you to access your documents from the cloud, making it easy to work from anywhere you have an internet connection and ensuring that you’re never left without a vital file.
The multi-window feature is a handy tool for business users too, making it easy to refer to documents side by side, or have a browser window open for reference while you edit a document for example. The Smart Manager app scans and optimizes the device, ensuring the best battery life and memory usage as well as cleaning up storage. It also scans for security issues, helping to protect the tablet from malware and ensure that it’s up to date with the latest patches.
All of this is configurable so you can, for example, disable optimization for certain apps that you want to get maximum performance from. The downside of this is it can be a bit of a pest, constantly nagging you with notification messages and sounds.
In Use
Powering up takes a slightly longer press of the power button than feels strictly necessary, but once the screen lights up the actual boot process is fast giving you a usable tablet in just a few seconds.
The Galaxy Tab has rounded corners, although the edges are flat rather than curved which makes it easy to hold. The 9.7-inch version does feel a bit too big to comfortably hold in one hand for long periods, the 8-inch would be better here, so you end up resting it against something. The screen is impressive and offers crisp images and good colors. It uses Adaptive Display technology that adjusts the brightness and other levels according to the ambient lighting, this means you can easily see it in bright light. It delivers smooth video playback too. There’s also a Reading Mode which lowers the brightness and makes it easier on the eyes if you’re reading long documents or eBooks.
The Adaptive Display does a reasonable job and most of the time you don’t notice it at work, though it doesn’t always get it quite right sometimes making brightness adjustments to little effect. The TouchWiz interface is nice to use with smart icons and an intuitive layout, it’s easy to live with and it doesn’t come as too much of a culture shock if you’re used to standard Android. The downside of course is that you have to wait slightly longer for operating system updates than on a system running vanilla Android. Most importantly the screen is nicely responsive to inputs and that large size screen does mean that it’s easy to use the on-screen keyboard and not worry about hitting the wrong character all the time even if you have less than delicate digits.
Sound quality is acceptable, if a little tinny, however, because the speakers are on the bottom edge they’re all too easy to muffle if, for example, you’re resting the tablet on your lap, or with your hand if you’re holding it sideways. Having the headphone socket on the bottom edge is also a bit awkward if you’re holding the S2 in portrait orientation.
Overall there are no performance issues in everyday use, apps load quickly and we didn’t experience any crashes. Battery life is around 12 or 13 hours continuous use, so with casual operation you should be able to go two or three days between charges. It also retains its battery life well when on stand-by.
Tablet cameras aren’t usually about serious photography, the size of the device means it’s not really snapshot friendly anyway, however, the S2’s are reasonably good. The rear camera produces sharp images and good color reproduction in natural light, pictures that are more than good enough to post online. There are also some clever modes including the ability to take 360 degree panoramas. It has the Pro mode found on Galaxy phones too, that lets you adjust contrast, white balance and so on. It does struggle in low light, even if you activate the HDR mode you end up with images that look a little pixellated.
This is disappointing by smartphone standards, but for a tablet it’s probably acceptable. The front camera produces slightly grainy results, especially in artificial light, but it’s good enough for video calling, which is what most business users will want it for, and the odd selfie.
Conclusion
With the 32GB Wi-Fi only version costing £399 direct from Samsung, the Galaxy Tab S2 9.7 is priced on a par with the 16GB 9.7-inch iPad Air 2. It has the same screen resolution in a lighter and thinner package, and of course more storage, so it’s clear to see what the target is here. The Samsung offers good performance in everyday use and is likely to deliver better battery life than the iPad as well.
Features like the ability to use KNOX and the inclusion of Microsoft Office make it an attractive option for enterprise users. The plastic back panel doesn’t detract too much from the quality feel of the device, and obviously it contributes to the Galaxy Tab’s light weight. The cameras are good by tablet standards and it isn’t overloaded with bloatware.
Overall Samsung has delivered a well thought out package with this device and if you were thinking of buying an iPad Air 2 it’s well worth considering the Galaxy Tab S2 as an alternative. It offers you more for your money, good performance and you won’t find yourself feeling that you’ve ended up with second best.
Pros
Cons
Review: 8/10
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Businesses tend to be quite conservative in their approach to technology, so it's always interesting to look at what's been sparking their interest.
Identity and mobility management specialist Okta has released a new report, based on analysis of its customers, looking at the big winners and losers in the enterprise over the past year.
The fastest growing apps of 2015 are; Slack, Greenhouse, Envoy, Zapier, Windows Azure Public Cloud Services, Bamboo HR, Wrike and Lucidchart, all seeing usage across Okta's customer base grow at over 200 percent. Slack in particular has seen run away adoption levels, growing 667 percent in 2015.
The report also shows strong cloud growth in the recruitment industry, with the number of Okta customers using recruiting apps up by 99 percent, beating the growth in project management and messaging apps. Greenhouse in particular has seen 580 percent usage growth in the 12 months from November 2014.
Multi-factor authentication is gaining ground too, with traditional security questions like mother's maiden name in decline. Instead providers are turning to devices like phones and smartwatches as well as biometric identification. Okta's data suggests an increase in the use of both hard and soft tokens too.
In addition it finds that responsibility for security is moving away from IT, with a 30 percent growth in the number of identity management purchase decisions where chief security officers were involved. Away from software it seems that enterprise tablet use has plateaued, declining slightly over the last year. Okta suggests that 2016 will be a make-or-break year for enterprise tablets. The report says, "In order for them to survive, manufacturers need to seek out and invest in strategic partnerships to add more computing power, better apps and features designed for productivity."
Finally the report suggests we may be entering an age of bring your own business (BYOB), where by using public loud services it's possible to run a small to mid-sized business with no infrastructure, no physical locations, no warehouses, no servers and no software. The company's data shows that shows that the median number of off-the-shelf cloud apps at companies has grown by 33 percent year-on-year, Amazon Web Services has grown at 123percent, and Microsoft Azure Cloud Services at 216 percent.
More information on the report is available on the Okta blog.
Photo Credit: Sergey Nivens/Shutterstock
A new survey of cyber security professionals from information management company Nuix shows that businesses are placing greater emphasis on insider threats.
The report reveals that 71 percent of respondents report that they have an insider threat program or policy, and 14 percent say that they allocate 40 percent or more of their budget to insider threats.
"The findings in this report are of no surprise -- they represent the same issues and concerns that we're advising our customers on every day," says Keith Lowry, Nuix's Senior Vice President of Business Threat Intelligence and Analysis. "First, there's greater awareness of insider threats thanks to the public profiles of Chelsea Manning and Edward Snowden. It’s also easier to steal information; for example, you can copy key files onto a thumb drive in seconds. And finally, sadly enough, theft of internal records has become culturally more acceptable".
People were reported to be 'almost universally' the biggest weakness in information security, ahead of technology and processes. Of the respondents that reported to have an insider threat or policy, 70 percent offer employee training to minimize risk. "The company employs intelligence teams that study different aspects of communications, user activity, social media, suspicious activity and other details," said one respondent.
Worryingly, 31 percent of respondents say that they don't know what people who have access to crucial data actually do with it. The cloud is an area of concern too, with 86 percent of respondents agreeing that it creates unique concerns including loss of visibility into the management of data and lack of regulatory compliance.
The full report is available to download from the Nuix website.
Image Credit: Brian A Jackson / Shutterstock
According to the results of a new survey, 84 percent of CIOs believe their organization can analyze data in real-time, however, only 42 percent of developers agree with that statement.
This difference of opinion is one of the findings of the study by in-memory data platform specialist VoltDB. Where 91 percent of CIOs, IT managers and developers do agree is that real-time streaming data analysis can have a positive impact on their company's bottom line.
Other findings are that 48 percent of developers believe the biggest obstacles to responding and acting in real time are budget and internal resource constraints, compared to only 18 percent of CIOs that feel the same way.
Only 35 percent of respondents define real-time as actions occurring in less than a second or in milliseconds, compared to 32 percent of respondents that define it in minutes or lack a real-time standard altogether. In addition 56 percent of respondents believe real-time streaming data applications have different requirements from big data applications.
"While there's increasing recognition that competitive advantage depends on how quickly you can use data to make your business smarter, more engaging, responsive and interactive, there's a gap in understanding how to effectively deploy the solutions that will have the most impact," says Peter Vescuso, vice president of marketing at VoltDB. "With the industry’s only purpose-built architecture for fast data, VoltDB powers mission-critical applications with new levels of features, functionality and performance, helping customers realize more value from the enormous amounts of live data entering their organizations".
More information on the results is available on the VoltDB blog and there's a summary of the findings in infographic form below.
Image Credit: watcharakun /Shutterstock
According to the latest Digital Trends Report from Adobe Digital Index (ADI) the Internet of Things is gaining a foothold in more and more people's lives.
The report is based on 22 billion visits to branded websites and over 20 million social engagements across Facebook, Twitter, Instagram and other sites. Also included in the report is survey data based on 400 US consumers who own either a smartphone or tablet.
The survey finds that 50 percent of respondents have interacted with home IoT devices, and that 15 percent own a smart device such as a thermostat, smart home system or smart smoke alarm. Social buzz indicates that ‘Google On Hub’ is the most popular IoT device.
"Mobile, and specifically larger-screen smartphones, are enabling a lot of behaviors," says Joe Martin, senior analyst at ADI. "People are really happy with how they're working. It's definitely making things easier. It also leads to the kind of data-driven world we live in now. You can look up your Nest thermostat and see how it’s being used, and you adjust it with your mobile phone and collect data about how things are working within your home".
Other findings are that browsing and searching are increasingly being done via personal assistant applications. Facebook M is expected to take the lead here, despite its limited beta, it's receiving four times more social buzz than any other digital assistant available today. Siri is currently ranked as the number one virtual assistant, but Facebook M is expected to overtake it once it’s broadly available.
Despite the move to digital assistants, the browser wars go on and Microsoft Edge is expected to gain traction with tech enthusiasts. Although only 1.4 percent of browser visits currently come from Microsoft Edge, with Chrome and Safari dominating browser visits, positive social media buzz for Microsoft’s browsers has increased by 75 percent. Edge has the highest adoption rate and is expected to gain traction with tech enthusiasts, especially as businesses roll out Edge to employees.
ADI also predicts that with nearly 40 percent of consumers likely to buy a smartwatch in the next six months, smartwatches are expected to overtake fitness trackers as the most common wearable technology. Social buzz indicates that the Apple Watch is the smartwatch most likely to be purchased.
You can find out more about the report's findings on the Adobe blog.
Photo credit: Odua Images / Shutterstock
Do you know how your employees are accessing content within your business? Enterprise file sharing specialist Egnyte has analyzed all of the unstructured data from its customers, no matter what device, storage, or apps they use, to discover the latest trends.
Having looked at this data over the last 12 months, they uncovered some interesting facts about the diversity of employee interactions with their company content.
Findings include that only 15 percent of users utilized both desktop and mobile apps to access content. This suggests that employees are highly specialized, using mobile or desktop according to their roles in the company. Workers in the field likely to only use apps on their mobile devices (24 percent), whereas office-based employees are likely to only use apps on desktop (61 percent).
What is perhaps more surprising is that 63 percent of users utilized two or more operating systems (Mac, Windows, Linux, etc.) when accessing content. This indicates a willingness and ability to work with a variety of tools and devices and that employees need to have choices for how they get their work done and what tools they can use.
Google Chrome dominates the business sector with a whopping 60 percent of activities done via the browser. Internet Explorer trails at only 20 percent and Safari unloved at only five percent. However, 40 percent of employees actually use two or more browsers when accessing their content.
You can find out more about the results on the Egnyte blog and there's a summary in infographic form below.
Image Credit: Goodluz / Shutterstock
Mobile marketing company Celltick has mined its user interaction data to produce an Android Usage Trends report revealing insights on how users around the world use their mobile phones.
Among the key findings are that the vast majority of smartphones in Asia (71 percent) and the Middle East and Africa continue to be configured with English. Facebook might be ubiquitous, however, Facebook Messenger is only popular on low-end phones, amongst higher-end handsets, Skype is the most common application installed.
Other interesting findings are that smartphone users in India interact with their phones more than twice as often as their European counterparts. Indian users unlock or glance at their phone up to 36 times an hour, compared to a peak of 16 times an hour in the US.
New versions of Android often take time to expand in key mobile growth regions, with only six percent of users in South Asia currently deploying it. Brazilians spend almost three-quarters of their time on Wi-Fi networks, which is a reflection of their urban lifestyle. By contrast, the Japanese use cellular connections 65 percent of the time, thanks to cheap and fast cellular data network investments alongside slow Wi-Fi deployment.
Interestingly Americans aren't as addicted to Wi-Fi as they appear, spending only 55 percent of their time using Wi-Fi and the rest on cellular networks.
"Analyzing Celltick's rich behavioral data was a productive exercise, leading to some fascinating conclusions about how, and why, people are using Android smartphones today," says Ramgopal Vidyanand, VP Marketing and Business Development at Celltick. "With these insights, players across the mobile ecosystem will be better empowered to reach and engage mobile users more meaningfully, creating new revenue streams while helping to maximize existing ones".
The full report is available to download from the Celltick website.
Photo credit: Bloomua / Shutterstock
When you think of peer-to-peer file sharing you probably bring to mind services like Kazaa and Limewire that were among the early sites allowing users to share media, or of more recent operations like Pirate Bay.
But while it's easy to think of P2P in terms of individuals downloading music or movies, a new report from security rating company BitSight reveals that it’s a problem for businesses too.
BitSight looked at 30,700 organizations and observed file sharing activity in 23 percent of companies using the BitTorrent protocol. Much of this activity is likely against corporate policies -- although there are no published metrics on what percentage of companies prohibit P2P file sharing, many companies do have explicit rules against it.
Among the findings are that 43 percent of application files and 39 percent of games files shared contained malicious software. Grand Theft Auto V and Adobe Photoshop lead the respective lists of top torrented games and applications, the top five in each category being:
Top Torrented Games:
1 Grand Theft Auto V
2 The Sims 4
3 Mortal Kombat X
4 FIFA 15
5 The Witcher 3
Top Torrented Applications:
1 Adobe Photoshop
2 Microsoft Office
3 Microsoft Windows 8.1
4 Microsoft Windows 7
5 Microsoft Windows 10
The report also finds that there's a correlation between botnet activity and file sharing activity. And it reveals that more than a quarter of companies in the government, energy/utilities, and education industries have observed BitTorrent file sharing activity in the last six months.
"While the sharing and downloading of copyrighted or pirated content and applications over peer-to-peer typically violates most corporate policies, the behavior continues to occur at a high rate. Movies and games often come to mind when organizations think about P2P file sharing; however, the majority of infected applications that we uncovered were either Adobe Photoshop, Microsoft Office or various versions of the Microsoft Windows operating system," says Stephen Boyer, co-founder and CTO of BitSight Technologies. "Our analysis found a high degree of correlation between organizations participating in P2P activity and system compromises via malware infections. The high malware infection rates suggest that organizations with file sharing activity are more susceptible to machine takeover. File sharing activity can serve as one of many key risk indicators and should be considered not only internally, but also when assessing vendor risk, conducting M&A due diligence, and underwriting cyber insurance".
You can get more detail in a full copy of the report from the BitSight website.
Photo credit: Imagentle / Shutterstock
When moving applications to the cloud it's easy to fall into the trap of believing that security can safely be left to the provider.
For Amazon Web Services customers there's now an extra layer of security on offer from Hillstone Networks. Hillstone CloudEdge is deployed as an Amazon Virtual Private Cloud (Amazon VPC) gateway to provide an additional layer of security protection.
It integrates with multiple security services, including firewall security, application visibility and identification, VPN, IPS, QoS, SLB, and attack protection, to ensure security for cloud deployments.
"Hillstone CloudEdge provides strong security protection for various cloud environments," says Lingling Zhang, Vice President of Marketing & Business Development of Hillstone Networks. "Our customers want easy-to-use solutions that are available for immediate purchase and deployment. The introduction of Hillstone's CloudEdge demonstrates our focus on offering comprehensive security solutions that power and promote the customer business".
Features include dedicated cloud security isolation, all traffic flowing across the Amazon VPC is inspected and unauthorized access attempts are prevented based on user and application identification and control.
Hillstone supports Amazon VPC service maintenance through the integration of a snapshot backup of CloudEdge, enabling rapid restoration of virtual firewall services with the most current configuration, in the event of an appliance failure or system crash. It also provides control based on applications, offers comprehensive reports on Amazon VPC traffic, and helps AWS users achieve the lowest cost for network security.
Firewall protection includes north-south traffic inspection to provide the VPC network with dedicated security isolation via policy and granular access control, plus QoS, VPN, IPS and server load balancing to guarantee business continuity.
Standards-based site-to-site VPN connections can be established between the corporate local network, branches and the AWS virtual service. In addition server load balancing helps businesses establish an Amazon Elastic Compute Cloud (Amazon EC2) instance.
You can find more information about CloudEdge on the Hillstone website.
Image Credit: Maksim Kabakou/Shutterstock
For enterprises and government departments the biggest threats can often come from within the organization rather than outside it.
Detecting these insider threats can be difficult which is why security company Eastwind Breach Detection is launching a new platform that uses rich data, behavioral analytics, and threat intelligence to pinpoint anomalous behaviors even before they're classified as breaches.
"Government and enterprise IT professionals today fight a complicated battle," says Paul Kraus, CEO and founder of Eastwind Breach Detection. "Between API-driven apps, distributed work teams, and a global army of hackers that never sleeps, black hats constantly find new and creative ways to break into networks. Eastwind arms security teams with an intelligent defense: a way to reliably detect hackers in the network before they act".
By storing and mining more than a year's worth of rich network metadata, Eastwind can examine not only current network conditions, but continually analyze historical data against updated threat sources to find breaches that would have otherwise gone unnoticed.
A customizable set of dashboards displays suspicious activity, such as pings by known malicious IPs, while a brief weekly summary of activity and network health saves users the time needed to compile the big picture themselves.
It can be deployed on private clouds with custom data enrichments, lookup rules, and custom application scanning. It can also monitor network activity for other purposes, such as acceptable use policy enforcement and compliance. Eastwind can also detect the possible transmission of stolen data such as payment details. Smart alerts mean fewer false positives allowing admins more time to investigate real issues.
Gregg Frohman, VP of Business Development at Eastwind points out, "Protecting the perimeter remains critical to a defense-in-depth strategy. However, we read daily how these solutions alone are getting thwarted by ever-changing tactics. Pre-breach prevention and post-breach detection go hand-in-hand, and we are partnering with a growing number of end-point protection providers to increase each other's overall effectiveness".
You can find more information on Eastwind Breach Detection and sign up for a free trial on the company's website.
Image Credit: Andrea Danti/Shutterstock
Employee use of email and web browsers is still one of the most common ways that businesses suffer from cyber attacks, which underlines the need for effective protection.
Endpoint security specialist BUFFERZONE is announcing its product's support for Windows 10 to protect organizations upgrading to the latest OS from advanced threats, zero-day attacks, drive-by downloads and phishing scams.
BUFFERZONE's technology works by isolating internet applications in a secure, virtual container which prevents employees from inadvertently downloading malware and putting the organization at risk. It prevents malware from reaching the endpoint by running browsers, email and other internet applications, as well as removable media, in their own virtual environment. Threats are contained rather than relying on detection process that may not be 100 percent accurate, protecting the endpoint from infection and helping to guard the rest of the network.
"The most vulnerable party in information security today is the user endpoint, making the extra layer of protection increasingly necessary," says Israel Levy, CEO of BUFFERZONE. "We are happy to provide BUFFERZONE support for Windows 10 to meet the pressing need for advanced protection from malware, including ransomware, drive-by downloads, and phishing scams".
More information on BUFFERZONE's endpoint solutions for business is available on the company's website.
Photo credit: Anton Watman / Shutterstock
Marketers are always keen to understand customer purchase intentions. But whilst there are many tools aimed at building consumer intelligence can business to business organizations benefit too?
Washington DC based True Influence thinks so and is launching a new data-as-a-service solution called InsightBASE, which monitors and curates online behavioral signals. It aims to allow B2B marketers to engage with prospects even before they directly identify themselves as being in the market.
"The B2B buying journey begins with online research," says Brian Giese, CEO of True Influence. "With InsightBASE, marketers now have the entirely new B2B capability of monitoring visits to third-party B2B websites. It provides a new view and a new opportunity that marketers never had access to before, and marketers are enjoying an average improvement of 400 percent in campaign conversion results".
InsightBASE works by monitoring online activity by individuals visiting business websites from their corporate domains, capturing the web pages visited and the content of those pages. Comparing the activity level of target companies over time allows the software to identify surges in interest using select keywords.
The intelligence can be integrated with a company's existing CRM or marketing automation systems such as Oracle Eloqua, Marketo, and Salesforce, allowing marketers to launch campaigns automatically and target companies that meet a certain interest level criteria.
The information can be used to accurately target display advertising on websites and in trade publications. It can also enable the sending of timely, targeted email marketing.
InsightBASE uses a subscription pricing model based on the number of accounts monitored. More information is available on the True Influence website.
Image Credit: donskarpo / Shutterstock
Choosing software and cloud solutions for business is a difficult task and getting it wrong can have serious consequences. We've all heard horror stories about money being wasted on systems that either don't deliver or are left unused.
So, how can organizations make better decisions on systems purchases? We spoke to Venkat Devraj, CEO of technology selection specialist, SelectHub, to find out.
BN: There's a perpetual tug-of-war between business managers and IT departments when it comes to technology selections -- who should take the lead?
VD: Your question highlights a key issue for IT in many organizations: are they seen as a helpful, strategic partner or just a roadblock? How many end-users and business unit leaders view IT as a trusted advisor -- someone who understands their pain and more importantly, is ready to do something about it in a reasonable time frame? Engaging with IT often means imposing a drawn-out process comprising service desk tickets, questionnaires--and sitting through meetings with IT personnel who rarely share the sense of business urgency.
BN: So you're saying avoid the IT department whenever possible?
VD: For the sake of your technology investments, it's not advisable to bypass your IT department. However, regardless of who's initiating the selection or leading the project, for IT to be brought into the loop early and often, it needs to act as a strategic facilitator rather than a control group.
Rather than being obsessed with arcane concepts such as architectural compatibility and relying on archaic selection tools such as Word docs and Google spreadsheets, they need to evolve the underlying process with a prescriptive workflow which can be driven by end-users in self-service mode. This involves a major rethinking of the way IT typically operates -- if they want to remain relevant and provide real business value to their organizations.
BN: How does IT reinvent itself to become more relevant?
VD: IT needs to be relentless in eliminating administrative overhead and make its presence felt as an agile service broker and a provider of relevant market context to help the business units make the right decision. Some progressive organizations are already going down this path via a disciplined Technology Selection Management (TSM) methodology.
In our experience working with over 2,000 IT selection projects across a variety of industries and company sizes, any notion of cookie-cutter selection approach does not work. In these complex events, the overall process needs to be separated into a sequence of steps such as functional requirements gathering, technical requirements gathering, vendor/product short-listing, and all validation steps -- right through to financial due diligence, and contract negotiation. Each step should be viewed discretely and led by project managers from IT or end-user business units, depending on the scope of that step and the net beneficiaries.
Expecting a single group to represent and lead the entire process results in various incorrect assumptions and compromises being made, which ultimately jeopardize the success of that investment.
BN: Has the rise of the cloud changed the procurement landscape, allowing line managers to bypass IT for example?
VD: Yes, and we are seeing it grow at a non-linear pace. In 2013, when we first launched, we saw over 90 percent of our users were IT personnel. Now that percentage has come down to 50 percent, with over 40 percent of projects completely bypassing IT -- IT is not even a passive stakeholder in the process!
BN: How can the process ensure that security and compliance requirements are met?
VD: When offering technology selection as a service within their organization, IT should seed the TSM workflow with their security, compliance and architectural requirements upfront so it doesn't become an afterthought.
Other control groups such as finance and procurement can do the same thing by incorporating vendor due diligence and contractual requirements based on specific parameters such as scope of purchase, departments being impacted and size of budget.
BN: With all these pre-set requirements, aren't we back to IT being a roadblock?
VD: Quite the opposite. By building those requirements right into the process backbone, end-users are not held hostage to IT and finance personnel not being available to vet the process thus eliminating latency and re-work. Any selection event initiated by end-users would seamlessly encompass relevant functional and technical criteria that are uniformly applicable to a project of that kind.
BN: Do senior managers need to adjust their mindset to take account of hybrid and cloud environments?
VD: End users primarily care about functionality and time to value. Cloud-based deployments shrink implementation time lines and operational costs significantly. So there is a great deal of migration happening to the cloud. Gartner has predicted that on-premise software will decline from 34 percent last year to 18 percent by 2017. Given that the cloud has become the first choice for deploying applications, it will continue to disrupt the traditional stodgy technology selection processes that IT and procurement managers have relied on, creating a greater urgency to evolve towards an agile TSM practice.
Image Credit: wavebreakmedia / Shutterstock
Sitting down, so medical professionals tell us, is bad for you. As a species we’re designed to stand up and move about rather than sit in front of a screen. The trouble is, modern office-based work doesn’t really lend itself to this hunter/gatherer lifestyle.
The answer for some people is to have a standing desk so that you can bash away at your keyboard from a vertical position. It may not match the thrill of the hunt, but at least it gets you off your backside. The trouble is, purpose built standing desks can be eye-wateringly expensive, especially some of the sophisticated motorized models, and you have the problem of where to accommodate an extra piece of furniture.
The latest product from Ergotron provides a solution, the WorkFit-T sits -- or rather stands -- on top of your existing desk or table and allows you to choose whether to work from a sitting or standing position.
What Is It?
It comes in a choice of black or white finishes with a built-in keyboard tray and has the option of a monitor riser so that you can adjust the height of your screen separately. Risers are available for both single and dual monitor set ups and screens up to 30-inches in size, compatible with the VESA MIS-D mounting standard with 75 or 100mm hole centres.
The first thing to note about the WorkFit-T is that it’s no flimsy flat pack. It’s a serious, heavyweight (our review unit was delivered on a pallet) piece of kit with engineering Brunel would be proud of. The riser is a chunky piece of kit too, weighing an extra 3.6Kgs on top of the 26Kgs of the WorkFit-T itself -- don’t go standing this on your auntie’s old card table with the wobbly legs!
It comes pre-assembled so you’re ready to go once you’ve liberated it from the packaging. It’s supplied with some braided cable sheathing to keep things neat and tidy and keep stray wires away from the lifting mechanism. Fitting the optional monitor riser requires a little bit of screwdrivering but nothing too strenuous. There’s a maximum weight limit for equipment of 35lbs (around 16Kgs), which should be more than enough for everyday use.
It uses a counterbalanced mechanism that moves up and down but stays within the footprint of your desktop. There’s minimal effort involved in changing the height, you simply release the brakes at either side and lift gently then it rises until it hits the top of its travel or you put the brakes on again. Lowering it is equally easy, just a gentle downward pressure once the brakes are off, so you can switch easily between sitting and standing. There’s 15-inches (38cm) of total movement, so most people should be able to find a comfortable working height.
In Use
Once in position, whatever height you have it set at, it provides a solid, stable work surface that you can lean on while working without it tipping or dropping in height. Adjustment is simple and quick, it’s a two-handed job as you have to release both brakes simultaneously, but that’s no hardship and it helps keep your fingers away from the moving parts. You need to make sure your cables are long enough so that they’re not stretched taut when the Ergotron is at the top of its travel. You’ll probably need to invest a few pounds in USB and maybe video cable extensions.
The optional monitor riser gives you an extra five inches (13cm) of height adjustment on the screen, as well as allowing you up to 30 degrees of tilt so you should be able to find a comfortable working position. The mount can be rotated too if you like to switch between portrait and landscape modes.
There’s plenty of space on the work surface so you have room for phones, papers, cuddly toys and whatever else you choose to surround yourself with when working. The surfaces themselves have a lightly grained finish rather than being completely smooth which makes for a good mousing environment. The keyboard tray is a generous size so there’s room to place a small mouse mat next to your keyboard if you wish.
It does raise the height of your work surface slightly when you’re sitting down so you’ll need to fine tune your seating position to get the recommended 90 degree elbow bend. Working standing up takes a bit of getting used to, so it’s good that the Ergotron lets you quickly switch between sitting and standing as you can gradually wean yourself away from your chair for longer periods. A word of warning for open plan office users here, if you listen to music while working you’re much more inclined to move to the beat when standing up!
Conclusion
At £310 (ex VAT) for the basic unit in black, plus an extra £68 for a monitor riser kit, the WorkFit-T isn’t cheap, however it’s less than a complete new standing desk. It has a 5-year warranty but you get the impression it’s built to last several lifetimes, and what price do you put on your -- or your employees -- health?
You can find out more about the benefits of standing desks on the JustStand.org website and more about Ergotron products on the company’s website.
Pros
Cons
Company | Release Price |
ITProPortal Review |
---|---|---|
Ergotron | £310 | 9/10 |
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Although many enterprises are keen to deploy mobile apps for their workforce and to support BYOD and extended working, they've often been held back by traditional app distribution options. Historically this has required IT organizations to bring devices under management -- for corporate owner, corporate liable, and BYOD devices -- which can put a brake on enterprise mobile app deployments.
To find out how new approaches can allow data to be secured at the app level, we spoke to Mark Lorion, Chief Product and Marketing Officer at mobile app management and security company, Apperian.
BN: Is a lack of flexibility in app distribution holding back the implementation of mobile strategies?
ML: In the past, Enterprise Mobility Management (EMM) platforms were the go-to for enterprise mobility initiatives. But because they typically require that a Mobile Device Management (MDM) 'profile' be installed onto a users' device, it requires IT to bring the device under management before any apps or content can be deployed to the user. This isn't really an issue for corporate-owned devices, but with the move to BYOD many users are not willing to allow the IT organization to install MDM profiles and control their personal devices. Similarly, many organizations want to enable their business partners, contracted workers, dealers, and other non-employees with mobile apps and those users often will not -- or cannot -- have their devices under management. In other cases, a mobile device may be under management by another IT organization (could be another company or another agency in the public sector) and therefore can only receive enterprise apps from one source (because mobile devices can be under management from one MDM profile.) These scenarios reflect users who are unreachable using traditional EMM platforms.
A big shift that has occurred in the mobility industry is the move toward app-level security and management. This best-of-breed mobile app management (MAM) approach applies policy to each app and enables the app to be deployed with appropriate security and management controls so that MDM is not required to ensure the safe delivery and use of the app. When policy is applied at the app level, instead of directly on the device, enterprises can maintain security and management control without having to issue corporate devices, or install policies on users’ personal devices.
BN: How does applying security policy via the app rather than the device help?
ML: Applying security policies to apps enables fine-grained levels of control, security and management capabilities, without requiring that device be under management. A truly effective approach to applying the policies to each app can be done via a dynamic 'wrapper' that will apply desired policies directly to the app itself and without requiring that developers make code changes or use SDK's. For example, app-level policies can allow IT to lock access to an app, or wipe data on a specific app, or require two-factor authentication for app access, and more – without MDM being on the device.
One huge benefit of this approach is that the app can be deployed anywhere -- with or without MDM being on the device. This means those unreachable users highlighted above are now within reach of corporate mobile apps. Another benefit is that it allows the organization to apply many additional layers of security and control over the app, making the app suitable for deployment in highly secure settings.
All of this increases the number of potential users who can be served and drives the adoption of mobile apps while reducing the burden on app administrators. This allows organizations to focus on what matters most – building critical apps for their employees and getting them into the hands of 100 percent of users.
BN: Does this improve the experience for employees too?
ML: Yes. Modern workers tend to move back and forth between personal and work activities on one device. By allowing them to do so without encroaching on their personal device and data is becoming an expectation, especially with the proliferation of BYOD. Employees can feel confident in their ability to work from any location, without giving their employers access to the entirety of their personal information.
The app-level approach to security and management is less intrusive, but it also creates a more secure app and one that offers a smoother user experience. If an app is updated on the back-end, policy can push that update to a user directly, without them having to proactively go look for a download. IT can also gain remote access to help troubleshoot any challenges with the app. There’s no learning curve, or foreign platform users need to access apps through. It really creates a more native experience, similar to the way users experience consumer apps.
BN: Is this only for larger enterprises or does it scale to smaller businesses too?
ML: If an organization has an app that is important to securely get into the hands of all possible users, then a MAM-based approach to app security and deployment should be considered -- regardless of company size. In the past, larger organizations tended to be the early adopters of this approach, mainly because they were the early developers of mobile apps for enterprise use. With the costs and complexity of developing mobile apps decreasing while expectations of mobile-enablement by workers increasing, organizations of all sizes will face these requirements.
Virtually every worker has a smartphone today -- and many of them are doing work in places other than a traditional office where they'd have access to more business technologies. Apps that streamline workflows that can have a significant impact at SMBs, too, when it comes to business-critical processes such as sales teams closing deals or writing contracts on-the-go.
BN: What safeguards are in place to deal with lost devices, employees leaving the company, etc?
ML: The app-level security and management offered by a best-of-breed MAM platform should provide a number of controls to handle these scenarios -- all without requiring the use of MDM on the device. There are a variety of access controls, such as passcode access or 2-factor authentication that can be activated to keep an app from launching. There are 'data wipe' policies that allow centralized administrations or security personnel to remotely delete all data contained in the app or they can force updates to the app, which render it useless. These approaches and others can be activated remotely and without requiring that the devices are under management. This provides tight security controls over just the organization's apps without affecting a user's personal apps or data.
Image Credit: Sergey Nivens / Shutterstock
Businesses are notoriously reluctant to make the leap to a new operating system. But by the start of 2016 Windows 10 will have been around for six months, so can we expect next year to be the start of its taking off in the enterprise?
We spoke to Deepak Kumar, Founder and CTO of configuration management specialist Adaptiva to get his views on the march of Windows 10 and more.
BN: Will we see Windows 10 adopted by enterprises in a big way next year?
DK: Yes, we will. We've already witnessed Windows 10 take off quickly, surpassing both Windows XP and OSX. Consumers are adopting Windows 10 extremely rapidly as they generally have no revenue stream at risk, IT costs to budget, compatibility testing to conduct, regulation compliance to consider, security policy to enforce, etc. Enterprises have to calculate all of those factors, and determine if the time and cost of migrating right away is worth it. Microsoft took their eye off the ball with Windows 8, but with Windows 10 they got it right. Not only have they paved a much smoother upgrade path, but they've made a great OS that delivers business-critical capabilities. Enterprises want to upgrade because of what Windows 10 can do for them in terms of integration, security, compliance, productivity and other new capabilities. I've been running Windows 10 since beta and it's rock solid.
BN: Is this going to drive demand for migration solutions to streamline deployments?
DK: Absolutely. IT directors are struggling to figure out how they’re going to deploy Windows 10 on thousands -- or hundreds of thousands -- of computers without breaking the budget or taking forever. Traditional enterprise deployment methods require global infrastructure, expensive consultants, and massive administrator effort. Even with those resources, migrations can take years as evidenced by the fact that some enterprises are still running Windows XP. That is no longer acceptable. The pace of business has accelerated dramatically. Global businesses are demanding new technologies that allow rapid, high-volume deployments that don't require a vast server infrastructure, additional WAN capacity, or massive professional services expenditures. Enterprises will seek infrastructure-free solutions that protect the WAN and automate nearly everything. This will help them cut years off their Windows 10 migration timelines, and realize enormous cost savings as well.
BN: Will this provide a boost to the overall PC market?
DK: This is something we'll see more visibly in the enterprise market specifically. Mobile devices are changing the world, there's no doubt about it. However, most of what people do in the enterprise requires a dedicated system. Have you ever tried to create a complicated spreadsheet on your phone? You can do it, but not very fast. Most people need keyboards and full-size screens to be productive. Also, the cost of laptops and PCs is unbelievably low. In some cases, you can get a highly functional computer for nearly the price of a cell phone. With the epic failure of Windows 8, many companies have held back from migrating off the aging Windows 7 on a widespread basis. With Windows 10, enterprises feel certain they have a modern OS that is a safe investment for the future. Microsoft said Windows 10 will be the last version of Windows and has moved to service branches giving businesses additional confidence. As Windows 10 grows in the enterprise, so will enterprise PC sales.
BN: We keep hearing about how big data analytics is going to revolutionize system management, is this just hype?
DK: It's not hype. Current integrations of big data analytics solutions are often unwieldy, leaving perishable business insights undiscovered in disconnected data silos. The solutions are complex and require enormous resources just to set up. This leaves a huge door open for vendors to provide big data solutions that are more cost effective and practical. Systems management vendors are particularly well positioned to do this, because they already have access to distributed data and key pieces of platform to conduct big data analysis. Where companies can't cost-justify a pure-play big data technology, this type of solution could provide a viable option for getting actionable intelligence from globally disparate big data.
BN: With higher demand for data can we expect to see bandwidth usage become more regulated in order to control costs?
DK: According to IDG, the average enterprise network will expand bandwidth at a 28 percent compound annual growth rate through 2017 due to a variety technologies including cloud computing, mobile everything, and video. IDG reports that by 2017, enterprises that do not control network use risk requiring up to 3 Mbps per user of bandwidth, more than 20 times the average needed in 2012. This sets the stage for companies to find ways to limit bandwidth use. Businesses won’t cap user data on a broad scale like cellular companies do, but they will develop policies and processes to curtail bandwidth use. At the same time, enterprises will seek to deploy more bandwidth-efficient technologies to reduce the amount of bandwidth needed.
Photo credit: rvlsoft / Shutterstock
As the IT world is changing it's not uncommon for companies to be using a mix of cloud and on-premise solutions. These hybrid environments offer a best of both worlds option but do present problems when it comes to managing resources.
To find out how managers can address these challenges and what tools they can use to help, we spoke to Dana Epp, CTO of IT management specialist Kaseya.
BN: The cloud is meant to make things easier, but do hybrid environments inevitably lead to greater complexity?
DE: A lot of the complexity comes from the fact that when people start adopting the cloud IT isn't always involved. CRM systems like Salesforce can make life easier for the sales team but it becomes complex for IT if they're not part of the decisions. Over the last five years or so there are so many new tools available in the cloud and they're easy to buy with just a credit card so you don't have to be in IT to get hold of cloud services.
This growth of 'shadow IT' means that you end up needing to implement tools and strategies to watch for these behaviors and take back control. The most important part of this is not so much the systems as the data they hold which is a corporate asset and needs to be protected. The complexity comes from understanding how you can get visibility and control, whatever tools you’re using. You also need to ensure that you have the ability to recover when things go wrong.
BN: What do businesses need to be aware of when selecting cloud partners?
DE: The most important thing is to realize that not all cloud partners are the same. It's vital to look at a potential partner's data center management to ensure they're providing redundancy, security, backup, and that they have the right staffing to handle the management of the systems. But having the ability to run a data centre doesn't necessarily make you a good cloud partner. Things like being able to maintain the data and have access to it are vital to companies looking at cloud services.
You need to look for providers that have geographical redundancy, but you also need to be aware of any compliance restrictions on where data can be stored. If you’re in Europe for example you may not want your data stored in the US. Some cloud providers will have multiple data centres around the world, but it’s important to understand what happens when the system fails over, does geographical redundancy mean your data may end up somewhere it shouldn't be?
You also need to look at what due diligence providers carry out on their systems and infrastructure. The big three, Google, Microsoft and Amazon, spend a lot of time and have dedicated staff to make sure they meet compliance obligations of different standards. One of the values of going to the cloud is that you can leverage that expertise.
BN: How much of the move to hybrid environments is about changing the management mindset?
DE: It's difficult for some organizations, especially at board level, to be willing to give up control. What they don't always understand is that you're not abdicating responsibility, you're delegating it to a service that can provide you with a better, more flexible and more efficient service than you could run in-house.
You can also spin up more resources quickly when needed, so it becomes an operational expense rather than a capital one. That mind shift needs to happen and it allows you to get the job done better and faster. For example mining companies are able to use public cloud for a short period of time to do an intense amount of work, but if those servers were on-premise they would sit idle for nine or ten months of the year. In many ways cloud is just an extension of your infrastructure management. The key is to make sure the right people have access when they need it regardless of where the data is located.
BN: Is it possible to get a 'single pane' solution that allows enterprises an overview of all their systems?
DE: To accomplish that your technology selection and infrastructure have to be well aligned. If you're picking solutions that don't integrate and don't allow information to be shared you'll never get that single pane. At Kaseya we make sure we follow the standards that are there so that we can communicate with the devices, the data and the people so that we have that visibility.
But of course the world is always shifting, you have IoT devices all of which have IP addresses and which need to be managed so that there's no risk to the organization. Managing everything from a single pane, therefore, is a constant challenge.
BN: Can we expect to see more focus being placed on analytics and automation in systems management?
DE: The more data that's available the more we can make informed decisions about what's going on. We can create a holistic report that can show business owners what type of applications they're running. The next stage is to automate that so that if, for example 13 percent of employees are using Dropbox, management can decide if that's an activity they want to permit and, if it's not, disable and uninstall the software automatically. You can also automate the ability to sign in to applications like Salesforce and manage the users.
It helps when employees leave the organization too because you can automate the provisioning of cloud applications, reassign licenses and so on. Similarly with new starters, if the HR system is talking to other systems then an employee can automatically be added to the right groups and given access to the apps and cloud services needed to do their job, so IT doesn't have to be involved in manual provisioning.
BN: Does that also mean companies can save on licensing costs?
DE: Yes, if you have that visibility into applications you can de-provision licenses and reassign them. That's a potentially huge cost saving in larger organizations, by managing software and cloud use effectively they could be saving thousands of dollars every month.
Whilst it's possible to do everything in the cloud, in reality most enterprises will have a hybrid approach. Companies should be able to use the same governance and policies to deal with all of their systems. That can save them money and deliver a better experience for the user.
Image Credit: jannoon028 / Shutterstock
London has long been a global tech hub, but a new study indicates that salaries for software engineers in the UK capital are lagging behind those of major tech centers in the US.
The study of salary data from tech marketplace Hired shows that, compared to San Francisco and New York, UK companies actually offer the lowest average salaries for software engineers.
When adjusted for cost of living, an engineer earning an average salary in San Francisco would make the equivalent of £86,000 ($130,000) a year, while an engineer earning an average salary in New York would make an equivalent of £81,000. By contrast, in London the average developer salary is £54,000 a year, making San Francisco and New York salaries are 37 percent higher and 33 percent higher respectively.
"Our data science team spent many hours digging into this information to find out not only how different tech hubs like New York, San Francisco and London stack up against one another in terms of salary, but also how that translates into quality of life in those markets", says Lindsey Scott, Director of Communications writing on the Hired blog. "While most people know that software engineer salaries are particularly high in San Francisco, they often don’t fully understand how the cost of living impacts those figures".
Perhaps unsurprisingly the data reveals that, generally speaking, the larger the company the greater the salary offered. For early stage startups that can't compete with larger companies on salary, perks like flexible working hours or the ability to work remotely are an important part of the overall package to help attract candidates. Many of the companies featured in the report cite additional perks, with 18 percent offering flexible working hours, while 16 percent free lunches.
The report also shows that although London businesses are hiring talent in the UK, they are also very willing to recruit from across Europe. Some 28 percent of UK job placements were from other parts of Europe or from the US, with San Francisco-based candidates receiving the highest number of offers from London companies. European candidates were drawn primarily from Spain, Sweden, and France.
More information can be found in the full report which is available to download from the Hired site.
Image Credit: Duc Dao / Shutterstock
For the first time in five years, humans were the ones responsible for the majority (51.5 percent) of all online traffic, up from just 38.5 percent in 2013.
This is according to the latest Imperva Incapsula Bot Traffic Report which shows that good bot traffic decreased, from 31 percent in 2013 to 19.5 percent in 2015, while bad bot traffic remained static, at around 30 percent.
What's the difference between good and bad bots? Good bots assist the web's evolution and growth. Their owners are legitimate businesses who use bots to assist with automated tasks, including data collection and website scanning.
Bad bots are the malicious intruders that swarm the internet and leave a trail of hacked websites and downed services. Their masters are the bad actors of the cyber security world, from career hackers to script kiddies. In their hands, bots are used to automate spam campaigns, spy on competitors, launch DDoS attacks or execute vulnerability scans to compromise websites on a large scale.
The decline in good bot traffic isn't simply due to greatly reduced activity by a few groups of bots. The report shows that it's across the board, with 442 of 484 good bot clients displaying negative growth or an extremely low growth of less than 0.01 percent. Individually, none of them declined by more than two percent. Moreover, out of 42 good bots that displayed increased activity, only one displayed an increase of more than one percent.
Another interesting finding is that bot traffic to small and medium sized websites is increasing while that to larger and more popular sites is down. Human traffic on the other hand is up thanks to an increase in the number of people able to access the web and the fact that we're staying online for longer.
Analysis of bad bot traffic shows that while 'impersonators' -- bots designed to bypass security solutions -- are up, other types are down. This includes a decline in spam bots, put down to the fact that Google penalizes hosts and sites that benefit from spam links.
You can see more of the report's findings in infographic form below.
A high percentage of Americans would change their shopping habits if their favorite retailer was hit by a data breach according to a new study.
Data security specialist Vormetric commissioned the survey over 1000 US adults from Wakefield Research which found that for 85 percent of respondents the significant personal consequences that can result from a breach would cause them to find a new place to shop.
Factors that would cause them to take their business elsewhere are, if money was taken from their checking account (67 percent), unauthorized charges appearing on their credit card (62 percent), leakage of personal information (57 percent), and damage to their credit score (54 percent).
"It's been two years since major retail attacks made 'data breach' a household word", says Tina Stewart, VP of marketing at Vormetric. "The revelation of a major data breach following the Black Friday weekend in 2013 was the starting point for two record years of data breaches that have followed. Events since then have demonstrated just how much financial and reputational havoc a data breach incident can wreak on beloved brands".
The results underline the fact that retailers need to take security seriously or risk losing their customers. Protecting data by meeting minimum compliance requirements is no longer sufficient to guard sensitive data. Many recent retail breaches have occurred at organizations that were certified compliant with highly ranked standards like PCI-DSS.
"The time has come for retailers -- and indeed all organizations -- to embrace a data-centric mindset and change their approach to how their data is protected", says Sol Cates, CSO at Vormetric. "With attackers now using multi-phase approaches to breach organization's perimeters and networks, a stronger focus on better securing company data where it is stored is required. Encryption and access controls are now front-line defenses for defending data at rest. With encryption becoming increasingly easier to implement, there is no excuse for not protecting your organization’s sensitive data, regardless of where it resides".
More information on how retailers can protect themselves is available in the 2015 Insider Threat Report on Vormetric's website.
Image Credit: Sergey Nivens / Shutterstock
Extracting useful information from business data used to mean waiting for the IT department to run reports. Increasingly though there's demand for users to be able to extract information themselves.
The latest company to join this trend is Israel-based Anodot which is aiming to disrupt the static nature of today's BI using patented machine learning algorithms for big data.
Anodot's Anomaly Detection solution is data agnostic and automates the discovery of outlying events in all business and operational data. The platform isolates issues and correlates them across multiple parameters to find and alert on incidents in real time.
"I experienced the data analysis lag problem first hand as CTO for Gett", says Anodot's founder and CEO David Drai. "As a mobile taxi app, SMS text orders were dropped by the carrier but it could take up to three days to spot critical issues and fix them, costing tens of thousands of dollars per incident. That's where I got the idea for Anodot -- to employ the latest advances in machine learning to detect performance problems automatically and in real time, eliminating the latency".
Features of Anodot Anomaly Detection include real time operation, and the ability to work with any type of metric or KPI and scale to any big data volume. Using proprietary patented machine learning algorithms it correlates different metrics to help identify the root causes of problems and eliminate alert overload.
Its simulation capability optimizes alert planning and reduces false positive alerts as well as cutting out the need for time-intensive manual analysis. As a result non-specialists can gain the insights they want with clear visualizations that help any user to understand what the data is showing them.
The company has received $3 million of venture capital funding to accelerate its product roadmap and expand its sales activity, focusing on the ad tech, e-commerce, IoT and manufacturing industries in the US and EMEA. You can find out more and request a trial of the software on the Anodot website.
Image credit: David Gaylor / Shutterstock
All organizations have the same key concerns regarding the security of their data in the cloud, according to a new report.
The study by security-as-a-service specialist CloudLock reveals that every organization shares five primary cloud cyber security concerns, regardless of industry. These are: account compromise, cloud malware, excessive data exposure, over-exposed personally identifiable information (PII) and payment card industry (PCI) data, and collaboration.
Excessive sharing is the main worry, with 83 percent of technology organizations concerned with ensuring access permissions to sensitive data are granted appropriately. This is followed by the K-12 education sector (77 percent), financial services (75 percent), healthcare (72 percent) and manufacturing (70 percent). Notably less focused on excessive sharing are retail (66 percent), government (60 percent) and higher education (59 percent).
Manufacturing industry shows the least concern for ensuring access permissions are granted appropriately for PII such as users' IDs, dates of birth, etc, (27 percent) and PCI (39 percent). Only 10 percent of technology firms are focused on protecting PII, but 41 percent are concerned with PCI. Higher education is the most concerned with protecting PII (77 percent) and PCI (61 percent), with the huge database of student records, as well as credit card and banking information tied to large spending areas such as tuition, administrative and research funds.
"While all industries are certainly evolving to make security a priority, each industry faces different risks and concerns that need to be addressed in a very specific and nuanced manner", says CloudLock CEO and Co-Founder Gil Zimmermann. "We're hoping this latest data will provide guidance for those who are wondering how they stack up against their peers, and possibly make them take notice of where they are falling behind when it comes to protecting critical information and assets."
The full report, with more information on specific industry sectors, is available to download from the CloudLock website.
Image Credit: Maksim Kabakou/Shutterstock
Apple devices are becoming an integral part of today's enterprise environment, with nearly all enterprise IT professionals saying that their internal teams provide support for Mac, iPhone and iPad devices.
This is among the findings of a survey amongst IT professionals by Apple device management company JAMF Software. It shows that 96 percent of teams support Macs, 84 percent iPhones and 81 percent iPads.
The survey shows that user preference is the number one reason for the increased adoption of Mac (81 percent) and iOS devices (84 percent). As organizations continue to implement user choice programs, more and more employees are choosing Apple devices for work because they're what they prefer in their everyday lives. Secondary factors driving Apple adoption in the enterprise include security advantages and increased productivity features, among others. IT professionals surveyed also agree that Mac (75 percent) and iOS (82 percent) devices offer more security compared to other computer platforms.
There have been increases in the usage of Mac (68 percent), iPhone (46 percent), and iPad (36 percent) devices in 2015. Macs are easier to manage than other computer platforms according to 64 percent, and 67 percent say that Mac will cut into the PC's market share over the next three years. In addition 78 percent of those surveyed say that the iPhone and iPad are easier to manage than other mobile device platforms
Big companies are seeing the effect of using Apple hardware on their bottom lines too. “Every Mac that we buy is making and saving IBM money,” says Fletcher Previn, IBM's VP of Workplace-as-a-Service, speaking at the 2015 JAMF Nation User Conference.
"This research highlights what we at JAMF have been seeing for some time: user preference is driving the rise of Apple in enterprise and education", says Dean Hager, CEO of JAMF Software. "While a lot of the attention of Apple's success has been on its iOS devices, the survey results also show that Mac will continue to replace the PC at an unprecedented rate because it empowers users to be creative, productive, and happier in their jobs".
The full Managing Apple Devices in the Enterprise survey report for 2015 is available to download from the JAMF website.
Image Credit: rvlsoft / Shutterstock.com
Only 37 percent of SMBs believe that their organizations are fully equipped to handle IT security according to a new survey.
The study by security company Webroot reveals that in most small to medium businesses, IT teams are expected to handle all cyber security management and concerns. IT employees at almost one in three companies (32 percent) juggle security along with their other IT responsibilities, which leaves them limited time to cope with security tasks.
Lack of budget is an issue too, with 60 percent of respondents believing their organization is more vulnerable to attacks because they don't have the resources to properly defend themselves. Almost half of respondents (48 percent) think their company is vulnerable to insider threats, from employees for example. In addition, 45 percent believe they are unprepared for threats from unsecured internal and external networks, such as public Wi-Fi, and 40 percent for unsecured endpoints, such as computers and mobile devices.
There is evidence that businesses are aware of the problem, 81 percent of respondents say they plan to increase their annual IT security budget for 2016, by an average of 22 percent. They're also very open to other strategies for improvement, with an overwhelming 81 percent agreeing that outsourcing IT solutions (including cyber security) would increase their time available to address other areas of their business.
"SMBs play a pivotal role in helping drive the economies of all the countries polled, but past experiences have taught them they face an uphill battle when it comes to cybersecurity", says George Anderson, director of product marketing at Webroot. "This perception must change. A viable alternative to the 'go at it alone' standard is an outsourced approach in combination with Smarter Cybersecurity solutions that are easy to install and manage remotely, and provide real-time protection against modern threats".
You can read the full report on the Webroot website.
Imaged Credit: soliman design / Shutterstock
We already know the importance of defending endpoints to keep business systems secure. The latest release of Panda Internet Security offers protection for PC, Mac, iOS and Android devices, and aims to provide a wide spectrum of security in an easy-to-use package.
For businesses looking to help staff protect their BYOD devices or smaller organizations looking for desktop protection, what does it have to offer?
Features
There are the main elements you’d expect to see in any internet security package, namely antivirus and firewall protection. With Panda you also get a Process Monitor which keeps an eye on other software for suspicious activity, and a Safe browsing feature to block suspicious URLs.
In addition there’s USB protection to scan flash drives when they’re attached, and Wi-Fi protection that can warn you if you’re about to access an insecure network. Data Shield can protect selected files and folders by granting programs permission to access them. When you install new software a wizard will prompt you to set what it’s allowed to access, this helps protect against ransomware type malware that seeks to deny access to data.
There’s also Application Control which allows you to control which programs are allowed to run, and parental control allows you to block specific websites or categories for certain users.
The program has a Rescue Kit feature that you can use to create a bootable flash drive to recover an infected system. It lets you run an advanced virus scan too and access Panda’s Cloud Cleaner. A virtual keyboard lets you enter sensitive information like banking passwords on the screen if you’re worried about keyloggers.
There are various licence options allowing you to protect one, three or five devices and there are versions for Windows, Mac, Android and iOS systems. What you don’t get in this version of the product is online backup, encryption, file shredding or system tune-up tools. If you want those you need to spend a bit more on Panda Global Protection.
In Use
So, lots of features on offer, but what’s it like to use?
Installation is fast on a Windows PC, taking just a few minutes, and it doesn’t require a reboot. If you have Windows Defender running it automatically gets deactivated as part of the process. Panda does run a scan of your system after installing but this happens in the background and has minimal impact on the system’s performance.
It installs a Panda toolbar to your browser to help protect your surfing. A minor irritant is that it wants to set Yahoo as your default search engine and MyStart as your home page. You can uncheck the boxes to opt out, but whilst this might be acceptable in shareware it doesn’t sit well in a commercial product that you’ve put down hard cash for.
You’re prompted to set up an online account as part of the installation. This lets you review your licence information, see which products you have active and download the software for other devices.
Once up and running, click the subtly panda-shaped taskbar icon and you’re presented with a smart, tiled interface that’s evidently Windows 10 inspired. This is friendly and simple to operate, if you need to dig deeper -- to set firewall rules for example -- there are Settings buttons on screens where more options are available.
In operation Panda is mostly unobtrusive, the firewall pops up asking for a decision occasionally -- such as when a new program tries to connect to the web -- which is not something you see so often with security packages theses days. Otherwise it will only bother you when installing new programs, plugging in flash drives, or if it detects a problem.
The antivirus module lets you perform a full scan of the system, this takes a while but is probably worth doing the first time you use the software. You can also choose to do a Critical Areas scan which looks at memory, Windows folders, etc, or a Custom scan which lets you select what to examine. You have the option to shut down the PC after a scan has finished so you can use it as part of your end of day routine. The Critical Areas scan took around 20 minutes on our Windows 10 test system.
The Android app includes a useful Privacy Auditor which tells you which of your apps are allowed to access media files, SMS messages, the device camera and so on, useful for spotting potentially unwanted behaviour. Mobile versions also have anti-theft protection that allows you to lock or wipe the device remotely via your online account.
Conclusion
Panda Internet Security 2016 costs £49.99 to protect three devices for a year, which is on a par with the BullGuard product we looked at a couple of weeks ago. It’s pretty comparable in terms of the features it offers too. It lacks BullGuard’s rating of online search results but that’s not a huge loss. It ranks slightly better in recent independent protection tests too.
As with most consumer-oriented security solutions the scary options are hidden away in the name of ease of use, but they’re available if you need them. Panda Internet Security 2016 delivers a straightforward endpoint solution and won’t significantly harm system performance.
Pros
Cons
Company | Release Price |
Review |
---|---|---|
Panda Security | £49.99 | 7/10 |
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Enterprises have lots of data that could be used to improve their operations and profitability, but it can often prove hard to access. By contrast, users are accustomed to being able to instantly find information on search engines like Google with minimal effort.
Business intelligence company ThoughtSpot aims to bridge this gap with the launch of ThoughtSpot 3, a major update to its search-driven analytics platform.
The software has three key components, DataRank is a machine learning algorithm that sorts and presents data recommendations as you type. It guides users to the right results based on data properties and the collective intelligence in the company, helping people to get answers faster.
AutoJoins automatically graphs data sources and joins tables in real-time to calculate answers across previously siloed databases. Finally PopCharts creates instant graphs and charts as you type in ThoughSpot's search box. PopCharts chooses from over a dozen new chart types and automatically presents the best one for each search. These results can be saved to a dashboard for future reference.
"People want to make smart data-driven decisions as quickly as possible. They have come to expect it in their personal lives. Two billion people use search everyday to get instant answers when it comes to booking travel, trading stocks, and finding jobs -- activities previously managed by experts. With ThoughtSpot 3 we’re providing the same service to business professionals looking to make smarter decisions every day at work," says Ajeet Singh, co-founder and CEO of ThoughtSpot. "With the release of ThoughtSpot 3, every human now has the power to search to analyze all of their company data as easily as they use search in their personal lives".
ThoughtSpot 3 is available now and you can find more information on the company's website.
Marketing organizations are always keen to understand more about their customers so they can accurately target their efforts.
Machine intelligence-based marketing platform Boomtrain is launching a new application on the Oracle Marketing AppCloud offering predictive personalization to help businesses form better relationships with their customers.
Oracle Marketing Cloud provides data-driven solutions to simplify marketing resources and deliver more personalized customer-centric experiences. Combined with Boomtrain's platform users can easily develop deeper understandings of individual consumers based on how they interact with website and email campaigns. By applying this first-party data to Boomtrain’s predictive algorithms, companies can recommend the content or product that each individual user is most likely to engage with.
"Forward looking companies are moving away from mass marketing to develop stronger, more meaningful relationships with individual consumers," says Nick Edwards, co-founder and CEO of Boomtrain. "Boomtrain provides a strong complement to Oracle Marketing Cloud and will help mutual customers automatically predict the optimal content or product recommendation across any marketing channel".
Boomtrain is available now from the Oracle Cloud Marketplace.
Image Credit: iQoncept / Shutterstock
Retailers believe they're doing a good job of protecting their sensitive data, but may in fact be ignoring major security holes.
This is among the findings of a retail risk report from threat protection company Bay Dynamics, based on a survey of IT decision makers in 125 large US retail organizations.
Problems include employees, particularly temporary seasonal staff, using shared accounts. While a majority of respondents say they know everything their permanent and temporary employees are doing on their corporate systems, 21 percent say their permanent retail floor workers and 61 percent say their temporary floor workers do not have unique login credentials for corporate systems. This means those workers are using shared accounts -- which include the same login credentials. As a result, IT and security teams don't know everything their employees are doing on their corporate systems.
More than a quarter of respondents said they don’t know if their temporary employees have ever accessed or sent data they shouldn't have. Also 37 percent of respondents say they can't identify which systems their temporary employees have accessed.
Almost half (47 percent) of respondents acknowledge that temporary workers are somewhat risky to their organization and more than a third view them as a high risk. 66 percent also view their permanent workers as somewhat risky.
In spite of these worries, the majority of retailers gave themselves a 6 or higher -- on a scale of 1 to 7, with 7 being the most proactive -- for identifying critical assets that must be protected, detecting theft or data leakage, and controlling employee access to critical assets.
The report concludes, "Decision makers may think they are securing the enterprise, but as our survey reflects that is not the case. In today's cybercrime era, where criminals are highly organized and will take extraordinary measure to commit crime -- whether that's landing a job as a temporary holiday worker simply to get access to a retailer's network or attacking the retailer through a third party vendor by posing as a legitimate vendor employee -- retailers need 100 percent visibility into what each employee and insider is doing when accessing key corporate systems and data assets".
The full report is available on the Bay Dynamics website.
Photo Credit: mtkang/Shutterstock
As businesses grow and expand their online presence, they can end up with customers needing lots of different logins for blogs, support portals, forums and more. This can lead to frustration among users and mean that businesses lose sight of their system interactions.
Software company Inversoft is launching a solution to this problem in the form of Passport. This not only allows a single sign-on between applications, games, forums, help desks, user accounts and other offerings, but also gives companies a comprehensive view of user activity.
Implemented via an API and made for use on desktops, tablets, smartphones and other devices, Passport is based on OAuth 2.0, the most advanced authorization standard, and adds a number of proprietary features. Among these is the ability to mute, ban or suspend users if necessary, or reward them with special offers or promotions. It also lets customers specify their preferred language so companies can respond with appropriately translated emails and messages.
"For years, companies have been dealing with the limitations of SAML and LDAP protocols for single sign-on. Passport moves the industry forward dramatically," says Brian Pontarelli, founder and CEO of Inversoft. "It offers features and capabilities most other solution providers would never dream of. Best of all, Passport requires only one database to drive a company’s entire user management function".
Passport also features native integration with CleanSpeak, Inversoft's tool for profanity filtering and content/user moderation. A full menu of auditing and analytics tools supports deep-dive queries and pre-set reports are also available for critical performance metrics.
To maximize security, Passport supports two-factor authentication. As an on-premise solution it conforms to internal security protocols, avoiding the risk presented by hosted, multi-tenant alternatives.
Passport is available now and there's a free developer plan that can handle up to 50 users, allowing businesses to try it out. More information is available on the Inversoft website.
Image Credit: Gunnar Pippel/Shutterstock
The growth of the Internet of Things is providing businesses with ever larger volumes of data, that in turn places ever greater demands on the technology needed to process it.
Big data specialist MapR is launching its MapR Streams solution which connects data producers and data consumers across shared topics of information and across the globe.
It offers a converged data platform that integrates file, database, stream processing, and analytics to accelerate data-driven applications and address emerging IoT needs. This allows organizations in any industry to continuously collect, analyze and act on streaming data.
With the continuous analysis of big data businesses can improve their responsiveness to critical events. It can, for example enable advertisers to provide relevant real-time offers, help healthcare providers improve personalized treatment, or retailers optimize their inventories.
"Bringing together world-class Apache Hadoop and Apache Spark with a top-ranked NoSQL database and now continuous, reliable streaming with global scale is a huge step forward in enabling enterprise developers to create the next-gen apps using big data," says Anil Gadre, senior vice president, product management at MapR Technologies. "MapR continues to execute on its vision of making it easy for enterprises to get the competitive edge from big data by bringing together all of the essential components".
Unlike other approaches that create data silos across multiple systems and lack enterprise-grade features and global replication, MapR natively integrates data-in-motion and data-at-rest in one converged platform. As a result, it enables developers to create new, innovative applications that reduce data duplication and movement, lower the cost of integration and maintenance associated with multiple platforms, and deliver faster business results.
More details are available on the MapR site and you can sign up to a webinar on December 10 which will demonstrate the power of the platform.
Image Credit: bleakstar / Shutterstock
Whilst there are increasing levels of trust in running critical applications in the public cloud, many organizations struggle when it comes to providing details of their cloud costs and consumption.
This is according to a survey for analytics specialist Cloud Cruiser, carried out by Dimensional Research, which interviewed almost 350 IT professionals who attended the Amazon Web Services re:Invent shows in 2014 and 2015.
It finds that 85 percent of respondents believe it's valuable to share cloud consumption metrics with the business. Unfortunately, 42 percent continue to find it difficult to properly allocate public cloud usage and costs.
"The public cloud is delivering measurable business benefits as companies find ways to manage and mitigate security and compliance requirements. This drives more organizations to place business applications in the cloud, expanding public cloud usage beyond development and test to that of a flexible business asset," says David Gehringer, Principal, Dimensional Research. "However, IT is expected to provide reliable services and ensure cost transparency so the business can make fact-based decisions about the ROI on services. In 2016, we expect to see more business applications in the cloud and an increased focus on cost transparency comparing those of internal resources and external public cloud services".
In the past the public cloud has been used mainly for sandboxing and development. The survey shows that this is still the case, with 62 percent of respondents using it for this in 2015, but use for enterprise applications is growing and has increased from 38 percent last year to 46 percent this year.
Plans to use alternative clouds are also down. In 2014 only 27 percent planned to use no other cloud apart from AWS, this figure is up to 43 percent in 2015.
More information on the survey and on how businesses can take better control of their cloud usage is available on the Cloud Cruiser website.
Image Credit: Brian A Jackson / Shutterstock
Hot on the heels of last Friday's news of the potential of the Wi-Fi enabled Hello Barbie doll to be hacked, new research has uncovered security issues with the mobile app associated with the doll and with its connections to cloud servers.
Application security specialist Bluebox working with independent researcher Andrew Hay has revealed that the app can be modified to reveal confidential information including passwords.
It also finds that the app will connect a mobile device to any unsecured Wi-Fi network as long as it has 'Barbie' in the name, allowing for a network spoofing attack to be carried out by an attacker impersonating the Barbie network to steal data.
The app also utilizes an authentication credential that can be re-used by attackers, and it shipped with unused code that serves no function but increases the overall attack surface.
On the server side client certificate authentication credentials can be used outside of the app by attackers to probe any of the Hello Barbie cloud servers to look for more vulnerabilities. In addition the research found that the ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack, allowing attackers to downgrade connection security and listen in on communications to the server such as uploaded conversation from the doll.
Bluebox Labs has disclosed all critical security issues to Mattel partner ToyTalk and a number of the problems have already been resolved.
Writing on the Bluebox blog, security research engineer Andrew Blaich says, "All of the issues discovered point to the need for more secure app development, as well as the need for integrating self-defending capabilities into not only stand-alone mobile apps, but also the apps that power IoT devices like Hello Barbie. Ultimately, this research demonstrates the security of the mobile apps associated with IoT devices must be a higher priority".
Businesses are increasingly keen to unlock the insights contained within their data. But the tools to do this are often expensive and complex, putting them beyond the reach of smaller organizations.
Analytics specialist BeyondCore has announced a collaboration with Microsoft to make its data discovery solution available to Office users for free.
The new BeyondCore Analyst for Office provides single‐click analysis and detailed story‐based explanations of insights directly integrated into the familiar Office suite. It allows business users to analyze all data, without the need to formulate sophisticated questions or design complex queries, cut through the clutter to identify and act on the most relevant, statistically‐validated patterns, and visualize, understand, share and act on the results.
"Microsoft Office is the preferred analytics environment for most businesspeople. We congratulate BeyondCore on the way its Analyst for Office is empowering many more people around the world to extract powerful insights from big data," says Kirk Koenigsbauer, Microsoft corporate vice president, Office 365 Client Apps and Services.
There are limits to the free version of course, it lets users conduct up to ten analyses a month on smaller datasets in Excel or Microsoft SQL Server. Users can upgrade to paid versions of BeyondCore Analyst for Office to conduct more analyses, analyze larger datasets or access Big Data sources such as Hadoop.
Users can also try BeyondCore's enterprise solutions for 15 days free. This offers additional features including the ability to schedule analyses to automatically run each day, week or month, secure collaboration, audit and monitoring capabilities, and predictive and prescriptive analysis.
"BeyondCore's mission has always been to dramatically simplify the complexity of analytics, making it instantly available for business users," says BeyondCore Founder and CEO Arijit Sengupta. "But users often feel 'this is too good to be true.' Now with the free version of BeyondCore Analyst for Office, they can just try for themselves and see that analytics has changed forever. After using BeyondCore, users will no longer equate pretty graphs with actionable analysis".
More information can be found on the BeyondCore website. For the remainder of 2015 it's also offering an Implement on Our Dime deal where BeyondCore will conduct the first analysis or schedule the first dynamic dashboard on the clients' data, at no risk.
Image Credit: alphaspirit / Shutterstock
Enterprise customers are increasingly concerned about the security of their mobile communications, as well as the ability to deliver auditing and compliance information.
Silent Circle, the Swiss company behind the privacy focused Blackphone, is launching its Enterprise Privacy Platform a set of secure software, services and devices designed to deliver privacy to business and government organizations of all sizes.
Features of the platform include a new Silent Manager which gives designated administrators a simple and easy way to oversee their organization's use of the Silent Circle platform through a web-based interface. It provides overviews of current users, groups, and plans, as well as a news feed showing relevant information like updates to Silent Circle apps.
The company's Silent Phone app, which encrypts VoIP and messaging services for any iOS or Android device, is now available in two subscription levels -- Basic and Plus. Silent Phone Basic allows unlimited member-to-member encrypted voice calling and text messaging for an annual membership fee of $5. Silent Phone Plus provides full functionality to include conference calling, file transfers, attachments, voice mail and direct customer support for $9.95 per month.
Silent World offers enhanced security and flexibility on any mobile device (iOS or Android). It extends the reach of Silent Phone's encrypted calling to regular mobile and landline numbers in 439 destinations, allowing for private conversations to effectively anyone in the world -- even to people who don't currently use Silent Phone.
"Building on the momentum of our Blackphone 2 launch, I’m proud to unleash all the work we have done on rebuilding our software and cloud-based Enterprise Privacy Platform," says Bill Conner, President and CEO of Silent Circle. "Our platform delivers unprecedented secure communications with the enterprise management controls necessary for auditing and general oversight. Now governments and global enterprises have a new choice in secure communications that didn't exist before, across any Android or iOS device".
More information can be found on the Silent Circle website and the Silent Phone app is available now on Google Play and the Apple App Store.
Image Credit: Sergey Nivens / Shutterstock
DDoS activity is at its highest for two years according to Verisign's Q3 2015 DDoS Trends Report, and as the number and sophistication of attacks increases, companies are recognizing the need for better security.
Application delivery specialist Instart Logic has announced a partnership with Verisign to offer customers an advanced DDoS scrubbing capability.
"In an ever changing cyber threat landscape, this technology integration will provide customers the combined benefit of a CDN through Instart Logic's application delivery platform and DDoS protection through Verisign’s DDoS Protection Service," says Ramakant Pandrangi, vice president of technology at Verisign.
The collaboration combines Verisign's DDoS protection services with Instart Logic's cloud security suite to effectively and efficiently combat some of the world’s largest attacks. When a DDoS event is detected, a customer’s internet traffic will be redirected to Verisign's DDoS Protection Services in the cloud, sending attack traffic to Verisign before it can harm their network. The DDoS traffic is then scrubbed through the use of Verisign's Athena mitigation platform and massively-scaled global network designed to handle advanced application and volumetric attacks. Filtered traffic is then sent to the customer’s network, so they can sustain normal business operations.
"Our ability to provide speed, security and scale can only happen with meaningful, strategic partnerships throughout the world that enable us to accelerate our go to market within the various regions," says Samrah Khan, head of business development and partnerships at Instart Logic. "Collaborating with organizations that share our vision allow us to provide more customers with the best solutions for delivering web and mobile applications".
The DDoS scrubbing service is available from today as an add-on to the Instart Logic's cloud security suite. You can find out more on the company's website.
Photo Credit: Duc Dao / Shutterstock
Application producers are aware of rapid change impacting their ability to make money from their software products, but they're not adopting the automated licensing and entitlement management systems that would protect them from those changes and enable them to be more agile, and grow revenues and profits.
This is the conclusion of a new report by Flexera Software which shows that producers are aware that rapid technology changes are impacting the business climate, creating new opportunity and risk.
Among the changes identified are the Internet of Things, cited by 32 percent of producers as having a high impact on customer satisfaction. Within one to two years, 16 percent say that the IoT will have a major effect on supporting new business models.
The impact of new technologies on security is important too, 38 percent of respondents say the cloud has a high impact on security concerns. Others list virtualization, 29 percent, and mobile computing, 33 percent.
The way people buy software is shifting too. Within two years, the number of producers who claim all their revenues are derived from a perpetual software license model will be almost halved from 26 percent to 14 percent. By contrast the number who say half or more of their software revenues come from SaaS-based software subscriptions will rise from 14 to 21 percent.
Whilst the changes are widely recognized, the survey suggests application producers have not yet built sufficient agility and flexibility into their businesses to adapt. 58 percent report difficulty allowing customers to manage their own software entitlements. 38 percent find it difficult to quickly package and bundle features to create different product versions in order to accommodate changing market needs or unique customer demands, and 33 percent find it hard to support trial and/or evaluation licensing. Only 35 percent are using a purpose-built commercial licensing technology.
"Application producers lag far behind non-software industry counterparts that have long since automated critical operations with ERP, CRM and other mission critical systems. Many producers wrongly assume that because their ranks include software engineers and programmers, they can easily develop their own licensing and entitlement management systems in house," says Mathieu Baissac, Vice President of Product Management at Flexera Software. "But Software Monetization is a highly specialized field that is constantly changing, which makes it virtually impossible for non-licensing and monetization experts to adapt and scale as the business climate changes. The result, as the report findings illustrate, is that most producers are leaving money on the table because they aren’t sufficiently agile and the customer experience is being negatively impacted".
The full report is available from the Flexera website.
Image Credit: Stokkete / Shutterstock
New research from information security company High-Tech Bridge reveals that the security of some of the most popular mail services, including Gmail, Outlook and Yahoo is lacking.
The company used its SSL checker service to test the popular email services for 31 different criteria, including the most recent SSL/TLS vulnerabilities and weaknesses, compliance with PCI DSS requirements, and compliance with NIST guidelines.
Almost all the tested email providers still support the old SSLv3 standard. Earlier this year, the Internet Engineering Task Force declared that SSLv3 shouldn't be used as it's insecure and threatened the confidentiality of encrypted communication. The Task Force recommended moving to the more secure TLS 1.2 instead.
Fastmail gained the highest score of A+ in the tests and is the only email service provider that meets PCI DSS compliance requirements for SSL/TLS. Hushmail, which describes itself as 'a privacy-oriented email service' with 'built-in encryption', has the weakest configuration of SSL/TLS, and scored an F in the SSL test.
Despite gaining a B+ grade, Gmail has one of the most flexible SSL/TLS configurations to ensure its compatibility with old and outdated email clients. Based on results from High-Tech Bridge's test, Outlook.com -- which gained a B- score -- does not visibly have a centralized SSL/TLS configuration of its email servers, potentially delaying and over-complicating update processes, and slowing down patch management.
"With the new functionality of our SSL testing service we aim to enable anyone to verify how well his or her data is being encrypted in transit," says Ilia Kolochenko, High-Tech Bridge's CEO. "With the increasing growth of wireless networks strong encryption becomes very important. However, many people tend to think that SSL can be applicable to HTTPS only, as they use HTTPS websites every day. Now they can test their SSL connection to their email and any other SSL-services as well".
You can read more about the test results for each of the services on the High-Tech Bridge blog.
Photo Credit: Balefire/Shutterstock
More than 60 percent of companies in the UK and Germany say that they either test their disaster recovery plan either less than once a year, or don't test it at all.
This is among the findings of research conducted by data recovery specialist Kroll Ontrack which finds that a mere nine percent of companies test their plan every one to five months and another 29 percent every six months to a year.
Half of the companies surveyed hadn't experienced an IT disaster in the previous three years, but more than a third had needed to invoke their disaster recovery plan. While the majority of these companies had to invoke their plan between one and five times, an unfortunate minority were forced to undertake disaster recovery measures more than 10 times during the last three years.
A further issue raised by the survey is that even though employees' mobile devices are now an important element of corporate IT infrastructure, this hasn't been accounted for by most disaster recovery plans. Almost half (48 per cent) of respondents say that their plans don't cover mobile devices used by employees to access corporate systems.
"These findings are a clear indication that many companies still face significant risks in terms of data security, data loss and data recovery," says Paul Le Messurier, Programme and Operations Manager at Kroll Ontrack. "They also lack a thought-out disaster recovery plan that is tested regularly and is bullet-proof when a real disaster strikes the company and it is faced with system failure and data loss. Without an effective plan in place, companies face the prospect of a loss of business continuity plus reputational and financial damage. It's important that disaster recovery plans are in place, but it’s just as important to ensure that they are tested regularly and updated accordingly".
In a separate poll undertaken in the UK, almost 46 percent of respondents say that they don't have a disaster recovery plan in place at all, while a worrying 24 percent were unaware whether they had a plan or not.
"Even though the cost of downtime for a small to medium sized company may not be as high as for a Fortune 1000 one, it can still have an impact that threatens the existence of the company. It pays to have a disaster plan in place that is tested regularly and that can be invoked quickly and efficiently," adds Le Messurier.
Kroll Ontrack has developed a free template that smaller enterprises can use to develop their own disaster plans, including advice on what should be included and what testing is necessary.
Image Credit: Oleksiy Mark / Shutterstock
As with most other cyber threats, the world of DDoS attacks seldom stands still, with new techniques constantly evolving to make them more effective and harder to defeat.
Security strategist Andrew Lemke, writing on the IBM Security Intelligence blog, has taken a look at some of the most significant DDoS developments of the past year.
April saw a major attack on the GitHub code sharing site. The attack originated in China and used a technique that unwittingly recruited users of Baidu -- the world's fourth largest website -- by injecting script into their browser sessions. This gave the hackers a large population of web users to boost their attack.
A similar amplification technique involves the use of BitTorrent to engage in distributed reflective denial-of-service (DRDoS) attacks. This has a number of advantages for the attackers, it's anonymous, plus it can be initiated by a single computer but still generate a large amount of traffic coming from multiple sources on the BitTorrent network. It also amplifies the original packet very well. The researchers who discovered the attack method state that the amplification factor can be as much as 120.
A potential form of attack that isn't yet in the wild is "temporal lensing" which sends packets by different routes but times them to arrive simultaneously in order to overwhelm the target system.
You can read more, along with tips for defending against DDoS attacks on the Security Intelligence blog.
Photo Credit: Fabio Berti/Shutterstock
Secure information exchange specialist GlobalScape has used this year's Autodesk University in Las Vegas to launch an upgraded version of its Wide Area File Services collaborative software platform, WAFS 5.
WAFS 5 simplifies enterprise collaboration, eliminates errors, and decreases bandwidth usage, providing secure, near real-time data access to both on-premises and cloud-based files located anywhere in the world.
The software uses intelligent byte-level differencing technology to instantly update changes to files by multiple remote users with minimal impact on network bandwidth. It also ensures that files are never overwritten, even if opened by other remote users.
"As work environments become increasingly distributed, real-time collaboration on large, critical files such as spreadsheets, CAD drawings, engineering blueprints, or MRI images is an ever-more vital business imperative," says Greg Hoffer, Vice President of Engineering at Globalscape. "Working with colleagues and partners distributed across the globe -- without frustrating slowness, costly delays, consistency errors, or versioning problems -- is a huge advantage to employee efficiency and productivity. With WAFS 5, distance and file size is not an issue. Complex files can be sent over a WAN at LAN speeds and are accessible to end users across multiple offices around the world".
WAFS 5 has a number of improvements including, up to eight times faster upload performance, up to 10 times faster download performance, and copy speed performance which is up to 90 times faster. It has increased transparency of file replication activities between servers and desktops to check for errors and ensure delivery success, along with increased system reliability, especially during periods of network instability.
Reduced bandwidth utilization ensures data transfers don't prevent mission-critical traffic from flowing in and out of the network, and an enhanced synchronization engine to offer easy, secure file collaboration.
More information about WAFS 5 is available from the GlobalScape website.
Image Credit: Chiran Vlad / Shutterstock
Until recently big data tools have been used to provide detailed analysis of large, stored data sets, but there's now increasing demand from industries such as eCommerce and financial services to have instant analysis on live data.
To meet this demand, in-memory computing specialist ScaleOut Software is launching a new version of its StateServer product which offers continuous and instant access to fast-changing data for large enterprises with ever increasing application workloads.
"In today's increasingly competitive marketplace big data isn't enough. To stay in the game, enterprises across many industries must constantly attain full value from their fast-changing data as well, incorporating these insights around the clock for real-time feedback," says Dr William L Bain, founder and CEO of ScaleOut Software. "ScaleOut StateServer 5.4 makes this possible by raising the bar in advancing in-memory computing technology and delivering powerful performance that offers enterprises unprecedented capabilities for operational intelligence in their live systems".
With this latest release ScaleOut StateServer can handle access requests in parallel, offers a comprehensive set of APIs, patented high availability, and new performance updates. Features include performance enhancements for multi-core processors, including IBM POWER8 systems, the ability to quickly sort and visualize very large object collections, and AppFabric Caching APIs to help customers preserve legacy application code when switching to StateServer.
ScaleOut is already employed by over 35 Fortune 500 companies, which use its fast, scalable, in-memory data grid technology to support mission-critical applications where high availability and low latency processing are key.
More details are available on the ScaleOut website.
Image Credit: Peshkova / Shutterstock
In large organizations you'll often find employees using multiple different platforms to work on and exchange files, making integration of activity difficult.
Israel-based Fastee is looking to solve this problem with the launch of a new platform which allows business team members, service providers and customers to quickly communicate in one place and provides them secure access to any shared material.
Fastee is tailored to business needs and the platform is integrated with a broad range of enterprise software including Salesforce, Asana and Yammer. Files and emails can be shared thanks to integration with Gmail, Exchange 365, Dropbox, Box, Onedrive and Google Drive. Everything is accessible within the platform via group or direct chat, allowing any group member to have access to shared files or linked folders, even if they aren't subscribed to a given service.
Chats, files and emails are all fully searchable. Fastee is accessible through iOS and Android, and on the major browsers, with notifications that can be enabled for both mobile and desktop. The platform's integration reduces the need to search across platforms for files, conversations or to-do lists.
All files and chats are protected with 256-bit AES encryption. The app generates a unique key for each item and securely stores each key in a separate location. There's also a private groups feature which ensures that all content shared within groups is limited to group members only. Users can preview files, images and emails through Fastee, without the need to download to a local device.
"We are proud to launch our company and our platform, offering an agile, fully comprehensive communication platform to the business community," says Guy Eisdorfer, Co-Founder and CEO of Fastee. "Our app provides business teams with one place to interact with their customers and colleagues, giving them quick, secure access to a project’s entire lifetime of files and chats. We see our app quickly becoming the go-to communication tool of choice for business users".
You can find more information on the Fastee website and the app is available from Google Play and the Apple App Store.
Image Credit: Syda Productions / Shutterstock
As more systems are moving to the cloud it's leading to an evolution in requirements for disaster recovery.
Irish IT solutions company ERS Computer Solutions has produced an infographic looking at how companies can benefit from disaster recovery in the cloud.
It looks at the cost of downtime in various industries, as well as its most common causes. It also reveals that 59 percent of companies say they choose cloud backups for cost reasons, 52 percent cite ease of use and 48 percent compatibility.
Cloud users are able to recover more quickly from disasters though, with 20 percent able to be back up and running in a couple of hours, compared to only nine percent of non-cloud users.
There's much more, including issues to consider before adopting cloud-based recovery and what questions to ask providers, in the full graphic below.
Photo Credit: Olivier Le Moal/Shutterstock
The latest Wi-Fi enabled Hello Barbie dolls could be putting your children at risk according to security researchers.
Using a combination of speech recognition technology and wireless connection Hello Barbie provides, "...an engaging and unique Barbie experience," according to manufacturer Mattel.
That experience may be rather more engaging than you bargained for according to security researcher Matt Jakubowski, who has managed to hack the Hello Barbie operating system. He says he's been able to extract information including Wi-Fi network names, account IDs and MP3 files.
Talking to NBC he warns that the information he was able to access could be used to find someone's house or business, to access their home network and everything that the doll had recorded. He says, "It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want".
However, Martin Reddy, Co-founder and CTO of ToyTalk which designed the Hello Barbie operating system says, "...we are not aware of anyone who has been able to access your WiFi passwords or your kid's audio data".
Writing on the company's blog Reddy says, "Mattel and ToyTalk have invested a lot of effort to build the safest experience possible for parents and their children. As part of that commitment, we are actively engaging the security community to address any concerns. We have initiated a security bug bounty program where security researchers are rewarded for responsibly disclosing potential vulnerabilities to us. This lets us fix any issues as they are discovered and keep the doll as safe as possible for you".
This seems to cut no ice with the Campaign for a Commercial-Free Childhood which has launched a #HellNoBarbie campaign urging parents to boycott the toy.
It always seems to be the case that if you drop your phone it lands screen side down and gets cracked.
A survey by Motorola suggests that one in three of us in the UK is using a smartphone with a cracked screen so this would seem to be true, but can it be proved scientifically?
As with the laws of physics causing toast to land butter side down, a similar phenomenon can be applied to your handset. A theory developed by physicist and Aston University visiting professor, Robert Matthews, explains why it's not just down to bad luck.
Professor Matthews' study notes that smartphones are often held loosely in one hand, with the user's fingers below the phone's center of gravity. This makes the phone both more at risk of being dropped, and more likely to pivot about the fingers. Once the phone leaves the hand, it spins at a rate dictated by the various forces acting on the phone as seen in the diagram below.
The forces acting on the phone at this point can be represented by a formula:
This where L is the length of the smartphone, g is the acceleration due to gravity, p = 2δ/L is the 'overhang parameter', δ is the overhang distance, and θ is the angle of the smartphone when it starts its descent. Don't worry if you haven't got all that, there won't be a test at the end.
What this means in practice is that a dropped phone is unlikely to break contact with the fingers before it's achieved a high enough spin-rate to attain a safe, screen-up landing.
Professor Matthews says, "People might think it's just their bad luck when a fumbled phone lands screen-down and smashes. In fact, physics is to blame, making screen-down landings more likely. It seems we’re all at risk of experiencing this manifestation of Murphy’s Law: 'If something can go wrong, chances are it will'. People who are naturally clumsy and often fumble their phones are clearly particularly at risk".
Image Credit: VDex / Shutterstock
Hoards of shoppers hunting for the best Black Friday deals and perhaps not paying full attention to online safety makes this a time of year when cyber criminals are also keen to cash in on moneymaking opportunities.
Internet security company Zscaler has uncovered a widespread malware campaign whose authors are scamming large numbers of people by creating fake Android apps offering early access to Amazon's Black Friday and Cyber Monday sales.
Once installed it masquerades as a legitimate Amazon app. When launched it starts a child app that asks for admin privileges and other risky permissions including sending SMS and dialing phone numbers. This app registers itself as a service so it will stay on the device even if the original app is removed.
It has code for harvesting the user's personal data including call logs and received inbox messages, collecting sender's numbers, SMS body text, received incoming call numbers and contact names.
Zscaler warns users to, "Always install applications from legitimate app stores and websites. Be aware of the permissions asked by the application during installation. Shopping apps should not be asking for access to your contacts or SMS".
More information on the attack is available on the Zscaler blog.
Photo credit: Stuart Miles / Shutterstock
Recent reports have highlighted that it’s security at the endpoint which often leaves businesses exposed. This applies not just to machines in the office but also to mobile and BYOD devices, so some sort of security solution is essential.
BullGuard has released its latest Internet Security suite this month which is fully Windows 10 compatible and includes a number of things that make it an attractive option for business users. New features like Dropbox compatible backup and storage ensure that business data is properly protected.
The suite also has tune up options to help optimize system performance; this includes duplicate file detection and clean up to help free disk space, and a boot manager to control which applications are launched when Windows boots.
Of course the main thing you buy these suites for is virus protection and BullGuard has beefed up this area too. An enhanced behavioural detection engine offers more protection and an improved safe browsing module helps guard against malicious websites. Improved quarantine provides protection without user intervention, and specific exploit detection includes malicious URLs and executable image files. In addition there’s improved detection of malware at Windows start-up to combat rootkit attacks and help to protect against the rise of ransom ware.
An impressive collection of features then, but how does it all work in practice?
Installation
Installation from a download on a fibre connection took under five minutes including a brief initial scan. You need a reboot to activate the firewall which takes a little longer than normal -- actually it took a lot longer than normal on our test system and required a shutdown and another boot. It was fine after that though so we’ll put that down to a one-off glitch.
Once installed you’re presented with BullGuard’s neat tiled interface. You don’t get the option to choose modules as part of the install, you have to load the whole package, but afterwards you can control which ones you use. On the Settings menu each module has a simple on/off switch. You can set the protection level of the Antivirus module with a slider, for anything more complex you need to switch to Advanced mode.
In Use
BullGuard Internet Security is designed to offer a decent level of protection, but not to frighten the horses, so straight after installation everything is very simple and used friendly. Things like control of firewall rules is there if you need it, but you need to switch to Advanced mode in order to access them.
The Antivirus and Firewall modules work unobtrusively enough, you can also get it to scan for vulnerabilities which warns you about things like missing Windows updates and insecure network connections. We’d have preferred to see a bit more depth here, such as checking commonly installed programs like Flash for patches too. BullGuard generally performs well in independent virus detection tests.
The program’s impact on performance is negligible compared to an out-of-the box Windows 10 system running Windows Defender. By default the Tune Up module keeps browser caches and temp folders clean, you have the option to let it delete broken registry entries, clean up downloads and empty the Recycle Bin too. You also have the option to manage startup entries to improve boot times, programs can be disabled altogether or delayed so that you can get started more quickly.
The safe browsing option means search engine results are automatically scanned and safe links are shown with a green tick. You can hover your cursor over this to find out more about the site. However, this works with popular search engines, Google, Yahoo, and Bing as well as links on Facebook, but others like Lycos (yes, it is still going) and DuckDuckGo aren’t covered.
Spam filtering works with Outlook, Windows Live Mail and Thunderbird and you can manually configure safe and unsafe senders if you need to. It won’t trouble many business users but there is a parental control module which lets you control selected content based on age group profiles and set an access schedule.
You get 5GB of cloud storage as part of the package which you can use for backups with the built-in tool or for general storage. You have the option to share files from the cloud as you can with other storage services. Backup works constantly in the background for whatever folders you’ve selected, rather than run on a set schedule, so when something is changed it will automatically be saved. You can set a schedule if you prefer and you can also change where the backup is saved with the option to use an external or network drive, or your Dropbox storage.
Conclusion
The only things that are really missing are password management and identity protection, though the latter can be added with an upgrade. Although there are some minor niggles BullGuard works well overall. It won’t scare off inexperienced users, but more sophisticated options -- to allow you to tunnel through the firewall for a VPN for example -- are there if you know where to look.
At just under £50 to protect three PCs it’s also reasonably priced. Large companies will doubtless want to roll out their own solutions for BYOD, but for smaller enterprises looking for an endpoint solution to recommend or supply for their staff BullGuard Internet security is worth considering.
BullGuard Internet Security costs £49.95 to protect three PCs for a year. If you want to road test it before buying there’s a 60-day trial available on the BullGuard website.
Pros
Cons
Company | Release Price | ITProPortal Review |
---|---|---|
BullGuard | £49.95 | 7/10 |
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
It's likely that this year's holiday season will mark the first time that online purchases made on mobile devices will overtake those on desktop systems.
This makes mobile payment systems a prime source of risk and a new study by mobile app security company Bluebox Security highlights poor security across consumer mobile payment apps, including some of the most popular solutions for both Android and iOS.
Bluebox examined 10 mobile payment apps expecting to find that security would be robust for apps directly handling financial transactions. However, in every app reviewed it found security was remarkably basic. 98 percent of developers polled by Bluebox have reported most mobile apps are moderately to highly vulnerable. Yet consumers are naively placing their trust and their cash in these apps, as 69 percent of those polled say they're confident that the apps they use are safe from attack.
Bluebox took a close look at the top two peer-to-peer payment apps that are used to send monetary gifts to family and friends, along with the top three one-click merchant apps from leading retailers. The analysis showed that these five apps lack the enterprise-grade protections needed to safeguard financial transactions and that they harbor vulnerabilities that require immediate attention to protect against hackers.
Problems found include every app examined being vulnerable to tampering that would allow rerouting of funds from a consumer's account to a hacker's account, without the consumer's knowledge. On average, 75 percent of the code in the apps was from third-party code libraries, which are used by enterprises to speed up mobile app development. When not properly secured and vetted, these code libraries could easily contain the next widespread exploit like Heartbleed or Stagefright -- exposing payment apps to possible breaches.
None of the five apps encrypted data written to disk, meaning authentication info, transaction history and other personal information is fully visible to attackers once they’ve gained access to a device or app.
Additionally, all of the apps investigated were vulnerable to hacking via a compromised device, by replacing the legitimate app with a modified version without the user’s knowledge, or by intercepting the app’s interactions with cloud services over Wi-Fi or cellular networks.
"Our starting hypothesis was that mobile apps handling financial information would have more rigorous security compared to other mobile apps, but our research uncovered the opposite. As enterprises rush to get apps to market, we are discovering the same security errors from industry to industry," says Andrew Blaich, lead security analyst at Bluebox Security. "Enterprises need to ensure their apps can defend themselves and make security a seamless step in the development process."
More information on the study's results can be found on the Bluebox blog.
Photo Credit: Slavoljub Pantelic/Shutterstock
If you’re suffering a touch of deja vu looking at the photo above it's probably because my colleague Mark Wilson reviewed Inateck's similar sleeve for the Surface Pro earlier this year.
This one is designed for the iPad and MacBook fraternity and features a neat fold over design that allows it to act as a stand for the device as well as a sleeve to protect it. It has a smaller pouch in front of the main one and here are a couple of pockets on the back, one of which is big enough to take CDs. It also comes with a separate little pouch containing a cleaning cloth and which is big enough to take a mouse. It's not really suited to carrying bulky mains adaptors around though, so you’ll need to charge your device before you go out.
The outside is a pleasingly tactile soft, thick felt and the inside is lined with a sort of velvety grey cloth to prevent your screen from getting scratched. It feels and looks well made with even stitching and subtle Inateck logos on a leather-style patch on the front and on a tab sewn onto one of the edges.
The main flap is held closed by Velcro which is also used to turn the case into a stand so you can watch videos or run through presentations at a comfortable viewing angle, there are two positions depending on your preference.
It's a neat design, but its slimline style means that carrying anything bulky in one of the pockets is going to look a bit like a snake that's swallowed a rabbit as well as risking damaging your kit.
Though it's aimed at MacBooks and iPads there's nothing to stop you using it for other pieces of kit up to 13-inches in size -- we won't tell anyone if you don't.
It currently costs $23.99 from Amazon (£18.99 in the UK). More details can be found on the Inateck website.
Big businesses are increasingly recognizing the potential of data science and machine learning. Until recently, however, it hasn't been readily available to smaller organizations and individuals.
But now companies like Amazon and Google are beginning to make machine learning available more widely. Is this the start of a new trend? What will it mean for businesses, and will we see the rise of a new generation of ‘citizen data scientists’?
We spoke to Mike Weston, CEO of data science specialist Profusion to find out more.
BN: Isn't machine learning something that's only for techies and big organizations?
MW: No. This is a common misconception. You do not have to be a big organization to benefit from machine learning, you just have to be willing to invest time.
Machine learning is a branch of data science which focuses on using a form of artificial intelligence to help solve problems. Initially, a data scientist will train a computer with questions and answers relevant to a business' issues and the computer will then learn how to answer similar questions in the future. This training can be tailored to a business' needs and characteristics -- including its size.
BN: Are we seeing a move towards data science being available to all?
MW: Most definitely -- large tech companies are starting to take notice of machine learning and data science, and developing tools to make this more accessible to 'non-techies'. You have Amazon and Microsoft integrating machine learning tools within their AWS and CRM platforms while Google has recently released Tensorflow. This trend is only going to increase as more companies become aware of the importance and potential of data science.
I also expect that as these machine learning tools become more commonplace, we’ll see an increase in the number of 'citizen data scientists' within companies. These are people who are embedded in different departments and who have enough knowledge to understand the value and applications of data science and who can undertake rudimentary analysis. It will be these people who become data science’s greatest cheerleaders.
BN: Thanks to smart devices and the Internet of Things enterprises are collecting more data than ever. Is there a risk that much of this is being wasted?
MW: At the current time I am pretty certain that many businesses are wasting their data. This is only going to grow as smart devices and the IoT becomes more mainstream. The main issue is that many businesses do not see the full potential of the mountain of data they are sitting on and they do not know how to use it.
BN: What opportunities can machine learning bring to businesses?
MW: There are a great many opportunities. For example, a supermarket retailer could look at all their transactional data and see that eggs, milk, vanilla pods and flour are often bought in the same basket. Overlaying information on common recipes along with seasonal and weather data may then tell that retailer that all these items are commonly used to bake a cake, that baking increases when the weather is overcast and is highest in winter. The supermarket could then use this information to predict demand for certain items of stock, along with recommending baking goods and recipe books.
The advantage of using a machine learning algorithm for this is that the computer constantly learns and improves. Although a retailer may have many different products and millions of transactions, using an algorithm saves the time it would take a team of human beings to sift through all this data. As the algorithm learns from its mistakes, it gets increasingly accurate over time.
Data science can also be applied to other problems and industries. It has the potential to streamline an organization's supply chain, inform public services and infrastructure, be used for pharmaceuticals and in clinical trials and be used for employee wellness. Data science's potential is game-changing.
BN: On the other side of the coin what concerns is it likely to raise?
MW: Whenever businesses work with personal data, there are always concerns over the security and use of that data. It is important that organizations consider how they store their data, along with who has access to it. Companies will have to make some difficult decisions regarding how far they go in using their consumers' and staff data. I recommend that businesses create guidelines informing others on how the data will be used, and why.
If businesses fail to use data in an ethical way, they could face a backlash and loss of trust from their consumers and staff. This would be damaging to the entire tech industry and is definitely something we wish to avoid.
BN: Will we see simplified data science opening the door for more complex projects?
MW: Simplified data science will almost certainly open the door to more complex projects.
The machine learning platforms offered through Amazon and Microsoft have made data science more accessible, but only for a limited number of applications. With Amazon, the emphasis is on e-commerce and targets the users of Amazon Web Services. Meanwhile, Microsoft's system targets marketing and CRM.
Users of these systems will be able to detect fraud and fake reviews, predict if a customer is likely to leave and tailor a marketing strategy. However, these users will not be able to do more complicated data science. They will lack the technical knowledge required to write algorithms, clean data or know what technique to use to solve particular problems. In this way, businesses which see the benefits of using the simpler data science tools, may then turn to data scientists for more complex work.
Image Credit: Sarah Holmlund / Shutterstock
When faced with the chance of clinching a major deal people are willing to throw security controls out of the window.
This is according to research by contextual security company Balabit which asked over 380 European IT executives, CIOs, CISOs, auditors and other IT professionals about their thoughts on IT security and business flexibility.
When asked about their preference if they needed to choose between IT security and business flexibility, 71 percent of respondents said that security should be equally or more important than business flexibility.
But show them the money and things change, when the same people were asked if they would take the risk of a potential security threat in order to achieve the biggest deal of their life, 69 percent of respondents say they would take the risk.
"These results show that organisations have a long way to go to balance security and business," says Zoltán Györkő, CEO at Balabit. "They demonstrate that while security overload may be tolerated during normal business, when it comes to big deals the respondents would not hesitate to bypass security to win business. It is important that this is recognised as an issue and dealt with accordingly".
Since insiders cause many data breaches according to Ponemon, companies need to achieve a balance between IT security and business flexibility.
"Today's static control solutions can only go so far," adds Györkő. "Security teams must have visibility of the context of user actions to be able to respond effectively, and any additional tools must be transparent to the business workflow. We believe that a monitoring based approach that enables companies to respond to suspicious activities in real time can make IT security more business friendly; that is why we developed our Contextual Security Intelligence Suite".
More details of the survey are available from the Balabit website.
Photo credit: wk1003mike / Shutterstock
DevOps skills are increasingly sought after and as a result salaries for DevOps engineers are higher than for other IT job titles according to new research.
IT automation software provider PuppetLabs has released its 2015 DevOps Salary Report based on data gathered from its 2015 State of DevOps Report.
Among the findings are that DevOps engineers make noticeably higher salaries than most other practitioner job titles in the 2015 survey and report. 55 percent of US DevOps engineers make $100,000 per year or more; this share is surpassed only by architects (with 75 percent making $100,000-plus), a group that includes the distinct job titles of architects, cloud or infrastructure architects, and systems architects.
Where managers in the rest of the world typically make at least one salary increment more than practitioners, most managers in the US make at least two salary increments more. The report also shows that in the US you're more likely to make a better salary if you are a tech practitioner in technology, web software or education.
These salaries come at the expense of long hours, however. Seventy-one percent of practitioners report working 40 or more hours per week. Most respondents (52 percent) reported working 41-50 hours per week. More DevOps engineers reported working in excess of 50 hours per week than any other job title. More systems engineers reported working 41-50 hours per week, and more system administrators reported working 40 or fewer hours per week.
There's a gender divide too. Most surveyed women reported making $50,000 to $100,000 (59 percent of women, compared to 47 percent of men), while more men reported making $100,000 or more (47 percent of men, compared to 36 percent of women).
"The 2015 State of DevOps Report showed that high-performing IT organizations are more agile, more reliable, and ultimately drive real business value," says Nigel Kersten, CIO at Puppet Labs. "Now that organizations are learning of the benefits of DevOps, we're seeing additional salary data that reveals just how much demand there is around the world for highly qualified IT and DevOps practitioners. It's encouraging to see these positions continue to grow, and we look forward to watching the market evolve and adapt to the growing urgency around making IT a competitive advantage".
You can see more detail on the results in the infographic below or on the PuppetLabs blog.
Photo Credit: Pavel L Photo and Video / Shutterstock
Businesses generally want IT management solutions that offer a complete overview regardless of the underlying platforms that produce it.
Atlanta-based OpsDataStore is addressing this need by launching its new big data back end for all IT management data.
Features of OpsDataStore include open data collection architecture which can handle management data from any platform and any management software product. The solution includes connectors for the VMware vSphere data center virtualization platform, Dynatrace APM, AppDynamics and the ExtraHop wire data platform. Users can also add new connectors for other products.
Unlike simple metrics stores or log databases, OpsDataStore relates items to each other as they're ingested and maintains a continuously updated topology map of the entire environment. Any object can be queried for its end-to-end topology at any point in time. The model is continuously and automatically updated, eliminating the need for periodic discovery.
OpsDataStore is built on state of the art open source, low latency, and big data technologies, including Cassandra (time series database), Spark (stream processing engine), and Kafka (message bus). These technologies enable OpsDataStore to scale to any size environment and process large amounts of data in real time.
An open query architecture makes for easier access and reporting along with support for leading business intelligence tools so data can be easily published to those who need it.
"Service quality issues affect the revenue, reputation, and customer retention of global enterprises that rely upon online services," says Bernd Harzog, CEO of OpsDataStore. "Through our work with hundreds of enterprises over the last several years, we saw the urgent need to glue together IT management data into an easily consumable solution. By creating a central repository for all IT operations data, we enable enterprises to keep up with an unprecedented rate of innovation while delivering superior online service quality".
More information on the launch is available on the company's blog.
Image Credit: jannoon028 / Shutterstock
Until recently the idea of machines and computers taking over from humans has been the stuff of sci-fi. But recent developments in automation have brought the reality of a machine takeover of many tasks much closer.
New research from smart automation specialist arago reveals that, amongst IT workers at least, more automation leads to greater job satisfaction. 85 percent not only welcome smart automation, but also identify concrete benefits from it.
According to the study 85 percent say that intellectually stimulating activities are most important to their job satisfaction, 88 percent want to use automation to free up their time so they can focus on more strategic initiatives, 93 percent believe automated IT tools do not put their jobs at risk, and 91 percent realize automated IT tools are not the beginning of an AI takeover.
When asked what they'd prefer to do instead of the menial tasks that take up much of their time, the two most preferred tasks are innovating technology/solutions (72 percent) and modernizing existing technology (63 percent).
"IT pros know that smart automation technology frees up their time, reduces the need for menial tasks and allows them to concentrate on innovative endeavors that are much more strategic to their employers and their own future. That shows the common narrative stating that IT Pros find smart automation a threat to their jobs, and that they are afraid of a machine takeover, are overblown. The reality is quite the opposite." says Chris Boos, CEO for arago. "Forward thinking CEOs, CIOs and HR executives need to be aware of the positive impact smart automation will have on their companies".
You can see more of the survey's findings in infographic form below.
Image Credit: Tatiana Shepeleva / Shutterstock
As we approach Cyber Monday, Black Friday and the holiday season, online retailers are keen to make the most of the opportunity to boost their business.
But what can they do to make themselves stand out? Reviews from customers are a crucial part of the process. We spoke to Jonathan Hinz, director of strategic partnerships and business development at online review community Trustpilot to find out how companies can use them to their advantage.
BN: What can e-commerce brands do to attract customers during the holiday buying season?
JH: In 2013, Nielsen reported that 84 percent of consumers trusted recommendations from people they know and 68 percent trusted the opinions of those online. These figures are up 6 percent and 7 percent respectively, from 2007. What's clear from these figures is that brands need to change their traditional marketing approaches to ones that relate better to consumers. As social creatures, we have the need to act like others. We tend to weigh our regular decisions, and sometimes major decisions, on those around us. So why should making a decision about what to purchase and who to purchase from be any different? Companies need to use pictures, reviews and feedback from their existing customers to entice new customers. Consumers need to hear and see from their peers, putting information into context in order to make a purchase decision. It’s the only way brands can stand out from competition.
BN: What and where are the best places to display online reviews on an eCommerce site?
JH: The reality is that it's not simply about conversion on the site any more. Consumers are bombarded by messages from brands across all kinds of media and devices these days. It's just not a linear path any longer as customers are interacting with brands an average of 4.3 times in two days before a purchase. No one location (like your website) is enough to encourage a consumer to buy a product or service. Committing yourself to being a consumer-focused company and understanding consumer behavior is critical in addressing the encouragement of a purchase.
Once you understand who your consumers are, and how they purchase, you can then address where your brand needs support throughout the customer journey. This all depends on the consumer research you conducted. Do you need to increase your visibility in search? Convert better in search ads, landing pages or on your website? Does your website have drop-off points, or worse, shopping cart abandonment challenges? I know all the brands I’ve ever consulted with would simply say they need help with 'all of the above.' That's why it's critical to engage with a company like Trustpilot that provides a range of solutions, from free to enterprise, to promote the reviews and feedback of your existing customers to any sales prospects in your future.
BN: How can social media help boost purchases and increase trust in a company?
JH: Social media is a great outlet for companies to build trust and increase consumer consideration of purchase, and the proof is that 89 percent of consumers say interaction with a brand on social media has an impact on their purchase. How brands use social media is what makes the difference. Social media platforms perform best in building trust and creating an environment where consumers can share experiences to spread awareness of brands. Giving your existing consumers a platform to help inform your prospective consumers through posting authentic and verified consumer reviews is key here. Consumers need to know you're a credible place to buy from and that you can handle the inevitable negative situations that occur.
BN: Other than price, what helps a buyer decide where to purchase a product?
JH: 'Where' is an interesting concept in our omnichannel world. Where can mean from whom they purchase, and also from which device they purchase. More consumers are on their mobile devices than any other device. The research and purchases they make on mobile are increasing as well. Brands need to ensure their sites and content are mobile optimized to ensure visibility on the devices consumers are using the most. Additionally, 86 percent of consumers will pay more for a better customer experience, which means brands need to invest in a consumer review solution that can help them collect customer feedback and analyze the data to improve customer relations and service.
Image Credit: Rawpixel / Shutterstock
With the approach of the holiday season there's a spike in online shopping which means many people will be expecting the delivery of packages.
This of course is a window of opportunity for cyber criminals looking to steal personal information. It's perhaps not surprising then that Comodo Antispam Labs has identified a new global phishing threat, targeted at businesses and individuals who use DHL shipping.
The fake emails appear to come from DHL Worldwide and have the subject line 'DHL Shipping Delivery Tracking Number.' The tell tale give away is that the sender's email address is not on a DHL domain. The messages imitate the corporate style and logos of DHL, and are designed to capture logins and passwords to DHL accounts and package tracking information.
The phishing email headed 'DHL Capability Tool' asks recipients to click a link to obtain a tracking number for their delivery. If clicked the link leads to a site that will capture the user’s DHL ID and password.
"Through specific IP and URL analysis -- as well as the Comodo Antispam Labs' continuous monitoring and scanning of data from the users of Comodo's Internet security systems, our team was able to identify this specific phishing email scam and alert the public to it," says Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs. "As a company, we work diligently in creating innovative technology solutions that stay a step ahead of the cyber criminals, and keep enterprises and IT environments safe".
There are around 2.5 million users of DHL worldwide so the campaign has the potential to net those behind it a good number of unwary victims. You can find more information about the scam on the Comodo blog.
Image Credit: Maksim Kabakou / Shutterstock
Docker has been widely adopted by enterprises looking for tools that allow for fast development, testing and management of applications.
HP Enterprise (HPE) is using this week's DockerCon Europe to introduce a new line up of solutions for the Docker ecosystem. These encompass cloud, software, storage and services to allow businesses to use Docker to help them move to a hybrid infrastructure in a scalable, secure and trusted manner.
"Containers are changing the way applications are developed and managed, bridging the gap between IT and developers and helping organizations accelerate their pace of innovation," says Martin Fink, EVP and CTO at HPE. "Hewlett Packard Enterprise is embracing and extending Docker capabilities by providing a comprehensive set of enterprise class tools and services to help customers develop, test and run Docker environments at enterprise scale".
Solutions on offer include the HPE Helion Development Platform 2.0 with support for Docker, which enables developers and IT operators to deploy microservices, a way of designing applications as independently deployable services, packaged as Docker containers.
HPE StormRunner and HPE AppPulse for Docker let developers and IT operations test, deploy and monitor Dockerized applications with confidence, providing full application lifecycle management. Remote Docker Swarm cluster monitoring with HPE Sitescope manages and monitors a complete Docker Swarm cluster using HPE Sitescope, an agentless application monitoring software solution.
HPE Codar for Docker allows continuous deployment of hybrid workloads, part traditional and part containerized, with the click of a button. Docker Machine plugin for HPE Composable Infrastructure automates the deployment of Docker container hosts from HPE OneView, enabling IT and DevOps to rapidly provision bare metal infrastructure for Docker environments within an organization's own datacenter and on their own secure networks.
There's also persistent storage for Docker containerized apps using flash-optimized HPE 3PAR StoreServ Storage arrays and the HPE StoreVirtual software-defined storage solutions. Enterprise-grade container support delivers expanded support for containers in alignment with HPE's technology solutions roadmaps, with a single point of contact for access to a global network of specialists round the clock.
Erez Yaary, HPE Software Chief Technologist EMEA says, “These announcements cover a wide spectrum from development through to managing workloads and management of the data center, all with enterprise grade services”.
HPE solutions for Docker are available now, for more information you can visit the HP Enterprise Grounded in the Cloud blog.
Image Credit: Hewlett Packard Enterprise
Ad-blocking on both desktop and mobile devices is becoming more and more common. But does this mean advertisers are increasingly wasting their time?
A new survey of over 500 consumers by consumer intelligence and predictive marketing company Boxever reveals that 70 percent of consumers surveyed say they're likely or extremely likely to use ad-blocking apps, and another 15 percent said they'd consider it.
When asked the reasons why they wanted to block ads, 61 percent say the mobile ads typically received are completely irrelevant, 61 percent also say mobile ads impede the mobile experience. 56 percent say the mobile ads they typically receive never add any value, and 51 percent say they've never taken action on a mobile ad presented to them.
Email doesn't seem to be better channel for marketers either, particularly since recent filtering advancements rolled out by Gmail, Yahoo, Microsoft and others. Only 22 percent of consumers say they check their clutter/promotions folder each day.
"The issue is a lack of relevance, value and context", says Boxever CEO Dave O'Flanagan, "In fact, an earlier Boxever survey from this year found that for more than 50 percent of consumers, three out of four sales offers received are irrelevant to their needs and preferences".
You can read more about the effect of ad blocking on the Boxever blog and there's a summary of the findings in infographic format below.
Photo Credit: Quka/Shutterstock
Every organization believes that it's making its systems secure, but because they usually work in isolation from competitors and other businesses they have no way of knowing how they compare.
The Building Security In Maturity Model (BSIMM) aims to quantify security practices and present them in a measurable way to allow companies to compare their performance.
We spoke to Paco Hope Principal Security Evangelist of application security specialist Cigital to find out more about BSIMM and how it works.
BN: Where did the idea for BSIMM come from?
PH: Around seven years ago Cigital decided that rather than preaching to people about security we should take a step back and ask them what they do. So we went to big companies like Adobe and asked them how they spent their security budgets. We then developed a model that described all of the things they told us they were doing. Since then we’ve gone on to measure over 100 firms, however, the model only contains data from those who’ve been measured recently.
BN: How does it work?
PH: What we're trying to do is observational science around software security; we’re not interested in the desktop IT, anti-virus, network operations areas. We're talking about people who build software and apply it around the enterprise. Over time we've settled on around 112 activities that we've seen these people doing. From this we’ve built a scientific model that lets us score companies based on what they do. There’s no perfect score, it’s about what stuff companies are doing and whether that’s right for them. The activities are broken into five categories, including penetration testing, version control, risk and compliance.
BN: How is the information used?
PH: We publish a report every year which is all creative commons and out in the open. We do charge people to be measured so there is a commercial aspect, but anyone can look at the BSIMM report and self-assess. The scores for any particular firm are kept secret, we don’t share what we found at particular businesses.
BN: So it's a bit like an audit?
PH: No really, it's typically done over a few days of interviews, we'll sit down with the heads of development, support, operations and testing. We have a pretty good set of questions having done this hundreds of times, but it’s not an accounting audit where we ask to see deliverables that demonstrate what’s being done.
BN: What advantage does it have for businesses and does it scale to smaller and medium enterprises?
It overcomes the difficulty of getting to grips with security. You don't have to go it alone and make it up, you can learn from what other people have done. We have interviewed some smaller companies but below a certain size -- say you have a mobile apps company with only 20 people -- this doesn't make sense for them. But any decent sized enterprise, especially one that's pulling software from lots of vendors and building many different apps, BSIMM works really well.
BN: Do some sectors benefit more than others?
PH: We don't talk about specific sectors very much until we have enough people in that sector to show results without revealing details about a particular member. So, we have 20 plus financial services companies for example so we can show an average for that sector without revealing anything about a particular company.
Financial services, independent software vendors, consumer electronics and healthcare are the areas where we have most data. What surprised us at first was how similar some sectors are -- financial services and software vendors for example. It's only as we’ve started to get into other verticals that we've started to see more differences. Healthcare for instance tends to have a lower score than other industries, this is because some industries tend to think of themselves as hardware based when today it's not true. Car makers too these days are increasingly in the software business because a modern car is a big computer with a petrol-based power supply.
The advantage BSIMM brings is that companies adapting to a changing business model can learn from others who have already analyzed what they do.
BN: What could companies that have suffered major data breaches learn from the BSIMM model?
PH: That list of 112 activities hasn't been the same over the years; it's changed. A couple of years ago we stared to see an activity called 'simulating a software crisis' where mature firms will test their procedures for dealing with a problem like a software breach. They'll involve all of the relevant departments including legal, PR and so on and work through how they’d deal with the problem.
A good example is Saleforce.com which is a member of BSIMM, a couple of months ago a cross-site scripting bug was discovered in a Saleforce admin panel. 30 days after this was reported the whole thing was fixed and Saleforce acknowledged the problem, they delivered the kind of response you’d expect from a mature organization. It’s not about being perfect and producing perfectly secure software every time, it’s about knowing what to do and how to handle the problem. By contrast the recent TalkTalk breach was handled quite badly as they took a long time to get out a coherent message.
BN: Is there a cost involved?
PH: In a sense it's a bit like ISO9001, you can go and read the standard and do everything yourself, but at some point you need a third-party to come along and verify what you've done. So yes, there is a nominal cost if someone wants to be measured by us, but it's not expensive.
A further advantage of joining is that we've created a community that brings together people from companies who've been measured and they can compare notes and realize that often they have the same problems.
Image Credit: Manczurov / Shutterstock
How much risk are you facing just by visiting a website? Do you know what scripts are running and which other sites they're pulling data from?
Malware prevention company Menlo Security scanned the Alexa top 50 UK websites to find out what their users were being exposed to. The findings show that on average, when visiting a top 50 UK site, your browser will execute 19 scripts.
It found that eight percent of the top 50 sites executed more than 50 scripts and that the top UK website ran a startling 125 unique scripts when requested. 72 percent of the top 50 sites executed fewer than 20 scripts, and one of the top 50 used just a single script. Two of the top three sites on the list are news websites.
What's also interesting is the amount of data being downloaded. 62 percent of sites downloaded less than 1MB of code, however, one media site downloaded 4.9MB. Media sites hold the top two places for the amount of downloaded code followed by social media sites making up the top five.
In addition the scan looked at the back end code of the sites and found 15 of the top 50 sites were running vulnerable versions of web-server code. Microsoft IIS version 7.5 was the most prominent vulnerable version reported, with known vulnerabilities going back more than five years.
"There are many legitimate reasons why developers use scripts to enhance the user experience of a website today, but similarly attackers can use scripting capabilities for iframe redirects and malvertising links to compromise browsers", Jason Steer, Menlo Security solutions architect of EMEA says, writing on the company's blog. "The main takeaways show that going to any popular website is now associated with some risk, as we see play out in numerous media stories every week. Knowing that visiting a top 10 site means that I'm allowing my browser to execute more than 25 scripts according to our data (that’s 25 scripts that may or may not be well written and/or secure), is a concern. What's more is that going to a top 25 UK website exposes my browser to more than 100 scripts without any knowledge of how good or bad they may be, and from over 50 unique websites in the background".
Tests were carried out against the Alexa Top 50 UK sites on October 15th using a 64-bit version of Chrome.
Image Credit: spaxiax / Shutterstock
Businesses are turning to encryption as a means of meeting compliance and data storage requirements and to guard against breaches and data loss.
But with the rapid evolution of enterprise IT data may be stored in a variety of environments in-house, in the cloud, which presents new security challenges.
Enterprise security company Vormetric is announcing an expansion of its Data Security Platform, with new capabilities that expand protection for sensitive data within datacenter, cloud, big data and application environments.
The latest platform offers encryption and access control capabilities for Docker, Hadoop, NoSQL and SQL as well as enhanced automation capabilities. It enables advanced protection against data breaches, while also helping organizations to meet strict compliance and regulatory requirements.
"The many advances in functionality and features added to the Vormetric Data Security Platform will help our customers deploy more easily, as well as protect data more completely, in more environments, and with minimal business impact," says Vice President of Product Management for Vormetric, Derek Tumulak. "We believe that Vormetric's rapid implementation and support of new environments and use cases gives our customers great investment protection, empowering them to safely adopt new technologies and platforms without having to disrupt operations or implement costly new security infrastructure sets".
New features include protection for data at rest in Docker containers. The solution's encryption, access controls, and security intelligence logs can now be used to safeguard and control container images and backups, ensuring that they only run in authorized environments.
It allows easier deployment of database field-level encryption by ensuring that the encrypted data size matches the existing database field size, avoiding database schema changes. Extension of data security access controls for Hadoop allows a higher level of security and policy-based isolation within Hadoop environments, delivering granular per-user or per-group access policies to encrypted files or folders within the Hadoop Distributed File System (HDFS) namespace.
The new capabilities will be available in the first quarter of 2016, you can find out more on the Vormetric blog.
Image Credit: Maksim Kabakou / Shutterstock
Sales teams are often saddled with outdated analytics and reporting which means that they lack a clear understanding of what's needed to drive the sales process forward.
Smart sales specialist TAS Group is launching a new Sales Performance Manager as part of its Dealmaker platform, which is aimed at helping sales leaders and their teams manage every aspect of their sales pipeline and performance with built-in knowledge and insights to help guide their decisions.
"Dealmaker Sales Performance Manager is exactly what sales leaders need to cut out ambiguity and take real, substantial steps forward," says Donal Daly, CEO of The TAS Group. "Our software is informed by 30 years of experience and over 200 enterprise customers who are drawing billions of dollars of revenue every month. These insights go beyond analytics; they offer total visibility into the pipeline with all of that industry expertise for context. We wanted our customers to have accurate forecasts and explosive pipelines. With Dealmaker Sales Performance Manager, we’re giving them the understanding and guidance they need to get them".
Dealmaker Sales Performance Manager is built natively on the Salesforce platform. Key features include a specially developed system of key performance indicators (KPIs) for measuring sales success, plus real-time visibility into a sales organization’s current state, so teams can constantly access a complete, accurate understanding of their performance.
Informed pipeline management allows teams to create a strategy, tailored to each sales team’s specific needs and challenges. This also allows for instant performance reviews, highlighting the challenges and successes and illustrating best practices for even better results in the coming quarter.
Sales Performance Manager is available on any internet-connected mobile device, meaning actionable intelligence and sales tools are available at any time. More details can be found on the TAS Group website.
Image Credit: Syda Productions / Shutterstock
It's increasingly common for hardware manufacturers and software developers to build in various security measures to protect users.
However, a new survey by cloud encryption company Alertsec reveals that these standard security precautions may be creating a false sense of security for PC and mobile users.
The Alertsec SMB 2015 Encryption Study, carried out among 1,255 small-to-medium businesses reveals that 68 percent believe auto-saved passwords are not secure. Nearly half (48 percent) believe never logging out of user profiles decreases security. Over one in five SMB executives (23 percent) believe lock down -- when functionality of the system is restricted -- is not secure, while 16 percent believe that locking out systems following multiple failed password attempts is also insecure.
"The real problem is the false sense of security these 'security precautions' create," says Ebba Blitz, President of Alertsec. "Computer manufacturers and software vendors offer a variety of built-in solutions that seem to protect you, but they are no match for the run-of-the-mill cybercriminal. That's why encryption is so important. Losing data could cause a problem of catastrophic proportions for any individual and any company".
87 percent of those surveyed say they fear data breaches. When pressed further most cited physical security fears, with 40 percent of respondents saying they fear leaving their laptop in the car and consequently having their identity stolen, 37 percent fear having their laptop stolen while working at a coffee shop, 30 percent fear burglars breaking into their homes and obtaining online banking information and 27 percent worry about having their laptop stolen at airport security and having their cloud storage and photo files breached.
Perhaps no surprise then that 68 percent say the problems they have seen at work have made them encrypt their personal computers. An impressive 90 percent say that work computers should be encrypted, followed by smartphones (61 percent), personal computers (58 percent) and tablets (55 percent).
More about how encryption can be used to secure devices is available on the Alertsec website.
Image Credit: Sergey Nivens / Shutterstock
Security solutions are lagging behind and failing to provide protection or detection levels adequate to protect against today's security threats.
This is according to a new survey from security and compliance solutions company Promisec. The results point to increased security gaps and vulnerabilities in spite of widespread fear of security breaches.
The survey spoke to over 150 IT decision makers and 74 percent said traditional anti-virus defenses no longer address advanced targeted threats, with only 26 percent believing they will play a vital role in the future. This compares to 58 percent and 19 percent respectively, in last year’s survey, which illustrates a continued trend away from traditional anti-virus defenses.
Yet despite this recognition and the fact that 73 percent of respondents say endpoints are most vulnerable to attack, fewer companies today (32 percent) say they have advanced endpoint security protections in place, down from 39 percent last year.
"Results from our survey indicate that for many companies, endpoints remain highly vulnerable to a cyber-attack as threat levels continue to rise," says Dan Ross, CEO of Promisec. "We continue to see new breed of more complex and sophisticated threats, where traditional blocking and prevention mechanisms, such as firewall, anti-virus and anti-malware software, are no longer enough to keep our networks safe. Companies need to aggressively fortify their endpoint security infrastructure as a critical part of their total security portfolio in order to keep pace with the rapid evolution of today’s most severe threats".
The survey also finds that 82 percent of IT professionals are either 'highly' or 'moderately' concerned about a potential security breach in the next year but only 31 percent say they are 'well prepared' for a cyber-attack.
You can read more about the survey on the Promisec blog and there's a summary of the findings in the infographic below.
Image Credit: underverse /Shutterstock
Work management software company Clarizen is announcing its latest release which delivers new options for viewing work and integration with the JIRA development workflow package.
Major features include an interactive Gantt view gives users visual representation of the workplan, on which they can take action, such as rescheduling work by dragging and dropping or creating dependencies by linking tasks. Users can also display key attributes -- for example percentage complete or dates -- on the Gantt bars, and share the Gantt as a widget with internal and external stakeholders.
A new real-time calendar display allowing users to view and manage all their work. This can be color-coded to focus on status, priority, or manager for improved visibility.
Analytic snapshot apps enable trend analysis on project performance to identify problem areas. Administrators can track daily active users on the application and identify where user adoption is low or where users may need extra training. They can capture information for daily trend snapshots, plus track actual, remaining and expected progress over time.
JIRA v2 integration strengthens connections between teams. When one part of a team uses JIRA for software coding and bug tracking while the rest of the project is managed in Clarizen, all stakeholders can be kept in sync as key JIRA data is reflected in Clarizen and vice versa. The flexible, out-of-the-box integration features best practice mappings and events, with an easy-to-use administration layer designed for business users.
Other new features include the ability to have multiple managers on all work objects, view project cases in separate panels, and push notifications for Clarizen's iPhone app.
"Teams are empowered when workers at all levels within an organization can view, manage and collaborate on their work," says Avinoam Nowogrodski, CEO of Clarizen. "Our Fall Release further expands our customers’ visibility into their businesses, so they can make decisions in real time".
The new release is available at no charge to existing Clarizen users, with the exception of JIRA integration which requires an extra license. A webinar showcasing the product's features will be held on 23 November.
Image Credit: Tischenko Irina / Shutterstock
Many people cite performance issues as a reason why they're reluctant to run or end up uninstalling internet security products.
Independent testing organization AV-Comparatives has released the results of its latest studies on a range of security products, focussing on how they impact system performance.
It tested 19 products on an HP 350 G1 system running Windows 10 Home 64-bit and measured the impact on file copying, archiving and unarchiving, installing and uninstalling applications, launching applications, downloading files, and the PC Mark 8 testing software.
Using a system with no security software as a baseline it came up with an impact score for each product. An 'out of the box' system with Windows Defender installed scored 16.2, least impact was recorded by Avira on 2.3 and Avast on 2.7 with Kaspersky third on 5.4.
At the other end of the scale there's a tie for most impact recorded, with ThreatTrack Vipre and Fortinet FortiClient both with an impact score of 27.5. Lavasoft on 16.3 and BullGuard on 16.7 both have similar impact to a standard Windows Defender system.
The report points out that other factors, such as the age of the machine, the amount of RAM available, the contents of the hard drive and whether other software is up to date can also have an impact on performance.
The full report can be downloaded from the AV-Comparatives site with details of all the products tested and charts showing how they compare for different functions.
Image Credit: alexmillos / Shutterstock
The shift towards mobile computing and BYOD has been the big story in enterprise IT over the past couple of years.
But has the trend towards mobile peaked? Can we expect BYOD to move into smaller organizations and what effect will legal and regulatory frameworks have? We spoke to Gary Greenbaum, CEO of BYOD billing specialist Syntonic to find out.
BN: Are we seeing a slow down in enterprise mobile adoption and if so is this a long-term trend or just a blip?
GG: The big trend at work is less about enterprise mobility adoption, that's already happened en masse. It's more about the consumerization of IT, whereby IT is adopting consumer-driven technologies brought into the work environment by employees, a trend that has been active for over five years and that shows no signs of abating. Increasing reliance on mobile devices in the enterprise is driven by ever more powerful mobile computing devices and employee preferences for consumer applications that can also be used for business, such as Outlook or Skype. The consumerization of IT trend has mutual benefits for the employer and the employee. The enterprise has enjoyed tremendous productivity gains as consumers bring increasingly powerful smartphones and other mobile devices into the workplace. Employees have achieved greater flexibility to work from anywhere and use the apps and tools they’re familiar with. The line between work and personal life has blurred. Work is no longer a geographic location where employees go: it's what employees do. BYOD is enabling this new way of working.
BN: What will be the effect of the class action lawsuits for BYOD employee reimbursement in California and Massachusetts? Can we expect these to spread elsewhere?
GG: What happens in California doesn't stay in California. The conclusion of Cochran v. Schwan's Home Services class action lawsuit was noteworthy because it simply reasserted existing labor law and didn't introduce any new law. BYOD reimbursement is fair work practice that is similar to other forms of business reimbursement. Similar labor laws are active in many other states and we expect to see on-going employee lawsuits seeking fair compensation.
BN: How will smaller businesses be able to cope with demands for BYOD and the associated regulatory pressures?
GG: The industry has been remiss about building solutions for SMBs. The same California law that requires employers to reimburse employees for mobile phone use applies to both enterprises and SMBs. Small and medium size businesses require a split billing solution, just as much as the large enterprise. Split billing helps SMBs remain compliant by ensuring accurate reimbursement for mobile usage. To date, Enterprise Mobility Management (EMM) vendors have focused their offerings on large enterprises with solutions that aren’t well suited to the needs of SMBs.
SMBs are left with four options:
1. Force employees to fill out time-intensive expense reports
2. Estimate reimbursement amounts
3. Don’t reimburse employees
4. Adopt a split billing solution to accurately segment mobile usage
Options 1, 2, and 3 are not tenable. Forcing employees to fill out expense reports is costly and fraught with guesswork since mobile bills only list the date, time and megabytes used, with no tie-back to actual business usage. Estimating reimbursement amounts doesn't provide accurate accounting and leads to over-generous stipends that inflate company BYOD costs. Finally, the recent enforcement of existing labor law in California requires employers to reimburse employees when they use their mobile devices for business use.
Adopting a split billing solution, is the most cost-effective option since it not only allows employers to reimburse and remain compliant, but it also provides analytics insights to understand how employees are using mobile devices so businesses can better forecast and budget. Today's split billing also provides turnkey solutions that are easy to manage with minimal IT resources.
BN: Can we expect to see Apple making more efforts to take on Android in the workplace?
GG: Android has had tremendous success with BYOD outside of the US, while Apple has enjoyed the lion's share of the US BYOD market. It's not a birthright to have the dominant mobile OS, as Blackberry's past mobile ventures clearly demonstrate. Apple will do what's necessary to maintain their position, pursuing business feature parity with Android, and if the past is indicative of the future, they’ll provide differentiated value with their iOS enterprise offering.
There's also a channel need that hasn't been addressed. Consumers don't currently choose a phone by evaluating how well it meshes with their work environment, such as separating business use from personal use. A phone that makes it easy to get reimbursed by your employer opens up new opportunities for handset manufacturers, mobile operators, and solution providers to deliver new, differentiated value to consumers.
BN: Where is enterprise mobility expanding fastest?
GG: Core business services are pivoting to mobile due to the confluence of ubiquitous employee smartphone adoption, cloud services, and the growth of mobile business applications, Employers and employees now expect work to be conducted on mobile devices. The big drivers behind this growth are business productivity and employee flexibility. The landscape has changed: gone are the voice-only phones of the past. Business apps and services are now available online. The new opportunity for businesses is to efficiently grow employee mobile services while reducing Capex.
BN: Will we see further consolidation of enterprise mobility management providers in 2016?
GG: Yes. The IBM acquisition of Fiberlink's MaaS360, VMWare's acquisition of AirWatch, and Blackberry's acquisition of Good Technology are part of an overall EMM consolidation trend, aggregating functionality and services to single vendor solutions. Dell has become a one-stop destination for enterprise solutions with storage, network, cloud services, virtualized hardware, and device management. Consolidation is also an indication that the BYOD market is maturing and going mainstream.
Image Credit: Max Griboedov/Shutterstock
Most people in Britain believe that artificial intelligence is a force for good according to a new survey, with only one in 10 thinking that it’s evil.
This is one of the findings of research by marketing technology company Rocket Fuel which finds broad public optimism about AI across the UK.
A large majority (92 percent) claim some understanding of what AI is and almost half (48 percent) believe AI is a force for good or mostly good. 42 percent of Brits are excited by AI or think it will solve big world problems. However, 21 percent see AI as a threat or are scared by it.
There is a greater awareness of the uses of AI in everyday life among men than women, with women more likely to perceive AI as a thing of science fiction or limited to laboratories (21 percent), compared to men (13 percent).
When it comes to the workplace 45 percent don't believe AI will impact their job, 10 percent think it will have a positive effect and nine percent believe their job will be under threat. Interestingly those on the lowest incomes are more likely to see AI as changing their job for the better.
Perhaps surprisingly it's younger age groups who are most suspicious of the technology, with 20 percent of 18-24 year olds citing AI as a force for evil, double the percentage of any other age group. Also 18 percent of 18-24 year olds believe that AI will threaten their jobs, again double the number of any other age group.
"Artificial intelligence continues to hit the headlines and there has been a lot of discussion about the negative impact this technology could have on our lives. As a company that uses AI to power our business and drive better, more efficient outcomes for our clients' marketing campaigns, we were interested to understand just what the British public’s perception of AI is," says Dominic Trigg, Rocket Fuel’s SVP and MD Europe and emerging markets. "We were pleasantly surprised by the findings, with the overall sentiment towards AI being very positive amongst a well-informed British public. We believe AI is already making a positive impact in a number of industries and we believe that it is more likely to continue to offer practical improvements, innovation and efficiency to the UK, rather than any danger".
More information about AI and its role in marketing can be found on the Rocket Fuel website.
Image Credit: Mopic / Shutterstock
Whilst most organizations recognize the importance of big data, the tools needed to obtain value from it are often complex and unweildy.
To make it easy for companies to build an organization-wide data analytics platform, business analytics specialist Looker is launching Looker Blocks for the Google BigQuery cloud analytics service.
BigQuery, unlike other databases, never runs out of storage and never gets slow, Looker claims its offering is the only tool that lets users harness the power of the underlying database with its unique in-database architecture. Looker operates on the data directly in BigQuery, never extracting subsets of data, making for incredibly fast queries against all of the data available to everyone.
"Looker and BigQuery are compatible because both technologies are, at the core, architected to scale. Whether you have 250GB or Petabytes of data, Looker makes data exploration easy and accessible to everyone at a company." says Frank Bien, CEO of Looker. "We aren't just a visualization tool that only analyzes subsets of the data, we are a reliable data platform for organization-wide analytics and business metrics".
Specific Looker Blocks and additional features to connect with the Google Cloud include Table Date Range Analytics which makes BigQuery's unique approach to data partitioning seamless for end users and optimizes query performance, making it easy to understand event data over time, and gain insight into every aspect of consumer behavior.
A Query Size Estimator lets data analysts determine the size of a query directly within Looker’s data platform -- before it's run -- giving data analysts greater insight for database management. The Google Analytics Premium Looker Block comes pre-built with a full suite of web analytics metrics such as funnels, bounce rates, and attribution analysis. Once up and running with the GA Premium Block, users can then layer on additional custom analysis to understand the metrics that drive their business.
More information on using Looker with Google BigQuery can be found on the company's website.
Photo Credit: Sergey Nivens / Shutterstock
Two-factor authentication is increasingly common as a way of verifying logins to websites so that you’re not relying on just a password.
Now Siber Systems maker of the popular RoboForm password manager is adding 2FA to allow users to receive a password via text message to verify trusted desktop, laptop and mobile devices for repeat use with the software.
"People are rightly concerned about the security of their sensitive personal information and financial accounts," says Bill Carey, Siber Systems VP of Marketing. "Hackers are becoming more sophisticated all the time, causing a record number of data breaches that can affect hundreds of millions of people. Our multifactor authentication option improves security by ensuring that only registered computers and mobile devices can access a user's RoboForm Everywhere account. By limiting the possibility of outside access to a user's account, we've created one of the strongest security solutions on the market today".
RoboForm Everywhere subscribers can use multifactor authentication protection for free on an opt-in basis. This enables them to expand the trusted environment for their passwords by verifying their personal laptops, PCs and mobile devices before accessing their RoboForm information.
Once a user has opted in, the feature will send a one-time password either via text message or to the user's registered email account the first time they log on from an unregistered computer or mobile device. The message will contain a code the subscriber can use to verify the device. Once the device is registered, it's approved for repeat use with the user name and log-in password. Users can also delete devices from the approved list any time.
For more information on using the software and 2FA you can visit the RoboForm site.
Photo Credit: JMiks/Shutterstock
More and more businesses are adopting a container strategy but this leads to problems for operations and security staff seeking to maintain control and visibility.
Container security specialist Twistock released its Container Security Suite in beta back in May and has now announced general availability of the product along with its participation in the Google Cloud Platform partner program.
"Containers bring unprecedented speed and agility that allow DevOps to quickly respond to changing business needs. But organizations are concerned about the robustness of policy management and the ability to support organizational compliance needs," says Ben Bernstein, CEO and co-founder of Twistlock. "This integration is significant because Google Cloud Platform users can use Twistlock technologies to have the visibility and controls they need to maximize business efficiency and potential for innovations".
Integration with Google Cloud Platform (GCP) provides container image scanning, access control functions, and the ability to enforce runtime security policies to protect containerized applications running on GCP.
Twistlock allows users to scan images in Google Container Registry for CVE (Common Vulnerabilities and Exposures) and for policy compliance. They can also detect anomalies in a running container engine cluster and take automated corrective actions, such as raising an alert or disconnecting the container’s network access. In addition it can generate reports of policy violations in both Container Registry and Container Engine.
For users there are three parts to Twistlock for GCP, a Registry Scanner that performs vulnerability scanning for container registries, and the Twistlock Console which is both a policy configuration portal and a central dashboard for all Twistlock tasks. Plus there's Twistlock Defender which runs on the same host as protected container workloads and monitors container health, applies configuration policies, and reports container information back to the console.
More information is available on the Twistlock blog and users can request a free trial of the platform on the company's site.
Image Credit: VERSUSstudio / Shutterstock
A recent study by the Business Software Alliance estimated that 43 percent of software installed today is not properly licensed, which equates to more than $63 billion in lost revenue.
SmartFlow Compliance Solutions is launching an innovative solution designed to help companies combat intellectual property theft and establish effective in-house compliance programs.
"Software piracy is becoming a rampant global epidemic with significant impacts on businesses and the economy," says Ted Miracco, CEO of SmartFlow. "We've developed a turnkey solution that allows businesses to start seeing ROI immediately. Armed with SmartFlow, our clients proactively take charge of the situation by tracking down pirated versions of their software and compiling the data to take necessary action against IP theft. We streamline the compliance enforcement process, so it’s simple and effective for companies to recover this valuable source of revenue, while protecting their paying customers from unfair competition".
SmartFlow is built in at the development stage and works a bit like an 'Easter egg' in an application, allowing the developer to determine where it's being used and whether it's properly licensed.
SmartFlow's data collection capabilities can be fine-tuned to comply with specific information regulations across the globe. This makes for comprehensive data reporting, so developers can build a stronger case against blatant IP thieves as well as alerting companies that may be unintentionally non-compliant.
Available now, the SmartFlow product suite includes a SmartFlow Software Development Kit (SDK), which monitors applications to ensure they are being used in compliance with licensing terms, and SmartFlow Professional or SmartFlow Enterprise programs, which provide everything a company needs to establish an in-house compliance program.
For more information and pricing you can visit the SmartFlow website.
Image Credit: Feng Yu / Shutterstock
According to a new survey 80 percent of consumers would stop being a customer if there were a security breach in a company's mobile app. But app developers admit in the same study that many apps are not secure due to pressure to release them to market before they are ready.
These findings come from mobile security and analytics company Bluebox Security which talked to over 400 consumers and approximately 300 developers.
The results reveal that 69 percent of consumers are somewhat to very confident that the apps they use are safe from hackers. However, this confidence is misplaced as the developers of those apps confess they are not secure. In fact, 74 percent of developers believe most mobile apps are moderately vulnerable and 24 percent say they are highly vulnerable.
Almost half of all developers admit that they have rushed an app to market, despite it not being completely ready. Also 53 percent of developers admit that they have taken shortcuts or put temporary solutions in place in order to get their app out on time. Developers are using unsecured third party frameworks too, 96 percent say they use third party frameworks that may or may not be safe to build their apps. Only 32 percent said that they would prefer to develop their own code.
To address these issues Bluebox is launching a new solution for enterprises to secure their consumer-facing apps and fight back against mobile threats that are placing consumers and businesses at risk. Bluebox for Consumer Apps allows enterprises to turn their consumer mobile apps -- those available on the Apple App and Google Play stores -- into self-defending apps that secure, detect and respond to mobile threats, and provide mobile threat intelligence data with a single click.
"Companies have underinvested in mobile security in a rush to become mobile first, and now the bill is due. With mobile threats being discovered almost daily, and enterprises losing control over consumer devices, it's only a matter of time before a mobile hack is the root of the next major breach," says Pam Kostka, CEO of Bluebox. "Our goal is to enable businesses to have confidence in the security posture of the apps that they build and distribute. Our security and threat analytics are easily embedded with the click of a button, transforming any app into a self-protecting island that can intelligently defend itself in real-time when it is in a hostile environment or actively under attack".
The complete survey findings are available on the Bluebox blog and Bluebox for Mobile Apps will be available in December.
Image Credit: LovePHY / Shutterstock
As many businesses have shifted their systems to VMware environments they have a need for real-time insights into application and server performance, efficiency, and reliability.
To meet this need SIOS Technology is announcing the latest release of its SIOS iQ machine learning analytics software. This offers new features to deliver accuracy and precision in performance analysis for VMware environments.
"By putting all key information about an organization's infrastructure at their fingertips, SIOS iQ enables IT managers to ensure their applications are operating efficiently, that issues are identified and resolved quickly, and that VMware resources are not being wasted," says Jerry Melnick, president and CEO at SIOS Technology. "These newest enhancements further simplify the understanding of IT operations and help resolve issues in dynamic virtual environments".
Highlights of SIOS iQ 3.3 include a best practice analysis feature which enables SIOS iQ to provide insights on performance, efficiency, reliability, and capacity utilization immediately after implementation. Using event injection it enables VMware vRealize Operations Manager 6.0 (vROps) to display high availability cluster health, host-based caching configuration recommendations, undersized VMs, idle resources and more, making it easier to stop and fix performance issues.
Version 3.4 will include a Topology Impact Analysis View -- a visual map of the VMware infrastructure showing interrelated objects (VMs, network, storage, and applications) and their relationships, highlighting current status and anomalous behavior. Drill down screens will enable IT staff to explore the detailed root causes of performance issues and recommendations for improvement.
IT staff will be able to augment SIOS iQ's understanding of both normal and anomalous infrastructure behavior by adding extra parameters for increased precision and accuracy. It will also offer a SIOS PERC Dashboard reliability indicator, showing the number of host failures that a cluster has sustained over time and indicating when there are not enough hosts to sustain future failures.
SIOS iQ 3.3 is available now, version 3.4 will be released by the end of the year, for more information and pricing visit the SIOS website.
Image Credit: art4all / Shutterstock
According to a recent study by the Ponemon Institute, more than 90 percent of organizations recognize cyber resilience as an essential part of protecting their core assets and business interests.
Part of creating that protection is to have an effective plan for when things go wrong and incident response solutions specialist Resilient Systems is releasing version 24 of its Incident Response Platform (IRP). The release features strategic integrations with IBM X-Force's threat intelligence feed and HP ArcSight, enabling organizations to gain insight more quickly and respond more intelligently to cyber threats and attacks of all types.
"Effective response starts with strong context and intelligence, which is why we've partnered with IBM X-Force, strengthened our integration with HP ArcSight, and introduced custom threat feeds to empower our customers with the best information about the latest threats," says John Bruce, co-founder and CEO of Resilient Systems. "And in response to increasing demand from larger organizations, we've added features that make their deployments even easier".
The new IRP release also incorporates features aimed at large enterprises to speed up deployments. These include LDAP (Lightweight Directory Access Protocol) support to allow security teams to manage and authenticate users of Resilient Systems from within Active Directory. Configuration migration provides customers with large and complex systems the flexibility to easily move configurations across environments, from development and testing into production.
For customers with Resilient Systems installed on-premise it also provides new documentation to help them maintain high availability by using capabilities within their virtual infrastructure.
"Over the last five years, we've pioneered the incident response space by creating the first-ever Incident Response Platform. We have deployed this platform globally for more than 100 on-premise and SaaS customers, evolving in each release to meet their critical IR requirements," says Bruce. "Now in version 24, the platform reflects this evolution with even more enhancements. It’s fast becoming the industry standard for organizations in need of a response solution that will improve their resilience -- today and in the future".
You can find more on the Ponemon resilience study and details of the latest release on the Resilient Systems website.
Photo Credit: Sergey Nivens/Shutterstock
A new phishing threat is targeting businesses and consumers with Apple IDs in an effort to steal IDs, passwords and credit card information.
The attack has been identified by Comodo Antispam Labs and looks like an official Apple email. It has the Apple logo and includes Apple's physical address, as well as an email address that, at a quick glance, appears to to be from Apple -- giving the recipient the illusion of the message being authentic.
The messages claims that limitations have been placed on the user's account and that they need to provide additional verification information by clicking a link.
They don't have the usual tell tale poor spelling and grammar that identify phishing attacks. If the link is clicked it leads to pages with a similarly authentic Apple look and feel that ask for passwords and billing information including payment card details.
The Comodo Antispam Labs team identified the Apple phishing email through IP, domain, and URL analysis, along with the Labs' continuous monitoring and scanning of data from the users of Comodo's internet security systems.
"The Comodo Antispam Lab is an expert resource of engineers and computer science professionals, who use innovative and proprietary Comodo cybersecurity technology to protect and secure the online world," says Fatih Orhan, Director of Technology for Comodo. "We will continue to work diligently in creating and implementing innovative technology solutions that stay a step ahead of the cyber criminals, and keep enterprises and IT environments safe".
More details of the scam can be found on the Comodo blog.
Image Credit: wk1003mike / Shutterstock
In the past few months, Android users have seen a series of attacks by hackers exploiting bugs, collectively putting more than a billion devices at risk worldwide.
In late July, Stagefright hit the news as a weakness in the system that was being exploited by hackers. This was followed by Stagefright 2.0 and Kemoge, making for massive malware attacks on Android phones in three out of the last four months.
360 Mobile Security has used analytics to determine the response of its 24 million US users in the wake of Stagefright. It found that junk files cleaned saw a 62.6 percent increase, viruses found were up by 2.8 percent in the first week and an additional 11 percent the following week. The number of antiviruses installed saw a 13 percent increase and weekly new users also saw a 13.4 percent increase.
These findings echo 360's previous report in July which found that there's a disconnect between the mobile security threats that exist, and users' willingness to protect themselves and their devices from them.
The report recommends that in order to stay safe users should, only install apps from trusted official app stores and avoid using third party sources, never click links from suspicious emails and texts, always have their device upgraded to the newest version of the operating system, and use a trusted antivirus app. It concludes, "Preventing a virus from infecting your phone through the use of a security app is much simpler than trying to cure it after it appears and infiltrates a mobile device".
You can learn more about how to protect your Android device on the 360 Security website.
Image Credit: Christos Georghiou / Shutterstock
Login details for an administrator or other privileged account falling into the wrong hands can have serious consequences for a business.
But a new global security survey from Dell reveals that organizations have haphazard processes for managing administrative or other privileged accounts, making them vulnerable to security breaches.
Among the findings are that 76 percent of IT security professionals believe better control of privileged accounts would reduce the likelihood of a breach. Nearly 80 percent of respondents have a defined process for managing privileged accounts, but admit they aren't diligent about following it. In fact, almost 30 percent say they still use manual processes such as Excel or other spreadsheets to manage privileged accounts. Not only are these processes prone to error and easily compromised, they can impede quick resolution in time-critical situations.
The three most critical account management issues are listed as, default admin passwords on hardware and software not being consistently changed (37 percent), multiple admins sharing a common set of credentials (37 percent), and an inability to consistently identify individuals responsible for administrator activities (31 percent).
Although over 75 percent say they have a defined process for changing the default admin password on hardware and software as new resources are brought into the organization, only 26 percent say they change admin passwords monthly on mission critical systems and devices.
"Privileged accounts really are the 'keys to the kingdom,' which is why hackers seek them out and why we've seen so many high-profile breaches over the past few years use these critical credentials," says John Milburn, executive director and general manager, Identity and Access Management at Dell Security. "To alleviate this risk and ensure these accounts are controlled and secured, it's absolutely crucial for organizations to have a secure, auditable process to protect them. A good privileged account management strategy includes a password safe, as well as least-privileged control to protect organizational assets from breaches. Dell Security solutions cover the entire range of customer needs, including privilege safe, delegation/least-privileged access, and audit and monitoring, along with significant, integrated adjacent technologies for Active Directory bridge and multifactor authentication".
More about the report and best practices for securing privileged accounts is available on the Dell Security website.
Image Credit: Africa Studio / Shutterstock
According to a new survey 83 percent of app users say location is crucial to their app experiences, but nearly 40 percent are hesitant to share their location.
These are part of the findings of a study by Skyhook Wireless which looks at the extent to which people turn location services on or off for their apps and tries to understand why many smartphone users choose not to take advantage of the benefits sharing location can bring.
The results reveal that nearly 40 percent of app users hesitate to share location data, with 18 percent turning location services off for all apps. 50 percent of those users name privacy concerns as the top reason to turn off location, 23 percent don't see the value of location data and 19 percent cite battery drain concerns.
Out of the nearly 20 percent of app users who turn off location services for all of their apps, 63 percent have done so because of battery drain concerns, 45 percent privacy concerns, 23 percent don't see the value of giving their location data and 20 percent switch location services off in an effort to avoid advertising.
Consumers expect real benefits from their apps in exchange for turning location on. Half of all app users expect an accurate location, relevant app content and targeted offers or coupons once their location data is shared. 34 percent of smartphone users expect personalized communications and 25 percent keep location services on in order to get offers and notifications.
"This data suggests that there's a huge and largely untapped opportunity to create value from location services that many app publishers and advertisers could be taking full advantage of," says Skyhook CEO Jim Crowley. "Ultimately, it's all about the payoff to consumers. Users need to be informed about the ways in which location services add meaningful value to their app experience, and educated about how their privacy is being managed -- so that the critical benefits outweigh any attendant concerns".
You can see a summary of the research findings in infographic form below, and there's a look at techniques for getting users to turn on location services on the Skyhook blog.
Image Credit: Ralwel / Shutterstock
As we've seen with IBM's announcement earlier today, APIs are flavor of the development month at the moment.
Now the The Linux Foundation, a non-profit organization dedicated to accelerating the growth of Linux and collaborative development, is announcing the launch of an Open API Initiative to promote and facilitate the adoption and use of an open API standard.
The initiative is supported by some big names including Capital One, Google, IBM, Microsoft and PayPal. It will extend the Swagger specification, created in 2010, which is a description format used by developers to design and deliver APIs that support a range of connected applications and services.
"Swagger is considered one of the most popular frameworks for building APIs. When an open source project reaches this level of maturity, it just can’t be managed by one company, organization or developer," says Jim Zemlin, executive director at The Linux Foundation. "The Open API Initiative will extend this technology to advance connected application development through open standards".
Downloads of Swagger and Swagger tooling have almost tripled over the last year, and it's considered the most popular open source framework for defining and creating RESTful APIs. SmartBear recently acquired the Swagger API open source project from Reverb Technologies and today is working with its industry peers to ensure the specification and format can be used and developed for years to come.
"Across industries, Swagger has gained incredible adoption for its expressiveness, comprehensive toolchain and vibrant community alike," says Tony Tam, VP of Products, Swagger at SmartBear and founder of the Swagger open-source project. "Working with both API vendors and consumers, SmartBear sees the value in open governance around the specification which will allow for even more rapid growth and adoption across the API industry, and is honored to donate the Swagger Specification into the Open API Initiative under The Linux Foundation".
More information on this and other collaborative projects is available on the Linux Foundation website.
Image Credit: Profit_Image / Shutterstock
Gartner predicts that by 2016 more than 50 percent of mobile apps will be hybrid, combining elements of both native and Web applications.
This allows apps to benefit from the portability of HTML5 Web apps along with a container that allows access to a device's native features. For businesses they offer faster development with easier updating and management.
To help realize these benefits, mobile app intelligence company Crittercism is launching a new extension to its iOS and Android SDKs that tracks the real-time user experience, performance issues and diagnostic data of hybrid apps.
"We've seen tremendous activity in hybrid app development among our customers in recent years, and the challenge has always been understanding user experience," says Robert Kwok, chief technology officer and co-founder of Crittercism. "Many times performance issues can arise as users transition between the static, native side of an app and the more dynamic Web side. Historically, two separate agents, one on the mobile device and the other on the server, have been used to attempt to monitor hybrid, but this approach is cumbersome and offers an incomplete picture of user experience. Crittercism's new single mobile agent unifies the monitoring of the disparate parts of a hybrid app so that companies can better understand and optimize their customers' journey".
The new hybrid solution can be combined with Crittercism's Business Transactions feature, which allows customers to focus on mission-critical user work flows. For hybrid apps these work flows may span both the native and Web portions so there's a need for unified intelligence.
More information on hybrid support can be found on the Crittercism blog.
Image Credit: talitha_it/Shutterstock
Clean sites with low load times and fewer pages to navigate are more likely to get consumers to spend money according to new research.
The survey by Instart Logic of 2,000 US consumers also shows that consumer confidence in a brand is tied to their quality of experience while online shopping.
Among the findings are that 62 percent say they use their mobile phones for the entire shopping process from discovery, to research, to the purchasing of an item. As part of the shopping process 77 percent use mobile phones for the initial research and 73 percent to read reviews and product information.
More than three quarters of respondents find shopping on their mobile beneficial, 73 percent say they like mobile shopping because it's more convenient, while 72 percent find it useful because it's available 24 hours a day.
Half of the respondents say they would make the same purchases on their phone that they made in a bricks and mortar shop. For 74 percent the deciding factor in whether they would make purchases from their mobile device or a physical store is price.
Site experience is key to the shopping experience, with 59 percent saying they would buy more often if sites loaded faster and 43 percent if purchases were more secure. Barriers to purchasing are the site being too complicated (58 percent) and the mobile screen being too small (57 percent).
You can read more about the findings on the Instart Logic website or there's an infographic summary below.
Image Credit: Slavoljub Pantelic / Shutterstock
Business information leaders are keen to adopt the benefits of the cloud according to a new study by data protection company Bitglass.
The company surveyed nearly 100 CIOs and IT leaders attending the Gartner Symposium IT Expo in Orlando, to better understand their top challenges for 2016 and how they plan to address them.
Among the key findings are that 55 percent of CIOs stated that their organizations will adopt a 'cloud-first' strategy, and nearly 90 percent plan on increasing spending on security for their organization in 2016.
"Progressive CIOs understand the powerful advantages that a cloud-first, security-now strategy can bring to their business," says Nat Kausik, CEO of Bitglass. "As we get ready to turn the page on a year plagued by epic data breaches and other nefarious activity, the increased focus on cloud and on security by IT leaders is encouraging for 2016 and beyond".
Other highlights are that 34 percent of respondents expect to increase spending on cloud security by more than 20 percent in 2016 and, 87 percent will increase their security spend overall. 50 percent of survey respondents reported cost savings in 2015 as a result of their SaaS applications, and Cloud Access Security Broker (CASB) adoption is rising fast, with 55 percent of CIOs planning to deploy a CASB in the future.
Controlling downloads to external devices was named as the largest cloud security challenge heading into 2016 by 36 percent of executives, followed by evaluating security of cloud app vendors (24 percent) and external sharing (21 percent). Shadow IT, a major concern from previous years is now a top concern for only 13 percent of CIOs.
The full report is available to download from the Bitglass website.
Image Credit: Ferbies / Shutterstock
APIs are the glue which allow different parts of systems data and logic to connect and they’re changing the way businesses and IT departments work.
But whilst they make life easier for the user, they present new challenges for enterprises and developers who need to ensure security and management of APIs at the back end, while maintaining a dynamic consumer experience at the front end.
IBM estimates that the API Economy is estimated to become a $2.2 trillion market by 2018 and it's launching new services and solutions to help its clients navigate it. These include an API Economy Journey Map, which uses consultants who are part of the company's new cognitive practice to help clients identify key opportunities and gauge their readiness on their journey in the API Economy.
For the first time, IBM has built machine-learning capabilities into its API Harmony technology to help developers use intelligent search technology to quickly and easily find APIs and choose the combinations that will be most effective for a given application.
IBM is also collaborating with the Linux Foundation and leading industry standards organizations to provide an open platform for building, managing, securing and integrating open APIs.
"The API Economy opens up new opportunities for innovation in both business model and technology strategy when enterprises participate with digital business services," says Marie Wieck, General Manager at IBM Middleware. "To succeed in the API Economy and reach new clients, enterprises need an open ecosystem for trusted exchange and a differentiating strategy for how they monetize those services. IBM is helping guide clients every step of the way into this API Economy as they start their journey to becoming cognitive businesses".
To help clients begin to make the most of the API Economy, IBM will offer workshops and digital transformation services to help clients quickly develop and adopt an API strategy. Starter workshops will allow developers to leave with a functioning API after spending just four days in one of IBM's Bluemix Garage venues.
To boost the development of industry standards around open API development, Big Blue is also announcing its participation in two key standards organizations to allow clients to quickly and easily integrate APIs into their digital services. It's working with the Banking Industry Architecture Network (BIAN) to create common IT standards for the banking industry, including the creation of common banking API definitions which will standardize application components and simplify and accelerate the creation of APIs.
It's also working with the HL7 standards organization on the Fast Healthcare Interoperability Resources (FHIR) API standard for exchanging healthcare information electronically, aiming to simplify implementation without sacrificing information integrity.
For more information on IBM and the API economy you can visit the company's website.
Image Credit: Tomasz Bidermann/Shutterstock
Increasingly the security industry is looking for alternatives to the hard to manage and all too easily compromised password.
Biometrics like fingerprints and retinal scans are starting to make ground, but California-based two-factor authentication specialist SecureAuth has announced a new partnership with BehavioSec which aims to use behavioral analysis as a security tool.
An individual's unique behavioral biometric pattern is influenced by social and psychological factors -- such as if a person is a native speaker of the language they write -- making it nearly impossible to copy or imitate somebody else's behavior in front of the computer. By incorporating behavioral biometric technology into authentication platforms, organizations can strengthen their defenses against cyber adversaries.
"This is a truly sophisticated technology, in that the end user’s experience is only impacted if their keyboard, mouse, or touch interactions raise a red flag," says Keith Graham, CTO of SecureAuth. "Combining BehavioSec's patented approach with SecureAuth’s Adaptive Authentication will further help businesses stay ahead of advanced threats. The marriage of SecureAuth and BehavioSec's technology provides an unrivaled approach to helping organizations not only better protect themselves, but also provides the means to help them detect human attackers who may have breached their network".
To give an example of the way it works, an internet banking application would have the capability to spot unauthorized access to a customer's on-line account by recognizing the behavioral biometric interactions of the user while they are typing or moving the mouse. On spotting any irregular behavior, the banking application will prompt the user for a second factor of authentication. If the user is unable to provide the second factor, they will be prevented from accessing the account any further.
The new feature is set for inclusion in SecureAuth IdP 9.0, which is targeted for release in early 2016. Meantime there are a series of technology previews taking place in major US cities this month.
Photo Credit: ra2studio / Shutterstock
Microsoft Azure is set to become a Red Hat Certified Cloud and Service Provider as part of a new partnership announced today.
The tie up between Microsoft and the leading open source provider means Red Hat Enterprise Linux will be offered as the preferred choice for enterprise Linux workloads on Azure.
The two companies are also working together to address common enterprise, independent software vendor (ISV) and developer needs for building, deploying and managing applications on Red Hat software across private and public clouds.
Writing on the Red Hat blog, Paul Cormier, president, Products and Technologies says, "Today, it is incredibly likely that where you once found 'Red Hat shops' and 'Microsoft shops,' you'll find heterogeneous environments that include solutions from both companies. We heard from customers and partners that they wanted our solutions to work together -- with consistent APIs, frameworks, management, and platforms. They not only wanted Red Hat offerings on Microsoft Azure, they wanted to be able to build .NET applications on infrastructure powered by Red Hat Enterprise Linux, including OpenShift, Red Hat Enterprise Linux Atomic Host, and Red Hat Enterprise Linux OpenStack Platform".
Other fruits of the partnership will include cross-platform, cross-company support spanning the Microsoft and Red Hat offerings. Support teams will be located on the same premises, enabling them to offer a simple, seamless and fast experience to customers.
Red Hat's CloudForms IaaS offering will operate with Microsoft Azure and Microsoft System Center Virtual Machine Manager, giving CloudForms customers the ability to manage Red Hat Enterprise Linux on both Hyper-V and Azure. Support for managing Azure workloads from Red Hat CloudForms is expected to be added in the next few months, extending the existing System Center capabilities.
In addition developers will have access to .NET technologies across Red Hat offerings, including Red Hat OpenShift and Red Hat Enterprise Linux, jointly backed by Microsoft and Red Hat. Red Hat Enterprise Linux will be the primary development and reference operating system for .NET Core on Linux.
"This partnership is a powerful win for enterprises, ISVs and developers," says Scott Guthrie, executive vice president for Microsoft's Cloud and Enterprise division. "With this partnership, we are expanding our commitment to offering unmatched choice and flexibility in the cloud today, meeting customers where they are so they can do more with their hybrid cloud deployments -- all while fulfilling the rigorous security and scalability requirements that enterprises demand".
More information about the partnership can be found on the Microsoft blog and the companies will be holding a joint webcast at 11am ET (8am PT) today.
Image Credit: Lightspring / Shutterstock
While most organizations are primarily focused on technology and tools, it's people who translate data and insights from analytics into business outcomes.
This is a key finding of a new report by Forbes Insights and professional services organization EY which shows that people and culture are critical to realizing business value from data and analytics.
"For a lot of companies, the bottleneck to creating value is not data, technology or advanced analytics skill sets," says Forbes Insights' Bruce Rogers, Chief Insights Officer. "It's a question of, once we have the insights from analytics, what are we doing with it? At the end of the day, success still involves people making different decisions and changing business processes".
The global survey of 564 senior executives reveals that 54 percent of executives with leading analytics organizations report that analytics is central to their overall business strategy, compared to only 10 percent in the remaining enterprises.
Change management is an important component of the top 10 percent of enterprises' overall data analytics initiatives. Almost three in five leaders embrace change management as 'extremely' important, versus about one-third of the rest.
The top 10 percent in the survey also say they've been able to organize and establish governance around their data analytics efforts. A majority indicate that they have enterprise, department and lines-of-business data, and analytics groups and that these are well aligned.
"This report illustrates the need for organizations to develop an effective business strategy to compete in today's data-driven world," says Chris Mazzei, Principal, Ernst & Young LLP and EY Chief Analytics Officer. "Technology is no longer a strong enough differentiating factor among organizations -- companies must invest in people and recognize the importance of the human element if they are to reap the benefits of their analytics initiatives".
The full report is available to download from the Forbes Insights site, there's also an assessment tool that you can use to see how your organization stacks up against the analytics leaders.
Image Credit: Rawpixel / Shutterstock
Managing development projects across an enterprise can be a complex process, involving tracking multiple phases and teams.
Cloud management company CliQr's latest CloudCenter platform introduces features that help developer and operations teams simplify and streamline deployment of any application to any data center, public or private cloud.
CloudCenter uses an integrated continuous integration / continuous delivery (CI/CD) Project Board which unifies the management of users, deployments and environments across multiple pipeline phases -- from development, test and quality assurance to staging and production.
"True CI/CD can only be achieved with automation, but -- until now -- continuous deployment across multiple environments has been problematic," says Tenry Fu, co-founder and CTO of CliQr. "CliQr's new CloudCenter update marks an industry milestone as the first cloud management platform to integrate end-to-end project management with underlying infrastructure and application deployment automation. New features help DevOps teams automate and standardize deployment in any data center or cloud environment and visualize and manage each project’s end-to-end process that crosses those environments".
In addition to the Project Board where developers and the project manager can see the health and status of deployments at any stage, key features of CloudCenter 4.2 include Project Definitions that enable project managers to set lifecycle phases, link to cloud accounts, add users and then launch projects with defined budgets and built-in cost controls.
Because a single platform manages project setup, execution and integrated application and infrastructure deployment automation across all phases of the CI/CD pipeline, project managers have complete transparency of overall project flow, current health and status, as well as control and reporting against allocated budget. For DevOps teams CloudCenter eliminates cloud lock-in and hard coding of the deployment. Users can simply promote deployments from one phase to another across cloud environments with no detailed knowledge of underlying services.
More details of CloudCenter 4.2's features are available on the CliQr blog.
Photo Credit: Sakonboon Sansri/Shutterstock
The increasing demands of compliance and legal requirements are forcing companies to retain more and more data as well as having to comply with local regulations. Many organizations see the public cloud as an attractive option for storing this information but that in itself raises additional security issues.
For Azure users the headaches are about to be reduced as data protection specialist Druva is extending its cloud solutions to Microsoft's public cloud and infrastructure platform.
"Druva has always taken a proactive approach to help our customers address their data availability and governance needs -- and that involves offering customers strong data protection and security in the cloud for their sensitive workloads," says Jaspreet Singh, CEO of Druva. "Our work with Microsoft Corp. underscores our commitment to broadening our cloud-related options and giving customers additional choice for deploying in the cloud securely and conveniently. Druva has quickly grown to become the defacto standard for data protection workloads in the public cloud".
Druva inSync integrates secure, scalable, high-performance backup, file sync across all user data, remote file access, data loss prevention, eDiscovery and automated compliance monitoring. The new Azure tie up provides increased flexibility of inSync deployments, new go-to-market channels and offers more regions to store customer sensitive data.
Additional benefits of Druva on Azure include the ability to meet a broad set of international and industry-specific compliance standards including ISO 27001 and HIPAA, as well as country-specific standards including Australia's IRAP, and the UK's G-Cloud. Microsoft's data center locations provide 21 storage regions around the globe, including Canada and China, so Druva customers can meet the data residency needs of regional data privacy regulations. Enterprise customers who have standardized on the Microsoft platform can use their Microsoft Customer Advantage contract license credits towards their Druva purchase.
"The Microsoft Azure Marketplace delivers direct access to the cloud-ready applications and services customers are asking for," says Steve Guggenheimer, Corporate Vice President and Chief Evangelist at Microsoft. "Druva built natively to the public cloud to take advantage of its elasticity, global presence and security to handle petabytes of customer data efficiently, which are also foundational elements of our Azure offering. Our mutual customers will reap the benefits of our joint efforts with cloud scalability and flexibility, always-on reliability, and international compliance support".
Azure support will be generally available in 45 days, in the meantime you can find out more about Druva's public cloud support on the company's website.
Photo Credit: jörg röse-oberreich/Shutterstock
To stay competitive companies have to understand their customers, in the modern data-driven world that means adopting a more personalized approach and abandoning old mass marketing techniques.
San Francisco-based Boomtrain is announcing the integration of its predictive personalization platform with the Marketo marketing software to offer companies deeper understanding of individual customers and help them build stronger relationships.
With a combination of Boomtrain's next-generation machine learning algorithms and Marketo's automated campaign delivery, brands can create unique relationships with each of their customers. By analyzing how individual users interact with the brand's content and products, Boomtrain can answer questions about each person, including what their interests are, how they behave, and what compels them to take action.
"Mass marketing is becoming obsolete, and marketers need to realize that if they want to stay competitive, they have to put individuals first," says Nick Edwards, co-founder and CEO of Boomtrain. "Our vision at Boomtrain is to make every step of the entire audience journey more personal and relevant for every user. With Marketo, we're able to optimize the delivery of these experiences across channels, putting us both in a perfect position to transform how marketers do their jobs and propel excellence in brand communications".
Boomtrain's personalization uses predictive algorithms so its recommendations improve over time. Joint customers can then use the Marketo system to use relevant recommendations in their email and on-site campaigns.
"Regardless of the size of their company and industry, every marketer in the world can now market specifically to a person’s unique behavior and deliver the right message at the right time for maximum returns," says Mike Stocker, Director of Business Development at Marketo. "Our partnership with Boomtrain allows us to provide a smarter engagement marketing platform. We're excited that Boomtrain is part of our LaunchPoint ecosystem and look forward to driving success for many more customers through the partnership".
The joint solution is available through Marketo's LaunchPoint solutions ecosystem and you can find out more about it on the company's website.
Image Credit: iQoncept / Shutterstock
With security breaches becoming more common the need to secure all aspects of an organization’s data is greater than ever.
Microsoft's SharePoint is one of the most popular content collaboration tools and needs protecting just as much as anything else. Up to now, however, SharePoint security solutions have been passive, using a mix of permissions management and compliance-driven reporting functions.
System management software company Metalogix is launching its latest ControlPoint 7.0 software which can deliver real-time situational awareness into suspicious SharePoint user activity to help prevent costly data breaches and leakages.
The software uses machine learning to analyze and detect suspicious patterns of activity in SharePoint and prevent unauthorized access to content. The technology monitors SharePoint around the cloud and alerts on suspicious behavior, tracking behavior anomalies and unauthorized access based on geo-location to protect against both internal and external threats. By letting admins see which content users are accessing, including when, where, what time and how often, ControlPoint can help organizations avoid unauthorized access and usage.
"We've seen SharePoint mature to the point where a host of Fortune 500 companies and governments all over the world use it. As a result it's used to store more sensitive data, the corporate lifeblood of companies that could do serious damage if exposed," says Jay DeWalt, Senior Vice President Global Alliances and Channels at Metalogix. "Companies have to balance the risk of adding security against inhibiting the productivity of their users. ControlPoint 7.0 uses behavioral analytics to address the need for more intelligent and more accurate security of content that conventional permissions management simply doesn't provide".
The analytics element is integrated with Sensitive Content Manager, launched earlier this year, which uses machine learning to locate, classify and act on sensitive content within SharePoint. It pinpoints unauthorized access and alerts on suspicious behavior up to, and including locking users out of SharePoint.
More information on ControlPoint 7.0 and Sensitve Content Manager is available on the Metalogix website.
Imaged Credit: soliman design / Shutterstock
IT teams are able to collect more real-time data than ever before, but there's a difference between gathering information and being able to do something useful with it.
Wire data analytics specialist ExtraHop is launching the fifth generation of its big data analytics platform, complete with a new search appliance aimed at giving businesses fast, reliable insights into their operations.
"The incredible rate of technology adoption in the enterprise is ushering in a new era, transforming IT from a support center to a force multiplier for business," says Jesse Rothstein, CEO of ExtraHop. "The fifth generation of the ExtraHop platform is designed to empower this transformation, enabling for the first time truly data-driven operations. Our platform allows organizations to discover, explore, and take command of their network, client, application, and business data in a single platform, delivering unprecedented insights that drive collaboration, understanding, and value".
ExtraHop 5.0 delivers turnkey stream analytics for wire data. Combined with the ExtraHop Explore appliance it can deliver sophisticated historical search and multi-dimensional analysis of all wire data, allowing network and IT security teams to spot anomalous and disruptive behavior from any device or user. By speeding insight into how that behavior is impacting the performance, availability, and security of the infrastructure it can reduce the time taken to fix problems and ensure greater reliability.
Other features include Dynamic Discovery which allows for the automatic discovery of any device in the environment (including IoT connected devices), understands device dependencies, and tracks activity without instrumentation. A new user interface makes IT data available to all users with features including a visual query language, dynamic tables for rapidly building comparisons of any transaction attribute, and selective dashboard sharing including the ability to handpick eligible users.
You can find out more about the latest release and request an interactive demo on the ExtraHop site.
Photo Credit: Palto/Shutterstock
Security company Kaspersky Lab has released its latest quarterly threat evolution report for the third quarter of this year which shows over 300,000 new mobile malware programs detected, a 10.8 percent increase over Q2.
Displaying intrusive advertisements to consumers remained the main method of profiting from mobile threats. Mobile adware has continued to increase and accounts for more than half of all detected mobile threats in the quarter.
Some mobile attack methods are using superuser privileges (root access) to conceal their presence in the systems folder, making them hard to combat. Some good news is that SMS Trojans have decreased, accounting for only 6.2 percent of mobile threats during the quarter.
Attacks on mobile banking remain a major problem despite being down slightly, 5.68 million notifications compared to 5.9 million in the previous quarter. Kaspersky Lab solutions blocked almost 626,000 attempts to launch malware capable of stealing money via access to consumers' online banking, 17.2 percent lower than in the previous quarter. Users in Austria were most likely to be attacked by banking Trojans with five percent of Kaspersky users in the country facing the threat during the quarter. Trojan-Downloader.Win32.Upatre is the most most common threat, used in 63.1 of attempts to steal payment details.
"The developments in Q3 demonstrate that the global threat landscape is continuing to evolve at a fast pace. Malicious mobile programs are on the rise and in countries where online banking is popular, people are at considerable risk from Trojans looking to target them. With 5.6 million cases of attempted theft from online bank accounts, and cybercriminals continually developing sophisticated attacks, the use of high quality cybersecurity products has never been more important. It's vital that all those using the Internet -- both individuals and organizations -- protect themselves from these growing threats," says David Emm, Principal Senior Security Researcher at Kaspersky Lab's Global Research and Analysis team.
Kaspersky Lab also says it's been investigating a number of targeted cyber attacks including Turla which uses satellite communication to manage its command and control servers, the Darkhotel APT which infiltrates hotel Wi-Fi networks to place back doors on target computers, and the Blue Termite APT which focuses on stealing information from organizations in Japan.
Much more information is in the full report which is available to download from Kaspersky's Securelist website.
Image Credit: DeiMosz / Shutterstock
Most people worry about the risk of their financial information being stolen, but a new survey from data security platform supplier Vormetric reveals that many are unaware of their vulnerability to medical data theft.
Of over 1,000 US adults polled by Wakefield Research on behalf of Vormetric, only 11 percent included medical records in their top three selections for personal data they would be most concerned to have lost in a data breach.
"Healthcare data sets contain extremely detailed personal information. Enough to not only apply for credit cards or loans, but also to generate huge sums from fraudulent medical charges," says Tina Stewart, vice president of marketing for Vormetric. "The public's lack of awareness of their potential exposure to this is troubling. Few seem to realize that having their medical data lost is much more dangerous to their financial health than a stolen credit card number and address".
Top concerns are social security numbers (84 percent), credit card data (73 percent) and financial account information (71 percent). Other categories of information people were concerned about using are, personal contact information (24 percent), social media usernames and passwords (11 percent), home Wi-Fi or internet login information (10 percent) and fingerprint information (9 percent).
The survey also shows a lack of understanding of the benefits of encryption. A surprising 91 percent of respondents would still be worried if their personal data was stored in an encrypted file that was stolen as a result of a hack.
"Our survey with Wakefield also shows that there is a disconcerting lack of understanding among the general public about how encryption works," adds Stewart. "Essentially, it makes data totally inaccessible to those without the key required to decode it. Without the key, encrypted data is meaningless to hackers, and when combined with strong access controls, encryption is one of the best tools available for safeguarding sensitive data in this environment".
More information on the findings can be found on the Vormetric blog.
Image Credit: Rob Hyron / Shutterstock
Bluetooth headsets with Sport in the title usually feature a plastic band which goes around the back of your neck. This not only makes you look a bit strange it can also be uncomfortable.
Inateck's headset does away with this and just has a thin wire between the two earpieces. There's a control unit on the right-hand side to allow you to adjust the volume, accept calls, pair with your phone, etc, and this also houses the built-in mic.
The earpieces are magnetic, so when you're not listening to them you can attach the two together and carry them safely around your neck, which also avoids the cable getting tangled. They come with a soft fabric carrying pouch, a USB charging cable and a couple of spare silicon ear buds.
On the technical side they feature Bluetooth 4.1 and a 100mAh battery. A three hour charge gives you up to 8 hours of listening time. Overall they have a quality feel and the design is nicely thought out, so how well do they work?
Pairing is straightforward, press the power button until the LED flashes red and blue and you're good to go. The unit can only pair to one device and will automatically reconnect to the last one used when turned on. Sound quality is very good with decent bass response and clear higher frequencies too. They also do a reasonable job of shutting out other sounds. Taking the ear buds out and snapping the magnetic ends together automatically pauses the music which is a neat touch.
There are a few niggles, the cover over the USB port seems a bit flimsy, and the earpieces are rather bulky compared to wired units so they don't feel particularly secure -- that could be a fault of my ears but for something that's aimed at sports use it's not reassuring.
At $32.99 from Amazon (£30.99 in the UK) the BH1001 offers decent value, if you have the right sized ears, more information can be found on the Inateck website.
There have been some significant data breaches in 2015, and with two months still to go there may yet be more to come, but so far the numbers of people and businesses affected haven't approached the scale of last year's attacks.
The Top Ten Reviews comparison service has been looking back at the major breaches that marked 2014.
In terms of numbers last May's eBay breach affecting around 145 million people, plus breaches at JPMorgan Chase, affecting 76 million, and Home Depot, affecting 56 million, make 2015's biggest breaches like the Office of Personnel Management attack affecting around 21 million and even the 80 million records exposed by Anthem Health Care look pretty small.
The cost is significant too, with the Home Depot breach alone estimated to have cost $62 million and the total cost of the eBay and JPMorgan Chase attacks still to be revealed. The average cost of a data breach last year is put at $3.5 million and the total cost to the US economy at $525 million.
You can see more details of 2014's security breaches on the Top Ten Reviews site or in the infographic below.
Image Credit: Sergey Nivens / Shutterstock
Mobile threat defense specialist Skycure has released its Mobile Threat Intelligence Report, which finds a frightening increase in threats to both enterprise and personal mobile devices.
Using analysis of worldwide mobile data from Skycure and outside sources, the report found 41 percent of mobile devices are at medium to high risk on the Skycure risk scale. Nearly two in every hundred are high risk devices that were already compromised or were under attack.
Skycure ranks devices according to a proprietary Mobile Threat Risk Score, which takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.
The report reviewed data from devices with Skycure either installed by enterprises on employees' mobile devices or by security-aware consumers. Despite having this protection, the report found that the majority (over 52 percent) of all devices do not even have a simple passcode enabled, and 30 percent of devices were running an out of date operating system.
Among the findings are that one in three Android devices is still vulnerable to one of the recent high-profile Android attacks, with an out-of-date operating system. Nearly three percent of Android devices are infected with malicious apps with medium to high severity and 27 percent of Android devices have third-party app installation enabled, meaning they can install apps outside the official Google Play store. Interestingly, 33 percent of enterprise-managed devices have this possible vulnerability enabled, compared to 20 percent of personal devices, because some enterprises use it to install third-party enterprise apps.
In addition more than 15 percent of Android devices have USB debugging enabled, an easy way for a malware application to make it to the mobile device from a computer. The report shows that iOS devices have their problems too with 26 percent having an out-of-date operating system.
Enterprise-managed devices do remove some of the risk though, the findings show that more than five times more personal Android devices are rooted than enterprise-managed devices. The report also found very few jailbroken iOS devices in enterprises.
"Witches and vampires might not be real", says Adi Sharabani, CEO of Skycure, just in case you hadn't noticed it's Halloween. "But threats to mobile devices are and based on what we’re seeing in this report people aren’t doing enough to protect themselves. Skycure brings invisible mobile threats to the surface, so that enterprises can fight the bad guys on a level playing field".
You can see more of the report's findings in the infographic below.
Photo Credit: lucadp/Shutterstock
The biggest risk to your data or that of your company could stem from the way you use social media. Despite headline-hitting hacking attacks social media remains a favorite tool of cyber criminals.
Data protection specialist Digital Guardian has produced an infographic warning of the risks of over sharing on social media.
It highlights the amount of data you may be revealing and how attackers can use that to their advantage. For example by using the names of your co-workers to make phishing emails seem more authentic. Information gathered from social media, such as your mother's maiden name or your pet's name can be used to guess passwords. At its most extreme details can be used to steal your identity or open fake accounts for criminal activity.
The graphic also offers some useful tips to stay safe, these include using your privacy settings to limit who you share data with, and weighing the possible implications of any information before you click the post button.
You can see more in the full infographic below.
Infographic by Digital Guardian
Image Credit: Oleksiy Mark / Shutterstock
Hard on the heels of last week's TalkTalk breach, another British utility company, British Gas, has contacted over 2,000 customers to warn them that their email addresses and passwords have been posted online.
Yet according to information security company High-Tech Bridge many large companies could be leaving customer data at risk via their websites.
The company ran its free SSL checker tool on both the TalkTalk and British Gas sites and in each case revealed a lack of compliance with PCI DSS and NIST guidelines.
It has published a report on scans of web servers of 161 companies from the Forbes Global 2000 list. Among its findings are that 19.4 percent of the servers supporting HTTPS have an untrusted certificate, 34 percent have Always-On SSL enabled and 26 percent have an Extended Validation (EV) certificate. In addition 18.5 percent are still vulnerable to POODLE over SSL, and only 12 percent have configurations compliant with PCI DSS requirements 2.3 and 4.1.
"Appropriate data encryption is becoming a vital part of our everyday life," says Ilia Kolochenko, CEO of High-Tech Bridge. "Many security standards and federal laws require implementing strong data encryption to protect customers’ data. This is why at High-Tech Bridge we decided to launch a free service to enable anyone to test his or her server security in simple, fast and reliable manner. We are collaborating with many globally-recognized security organizations, such as OTA and ITU, to deliver the best quality of testing, and we are open to collaborate with the industry and individuals to continuously improve the service".
Full details of the scan results can be found on the on the High-Tech Bridge blog.
Photo Credit: Yuriy Boyko/Shutterstock
More than half of consumers don't believe that cloud-based apps and services are keeping their data secure, according to a new survey.
Cloud security specialist Radware has released the results of a study of over 2,000 people which reveals that consumer perceptions and expectations are dramatically shifting with frequently reported hacks, which will have a major impact on how businesses secure their services, communicate with consumers and go to market.
Among the findings are that 54 percent of those surveyed say they would stop using a cloud-based app if it was hacked, and 43 percent of those claiming to have experienced personal data compromise indicate that they often opt out of certain security features of the apps they use.
There's widespread belief that companies need to take more responsibility too, 85 percent say providers of cloud-based apps should offer compensation or identity theft protection to customers affected by a breach.
The survey also highlights confusion about what is and isn't in the cloud. Although the results indicate that 33 percent of people are using cloud-based apps, of those surveyed 53 percent of 18-34 year-olds say they use them, but only 15 percent of those over 65 say they do. The report points out that, "Many of the most commonly used and popular mobile applications are little more than a client-side browser with a custom interface created for application use, with all data and logic sitting server side in the Internet. This is why relatively few modern mobile applications work when smartphones are offline".
There's a summary of the key findings in infographic form below or the full report is available from the Radware website.
Photo Credit: Slavoljub Pantelic/Shutterstock
Have you ever lost a mobile phone and wondered where it went? Security company Avast had the same thought and deliberately 'lost' 20 phones to find out what happened to them.
Avast installed three security apps on all the phones, the free Avast Anti-Theft app, Lookout Mobile Security, and Clean Master. It then randomly placed 10 phones in San Francisco and 10 in New York. Each phone was marked with contact information on where to return the device if found.
Of the 20 phones only four were returned, so what happened to the rest? Avast analysts used the Avast Anti-Theft app to track the devices and find out. They discovered that the majority of lost devices were wiped clean using the factory reset feature, Avast Anti-Theft was the only security app that survived the reset.
Using this app they found that one device appears to have traveled via a transatlantic cargo ship before settling in India where the phone is currently being used. One flew to the Dominican Republic, one arrived in a pawn shop, and one seems to be with a taxi driver meandering the streets of San Francisco.
"More than 3 million phones are lost each year," says Gagan Singh, president of mobile at Avast, "Fortunately with Avast Anti-Theft, users have the means to track and recover a lost phone -- or remotely wipe the data on it if it's not recoverable. With all the personal data we store on our phones today, it's a good idea to have a way to either find your phone or delete the content if you lose it".
The small bright spot in all this is that four people did return the phones they found to Avast. One of the finders, Quiana W from Brooklin, says, "I know how it feels like to lose things -- wallet or phone -- so I was trying to pay it forward".
Image Credit: cunaplus / Shutterstock
It may not be entirely surprising in the wake of recent high-profile attacks like that on TalkTalk, but a new survey of almost 3,500 users from UK broadband comparison site Broadband Genie reveals that we're losing trust in the internet.
Among the findings are that 75 percent of Brits believe companies aren't doing enough to secure their personal data, and 15 percent said they had their personal data exposed by a leak or a hack.
Of those surveyed 77 percent think the internet is getting more dangerous, with 35 percent saying they don't feel safe online. It also reveals that while most (80 percent) have anti-virus software, only 53 percent have added further protection by installing anti-spyware/malware software, while 57 percent use firewalls and just 23 percent use an anti-spam program.
"More than ever we need to be aware of the threats out there and the tools available to stay safe and secure. As well as arming users with the right software and knowledge, all organizations need to have rigorous security procedures to combat threats and manage the aftermath of a leak," says Rob Hilborn, Head of Strategy for Broadband Genie. "It's also important for users to consider what protection they’ve got on the other devices they own. It's not uncommon for users to access their personal information from laptops, phones and tablets, so it's important to make sure these devices which are often overlooked are also secure".
How businesses respond to leaks is important too. The poll found that while 41 percent say they would not continue to use a service if private information was exposed, 57 percent say their continued use would depend on how an incident was handled.
The full survey results can be found on the Broadband Genie blog.
Photo credit: Yuriy Vlasenko / Shutterstock
The popular image of male IT workers with pens in their top pockets or wearing crumpled T-shirts maybe about to change.
Seattle-based Ya Joe is launching a new online direct-to-consumer clothing line aimed specifically at tech guys. Its website explains why each item was created and how it can be worn in real-life situations, with realistic fitting guides that are true to size.
The company analyzed tech staff in their day-to-day lives to better understand the clothing features that would make their lives easier, such as pockets that easily fit a work badge and mobile device, or pockets that guys can comfortably place their hands in.
"Since we wanted to make the process for our shoppers as easy and streamlined as possible, we decided to offer select options and colors," says chief creative officer Aaron Hicks. "We use high-quality materials, breathable fabrics and customize the pieces to fit within our customers' lives. The clothing is interchangeable, allowing the casual yet professional pieces to easily transition from day to night. This allows our customers to purchase a range of clothing items that all look good together".
By adopting a direct-to-consumer business model, Ya Joe avoids typical retail and advertising markups, allowing the company to offer good value, high-quality clothing. The website is also designed to provide a convenient, easy to navigate shopping experience by grouping together items for specific occasions, taking the stress out of deciding what to wear.
"In our market research, we found that our guys often had a hard time analyzing a look or style to find something that worked for them, as how do you analyze a look, feel or trend?" says Joe Boldan, Ya Joe founder and former CEO of adventure clothing brand ExOfficio. "I teamed up with Aaron to design the first-ever clothing line using an analytic approach with our tech guys in mind. Our primary goal is to alleviate the stress and anxiety these guys often experience while shopping and provide them with an alternative that has them in mind and gives them the fashion they deserve".
Do male IT staff deserve their poor fashion image? Do let us know what you think. Meanwhile if you believe your tech guys could do with some sprucing up you can point them to the Ya Joe website.
According to a new study published by the Ponemon Institute and sponsored by behavioral analytics specialist Prelert, half of IT security practitioners in the US view their organization as an unlikely target for attack.
The report also reveals a lack of cyber-preparedness with 61 percent of respondents admitting a lack of confidence in their organization's ability to detect advanced threats.
When asked about the type of attacks that cause the greatest concern, the most common answer is advanced persistent threats (67 percent), followed by zero-day attacks (57 percent) and login attacks (37 percent).
Yet despite worrying about these threats respondents showed a lack of urgency in adopting changes to deal with them. Asked how their use of advanced threat detection technologies would change 12 months from now, 49 percent said their usage would either not change or decrease.
"This research reveals some major disconnects that IT professionals seem to have between perception and reality. While even circumstantial evidence points to the increasing volume and severity of cyberthreats, it's shocking to learn that half of security pros don’t even view themselves as a target," says Dr Larry Ponemon, chairman and founder of the Ponemon Institute. "We're also seeing discrepancies in the way teams are viewing and reacting to advanced persistent threats. Overall, they're not confident in their ability to detect advanced threats, but they’re not doing much about it. It's clear that new solutions are needed".
Only 36 percent of respondents say that they're using security analytics, but there's high recognition of its importance. 90 percent believe security analytics is either essential (19 percent), very important (45 percent) or important (26 percent) to their organization's ability to maintain strong security.
The importance of machine learning is recognized by 83 percent as part of a security policy. Spotting the difference between abnormal and normal behavior is said by 59 percent of respondents to be important to identifying suspicious artifacts that could verify potential intrusions. However, only 38 percent say their IT security team can do this.
More findings are available in the full report which is available to download from the Prelert website and the findings will be discussed at a webinar on November 11.
Photo Credit: Jirsak/Shutterstock
The world of online security never stands still, and if the past year has shown us anything it's that you don't need sophisticated technology to launch a successful cyber attack.
Security company Trend Micro has released its annual security predictions report outlining the threats it expects to be facing next year. It forecasts continued growth in online extortion, hacktivism and mobile malware, as well as a shift towards an offensive cybersecurity posture for government entities and corporations.
"We anticipate 2016 to be a very significant year for both sides of the cybercrime equation," says Raimund Genes, CTO of Trend Micro. "Governments and enterprises will begin to see the benefit of cybersecurity foresight, with changes in legislation and the increasing addition of cybersecurity officers within enterprises. In addition, as users become more aware of online threats, attackers will react by developing sophisticated, personalized schemes to target individuals and corporations alike".
The report predicts that 2016 will also mark a significant turning point for malvertising. In the US alone, there has been a 48 percent increase in users who use ad blocking software, with a 41 percent increase in global use this year. As a result, advertisers will seek to alter their approach to online ads, and cybercriminals will attempt to find other ways to obtain user information.
Online extortion is expected to grow too, with more sophisticated psychological analysis and social engineering techniques used to lure victims. It also predicts that hacktivists will be driven to expose more incriminating information and may try to systematically destroy targets with high-profile data breaches.
Other key predictions are that variants of mobile malware will grow to 20 million, primarily affecting China, while targeting new mobile payment options globally. Even scarier is the prediction that as more consumer-grade smart devices are used in day-to-day activities, at least one device failure will prove to be be lethal in 2016. This will lead to calls for regulation of device production and usage.
Despite all this, less than 50 percent of organizations are expected to have cyber security experts on staff by the end of 2016. On the government side though we can expect to see legislation expanding to create a global cyber defense model, allowing for more successful arrests, prosecutions and convictions.
You can read more about the predictions on the Trend Micro site. Meantime if you think that your smart device is trying to kill you do let us know.
Photo Credit: vinzstudio/Shutterstock
The adoption of containerization platform Docker has been one of the big infrastructure trends in the past year. But while it's much talked about, what effect is it having in the real world?
Infrastructure tracking specialist Datadog has released the results of a survey, based on the real Docker usage of 7,000 companies, revealing a 5x growth in Docker adoption since September 2014.
It also shows that from almost no market share a year ago, Docker is now running on six percent of Datadog's monitored servers. Perhaps surprisingly, larger companies are proving to be early adopters, with more than half of those with 500 or more hosts having tried Docker.
Although some eventually abandon it, the report shows that two-thirds of those that try Docker go on to adopt it. In fact most companies who will adopt have already done so within 30 days of their initial production usage, and almost all the remaining adopters convert within 60 days. Once adopted the average company triples its Docker usage within the first five months.
The three most widely used technologies in Docker are, Registry used by 25 percent of companies, presumably instead of Docker Hub. NGINX comes next as Docker is being used to contain a lot of HTTP servers. Third most popular is Redis, the in-memory key/value data store often being used as an in-memory database, message queue, or cache.
Most companies adopting Docker run four containers simultaneously on each host. This finding seems to indicate that Docker is commonly used as a lightweight way to share computing resources.
Docker containers have a short lifespan, three days on average, compared to traditional and cloud-based VMs which have an average lifespan of 12 days. This, Datadog points out, has a significant impact on the number of things that need to be monitored and that solutions which are host-centric, rather than role-centric will become unusable.
You can read more about the findings and the methodology used to produce the report on the Datadog site.
Image Credit: Oleksiy Mark / Shutterstock
Security analysts can struggle to cope with the large volumes of alerts generated by multiple security tools. This can make it hard to distinguish anomalies from genuine malicious actions.
To provide organizations with additional context and more accuracy to detect malicious attacks, even those that originate internally, security analytics specialist Niara is launching a new version of its platform to deliver user and entity behavior analytics (UEBA) on network packet and flow data, in addition to log data.
"Most analytics tools today only look at log data. While this is a critical part of identifying attacks on the inside, it's only part of the puzzle," says Sriram Ramachandran, CEO and co-founder of Niara. "To get the most accurate information for attack detection, you must be able to analyze relevant security data from any source, regardless of volume, including log, flow, packet and threat intelligence sources. Having this higher fidelity picture allows you to drastically reduce the volume of alerts that security analysts have to sort through and validate, making them quicker and much more effective".
By profiling a range of behaviors including authentication, remote access, resource access, file, protocol, and peer-to-peer analytics, Niara can deliver a spectrum of analytics to not only detect anomalous behaviors, but more reliably spot those with malicious intent.
These analytics are combined with deep forensics, integrating them into a single system that provides analysts with a closed loop workflow from detection and investigation through to fix. Niara also integrates with third-party security information and event management (SIEM) systems, such as Splunk and HP ArcSight, to enable analytics-driven intelligence and improved visibility into attacks.
Deployable on premise or in the cloud, you can find out more about the latest Niara platform on the company's website.
Image Credit: Manczurov / Shutterstock
Backing up data is increasingly important, not just to guard against system failures but because of the need to retain information for legal purposes, and for migrating information between devices.
Endpoint data protection and security specialist Code42 is launching its fifth generation CrashPlan platform to strengthen its backup and restore capabilities.
The new version includes a new legal hold app which makes it easier for litigation support staff to identify, preserve and collect electronically stored information. Instead of relying on IT teams to serve up end-user data during eDiscovery, the legal hold web app empowers legal departments to run the process themselves, significantly reducing litigation expenses.
There are also new data migration features to ensure that files and folder structures move seamlessly across platforms. Individual device settings and preferences can be transferred automatically with the Windows User State Migration Tool (USMT), reducing time spent on reconfiguration by end users and IT staff.
"Our business is to ensure our customers' endpoint data is protected and secure -- so they can easily recover, search and analyze it," says John Durant, senior vice president of product at Code42. "In our 5.0 release we responded to customer requests for streamlined legal holds, faster data migrations and an elegant user interface -- and we nailed it. These enhancements strengthen the platform’s core backup functionality while building bridges between the IT department and other areas of the enterprise, solving a whole new set of problems for our customers".
In addition Code42 5.0 has a new user interface offering simplified workflow and faster, self-service backup and file recovery, making it easier to use and more appealing to end users, accelerating enterprise-wide adoption.
For IT admins it also offers integration with the Splunk reporting tool to provide insights on the flow of data and status of operations.
You can find more information about the latest CrashPlan and request a 30-day free trial on the Code42 website.
Image Credit: Oleksiy Mark / Shutterstock
OpenStack is a popular open source tool for creating public and private clouds and is used by big companies around the world.
To make running OpenStack systems easier, open source network specialist Akanda is launching a new version of its Astara platform that radically simplifies the complexity and scale of implementations.
"Astara's first release as an official OpenStack project is an exciting one for OpenStack operators," says Henrik Rosendahl, CEO, Akanda. "The goal of Astara is to make Networking and DevOps’ lives easier. With tremendous community support and momentum for the platform throughout its first year, Astara is the answer for massively simplified OpenStack networking stack that can replace traditional -- and expensive -- single vendor lock-in".
The latest Astara release is compatible with the latest 'Liberty' OpenStack release and includes a new load balancer driver which allows OpenStack operators to configure the platform to load and manage only the resources they choose. Neutron virtual network resources are now much more quickly provisioned onto appliance VMs via a new service that manages pools of hot-standby appliance VMs.
The new release also offers integration and support for Dynamic Lightweight Network Virtualization which gives OpenStack operators a complete, OpenStack-ready stack. There are active high availability and scaling improvements, plus syncing to Liberty’s global requirements, ensuring smooth installation into system namespaces shared by other OpenStack projects. For clouds running OpenStack Kilo or Juno releases the new Astara release can be completely back ported.
More information about the latest release is available on the Akanda blog.
Image Credit: Chaiyapop Bhumiwat / Shutterstock
We've all heard of Bill Gates, Steve Jobs and Mark Zuckerberg, but what about the people they hired in the early days of their fledgling businesses?
You probably don’t know anything about Marc McDonald's role at Microsoft or Shel Kapha'’s at Amazon, but these were among the first people hired by those companies and had a significant effect on their growth.
Recruitment search engine Adzuna has produced an infographic highlighting the roles of the lesser known people behind the success of some tech giants.
You can find out more about the lesser known names at Google, eBay, Dropbox, Tumblr, Yahoo and more in the graphic below.
Photo Credit: EDHAR/Shutterstock
Botnets are not a new problem, but they remain a key part of the cyber criminal's armoury. The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), a global industry forum dedicated to promoting best practices in cyber security, has issued its first report looking at the level of botnet infection. Based on information provided by ISPs covering over 43 million subscribers in the US and Europe it concludes that around one percent of consumers are infected by a bot. The good news is that notification rates are high with between 94 and 99.82 percent of those infected being notified of the problem by their ISP.
Even on those numbers botnets are a major problem. We spoke to Ken Simpson CEO of outbound traffic security company MailChannels and co-chair of M3AAWG's Botnet Subcommittee to find out about how botnets and spam have become big business.
BN: What is the M3AAWG?
KS: It was founded about 10 years ago by a group of international ISPs. The mission of the organization is to bring together all of the people involved in transacting the world’s email so that they can create standards and work together to fight back against very well-funded criminal networks.
BN: Can you give us an overview of the current state of the spam industry?
KS: A lot of internet users aren't aware that there's actually a huge amount of spam going on. They have spam filters and most of the time the filter keeps spam out.
These days a large proportion of the spam that's sent around the world is not trying to sell you something. What cyber criminals have realized is that trying to sell you some Viagra pills doesn't make as much money as it used to. What they're doing now is focusing on exploitation, financial information and private identity information that they can use to steal money from your bank account or get you to participate in some fraud.
This is a massive problem, the scale of fraud and cyber crime being spread over email has to be in the tens of billions per year. It's not just individuals being targeted either it's institutions of all sizes. What we try to do at MailChannels is provide software and services to help the ISPs who originate the mail traffic protect their users. We help them identify the bad stuff as it goes out onto the internet so that they can block it and protect the rest of the web.
BN: Why would service providers care about providing protection?
KS: If they don't do something the global reputation of their email will suffer and their network will get blocked. This means their users wouldn't be able to send email any more because it would be blocked everywhere else.
BN: How important are botnets in all of this?
KS: One of the leading botnet researchers recently told me that the world of botnets has never been more interesting. There are more sophisticated botnets than ever before and they’re engaging in a wider array of bad behavior. There's a whole eco-system of players who are running these botnets, renting time on them and selling them for different services. If you wanted to carry out some cyber crime yourself you could go to an internet forum and rent time on a botnet to do whatever you wanted -- distribute malware, send spam or run a denial of service attack. It's also very cost effective because it's a competitive marketplace.
BN: There seems to have been a shift in the type of spam recently, towards sending fake invoices for example, is this significant?
KS: There's a move away from traditional spamming, which has an extremely low return per email message, to more concentrated financial fraud. If you get a Viagra spam email then maybe you spend $50 on purchasing pharmaceuticals, but the spammer makes only a tiny slice because he has to source the product and send it out, he may make only $3 or so on the transaction.
But if I manage to convince you that your company owes $5,000 to my fictitious organization and I get you to wire transfer that, then I get $5,000. I don't have to hit as many victims to make that pay off pretty quickly. This isn’t just a few spammers, it's criminal networks with some very nasty people behind them.
BN: Does this activity originate only in failed states or is it a global issue?
KS: There are spammers operating in every country, but the ones operating in places like the US, UK and Canada tend to be the string pullers. They'll develop the infrastructure and they tend to be involved more in traditional spamming, selling products. The actual dirty work will be subcontracted elsewhere.
Countries like the Ukraine have little regulation because the country is so broken by war and corruption. They literally have call centers taking support inquiries for extortion schemes. Government is effectively neutralized by criminal interests, so if you pay off the right people things like ransomware scams can operate pretty much in the open.
BN: So the whole operation has become very professional rather than the common idea of a hacker working from his bedroom?
KS: It ranges across the spectrum, one of the things that my company offers is an outbound protection service for service providers who don't want to spend time trying to maintain their email reputation.
Around two thirds of the attempted signups for this come from spammers and phishers and most of the phishing signups come from northern Africa and Indonesia. They're very open because in their countries there's zero chance of any enforcement finding them. They will phish services like PayPal and even though individually they might not do a lot of damage, collectively they do a lot and they're very difficult to find. They may be committingng all of their cyber crime from a laptop in an internet cafe.
So, while there's sophistication there are also thousands of people operating at a lower 'street smart' level to attempt to extort users of online services. They often work within their own language area, so you get phishers working in Morocco or Algeria targeting customers of French banks for example.
BN: Is phishing cyclical? Do scammers target PayPal one week, Barclays the next, a French bank the week after?
KS: I get the sense that it is because it takes time to develop a campaign, you have to replicate the target website so they do tend to hit one at a time. Because there's lots of these guys working on the same thing many institutions are being hit in parallel but it's not like one person is hitting all of the institutions. Smaller financial institutions see periodic waves where their customers will see nothing for months then get hit by thousands of email messages. Larger ones like PayPal are being phished 24 hours a day, domain names similar to PayPal are being constantly registered, it's like a tidal wave.
You can find out more about the botnet report on the MM3AAWG blog.
Image credit: Gunnar Assmy/Shutterstock
UK telecoms provider TalkTalk says it's been hit by a "significant and sustained" cyber attack which could have exposed the personal information of its four million customers.
In an official statement the company says that data including names, addresses, dates of birth, phone numbers and payment details may have been accessed.
TalkTalk says it's working with cyber crime experts and the police to find out what happened and the extent of information accessed. A Russian jihadist group has claimed responsibility for the attack online although this has yet to be verified.
The Metropolitan Police says it's aware of speculation surrounding the perpetrators but that its enquiries are ongoing and no arrests have been made.
This is the third attack TalkTalk has suffered in the past year. In February customers were warned about the theft of thousands of names and account numbers, and in August its mobile sales site was breached.
The latest breach appears to have started with a DDoS attack which may have been used to distract the company's security team while the data theft took place.
Dido Harding, TalkTalk's CEO, says, "TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday’s attack".
If you're a TalkTalk customer the company should be getting in touch, however, it warns people to beware of scammers and says it won't email or phone asking for bank details or passwords, or ask people to download software onto their machines.
In the meantime you're advised to change your passwords and monitor your bank accounts for unusual activity. Anything suspicious should be reported to Action Fraud via www.actionfraud.police.uk or on 0300 123 2040.
TalkTalk's share price dropped 10 percent when the London Stock Exchange opened this morning.
If businesses don't keep pace with digital innovation they're likely to lose out on opportunities for long term growth and risk being displaced by more agile competitors or road-blocked by security and compliance barriers.
Yet new research from Hitachi Data Systems suggests that a lack of consensus about where to make intelligent investments is leaving UK organizations in a state of 'innovation inertia' and putting business growth at risk.
Headline findings are that 81 percent of IT leaders say their companies aren't set up for the digital age, and 75 percent can't make informed investment decisions due to a lack of clarity in business strategy and access to business data. A worrying 90 percent of IT leaders believe their organization isn't agile enough to respond rapidly to industry change, putting them at risk of being outpaced by more digitally-aware brands.
"Technology plays an integral role in helping UK organizations transform to thrive in a digital economy, but only if there is consensus about which technologies are relevant to future growth and about the ability to adapt to these known priorities," says Richard Gadd, UK managing director at Hitachi Data Systems. "This isn't about innovating for innovation’s sake, it's about UK organizations having the ability to garner valuable business insights to make informed technology investments that will drive future growth and enable UK organizations to redefine business agility. The pace of business change will never be this slow again, and to stay relevant for the long term, organizations need to know their business inside out so they can quickly capitalise on new revenue opportunities before their competition do".
The report also reveals some of the barriers to technological innovation. 91 percent of IT leaders recognize that effectively storing, retrieving and analyzing data can identify future revenue streams, yet 87 percent are facing barriers to using big data.
Compliance is seen as a major barrier to future technology investments by 83 percent of UK organizations. Organizational culture and legacy IT systems are seen by respondents as major barriers to business agility too, 97 percent of IT leaders feel that their organizations could improve how they use technology, with potential business benefits including increased staff efficiency, improved customer service, and faster delivery of internal projects.
"The key to overcoming this innovation inertia is understanding that businesses can't transform everything at once," says Bob Plumridge, EMEA CTO at Hitachi Data Systems. "The research shows that nearly all IT leaders (96 percent) believe legacy IT systems provide risk to future growth, however when implementing new technology, a complete overhaul of current technology isn't always necessary. Instead IT leaders need to successfully identify and drive the innovations that matter the most, connecting the technology they need today with the technology that will be integral to future success. It is by aligning with the business and employing informed insights, derived from their organization's data, that businesses can start cutting through the trees and understanding which innovations are most important to driving business growth".
The survey targeted 200 IT decision-makers at UK organizations with over 1,000 employees in September and October this year.
Image Credit: Duc Dao / Shutterstock
Digital services provide real-time indicators into buyer behavior and tend to reflect the overall health of global markets. Understanding these patterns gives online services companies the opportunity to redirect efforts to different regions or target their campaigns to where the opportunity is emerging.
Digital commerce solutions company Avangate today released findings from its first Digital Services Benchmark. The new report tracks global consumption of digital services to identify regions with the fastest growth and greatest contraction.
The report reveals that Kuwait, Vietnam, Slovenia, Pakistan, Saudi Arabia and India are seeing the most digital growth, with positive increases in buyer purchasing from Q2 to Q3 2015. One of the countries that showed consistent growth, Vietnam, has a booming tech scene, which has been reported as the nation’s most successful private industry.
At the other end of the scale the regions with the slowest growth are Kazakhstan, Serbia, Namibia, Greece, Ecuador and China. After dropping significantly at the top of Q3, Greece saw a 56 percent increase in purchases during August 2015 which may be evidence of recovery. China also saw a slight surge of seven percent during this time period, likely due to interest rate cuts employed by banks.
"Our mission is to support and stimulate global commerce for digital services from global payment processing, tax and compliance to automated billing, renewal and customer engagement," says Michael Ni, CMO and SVP of Products at Avangate. "We believe that by identifying patterns and drawing correlations from the data to current events, we can help our clients make smart decisions that deepen relationships with existing customers and extend services where new opportunities arise".
The report concludes that the opportunity for online commerce is fluid across the globe. As a result online service providers need to ensure they're supporting a strong foundation for digital commerce, regardless of the market they're targeting.
More information is available on the Avangate website and there's a summary of the findings in infographic form below.
Photo Credit: Nonnakrit/Shutterstock
Not so long ago collecting data required considerable effort. You had to measure and count things, then turn that raw information into useful data by inputting it into some sort of model. It was time consuming and took time to produce results.
Now there are millions of everyday devices collecting data, and lower storage costs mean that more of it can be retained and used to spot historical trends. This shift in how data is gathered, stored and analyzed is starting to have a significant effect.
BSA | The Software Alliance has released a paper highlighting how data is changing the way we live, in many cases without us even realizing it. Data is being used to solve complex problems around the world.
Examples highlighted by the report include farmers using data from seeds, satellites, sensors, and tractors to make better decisions about what to grow, when to plant, how to track food freshness from farm to table, and how to adapt to changing climates.
In the United Arab Emirates, new data tools are being used to design the world's first positive-energy building that actually produces more energy than it consumes. The city of Stockholm in Sweden has installed 1,600 GPS systems in taxi cabs to collect data on traffic flows, and then used software to analyze the data to inform the city's plans to reduce congestion. As a result traffic has been reduced by 20 percent, travel times have been cut in half, and emissions are down 10 percent.
In Kenya, mobile data is being used to identify malaria patterns and identify hotspots to guide government eradication efforts. Also on the medical front researchers have developed a machine learning algorithm that can predict cardiac arrest four hours in advance, and is accurate 66 percent of the time, by combing real-time data with a patient's medical history.
There are economic implications too. Economists estimate that if better use of data made industry only one percent more efficient it could add $15 trillion to global GDP by 2030.
The full report, What's the Big Deal With Data? is available to download from the BSA website. There’s also a video overview of the findings below.
Photo Credit: Sergey Nivens / Shutterstock
Data is an essential part of combating and preventing fraud, but many organizations lack the data science and engineering teams needed to allow them to exploit the information they have effectively.
Big data company Feedzai is launching its new Data Science Studio software that uses artificially intelligent, machine-based learning to help prevent fraud.
Non-technical and business teams within organizations using Feedzai's Data Science Studio can build, deploy and manage predictive analytics models to unlock the power of big data. The Feedzai platform includes all the essential tools they need to manage fraud and risk.
"Data continues to provide both opportunities and hurdles for businesses of all sizes and across all industries because analyzing complex data requires a deep understanding of data science, software engineering and big data principles," says Nuno Sebastiao, CEO of Feedzai. "By putting a sophisticated, yet easy-to-use environment for data science modeling in the hands of all the teams and people who need it, we’re democratizing big data for our customers".
Accessible via the cloud or on-premise, Data Science Studio includes all the essential components to develop and manage predictive analytics to make commerce safe. Feedzai enables businesses to accurately analyze the large volumes of information they produce every day to keep their customers' data and transactions safe at any place or moment in time. The machine learning platform transforms the management of risk and fraud into a real-time decision science to help payment providers, banks and retailers prevent fraudulent activity.
You can find out more about Feedzai's fraud prevention technology on the company's website.
Image Credit: Gustavo Frazao / Shutterstock
We reported last month that women only make up 10 percent of the IT security workforce and there's similar under representation across the tech sector.
To address this, freelance developer network Toptal is announcing a scholarship scheme to support and empower women aspiring to become professional software engineers.
Women from across the world of any education level can apply to win one of 12 scholarships over the next year. Winners will receive a $5,000 scholarship and weekly one-on-one technical training and mentorship from a Toptal senior software engineer to help them pursue their goals.
"Countless studies have shown that teams with a greater diversity of backgrounds and opinions consistently perform better and drive more innovation. This is something with which we're intimately familiar at Toptal. Our core team and engineering network members come from all over the world and all walks of life," says Toptal COO and Co-Founder Breanden Beneschott. "We're extremely intent on building the most innovative, talented network in the world, and building a more gender diverse community is critical towards being able to accomplish that".
Scholarship winners will be able to use the money in any way that helps them pursue their ambitions to become future software engineers. For example they could use it to help cover the cost of tuition fees, pay for courses, or pay themselves salary while they work on open source or start-up endeavors.
"In today's tech industry, quality education can come from so many different valuable places, and that’s something that this scholarship really embraces," says Anna Chiara Bellini, Director of Engineering at Toptal. "Giving winners access to top quality mentorship on topics of their choosing and $5,000 with very few strings attached will really allow them to learn and improve their skills as they prefer, instead of being locked into a rigid educational program".
To apply for a Toptal Scholarship, applicants must make an open source contribution on GitHub and write a blog post describing the experience, the problems they had to solve, and what they learned from it.
More information on how to apply and a how to guide to making a GitHub contribution are available on the Toptal site.
Image Credit: Stock Rocket / Shutterstock
It's easy to assume that younger generations who have grown up with the internet spend more time online, but new research suggests that this isn't the case.
The 2015 State of the User Experience report from content delivery specialist Limelight Networks time spent online in the past year has dramatically increased, with 45 percent of respondents spending more than 15 hours a week on their laptop, tablet or phone.
But perhaps surprisingly the group spending the most time online is baby boomers, those aged 51-69. More than half (51 percent) are online 15 hours a week, as opposed to Millennials (18-33 year olds) at just 41 percent.
There's also a change in how long we're prepared to wait for sites to load on mobile devices. Last year, users were asked if they would be willing to wait longer for a website to load on a mobile device as opposed to a laptop or desktop, and 44 percent said they would. This year, the results are startlingly different, only 35 percent say they would be willing to wait longer on a mobile device, and nearly 40 percent expect equally fast-loading sites, regardless of how they're accessed.
Despite expecting better mobile performance thoughit seems we're becoming more tolerant of poor performance overall. This year, 33 percent said they would leave a website to buy a product from a competitor if the site loaded too slowly, down from 37 percent last year. Plus, in 2015, 72 percent would be willing to give the slow-loading site another try in the future, up from 69 percent last year.
Other findings include the importance of content. Respondents listed social media sites, reading news content and watching video content as their top three online activities, respectively, while reading news content was the most popular in 2014. Ecommerce finished in 5th place, behind researching products online. Whilst social media is the most popular online activity across the board, millennials are spending almost as much time viewing video.
We also want out online experiences to be more personal. In 2014 37 percent indicated they did not want a website to remember them from a previous visit. This year, the results are dramatically different as just 25 percent don’t want a personalized experience.
"Ultimately, consumers want more from their online experience, particularly as the mobile web and video continue their march toward ubiquity," says Jason Thibeault, senior director of marketing strategy at Limelight. "We have more options than ever -- more content, more video, and more shopping. And while patience has increased slightly, people -- whether they are Millennials, Gen X or Baby Boomers -- all expect a personalized, highly-functioning web experience. If not they will look elsewhere. With the explosion in content, branded entertainment, video and e-commerce, the stakes are higher than ever".
More detail is available in the full report which you can get from the Limelight website.
Image Credit: Kinga / Shutterstock
Business information comes from a variety of sources and it can be difficult to bring all of the separate streams together to extract meaningful data.
Enterprise file services company Egnyte is launching a new Smart Reporting and Auditing service. This allows organizations to build comprehensive dashboards of system-wide analytics around content (creation, editing, viewing and sharing), users, devices, applications, and more.
It uses the company's hybrid technology to provide comprehensive visibility and control across an organization's entire content lifecycle. This includes file infrastructure, which can be in the cloud, on premise, or a mixture of both, as well as user applications and devices.
"There is a tremendous opportunity for organizations to take advantage of all the detailed file analytics and insights we've collected within their infrastructure, applications, and devices", says Isabelle Guis, chief strategy officer at Egnyte. "Our focus on delivering this data in an actionable format will create an unparalleled level of efficiency and security that no other company in our space has the ability to do. It's critical for businesses to have tools like Smart Reporting and Auditing when collaborating internally and externally, not only to optimize file infrastructure and protect against potential threats, but also to gain a competitive advantage".
The service can help to save money by enabling informed, data-driven choices about infrastructure locally and globally -- reducing bandwidth consumption, minimizing support issues, and increasing productivity.
IT leaders can gain unique insights about user, file, and device activity that may be harmful to their organization. The Smart Reporting and Auditing service helps maintain security and compliance with preventative alerts that notify IT about suspicious activities.
It also empowers business users to make smart decisions at every level with relevant, viable information that is delivered straight to their Egnyte interface. IT will have more visibility into the security and efficiency of their entire corporate infrastructure and users will also gain insight into their usage patterns as well as internal and external collaborative efforts.
Egnyte Smart Reporting and Auditing is available now for all new and existing customers and you can find out more on the company's website.
Image Credit: Nata-Lia / Shutterstock
Chief financial officers (CFOs) want their company data to provide accurate insights and actionable business transformation.
This is one of the findings of a new survey by specialists in cloud corporate performance management Adaptive Insights. The global survey of 435 CFOs focuses on data analytics trends, business collaboration strategies, the top financial mistakes most companies make and 2016 plans and predictions.
According to the results CFOs want data to provide a -- rather Orwellian sounding -- 'single source of truth' from which to derive business insights. They predict that the amount of data they manage will greatly increase by 2020, and they face significant data challenges with respect to the accuracy and timeliness of data.
The survey also asked about the top financial mistakes most companies make, 69 percent of CFOs say that keeping data siloed is a major error while 40 percent name having inaccurate data for forecasting and planning.
"Faced with a challenging macroeconomic environment and the need to provide a more holistic view of the business, CFOs are increasingly becoming the 'knowledge executive' in the organization," says Tom Bogan, CEO of Adaptive Insights. "As both the volume and sources of data increase, CFOs are working across departments, driving toward a single source of 'truth' that gives them a more consistent, comprehensive view of the organization in real time. This view will ultimately provide more accurate business insights and inform more effective business strategy".
Data volumes are expected to grow, with a third of CFOs predicting the amount of data they manage will increase by over 50 percent within the next five years, 3 percent expect an increase of over 1,000 percent. The number of systems used is an issue too, with 41 percent of finance teams already managing data from three to five source systems and 22 percent pulling information from as many as five to 10 systems. Sales data is named as the top non-financial information they need to access by 58 percent of respondents.
Accuracy and integrity of data is cited as one of the most important characteristics needed for actionable reports and insights by 65 percent of respondents followed by timeliness or shelf-life of data by 42 percent.
When asked to look ahead to 2016 CFOs say that a potential rise in interest rates (48 percent), mergers and acquisitions activity (38 percent), cybersecurity (32 percent) and political volatility (29 percent) are the top factors likely to impact their business.
More information on how CFOs see the role of big data can be found on the Adaptive Insights site.
Image Credit: IMG_191 / Shutterstock
Microsoft is keen to get its Surface tablets in the hands of business users. This is one of the reasons why it increased the number of Surface sales partners back in July. And in September it launched the Surface Enterprise Initiative allowing Dell and HP to resell the product.
Now following the launch of Surface Pro 4 and Surface Book earlier this month, the company is making renewed efforts to crack the business market with new service offerings.
There are now around 5,000 business resellers for Surface across 30 countries. Writing on the Windows blog Cyril Belikoff senior director of Surface marketing says, "Achieving this breadth and reach is important because this allows us to make Surface and Windows 10 available to more customers than ever before. This means that we are better prepared now for the scale of demand we expect. The introduction of new Surface devices alongside the introduction of Windows 10 represents a big moment for us, our customers and our partners. We are ready!"
Today Microsoft is announcing two additions to the Surface Enterprise Initiative. From early next year it will launch a new service and warranty program for Surface customers via commercial resellers. Microsoft Complete for Enterprise will allow companies to pool warranty claims, allow claims for non-bootable devices where data policies mean the hard drive must be removed before return, and offer next-day shipping for fast replacement. It will also set up an on-boarding center where Microsoft will assist IT staff to get set up with warranty and support processes as well as provide online training for employees to get productive as fast as possible.
In addition the company is launching a Business Device Trade-in Program allowing customers to trade their used business laptops, tablets, and phones for credit towards the purchase of new Surface devices. This will be available in the US and Canada and will roll out across major European markets in the coming weeks. More information is available on Microsoft's trade-in page.
For more on Surface in business there's a dedicated micro site.
Managing data in increasingly fast-paced business environments is a major challenge for companies. The latest release from data protection and information management specialist Commvault is seeking to address this with new levels of openness and flexibility.
The powerful combination of Commvault Software, the Commvault Data Platform and a range of professional services and support gives enterprises of all sizes the ability to open up new opportunities to reduce legacy spend, be released from vendor lock-in, find pathways to more modern environments, and drive new efficiencies and speed in their IT operations.
Major innovations include open API architecture that provides universal access to data under management in a standard captured format, ensuring no provider lock in. Customers and third party software partners cam allow their applications to write directly to the Commvault Data Platform. This allows information tasks to define data governance policies for all data right through its lifecycle. Customers can then benefit from common data management services of the platform across all data sources.
Incremental change capture for files and applications eliminates the need for backup windows. This opens opportunities to dramatically reduce workload impact during data protection operations while providing efficiencies in network and storage utilization. At the same time direct native access from the open platform to point-in-time data copies allows for instant recovery.
Enhanced total search now extends to live data sources, providing seamless and powerful search queries across multiple data solutions applications and storage locations, including the Commvault virtual repository, SaaS offerings, and cloud solutions without moving the data.
Disaster recovery technologies speed and simplify recovery planning and execution both on and off premise and in the cloud. These enhancements make DR operations easy to implement, test, validate, change and deploy regardless of the infrastructures and cloud technologies used.
"As a leading provider of integrated information technology solutions, CDW appreciates the ability to leverage Commvault's unified platform as a core data center solution that we can offer to our customers spanning all major segments and verticals," says Shea Hart, Director of Product and Partner Management, Data Center Solutions, at IT solutions provider CDW. "Given the partnered success we've experienced thus far in working with Commvault, we are extremely excited to explore the joint opportunities that the next generation of the Commvault solution platform will open for us".
Commvault says that there are more than 100 new innovations across its portfolio, a complete list is available on the company's website.
Image Credit: alphaspirit / Shutterstock
Business collaboration tools like Clarizen have been around for some time, but a new entrant to the field is looking to change workflow management and give power back to employees.
Scalus is backed by Google Ventures and turns conversations into actionable, repeatable, automated tasks across apps, teams and organizations, adding accountability and oversight that's missing from other collaboration tools.
"Today's generation grew up on Facebook and demands immediacy and transparency as a default condition. We saw how scaling a business was nearly impossible based on the new way we work, so we created Scalus," says Kristen Koh Goldstein, founder and CEO of Scalus. "The proliferation of cloud apps and distributed teams has exposed how workflows and business processes are siloed. We developed Scalus to help organizations connect disparate systems, easily scale their distributed labor workforce and ensure that teams stay productive and effective".
Scalus isn't a linear platform where you insert a task and check off when it's complete. It includes a workflow tracking system which holds employees accountable for each aspect of a project. It also allows employees to make additions to tasks, and offer up ideas that they may be reluctant to share in a busy office.
The Scalus platform allows companies to automate distributed systems, automatically folding in daily activity and workflow. Compared to other collaboration and task management products on the market, Scalus is designed to uncover the real value of work. The platform strengthens accountability, connects the dots between business processes, automates and audits task management and lets workers avoid bottlenecks throughout the organization.
Features of the platform include the ability to track and manage recurring and repeating tasks; plus visibility into every task to identify bottlenecks, take action and eliminate dead-end work flows. It offers bi-directional task management across the internal systems and corporate email, and transparency across all levels of an organization.
Scalus is able to transform lists of tasks into a repeatable process to improve efficiency and scale, and it can integrate with communication platforms such as Slack and Chatter. It also allows collaboration with internal and external teams without everyone having to be a user. It helps companies with compliance too thanks to an immediate auto-generating audit trail.
You can find more information and sign up for a free trial on the Scalus website.
Image Credit: Tischenko Irina / Shutterstock
More than 250 apps have been pulled from the Apple App Store for secretly gathering users' information including email addresses, device serial numbers and details of other installed apps.
Apple's action comes as a result of a report from analytics service SourceDNA which uncovered the apps built using an SDK from a Chinese advertising company called Youmi. This allowed them to access the information via private APIs and send it back to Youmi's servers.
The Apps involved are mostly China-based and they include the official McDonalds app for Chinese speakers. SourceDNA's researchers estimate that around a million people may have downloaded them.
Since the SDK is delivered in binary form and the information gathered by the apps is uploaded to Youmi's server rather than that of the apps themselves, it’s likely that developers using the kit were unaware of the suspicious activity.
Apple has issued an official statement saying, "We've identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi's SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly".
The scale of the withdrawal does cast doubt on Apple's review process since it failed to identify the data gathering activity until told of it by a third party.
SourceDNA recommends that developers stop using the Youmi SDK until the data gathering code is removed. You can read more about the discovery of the suspect apps on the SourceDNA blog.
Photo credit: TK Kurikawa / Shutterstock
The number of connected devices is increasing rapidly and producing large amounts of data. Extracting value from that data and gaining useful business insights from it though is a complex process.
Big data applications company Teradata is announcing two new software products that empower business users to uncover and operationalize the insights hidden within Internet of Things (IoT) data.
The first, Teradata Listener is an intelligent, self-service software for importing and distributing fast-moving data -- either individual or multiple streams -- at one time. It allows customers to push data to Hadoop, Teradata Aster Analytics, Teradata Database, and other platforms. It also enables data scientists, business analysts, and developers to quickly and easily analyze new data streams to deliver faster answers to business questions. Without needing to rely on IT for help, users can analyze data from numerous sources including sensors, telematics, mobile events, click streams, social media feeds, and IT server logs.
The second release is Teradata Aster Analytics on Hadoop, an integrated analytics solution featuring a set of more than 100 business-ready, distinctly different analytics techniques and seven vertical industry applications to run directly on Hadoop.
This allows organizations to seamlessly address business problems with an integrated analytics solution. The flexibility and simplicity of these capabilities enables everyday business analysts to perform as data scientists by tackling the organization's most challenging problems. Aster Analytics on Hadoop allows users to combine machine learning, text, path, pattern, graph, and statistics within a single workflow.
"Daily, we collect millions of sensor observations from our equipment, and from our engineers we receive thousands of written reports that are digitized. We subject the data to a variety of analytics to discover hidden patterns in order to ensure optimal equipment performance. Our partnership with Teradata has helped us predict the leading indicators for train equipment breakdown," says Gerhard Kress, director, Analytical Services, Siemens Mobility Division. "The collection and analysis of sensor and IoT data has been integral to driving the efficiency of the rail business".
Teradata Listener is now available in beta, and will be generally available globally in the first quarter of 2016. Teradata Aster Analytics on Hadoop will also be shipped globally in the second quarter of 2016. You can find more details on the Teradata website.
Image Credit: Ahmetov_Ruslan / Shutterstock
Sales platforms tend to be based on historical data which means that they don't always take account of the effect of transactions that are already in the pipeline.
Activity-based sales specialist LevelEleven is launching a new feature called Pacing, which improves the ability for salespeople and managers to use their sales pipeline data in real time.
"Today's salesperson wants to feel deeply engaged with their team, their manager and most importantly, their performance," says LevelEleven CEO Bob Marsh. "They want to know which key activities they should focus on to maximize their sales results. With Pacing, LevelEleven is a driving force behind a new movement in modern selling that helps companies identify the key activities and behaviors that lead to sales, and gives salespeople and sales managers a highly engaging, continuous feedback loop on how they are performing and where they need to focus their time".
LevelEleven aims to boost performance among sales teams by bringing together intelligent performance metrics, personalized sales scorecards, leaderboards, and goal management into a single platform, all within Salesforce. Performance metrics are visible within Salesforce, on mobile devices via Salesforce1, in a weekly email performance digest, and can even be broadcast on TV monitors around the office. By providing up-to-the-second, real-time reporting, LevelEleven drives more widespread adoption of the right sales process and in turn widespread adoption of Salesforce. Instead of sales leaders only being able to manage what's closing this month, they can empower their salespeople and front-line managers to manage the activities and behaviors that will lead to closing more business.
Marsh adds, "Before LevelEleven, sales performance management was limited to manually pulling reports that tell you about declining sales activity that happened in the past, leaving a sales leader thinking, 'I wish I would have known that a month ago when I could have done something about it.' The modern sales leader we call our customer can now stop creating complex and highly manual spreadsheets that salespeople barely look at, and leverage LevelEleven for real time performance management".
For more information about how Pacing can improve sales team performance and to arrange a free trial of LevelEleven you can visit the company's website.
Image Credit: EDHAR / Shutterstock
Keeping devices secure means ensuring that they're up to date with the latest software patches. For IT managers this can present a major logistical problem, especially where different operating systems are in use.
IT management systems specialist Shavlik is launching a new version of its Shavlik Protect patch management solution, as well as Empower, a platform that aggregates data to give IT departments more insight into and control over their systems.
Protect 9.2 features improved patch assessments that cut the time needed to assess in half compared with the previous version. With agentless technology, Protect streamlines the patching process by giving IT departments increased opportunities to automate their patching. It also features intuitive scheduling based on Patch Tuesday releases. This allows admins to easily manage their patching based on this industry-standard release, rather than using arbitrary dates.
Admins can create templates that dynamically update, so systems that often leave the network are kept up to date no matter where they go or for how long. New Predictive Patch technology means Protect can anticipate what admins will need next and distribute it across the enterprise before it's detected as missing.
The new Empower platform aggregates data from Shavlik Protect, Active Directory and other systems -- both on and off the network. This gives IT departments instant access to much more information relating to different systems than was previously available. Using Empower's data, administrators can determine any problems an endpoint might have, from anywhere with an internet connection. Empower also allows users to see more about their environment and know more about the system before they make critical decisions, uniting operational efficiency and security.
Chris Goettl, senior product manager at Shavlik says, "Empower is designed to be everywhere you need it to be. It is purpose-built to manage your users, their devices and be with those users wherever they go. With this solution, Shavlik Empower will bring a new level of perspective to how you view operational and security data".
Empower includes Mac OS X asset inventory and patch management. It also features integration with Shavlik Protect. This integration allows a consolidated, web-based view of patch compliance across Windows and Mac systems. Improved inventory capabilities provide IT professionals with a visual timeline of events on a system, allowing them to see configuration drift, manage warranties and gain deeper insight into their software and hardware assets.
Empower is available at no extra cost to existing Shavlik Protect users. Mac Support can be added through a per seat workstation subscription license. You can find out more on the Shavlik website.
Photo Credit: Melpomene/Shutterstock
One in five American households was impacted by a data breach in the last year, yet 40 percent failed to properly secure their wireless routers.
This is one of the findings of a new survey from security company ESET and the National Cyber Security Alliance (NCSA). It reveals that despite the number of breaches 79 percent of Americans still feel safe in their connected homes, with almost half (49 percent) showing a remarkably strong sense of confidence.
"From the digital workplace to the connected living space and across age groups and demographics, today's households are more connected than ever and the number of connected devices is growing at considerable pace," says ESET Senior Security Researcher Stephen Cobb. "Sixty-seven percent of those surveyed had between one and five connected devices at home connected to the Internet, with 30 percent owning six or more. Even more telling, 30 percent of those surveyed today have two to three more devices at home compared to last year. With so many potentially vulnerable digital entry points, this survey underlines the importance of cybersecurity as a core commitment in our digital lives".
The study also looked at the effect of the connected world on parenting. Three-quarters of American parents say they have had a 'CyberEd' talk with their kids and 90 percent have made at least one rule about using the internet and connected devices. However, more than 61 percent of parents show a surprisingly high level of confidence in their kids' online activities and their abilities to use the internet and devices safely and securely.
Nearly 60 percent of parents don't require permission before downloading a new app, game or joining a social network, 60 percent allow password sharing with friends and only 34 percent require children provide all passwords to their online accounts. In addition 70 percent don't limit the kind of personal information their kids can share on social networks.
Only 33 percent have imposed a device free dinnertime rule and a mere 25 percent have rules about allowing the use of devices in bedrooms after a certain time. Just 30 percent of American parents have rules about not downloading pirated content from the internet such as illegal games, movies or songs.
There's more information on the survey's findings in the infographic below or on the NCSA's StaySafeOnline website.
Image Credit: Maksim Kabakou / Shutterstock
The enterprise storage market has undergone significant change in recent years. In particular it's seen the rise of flash and the consequent decline of disk as a storage medium.
But what effect are these changes having on business? And what trends can we expect to see in the future? We spoke to Arun Agarwal, CEO of storage specialist Infinio, to find out his view of the market.
BN: How can companies extend their storage whilst making the best use of their existing infrastructure?
AA: The best way to extend the life of an array is with the addition of a server-side storage performance solution, like Infinio. Generally speaking, arrays need to be upgraded for one of two reasons: either they run out of storage performance (i.e. they can no longer keep up with applications), or they run out of storage capacity (i.e. they run out of space to store things).
What a solution like Infinio does is use low cost, commodity resources on the server (like its CPU and RAM) to create a caching and acceleration layer that prevents storage traffic from ever even going to the storage array. While this may seem like a solution only made for performance-triggered upgrades, that's not necessarily the case.
When an array no longer has to serve as much performance, you can configure it to be much more capacity efficient. In a nutshell, server-side solutions like Infinio can help avoid storage upgrades in a variety of scenarios.
BN: Flash storage is expensive. Is it possible to speed up performance without going to an all flash system?
AA: Yes. As discussed above, there are solutions that leverage server-side resources to prevent I/O from ever reaching the storage system. It is far preferable to entirely avoid serving an I/O from a storage system than it is to serve it from expensive all-flash media. Serving it from the server-side is both faster and lower cost.
BN: What are some of the common misconceptions surrounding storage performance?
AA: I think the industry has made storage performance about drive speed. This is reflected in the numerous comparisons and marketing around HDD performance vs. SSD performance. The reality is that many factors can affect storage performance, including things like CPU capacity on a storage controller or the capabilities of the storage network. What makes server-side technologies so powerful is that, by keeping data as close to the application as possible, you avoid most of these bottlenecks.
Another major misconception is that storage performance is only about IOPS (Input/Output Operations Per Second). Most storage vendors show a headline number of hundreds of thousands, or millions, of IOPS that their platform can provide, but vendors spend much less time talking about latency, another important dimension of storage performance. Administrators need to focus on both IOPS and latency when architecting a storage stack.
The thing we all tend to forget about the storage stack is that it's really just part of the memory hierarchy. People think of their processor, the L1 and L2 caches, and DRAM as the memory hierarchy, and have certain latency expectations there. However, what follows that is a huge dropoff in expectation for 'storage latency'. The reality is that it's all one system and we should aim for systems where all latency, including storage access, is in the microsecond range.
BN: Are hybrid arrays only a stop gap and will we inevitably see moves towards all flash storage?
AA: The logic of hybrid arrays -- a tuned ratio of SSDs and HDDs -- is sound, but the problem is that they miss a huge opportunity by putting the fast tier (the SSD cache) in the same box as the slow tier (the HDD). Solutions that locate the SSD caching layer server-side, closer to the applications, CPU and memory, provide much better performance.
So I do think that hybrid arrays are a stop gap, but not because the industry will move to an all-flash model. Instead, I think it's because the industry moves to a model of extremely fast I/O at the edge, and a very dense central core for capacity in the middle.
A logical question that follows this analysis is whether hyperconverged is the right architecture to provide the server-side performance we're talking about. While the storage resources are on the server improving performance, the reality is that data protection in a hyperconverged/distributed storage architecture has its own challenges. Most notably, both the performance and capacity implications of using distributed RAID render it impractical for most large-scale deployments.
BN: When is an all flash solution the best option?
AA: When evaluating an all-flash array as a potential solution, there are essentially two variables to keep in mind: the amount of storage capacity required and the working set size of the applications. Most customers spend a lot of time thinking about the former but they don't spend enough time understanding the latter.
The working set of an application is essentially the data that's regularly needed. That's the data you want on an SSD tier. If you have an application that has very high capacity needs but rarely accesses that data, an all flash array won't make sense because the working set would most likely fit on a flash tier in a hybrid array (or even better, on the server-side resources in an architecture like Infinio's).
If, on the other hand, you have an application where the overall capacity need and the working set size are similar, an all flash array could make sense. That said, such applications are rare as far as I have seen.
BN: What storage innovations are we seeing right now and what can we expect in the next few years?
AA: I think the really exciting thing going on, that people aren't talking about, is the new drive technologies. Remember, it was innovation in drive technologies that drove the whole flash revolution in the first place.
For example, recent press around Intel/Micron, 3D XPoint and other storage class memory (SCM) is absolutely worth following closely -- it's the next 10X when thinking about storage performance. Similarly, shingled magnetic drives (SMR) are the next 10X in capacity.
The drive technologies are what will lead the systems companies to build much faster, and much denser data center solutions for customers. The naïve view would be that applications won't even need another 10X of performance, or 10X of capacity, but if history has taught us one thing it's that the applications always find a way to catch up.
Photo Credit: Eugene Kouzmenok/Shutterstock
October is National Cybersecurity Awareness Month in the US and the Department of Homeland security is calling for more attention to be paid to securing systems.
But whilst cybersecurity is a growing industry we risk a developing skills gap where workers aren't qualified or prepared for jobs in the field. We spoke to Andrew von Ramin Mapp, CEO of Data Analyzers, a cyber security and digital forensic firm, to get his view on how the industry can address this.
BN: We're seeing ever more sophisticated cyber-attacks in recent years. Is the security industry struggling to keep up?
AvRM: The industry is definitely struggling to keep up, it has always been a cat and mouse game, but over the past few years the momentum has accelerated drastically and the industry at large was not prepared for it. In the past, a lack of corporate awareness among executives and boards of directors meant the required funding to properly implement and adequately maintain a secure network and cyberinfrastructure was unavailable. Because of recent public scrutiny things have shifted a little and the security industry is trying to catch up.
BN: Are there misconceptions about what working in cybersecurity involves?
AvRM: There's often the assumption that all information security professionals spend their day hacking into their clients or their own systems to remove any vulnerabilities. Sure that can be part of the profession if your job includes penetration testing and vulnerability assessments. However, a large percentage of professionals spend more time writing reports, or security policies and analyzing gigantic quantities of repetitive system and network logs.
BN: Does the education sector need to up its game in providing the right skills?
AvRM: The education sector adapts relatively quickly to the needs of corporate America. The problem is cybersecurity involves a large spectrum of individual skills which require a strong understanding of the underlying technology and cannot be mastered in a short time frame. The education sector could potentially narrow the curriculum to develop specializations within cyber security in order to prepare a graduate for a specific entry level role within the industry.
BN: Would businesses benefit from hiring people without traditional security qualifications and training them in house?
AvRM: If they can find passionate individuals and have the resources to do so, then yes of course. With this recruiting method, companies can emphasize training on the specific needs, possible threats and risk factors specific to their business.
BN: Do we need to raise the profile of cybersecurity generally to make it a more attractive career option?
AvRM: No, cybersecurity has received a lot of attention in recent years from the media, business sector and academia. Great initiatives designed to encourage students to participate in cyber competitions like The Collegiate Cybersecurity Championship Cup have also increased awareness. Such events help elevate the interest and skills of university students who have an interest and passion for cybersecurity.
Image Credit: Africa Studio / Shutterstock
Businesses today have access to more data about their operations and their customers than ever before, but often that data is an underused resource.
Business intelligence company GoodData today announces new platform enhancements aimed at unlocking the value of data and widely distributing analytics to the people who are making business decisions on a daily basis.
"Company data is a dramatically underutilized asset. Organizations need to advance their use of analytics from merely driving efficiencies to empowering their networks of clients, partners, and internal stakeholders with relevant data," says GoodData Founder and CEO, Roman Stanek. "GoodData's engaging analytics distribution platform helps enterprises drive new revenue streams, improve partner relationships, and reduce customer churn".
The latest platform enhancements accelerate data distribution and monetization in several ways. Advanced distribution, automation and product lifecycle management allows businesses to manage deployments including automated provisioning and updating of large numbers of analytical workspaces.
An improved mobile experience can drive immediate action for consumers of the data thanks to a responsive, touch-friendly, personalized KPI dashboard and alerts. In addition self-service analysis enhances insights as end users are able to perform guided data discovery and can blend local data with governed, centrally distributed data.
More information and a free trial are available on the GoodData website. The company's executives will also be discussing how data can be used to generate revenue at a series of Data Monetization Summits starting in New York on 20 October.
Image Credit: Jojje / Shutterstock
The challenges of front line IT have become increasingly complex in recent years thanks to changes in technology, cyber threats and the sheer volume of work.
But what are the biggest challenges that IT teams face? A new survey by network monitoring company Ipswitch set out to find out and reveals the eight most critical issues that are holding IT teams back from achieving their innovation and operational goals.
The survey of 2,685 IT professionals across the globe reveals that their top challenges are seen as:
* Security (25 percent)
* IT infrastructure and application performance monitoring (19 percent)
* New technology, updates and deployment (14 percent)
* Time, budget and resource constraints (10 percent)
* Business issues (seven percent)
* Data management and storage (six percent)
* Device management and end user issues (five percent)
* Automation and reporting (four percent)
It's hardy surprising that security comes out on top, and infrastructure and performance come second, but some support people may raise an eyebrow at end user issues only ranking seventh.
"Behind every business-critical application that serves as the lifeblood of modern commerce, companies rely on IT teams to keep them up and running 24/7," says Jeff Loeb, CMO at Ipswitch. "This survey identifies the key challenges facing IT organizations heading into 2016, and highlights how IT teams are coping with increasing complexity and security threats."
A full copy of the survey results is available from the Ipswitch website. Its major themes will be discussed at the Ipswitch Innovate 2015 Summit, a virtual two day conference to be held on 20 and 21 October.
Image Credit: Ronald Sumners/Shutterstock
The switch to mobile devices has brought about a change in the way people communicate and consume media, moving away from the desktop PC and TV. This shift toward 'mobile first' or in some cases 'mobile only' needs to be reflected in how businesses expand their communication services.
This is one of the key findings of a new report by mobile engagement specialist OpenMarket and UK market research firm Portio Research. The report highlights that of the 7.3 billion people worldwide, 6.1 billion use an SMS-enabled phone, which amounts to 84 percent of the global population.
“With more people owning a mobile phone than a toothbrush, it's clear that 'mobile first' is much more than just a buzzword," says Karl Whitfield, managing director of Portio Research. "The way we interact has evolved in such a way that our mobile phones represent a conduit to the world around us, as we use them to communicate, shop for goods and consume content. This means that companies should not just incorporate mobile messaging into their communications strategy, but rather build their strategy around it".
The traditional 'broadcast' nature of enterprise communication doesn't work for the time-starved modern consumer and the use of social media highlights the need for personalized communication. The report suggests that because of its familiarity and ubiquity, SMS is the optimal channel for enterprise communication in the mobile first age.
"The shift towards a consumer-centric marketplace has meant that enterprise brands, regardless of the goods or services they are providing, have had to reassess their communications strategies," says Jay Emmet, general manager of OpenMarket. "SMS offers a unique blend of reach, flexibility and personalization to make it the most effective tool for businesses looking to engage more with their customers. What's important is that companies avoid the temptation to treat mobile messaging as just another tool for broadcasting information. They should implement it as a meaningful, two-way channel for individual customer interaction".
The full report is available to download from the OpenMarket website and there'll be a webinar to discuss the findings on 29 October.
Image Credit: Rido / Shutterstock
A number of major companies including IBM, Microsoft and Amazon have launched new machine learning platforms in the past year.
But data enrichment company CrowdFlower believes that to be effective and commercially viable machine learning needs more training and better data.
It's using the Rich Data Summit to launch its new AI product that combines machine learning and human-labeled training data sets to create predictive models which can be applied against new data. With this capability data scientists will be able to reduce the cost and increase the speed with which they enrich their data, without sacrificing quality.
"The industry has been having the wrong debate about human-versus-machine intelligence," says Lukas Biewald, chief executive officer and founder at CrowdFlower. "Human intelligence and machine intelligence aren't in competition; they're natural complements that reinforce each other. Humans' great strength is the cognitive ability of the brain, which brings into play context, meaning and judgment, and machines' great strengths are consistency and speed. By combining the best of human and machine intelligence into a single platform like CrowdFlower, the result is more data and higher quality data delivered faster and at lower cost. Data scientists who feed their machine learning platforms with high quality large scale human-labeled data sets can make the transition from interesting science experiment to a commercially viable business process generating millions of dollars of value for their company".
With AI, CrowdFlower customers will be able to apply a predictive model against new data sets. For rows of data that fall below a customer-defined confidence level, units can be routed to human contributors to complete enrichment tasks such as sentiment analysis or data categorization. By combining machine and human intelligence in a single platform, CrowdFlower can intelligently assign data enrichment tasks to either humans or a machine based on the customer requirements for scope, quality and cost.
The product is built to be interoperable with both open source and commercial machine learning solutions such as scikit-learn, Google Prediction, IBM Watson, and Metamind. The company plans to partner with other machine learning solutions so data science teams can make their own choice and avoid vendor lock-in.
AI will enter private beta this year with general availability expected in the first quarter of 2016. You can find out more on the CrowdFlower website.
Image Credit: art4all / Shutterstock
Of 430 security and risk professionals surveyed, 55 percent were dissatisfied with the length of time it takes them to contain and recover from attacks.
This is according to information security training and analysis organization SANS, which has released the results of its latest report into data center and cloud security.
According to the survey, 59 percent of organizations are able to contain attacks within 24 hours, leaving many open to prolonged and increased damage as attacks spread laterally through data centers and clouds. 37 percent take up to 8 hours to contain attacks and 17 percent report taking more than a week.
"When it comes to limiting damage and preventing data breaches, time continues to be the biggest challenge for security and risk professionals," says SANS analyst Dave Shackleford. "Most respondents said they use traditional tools to monitor traffic between datacenters and internal or external clouds, and are unhappy with the level of visibility and containment speeds they get. If our security stance is going to improve, we need better visibility, the ability to make configuration changes faster and to contain attacks more quickly".
Other findings include that 44 percent of enterprises reporting breach information have had sensitive data accessed by attackers, these same respondents were among those using traditional security tools in their data centers and clouds. Multiple attacks are common too with 28 percent of organizations having experienced up to six data breaches in the past 24 months.
The results show that 37 percent of organizations use distributed cloud and data center computing systems. But security seems to be losing ground in the move to distributed computing, 44 percent of respondents said their biggest challenge was that cloud providers don't offer the visibility needed to protect users and data. In addition 19 percent say cloud providers don’t give them the security support they need and 49 percent have no formal cloud security strategy in place. Making matters worse is the lack of effective security controls available and in use. While 75-100 percent of respondents are using traditional tools in data centers, that number drops off to less than 35 percent in the cloud.
You can find the full report on the SANS website and there's an infographic summary of the findings below.
Image Credit: razihusin / Shutterstock
According to a new survey, 64 percent of consumers are confident they can control the information access of Internet of Things devices, but 78 percent of IT professionals say security standards are insufficient.
The findings come from the 2015 Risk/Reward Barometer of global cyber security association ISACA and suggest a major confidence gap about the security of connected devices between the average consumer and cyber security and information technology professionals.
More than three out of four US consumers (83 percent) consider themselves to be somewhat or very knowledgeable about the IoT, and have an average of five IoT devices in their home. Smart TVs top the list of most wanted IoT device to get in the next 12 months, with internet-connected cameras, connected cars and wireless fitness trackers also ranked highly.
However, the survey of IT and cyber security professionals reveals that there's an aspect to the IoT that exists below the radar of organizations. 50 percent believe their IT department is not aware of all of their organization's connected devices, things like connected thermostats, TVs, fire alarms and even cars. The likelihood of an organization being hacked through an IoT device is medium or high according to 74 percent of those asked. Also 62 percent think that the increasing use of IoT devices in the workplace has led to a decrease in employee privacy.
"In the hidden Internet of Things, it is not just connectivity that is invisible. What is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data," says Christos Dimitriadis, international president of ISACA and group director of Information Security for INTRALOT. "The rapid spread of connected devices is outpacing an organization’s ability to manage it and to safeguard company and employee data".
The survey suggests that some of the fault lies with device manufacturers. 77 percent of professionals say they don't believe that manufacturers are implementing sufficient security measures in IoT devices. A similar proportion (78 percent) don't think current security standards sufficiently address the IoT and believe that updates and/or new standards are needed. Privacy is also an issue with 88 percent believing that device makers don't make consumers sufficiently aware of the type of information the devices can collect.
Whilst consumers are generally less concerned than the professionals, 89 percent of US consumers say it's important that data security professionals hold a cyber security certification if they work at organizations with access to consumers' personal information.
You can read more on the results on the ISACA website and there's a summary of consumer attitudes in infographic form below.
Photo credit: Odua Images / Shutterstock
The holiday season is peak selling time for online businesses, so it's imperative that websites optimize their shopping experiences to acquire first-time visitors as customers.
Cloud application delivery specialist Instart Logic is launching new performance solutions designed to optimize website experiences for retail and e-commerce sites.
A new One Time Cache solution helps sites acquire first-time visitors with fast, personalized experiences, while User Prioritization allows companies to optimize revenue by predictively prioritizing users during peak traffic times. The new capabilities are the start of a family of features using predictive algorithms and big data to improve website performance and user experience.
"The holiday shopping season offers eCommerce websites a once-a-year opportunity to convert new visitors to customers and to optimize revenue from loyal customers," says Manav Mital, CEO of Instart Logic. "Instart Logic is helping eCommerce companies leverage software technologies like predictive algorithms and big data to improve business performance during the most important time of the year".
One Time Cache allows sites to predictively pre-load dynamically generated web pages and serve them from cache to first-time visitors. By avoiding the round trip back to the customer's origin it improves performance by between 30 and 50 percent for first-time visits to a retailer's website.
User Prioritization predicts which users are likely to be the most valuable and prioritizes those users at peak traffic times. By controlling the percentage of end users who are able to access the site and prioritizing certain higher-value buyers above others, companies can increase revenue under unexpected loads. Being able to control and manage the flow of web traffic during peak times allows for a dramatically improved user experience, improving customer retention and revenue.
More information on Instart Logic's solutions is available on the company's website.
Photo Credit: Nonnakrit/Shutterstock
Protecting data in the cloud requires companies to secure the data itself but also to guard against cyber attacks, stolen credentials and more.
Security specialist StratoKey is announcing what it calls the 'second generation' of cloud protection using behavioral analytics tied to defensive countermeasures, as part of an update to its core StratoKey Cloud Access and Security Broker (CASB) platform.
It allows organizations to build behavioral analysis profiles that track specific user level metrics. These profiles are then tied into the StratoKey Countermeasure engine. When metrics within behavioral profiles are exceeded, StratoKey automatically enacts countermeasures to prevent the threat from progressing.
"Cloud encryption gateways started life as dumb gateways that waved users through, providing they entered appropriate authentication credentials," says Anthony Scotney, founder and CEO of StratoKey. "The second generation of cloud encryption gateways (now known as Cloud Access Security Brokers) are defined by not only encryption, but by Behavioral Analysis, Monitoring and Countermeasures in a single solution that is flexible enough to support all of an organization’s cloud applications".
Key features of the CASB platform include selective in-app encryption, identity aware authentication and cloud visibility though real-time monitoring and analytics. It also offers behavioral analysis and anomaly detection that are cloud and SaaS application agnostic. It meets the encryption requirements within HIPAA as well as guidelines regarding access control, including implementation specific details.
More information on the latest CASB platform is available on the StratoKey website.
Photo Credit: Slavoljub Pantelic / Shutterstock
New research suggests that millennials in the US and UK have lost trust in the ability of enterprises and governments to protect their personal data online.
The survey comes from digital identity and credentials specialist Intercede and questioned around 2,000 16 to 35 year-olds. It indicates a widespread state of mistrust that has the potential to change the nature of online interactions with public agencies and corporations and points to a need for action to avoid a future backlash.
The number of respondents describing their level of trust as 'none' or 'a little' are at significantly high levels -- 61 percent for social media platforms, 38 percent for retailers, 22 percent for federal/national government, and 19 percent for financial institutions.
Few respondents described their level of trust as 'complete' -- just 17 percent in state/local government, 13 percent for employers, and as low as 4 percent for fixed and mobile telecom operators.
The research also suggests that Millennials want the organizations they interact with to apply rigorous security to all of the personal information they provide. When asked how important it is that a range of personal data is only shared with those individuals or companies they have specifically authorized, 80 percent replied that it was 'very important' or 'vital' for financial and medical information. However, 74 percent of respondents also gave these ratings for location data, 58 percent for social media content and 57 percent for purchasing preferences.
"Unfortunately we now live in an age where data breaches have become a common occurrence and the more digitally connected we become, the greater the risk," says Richard Parris, CEO of Intercede. "Government and business need to step up to more effectively safeguard the private information of their constituents and customers online or risk eroding trust and further damage to their reputations. Millennials are a prime and extensive demographic driving votes and dollars worldwide. Restoring digital trust by taking active measures to ensure privacy and secure personal data should be a top priority".
More details on the research are available on the Intercede website.
Photo Credit: Catalin Petolea/Shutterstock
We can all remember seeing kids at school hunched over their desks to prevent anyone seeing what they were writing on their test papers. But when it comes to hiding sensitive information on your screen things aren’t that easy.
How big a problem is eavesdropping in this way and what can be done to guard against it? To find out, we spoke to Dr Bill Anderson, Chief Product Officer of technology company OptioLabs which has just announced a collaboration with AMD to help solve the issue.
BN: How big a problem is visual eavesdropping?
BA: The reality of today's world is that data is constantly being exposed on mobile devices. Using laptops, tablets and phones in places like coffee shops, airports, hospitals, or even inside company offices, puts information at risk to visual eavesdroppers, often without a user’s knowledge. A surprising 42 percent of all data breaches are caused by the simple observation of a computer screen -- according to studies by the Secret Service, Verizon Business and CERT at Carnegie Mellon -- but when you consider the fact that 89 percent of people admit to reading over someone else's shoulder (OptioLabs Mobile Worker Privacy Survey, 2013), it is evident just how frequently this type of data loss can occur.
BN: What types of data are most at risk from this issue?
BA: The same OptioLabs survey also shows that 83 percent of mobile workers admit to using computers in public with confidential data displayed. All data is at risk from this issue, but sensitive data, such as corporate IP, personal and corporate financial information, health records, credit card information, and social security numbers are especially at risk because they are regularly exposed inside and outside of the work place. In fact, the 2014 US State of Cybercrime survey shows insiders made up the highest percentage of cases where data was compromised or stolen in 2014; 76 percent of the data lost were confidential records, 71 percent were customer records, and 63 percent were employee records.
BN: How effective are aftermarket solutions like filters and hoods?
BA: Screen filters and hoods can certainly prevent someone beside you from viewing your screen, but consider this: if someone is standing directly behind you, not only will they be able to see your screen just as clearly as you, but you will you not know that they are looking over your shoulder. Filters and hoods are ineffective because they do not protect information from visual eavesdroppers and they do not warn a user when their information may have been compromised.
Filters also introduce distortion, reduce screen brightness, and make it difficult for a colleague collaborating next to you to read your screen. This affects both consumers and enterprises, but enterprises face the additional issue of needing to comply with privacy regulations. When enterprise users remove their filters due to inconvenience, it takes enterprises out of compliance and puts them at risk of failing an audit.
BN: How is OptioLabs working to solve the problem?
BA: The security industry has focused on driving protection efforts toward the network and device layer, without much consideration for the most outward facing risk -- the last 2 feet from the computer to the user. OptioLabs PrivateEye Enterprise provides a layer of protection to address this vulnerability by protecting against data loss due to direct observation of the computer screen. The product provides organizations with a data security and compliance tool to prevent, monitor and respond to incidents they would otherwise miss. PrivateEye Enterprise protects against data leakage in real-time and provides actionable intelligence to monitor threat patterns.
BN: How does the technology work?
BA: OptioLabs' PrivateEye Enterprise uses facial recognition to unlock an authorized user's screen automatically, and continuously validates the user to ensure ongoing protection. Attention sensing technology in PrivateEye automatically protects the screen by blurring it whenever the user looks away or leaves their computer, and instantly clears it when they look back or return. The software continuously scans the scene around and behind a user to identify additional faces looking at the user's display, and if an eavesdropper is detected, PrivateEye alerts the user. The solution can also be set to automatically protect the screen when this occurs. Further, if an intruder attempts to log in while the user is away, a picture will be captured. Security alerts are also logged and can be sent to a 3rd party SIEM tool to incorporate into broader incident analysis.
Image Credit: racorn / Shutterstock
VMware has long been a favorite with businesses. But there's evidence that with the advent of second generation cloud many companies are considering a move away from VMware to a more flexible option that gives them better control over configuration and costs.
IaaS specialist ProfitBricks is helping businesses migrate their systems from VMware to the cloud and has a lot of experience in the field.
Enterprises may be nervous about some aspects of moving to the cloud, in particular how their data is going to be secured. ProfitBricks uses double redundant storage with data stored on two synchronised sub units in separate geographical locations. Customers have the option to ensure that machines aren't hosted on the same physical server if required and are free to make their own additional backup arrangements.
Achim Weiss CEO and co-founder of ProfitBricks says, "You can have the same level of security set up on our cloud systems as you can on your own servers. We're also able to attract a team of good security staff thanks to the size of the business and a varied workload".
ProfitBricks has a Data Center Designer tool which makes it easy to set up complex scenarios via a graphical interface. Customers can run any type of OS that works on an x86 architecture, this makes it very easy to migrate existing systems. Hyper-V and VMware configurations can be automatically converted too. "Once they're on the cloud then they can start optimizing their setups," says Weiss. "It's very easy to scale, for example the core size of a server can be increased while it’s running."
Web hosting company ComSite runs 200 virtual servers on behalf of clients and has switched from using VMware systems in data centers to using the cloud with ProfitBricks, it has seen a 20 percent reduction in its costs as a result.
Sean Burchell ComSite's CEO says, "ProfitBricks eliminates the need to worry about infrastructure. We can spin up a new server in five minutes and we only pay for the time we're using". The switch has helped the company to grow because it can concentrate on sales and spend less time on maintaining systems.
When customers buy a core and RAM on ProfitBricks it's dedicated to them and not shared with anyone else, and customers are free to adopt their own standards for encryption of data in transit. The company is also in the process of gaining ISO 27K certification for security management standards.
"Customers have 100 percent control of their data and applications on the cloud," adds Weiss. "The same thing you can do with your hardware at home you can do with us. There are no restrictions on what kind of network protocols you use or how you set up your networks. It's painless cloud".
You can find more information on the benefits of running IT infrastructure in the cloud on the ProfitBricks site.
Photo Credit: Roland IJdema/Shutterstock
Small businesses are no different from larger ones when seeking to get the most productivity out of each working day. However, they don't always have access to the kind of productivity software used by larger businesses.
To help smaller companies compete, client engagement specialist vCita is launching a new solution built from the ground up to support on-the-go lifestyles of service-based SMBs.
vCita Mobile is an integrated, customizable client engagement and CRM app that enables small business to access information, perform critical client facing tasks, and quickly serve customers round the clock. At the same time it helps them save resources on routine tasks such as scheduling, invoicing, and document sharing. The CRM app is integrated with a business website and email to let clients to schedule appointments, book services, and pay fees online, reducing the load on the company.
"Today's small business service professionals are trying to squeeze as much productivity out of their workday as possible, while facing ever increasing competition where client response times could make the difference between losing and keeping a client," says Itzik Levy, founder and chief executive officer of vCita. "When we developed vCita Mobile, this is the type of business we had in mind. The app’s business management capabilities maximize productivity, and our website, email and social network integrations ensure fast response to client requests, and unparalleled level of customer service".
Features of vCita Mobile include a customizable online portal where customers can schedule appointments, pay invoices, share documents, and communicate online or by phone. Staff are able to accept, reject or reschedule appointments from their phone, reducing scheduling conflicts. Businesses can get instant notification for any client request from the web, email or social media and immediately respond via the mobile app.
It's also possible to access all client information from anywhere, manage work schedules, assign client appointments to staff members and share information across a team. Invoices can be generated and sent outside the office and the system can generate reminders for upcoming appointments, or send alerts to clients who require a follow-up at a specific time or who warrant special attention.
The vCita Mobile platform can be downloaded from the Apple App Store and Google Play or you can find more information on the company's website.
Photo Credit: EDHAR/Shutterstock
We've already seen that conventional cars can be vulnerable to attacks by hackers. But it seems that self-driving vehicles may be equally vulnerable.
It's possible to trick a self-driving Google car into stopping or taking evasive action using around $60 worth of hardware according to a leading security researcher.
Jonathan Petit, Principal Scientist for Security Innovation, Inc has demonstrated that it's possible to trick the car’s sensors using a laser pen and a pulse generator -- which could be replaced by something simpler like a Raspberry Pi or an Arduino.
The vulnerability lies with the car's roof-mounted 'eye' which uses a Light Detection and Ranging (LIDAR) system to supplement its radar and cameras to create a 3D map of its surroundings using a laser and allow it to detect potential hazards.
Using the laser pointer system the car can be fooled into thinking there are objects alongside or ahead of it, forcing it to slow down or stop. Petit described a proof of concept attack in a paper written while he was a research fellow in the University of Cork's Computer Security Group.
During tests, he was able to trick the sensors into seeing 'ghost' vehicles or pedestrians from a distance of 330ft (100m). Although LIDAR works on private frequencies, Petit was able to record and imitate the pulses it generates to create fake objects.
Google isn't the only company to use LIDAR, with Mercedes, Audi and Lexus all having experimented with similar systems. In an interview with IEEE Spectrum Petit argues that it is never too early to start thinking about security. "There are ways to solve it," he says. "A strong system that does misbehavior detection could cross-check with other data and filter out those that aren't plausible. But I don’t think car makers have done it yet. This might be a good wake-up call for them".
Petit's paper is available to download and he'll be presenting his findings at Black Hat Europe in Amsterdam next month.
Network data is an increasingly important resource for IT teams, particularly when it comes to analyzing and resolving security threats. But unlocking the potential of that data can be difficult.
Dublin-based analytics specialist Corvil is launching a new platform that unlocks the power of network data, with an intuitive and customizable user interface and a new data automation engine that dramatically reduces the time, expense, and complexity of working with network data.
The Corvil Tera Release adds a new portfolio of real-time security analytics, giving network operations, application operations and security operations teams an accurate and collaborative, real-time picture of critical service chains across their business.
"We believe that the most effective way for IT to assure and safeguard the delivery of critical applications, services, and data to the business is for all IT teams involved to have a common, trusted, granular source of shared data," says Donal Byrne, CEO of Corvil. "Network data is widely regarded as the most granular and powerful source of real-time data that can be used for this purpose. The challenge is to make network data analytics super-easy, cost-effective and widely available to all. We believe that our new Tera Release achieves this objective with our customers reporting up to 90 percent reduction in time for IT Ops to see, analyze and act on critical business application flows at a cost that is less than what the network team traditionally spends on legacy network probes".
Key features of the product include a new HTML5-based user interface with polished, intuitive, and customizable dashboards that have been optimized to perform workflows for multiple teams. The Tera data engine automatically discovers application and business data flows within raw network data with zero configuration. The data in these flows is decoded, transformed, and self-populated into tables and graphical widgets, giving the full picture for what is happening across a business in real-time.
The new Tera release also seamlessly integrates live threat intelligence and real-time network forensics with leading SIEM (security, information and event management) platforms. It’s fully user programmable so that customers can decide for themselves how much data to keep, and for how long. In addition, the Tera Release now supports a broader array of connectors for streaming Corvil data to big data platforms such as Cloudera Enterprise Data Hub.
For more information on the Corvil platform and how it can be used for network and security analytics visit the company's website.
Image Credit: watcharakun/Shutterstock
We've come to expect public Wi-Fi pretty much everywhere we go these days. But using these networks can leave you open to a whole range of security risks.
There's now a way to use public networks safely as network specialist Xirrus is launching Xirrus EasyPass Personal Wi-Fi. This is a key feature now available in all Xirrus cloud managed networks that safeguards users and their data when accessing public Wi-Fi, guest networks and hotspot environments.
In a recent Xirrus survey on Wi-Fi usage, 76 percent of people said they know that public Wi-Fi is not secure, but 62 percent use it regardless of the security implications. EasyPass Personal Wi-Fi allows users to create a secure personal network via a simple, one-time process that authenticates all devices, ensuring the data across their platforms is safe inside the public network at all times.
Unlike a VPN, which encrypts end-to-end connections back to a corporate network and requires additional software, EasyPass Personal enables users to easily create their own secure personal network that automatically encrypts the data on the Wi-Fi network.
"Awareness of public Wi-Fi vulnerabilities is at an all time high. Whether we want to acknowledge it or not, every time we connect to public Wi-Fi we are putting our data at peril and are at risk of identify theft. Until now there hasn’t been a wireless solution to address this threat," says Shane Buckley, CEO of Xirrus. "EasyPass Personal Wi-Fi is groundbreaking for our industry. With this introduction, Xirrus offers the first and only solution in the market that allows a secure private connection to be created within a public Wi-Fi network. Now establishments that have deployed Xirrus Wi-Fi can deliver the safest connection available and protect their users from cyber crime".
EasyPass Personal Wi-Fi allows devices to communicate within the secure personal network, traffic encryption protects valuable data and users can connect all personal devices effortlessly with no client configuration needed. It allows businesses offering public Wi-Fi environments to reap the benefits of short term secure Wi-Fi communications. They can create a higher level of Wi-Fi security to offer new services, attract new business and create customer loyalty.
You can find out more about EasyPass Personal on the Xirrus website.
Image Credit: Sidarta / Shutterstock
With ever increasing regulatory requirements, guidelines and standards it's hard for businesses to ensure that they're following everything correctly. Add in the need to ensure compliance from third-party vendors too and it can become a major headache.
Cloud based security specialist Qualys is about to help streamline things by announcing the general availability of customizable questionnaires as a new addition to its suite of integrated services.
Qualys Security Assessment Questionnaire (SAQ) enables organizations to assess business processes and vendor risk by centrally capturing all relevant information, therefore reducing time and cost. In addition, this new service allows companies to demonstrate compliance against internal policies, standards and mandates such as PCI-DSS, HIPAA, COBIT and ISO 27001/2.
"Organizations must adhere to hundreds of constantly evolving regulatory requirements, standards and guidelines, and ensure that third-party vendors follow them as well," says Philippe Courtot, chairman and CEO of Qualys, Inc. "Until now the task was largely a manual process managed via email and spreadsheets. Qualys SAQ has turned a previously tedious and decentralized process into a streamlined, simple and repeatable one managed entirely online".
SAQ is a cloud-based solution that systematically gathers risk data, compliance information and evidence files. It addresses both the procedural and technical requirements of security and compliance. The package includes the ability to create custom templates by importing questions or can use out-of-the-box campaigns to assess risk and compliance requirements.
A questionnaire template can be assigned to specific users or groups. Questionnaire results can also be grouped together to simplify the management of multiple ongoing surveys. Results can be monitored via campaign progress tracking and customizable dashboards, reflecting vendor risk and compliance posture.
You can find more information and request a free trial on the Qualys website.
The company today also announced a beta app for the ServiceNow configuration management system that will automatically update the ServiceNow Configuration Management Database (CMDB) with any asset discovered by Qualys, and with up-to-date information on existing assets. This will give ServiceNow users full visibility of their global IT assets on a continuous basis.
"Every unidentified or misclassified asset and every delay in securing it invites security breaches," says Courtot. "Our highly distributed cloud-oriented architecture enables us to provide a real-time view of an organization’s global assets across on premise infrastructures, elastic cloud environments and endpoints. This seamless integration with the ServiceNow CMDB provides users full visibility of their global assets within the ServiceNow environment".
More details on this can be found on the Qualys blog.
Image Credit: pichetw / Shutterstock
According to the latest survey by Kaspersky Lab, 90 percent of companies have suffered a cyber attack and for larger businesses the cost could be as much as half a million dollars.
Of the 5,500 companies surveyed nearly half, 46 percent of businesses, lost sensitive data due to an internal or external security threat.
The average cyber attack for enterprise incurs costs of up to $73,000 for professional services, up to $58,000 in lost business opportunities and up to $420,000 in downtime. Smaller companies suffer too and average cyber attack costs of up to $38,000 can prove crippling.
As well as the direct costs of an attack organizations both large and small need to address staffing, training and IT infrastructure upgrades to prevent future incidents from occurring. Those costs could be up to $69,000 for an enterprise and up to $8,000 for a small business. It's also important to factor in the reputational damage that an organization can suffer as a result of a cyber attack, which could total up to $204,750 for an enterprise and up to $8,653 for a small business.
"Businesses have known for a long time that any cyberattack has its consequences, but the high costs associated with addressing a cyberattack after an incident occurs is quite alarming," says Chris Doggett, managing director of Kaspersky Lab North America. "These numbers should serve as a wakeup call for both large and small businesses. IT security needs to become a more common priority for organizations and it is our hope that these numbers will motivate businesses to take the necessary steps to implement effective cybersecurity technology and strategies to prevent having to pay an enormous cybersecurity bill".
Despite the scale of threats many businesses are still not doing enough to protect themselves from what could be a financially crippling attack. Only 50 percent of IT professionals surveyed listed prevention of security breaches as one of their three major IT concerns and 44 percent of businesses have not implemented anti-malware solutions to prevent them.
More detail, including the types of threat most likely to lead to a security breach, can be found in the full IT Security Risks report available from the Kaspersky site.
Photo credit: Tashatuvango/Shutterstock
Large organizations are unsure of how to approach the concept of end-user computing as a cohesive strategy, and manage the proliferation of devices and their associated security risks.
This is among the findings of the 2015 Mobile Workforce Report published today by global ICT services company Dimension Data.
The study looked at 730 organizations employing 1000 or more staff in five regions, 11 countries and across 14 industries. The research was undertaken to understand the challenges that CIOs are facing when it comes to adopting a user-centric approach to doing business, and provide insights into strategies and habits influencing end-user computing.
Of those polled, 44 percent say they have incorporated enterprise mobility into a broader end-user computing strategy and have budget for end-user computing on multiple devices, while 13 percent have no end-user computing strategy in place.
On average, end-user computing accounts for 28 percent of the IT budget. The research indicates that almost two thirds (61 percent) of participants indicated that they are seeing return on investment from end-user computing initiatives, with a further 65 percent of organizations are seeing competitive advantage from their approach.
"The global workspace is changing along with where and how people work and perform their business functions," says Jaco Hattingh, Senior Vice President for Enterprise Mobility at Dimension Data. "We're seeing a growing number of organizations starting to embrace future forward working styles such as flexible time and ability to work remotely, which includes accessing the corporate network".
Among other findings are that mobile IT management and mobile applications are top initiatives for 2016. But many respondents do not have a comprehensive management solution for both phones and tablets (32 percent) or utilize a siloed approach to manage both PCs and smart devices (31 percent).
Security is the single top priority component of EUC among almost half (43 percent) of respondents, followed by IT Service Management. CIOs are the most prominent driver of strategic mobility initiatives within the business. However, they remain in a reactive state when it comes to end user computing, and are struggling to act strategically.
Meanwhile the modern worker expects access to anyone, anytime and anywhere, but 82 percent of organizations stated that a key obstacle facing end-user computing initiatives is protecting company data and providing a good user experience.
"It appears that the proliferation of employee-owned mobile devices has placed the IT department in a reactive state when it comes to management and enablement, leaving CIOs unable to respond strategically. Nevertheless, it's a vibrant and exciting time for end-user computing as organizations press ahead aggressively," Hattingh adds.
The full results of the study will be discussed at a virtual event on October 20th. You can find out more and register to attend on the Dimension website.
Image Credit: Syda Productions / Shutterstock
If you buy a mobile device or a hard drive second hand are you buying the previous user’s data along with it?
A new study from data erasure company Blancco Technology Group and recovery specialist Kroll Ontrack suggests that in a high percentage of cases the answer is yes.
Based on an examination of 122 pieces of second-hand equipment, the study revealed that 48 percent of the hard disk drives and solid state drives looked at contained residual data. In addition over 2,000 leftover emails and more than 10,000 call logs, texts/SMS/IMs, photos and videos were retrieved from 35 percent of the mobile devices tested.
When the devices were examined in more detail researchers discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. More worrying was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable, methods being used, leaving sensitive information exposed and potentially accessible to cyber criminals. Residual data left on two of the second-hand mobile devices was significant enough to discern the original users' identities.
"Whether you're an individual, a business or a government/state agency, failing to wipe information properly can have serious consequences. One of the more glaring discoveries from our study is that most people attempt in some way or another to delete their data from electronic equipment," says Paul Henry, IT Security Consultant for Blancco Technology Group. "But while those deletion methods are common and seem reliable, they aren't always effective at removing data permanently and they don’t comply with regulatory standards. There’s no better example of this danger than the findings of a recent state audit, which found that 12 US state agencies responsible for handling taxes, programs for people with mental illness and driver's licenses used inadequate methods to attempt to wipe information. The big lesson for both businesses and consumers is to understand which deletion methods are effective and comply with regulatory standards and, most importantly, to be cautious of blindly trusting that simply ‘deleting’ data will truly get rid of it for good".
More information is available in the full Privacy for Sale report which is can be downloaded from the Blancco Technology site.
Image Credit: LovePHY / Shutterstock
The Internet of Things is growing fast and as more and more enterprise applications collect IoT data, specifically time series data from sensors, they need fast, reliable and scalable read and write performance.
To best accomplish this, the data must be stored, queried and analyzed together. To enable this Basho Technologies is launching Riak TS, a distributed NoSQL database designed to aggregate and analyze massive amounts of sequenced, unstructured data generated from the IoT and other time series data sources.
"The rise of unstructured data presents a significant opportunity for innovation. As a result, companies are demanding database solutions that are operationally easy and specifically optimized to handle this type of data," says Adam Wray, CEO of Basho. "Built on the same core Riak foundation, we now provide a solution specifically optimized for storing and retrieving unstructured data, making us the only NoSQL player that has specialized offerings for key value, large object and time series data. With Riak TS, customers can more easily scale and execute on Internet-of-Thing uses cases and more".
Riak TS provides high availability combined with massive scalability. It can be made operational at lower costs than traditional relational databases and is easy to manage at scale. Unlike other NoSQL databases, Riak TS enables customers to take advantage of time series applications and ensure they're always available for both read and write operations, with the ability to easily scale as devices or users increase.
If nodes are added Riak TS automatically and uniformly distributes data across the cluster to prevent sharding. Data co-location ensures that time series data is located on the same node based on time, geohash or both to prevent hot spots in clusters.
Data can be validated on input to ensure accuracy and it can be interrogated with SQL-like queries. It can seamlessly integrate with Apache Spark to ensure easier and faster operational analysis of time series data, and of course it integrates with the Basho Data Platform to support multiple database models taking the complexity out of building and deploying active workloads in Big Data, IoT and hybrid cloud applications.
You can find out more about Riak TS on the Basho website and it will be demonstrated at AWS re:Invent this week.
Image Credit: Profit_Image / Shutterstock
One of the biggest areas of vulnerability for corporate networks is DNS, with companies having to contend with DDoS attacks and attempts to steal data.
In an effort to help customers close the gap in DNS security, threat intelligence specialist LookingGlass Cyber Solutions has developed an intelligence-driven network security solution that identifies and stops DNS-based cyber threats.
LookingGlass Dynamic Threat Defense focuses on using threat intelligence to identify threats, then addresses and mitigates them during DNS resolution, which is one of the biggest vulnerability areas of corporate networks today. Organizations are increasingly suffering attacks against their DNS infrastructure and many companies are simply not looking for covert communications where attackers use DNS as an avenue to communicate and exfiltrate data. This trend, along with years of research and monitoring networks, suggests protecting DNS infrastructure is essential to achieving improvements in overall cyber security for the enterprise.
It stops the communication between malware on the organization’s network and its command and control server or known bad destination. By stopping the beaconing out or the reception of control information, Dynamic Threat Defense prevents threats and prevents data breaches from occurring. This buys organizations valuable time to address the malware infection without fear of further infiltration or damage.
Chris Coleman, CEO of LookingGlass, says, "Dynamic Threat Defense 1.0 delivers on the LookingGlass strategy of integrating threat intelligence and network mitigation to help customers solve security challenges more efficiently and effectively by giving them the operational capability to actively defeat malware command and control while providing critical protection of DNS resources."
Dynamic Threat Defense integrates LookingGlass DNS Defender, a protocol-specific firewall for DNS, with LookingGlass ScoutVision, a threat intelligence and management system, and LookingGlass Virus Tracker, the world's largest botnet and malicious domain monitoring system.
By combining threat intelligence and network security at the DNS infrastructure level, LookingGlass Dynamic Threat Defense is able to fend off cyber attacks efficiently and effectively. You can find out more on the LookingGlass website.
Image Credit: Tashatuvango / Shutterstock
The popularity of Docker to run software in containers has increased enormously, but it does raise issues surrounding keeping those applications secure.
To help Docker users stay on top of security issues Threat Stack, a specialist in security monitoring for AWS systems, has extended its product range to provide monitoring of Docker containers for security threats.
Threat Stack Pro Edition provides companies with flexibility in workload security. The product includes access to the fully-featured Threat Stack API, plus new reporting features and new integrations with Docker and AWS CloudTrail.
"It's important to companies that their security products allow them to scale with confidence, achieve compliance and operate efficiently," says Threat Stack Chairman and CEO Brian Ahern. "Our Pro Edition moves customers closer to a single pane of glass with the ability to share Threat Stack's powerful insights with the other tools and processes that keep them moving fast".
Support for Docker events in Threat Stack means that users gain complete visibility into key events within their environment. The integration includes out-of-the-box default rules -- the Docker Base Rule Set -- as well as the ability for users to easily apply custom rule sets to their environment. Container activity flows through and integrates seamlessly into the security, operations and compliance feature sets of Threat Stack, allowing companies to operate quickly and with confidence.
Threat Stack also provides the real-time visibility and historical records companies need to prevent data loss and meet compliance regulations. Threat Stack Pro Edition features key file tracking and reporting to ensure their important files stay protected, user and alert reporting to understand how a user escalated or changed their privileges to root, and compliance reporting for regulations including HIPAA.
"Docker use is exploding and the correlation of a host-based intrusion detection system (HIDS) with Docker and AWS CloudTrail is what gives Docker users the vital context they need to act swiftly on a security incident," says Venkat Pothamsetty, Threat Stack's vice president of products. "This integration is what makes the Threat Stack Pro Edition solution unique and gives customers operating on AWS with Docker additional information to evaluate their security strategy, to ensure all activity within their application environment is secure and compliant".
The product will be showcased at this week's AWS re:Invent 2015 or you can find out more on the Threat Stack website.
Image Credit: megainarmy/Shutterstock
According to a new survey 79 percent of IT pros are pursuing a hybrid cloud strategy and one third will grow their cloud services by more than 50 percent in the coming year.
The figures come from cloud consumption management specilalist Cloud Cruiser which surveyed IT professionals who attended the Amazon Web Services (AWS) Global Summit held in San Francisco and New York City in April and July.
The study also highlights frustrations with respondent's ability to control cloud consumption and allocate costs to the proper business users within their organization. Its findings include that 66 percent find it challenging to track cloud consumption for cost allocations, 30 percent or more will complement their AWS cloud with another cloud, and only 25 percent are able to align IT costs with consumption.
When it comes to adding additional clouds the most popular options are an internal, private cloud on 31 percent and Microsoft Azure on 30 percent. Only 19 percent cited Google Cloud.
"Survey results like this are always useful to highlight trends and adoption rates of cloud services," says Deirdre Mahon, Chief Marketing Officer at Cloud Cruiser. "These findings tell us what we hear from our customers every day; budget tracking and forecasting is extremely difficult when you simply don't know who is using what service, at what capacity level much less the financial impact. Making investments in the right solutions is critical even during the early stages of cloud adoption. Measure from the beginning and it will pay dividends when your bill comes in month after month".
You can find more on the survey results on the Cloud Cruiser website. The company will be showing its CloudSmart-Now offering that makes it easy track hybrid cloud usage by user and costs at AWS re:Invent in Las Vegas this week.
Image Credit: Brian A Jackson / Shutterstock
With the volume of network traffic growing exponentially, large web-scale organizations need to scale their data centers to new levels. These organizations need scale and flexibility for their data centers to meet increasingly complex business and technology requirements.
To provide developers with the ability to accelerate innovation, avoid vendor lock in and protect their investment, HP together with a community of like-minded companies, today announced the launch of the OpenSwitch Community along with a new open source network operating system (NOS).
"To address the business and web-scale networking needs of the industry, HP along with partners, Accton Technology, Broadcom, Intel and VMWare, have created the OpenSwitch Community to develop an open source NOS," says Mark Carroll, chief technology officer for HP Networking. "Open source software with its collaborative community of specialized developers accelerates innovation and improves the stability of the software platform, providing organizations with a more powerful infrastructure to support their unique business requirements".
The closed model of traditional networking doesn't allow customers, or their software and integrator partners, to innovate and tailor their networks to meet their business needs. An open source NOS, based on open standards, allows developers to engineer networks to prioritize business critical workloads and functions, delivering the users a dramatically improved experience. Networks based on an open NOS will also remove the burdens of interoperability issues and complex licensing structures that are inherent in the proprietary model.
The newly released NOS offers L2/L3 protocol support, it's based on a state driven database for persistent and ephemeral states and all inter-module communication is through a system state database. It also has a universal API approach.
The OpenSwitch NOS will be supported on HP's Altoline open network switches. HP Technology Services will offer customers professional and support services for networks based on the OpenSwitch NOS to allow for secure and low risk deployments in production infrastructure. You can find more information and join the community on the OpenSwitch website.
Photo credit: asharkyu / Shutterstock
As more employees use their personal devices for business, corporate data is increasingly put at risk from sophisticated malware.
To foil these attacks, real-time protection company FireLayers and security specialist Check Point Software Technologies today announced their joint Extend Perimeter Security solution, which spreads security to cloud applications and provides enterprises with protection from zero-day threats and malware distribution.
By pairing the FireLayers Secure Cloud Application Platform with Check Point’s SandBlast Threat Emulation service for advanced sandboxing, documents downloaded through file-sharing apps are scanned for and cleaned of any potential malicious behavior, ensuring the recipient of a document is safe from foul play.
"Today's organizations are increasingly dependent upon SaaS and the cloud and need the tools that will allow them to continue to be efficient and facilitate collaboration," says Alon Kantor, vice president, Business Development at Check Point. "Our Extend Perimeter Security solution will help organizations extend their security infrastructure to protect against many of the threats associated with SaaS application use today so that they can protect critical business information from any device".
As part of Extend Perimeter Security, the FireLayers Secure Cloud Application Platform scans all file repositories in the cloud, using Check Point SandBlast to identify and detect any malware infected files. Depending upon the results of the scan, FireLayers enforces security policies to eliminate risk. The joint platform continuously evaluates all files at rest and as they are used. This includes detecting malicious file uploads, shared file downloads, the opening of infected files and more, protecting the enterprise from active threats.
Check Point SandBlast inspects the file in a sandbox environment at the CPU level, evaluating whether the content is malicious or not. It then informs FireLayers of its analysis, triggering actions like blocking, quarantine, admin alerts or user notifications as required.
For enterprises this is extending the protection perimeter to include SaaS, IaaS and PaaS apps. It also allows safe collaboration with cloud-based platforms such as Office 365, Box, Dropbox, Jive, etc. Real-time user mitigations and a transparent user experience reduce false positives and ensure cloud application usage remains uninterrupted. Because there's no configuration required on the client side, deployment is fast and seamless.
"We are excited to provide enterprises with a totally new level of much-needed protection against malware being distributed by cloud apps," says Boris Gorin, vice president, Security at FireLayers. "Today, enterprises need security solutions that can manage BYOD and anywhere/anytime access across the extended corporate network. FireLayers extends security protections to cloud app data, access and usage and delivers highly granular policy-based rule enforcement and auditing down to the single command level. The combined technologies from Check Point and FireLayers detect malware and prevent it from infiltrating organizations via cloud apps".
FireLayers will be at the New York City Tech Security Conference on October 15 or you can find out more on the company's website.
Image credit: bannosuke / Shutterstock
Flash used to be a core part of the internet, because for a time it was the only practical way to produce animations on websites.
It was also easy to use which made it attractive to designers and advertisers and at one time it seemed almost every site was decorated by Flash banners and adverts. But the arrival of HTML5 and CSS3, plus worries about security vulnerabilities, means that Flash has been on the decline for some time.
WebAnimator Plus could be the alternative for businesses looking for a solution that’s as easy to use as Flash but capable of producing animations that will work in all modern browsers. Using HTML5, CSS and JavaScript its animations will work on PCs as well as smartphones and tablets without the need for and hassle of additional plug-ins.
Features
If you’ve used any sort of graphics or video editing package in the past then WebAnimator’s interface will feel immediately familiar. If you’ve created Flash animations you will feel even more at home as elements like the Stage, Scenes and Timeline even have the same names.
You can add objects to the Stage -- the central grid area of the screen -- using a simple drag and drop interface, then using keyframes on the timeline you can make them disappear, move, change color, zoom them in and out, and so on. You can use simple geometrical shapes but you can also add existing bitmap or jpeg images and work with those.
Of course you can add text too and WebAnimator gives you access to the Google Fonts Directory so you can access a wide range of web fonts safe in the knowledge that they’ll work on other systems. The Plus version also lets you add audio and video files.
In Use
Each element you place on the Stage has its own properties depending on its type. You can change opacity and rotation for example, add drop shadows, reflections and more. There are a number of default templates allowing you to easily set up things like slide shows and product presentations with minimum effort.
You can add a selection of pre-defined live animations like fade outs and zooms, plus you can create your own customised effects using key frames if you prefer. Once an animation is in place it’s possible to fine tune its timing from the timeline. It’s also possible to add user interactions so that an element will react to a mouse click or hover. This is handy for making website buttons so that they change colour when the mouse passes over them or after they’re clicked.
You can add audio and video files but the lack of a standard format across all browsers means that, currently, you need to make different formats available to ensure the user is served with the right version. This isn’t the program’s fault but it nonetheless feels a bit clunky.
You can preview your work in a browser at any time to see how it’s coming along. Once you’re happy the finished animation can be exported as HTML5 code ready to drop into a web page, or as an animated GIF. If you’re familiar with JavaScript there’s a built-in editor that lets you tweak the source code of your design.
Conclusion
WebAnimator Plus is easy to get started with if you’re new to creating animations, but there’s plenty of powerful functionality available if you dig deeper. You may find you’re sent scurrying for help on some of the more advanced options though as they’re not always intuitive. Fortunately there’s a comprehensive PDF manual included in the package which also has details on integrating WebAnimator’s code with your website.
WebAnimator Plus costs £64.99 or there’s a cheaper basic version for £44.99 that lacks some functions like the ability to create animated buttons or embed audio and video.
Although it may seem expensive it’s a very capable package and if you’re serious about adding animated content to your website it’s well worth a look. There’s a 14-day trial available from WebAnimator's site to allow you to give it a go.
Pros
Easy to get started
Uses open web standards
Plenty for advanced users
Cons
Some less intuitive options
Clunky video functions
ITProPortal Review |
---|
7/10 |
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Companies sometimes struggle to get value from their data. Information is often static and can’t provide insights into individual business decisions.
To help deliver better value from data, decision analytics company OnCorps is unveiling its Adaptive Decision Analytics platform that intelligently engages users and prompts them to make better decisions.
It combines behavioral science and machine learning to identify, create and apply the data an organization needs to dramatically improve its desired results. OnCorps mobile and online applications are tailored to each client's unique requirements and provide real-time individual diagnostic visualizations, benchmarking, data correlation and personalized smart nudging capabilities.
"Though data and analytics tools are powerful, the challenge is making data relevant and actionable," says Bob Suh, founder and CEO of OnCorps. "Organizations spend too much time and capital collecting and charting data. Not enough time is spent turning data into better decisions. We created OnCorps to usher in the next generation of analytics, applying technology that enables users to track and measure their decisions and nudges them to make choices that improve their odds of success".
OnCorps applications enable individual users to compare their decisions and performance with the real-time benchmark data of various peer performance groups, gaining insight on key differences. Users then track their decisions over time to see how different decisions impact their performance and build a personalized 'decision diary' to capture and improve their decision rules. Finally, applications deliver smart 'nudge' messages, personalized and adapted over time for each user, these prompt changes in behaviors that lead to better outcomes.
OnCorps applications can result in 2-3 times higher user engagement rates and higher quality data. The platform allows configuration of custom applications along with rapid and repeated reporting.
You can find out more and try out the apps on the OnCorps website.
Photo Credit: Adchariyaphoto/Shutterstock
When you buy earphones you usually have to choose between audio quality and how much you want to spend. British company Rock Jaw Audio, however, is on a mission to provide a strong listening experience at an affordable price.
There's a definite grey theme here, supplied in an attractive grey box, the earpieces themselves are aluminium with a smart grey finish, they come with a selection of rubber ear tips so you can get a good fit. There's also a clip for the cable and a soft carrying pouch. They have an in-line microphone for making phone calls and the earpieces have 8mm dynamic drivers. The jack plug is gold-plated, it's a 90 degree design though so may be awkward connecting to some devices. They have a 1.2 metre long cord, which is fine for listening to a smartphone in your pocket but a bit limiting for other situations.
It also comes with three pairs of interchangeable tuning filters that screw into the earphones so you can set bass, neutral or treble response according to preference. This is a clever idea and does have an appreciable effect on the sound quality, it effectively gives you three sets of headphones in one. However, it's a bit fiddly and means you have to decide on your preferred setting in advance of a listening session.
The Alfas are supplied with a choice of small, medium and large silicone ear tips, plus large and medium memory foam and small double flange versions, so you should be able to find a good fit.
The important bit of course is the listening experience and that's where those interchangeable filters come into their own. The silver-coloured bass filters deliver a solid sound that's impressive given the small size of the earpieces. In the quest for bass though they do lose something in the mid range. The black treble filters on the other hand deliver a good top end response but leave you with a rather weedy bass. For day to day use then, and to avoid the hassle of swapping filters, the gold-coloured natural filters are the best option. They deliver clear vocals and the bass is good without being overpowering. It's handy to have the choice though for when you want to listen to particular types of music.
The Alfa Genius V2s are light, unobtrusively stylish and deliver a decent listening experience. The ability to fine tune their output using filters may seem gimmicky but it is effective. You could easily pay $100+ for earphones offering similar sound quality so at $66.45 (£44.95 in the UK) these look like a smart choice.
You can find more information and order direct from the Rock Jaw Audio site.
The security industry tends to focus on prevention, but even on the best protected system there's always a chance of zero day infections slipping through the net. It's therefore important that products have an effective removal capability too.
The latest report from independent testing organization AV-Comparatives focuses on 16 of the leading security tools and how good they are at removing malware from infected systems.
The programs were tested against 35 malware samples on a 64-bit version of Windows 8.1. Products were rated on their effectiveness in removing the malware and its remnants, and on their convenience in operation to produce a points score. Removal was ranked on what traces were left over. Convenience was assessed on whether removal could be carried out in normal mode, or whether a rescue disc was required or boot into safe mode.
The top performer in the tests was Kaspersky, earning 93 points, followed by Avast and BitDefender both on 89, AVG on 87 and Avira on 86. ThreatTrack Vipre achieved the lowest score of 65, with Sophos on 72 and Fortinet on 74.
The report suggests that some providers could improve their results by offering a rescue disc option, providing up to date offline installers and not requiring users to login to online accounts to activate cleaning features. It also recommends that products should check for infection before installing and that there should be the option to download installers with random names to fool malware that attempts to disrupt installation of cleanup tools.
The full report is available to download from the AV-Comparatives site.
Image Credit: Sergey Nivens/Shutterstock
Cloud applications, mobile use and the changes they bring to working methods make managing data in the enterprise a more complicated process.
We reported a few months ago on IBM and Box beginning a collaboration on cloud projects and the two companies have now announced new solutions that can help enable advanced collaboration, data classification, enterprise search and enhanced analytics.
"Organizations in every industry have an unprecedented opportunity to transform the way they connect with customers, collaborate with partners and engage with their colleagues and employees by gaining control over their data," says Rich Howarth, Vice President, Enterprise Content Management Products and Strategy at IBM. "Together IBM and Box are bringing the best cloud collaboration and content management solutions to bear to help our clients turn their data into a resource that they can call on to drive growth".
There are four new offerings, IBM Content Navigator with Box helps customers search, access and share content across both on-premise and Box environments, with a single integrated view. IBM Content Navigator provides an interface and development platform that clients can use to shape the user experience of content within desktop and mobile ECM solutions.
IBM StoredIQ with Box helps companies make more informed business decisions by providing them with an in-depth assessment of unstructured data across Box and on-premise environments, including where it resides. Using IBM StoredIQ with Box, customers will be able to search on-premise and Box-based data, classify it and migrate it to the Box Platform.
IBM Case Manager with Box helps seamlessly enable sharing content on the Box platform with external participants as part of the business process. It’s designed to optimize results by applying context to content and enabling flexibility across business processes.
Finally, IBM Datacap with Box helps businesses capture documents across multiple sources, extract key information from them, and store them to Box. This can help businesses reduce costs and increase accuracy and speed in powering workflows, regardless of device.
"The Box and IBM partnership reimagines enterprise content management and collaboration for the digital enterprise, meeting the deepest of security and control requirements while unlocking content experiences and digital business processes that were not previously possible," says Whitney Bouck, Senior Vice President and General Manager of Enterprise at Box. "As you can see with today's news, Box and IBM are committed to a rapid pace of joint innovation, and there’s much more to come".
You can find out more about the partnership on the IBM website.
Many businesses are put off making use of big data by the costs and complexity of the software and infrastructure involved.
Enterprise data management specialist Solix Technologies is aiming to break down this barrier by making the Standard Edition of its Solix Big Data Suite available free of charge.
Built on a single node cluster and packaged in a virtual environment, Solix Big Data Suite Standard Edition is based on the company’s full suite. It features reports archiving, file achiving and Solix Secure Search Analytics to allow users to prove their enterprise archiving on Hadoop use cases.
"Eighty percent of the data generated by enterprises is unstructured, be it files, reports, videos, images, logs, or clicks," says Sai Gundavelli, CEO of Solix. "Archiving all of that in a secure central repository, built on commodity storage, compute and open source Hadoop, should equate to huge infrastructure cost savings for enterprises".
The Standard Edition software includes file share archiving which gives users the ability to archive files from network file shares into Apache Hadoop, supporting NAS devices, Windows shares and Unix shares.
It has a Solix Virtual Printer to capture print streams directly into Apache Hadoop in a compliant and searchable PDF/A format. Applications can print data directly to the Solix Virtual Printer to preserve documents and reports, and access them through a user-friendly search interface.
There's also a unified archive for storage optimization, built-in full text search and reporting capabilities, and integrated information lifecycle management to deal with retention management and legal hold requirements.
You can find more information and download the Solix Big Data Suite Standard Edition on the company's website.
Image Credit: Maksim Kabakou/Shutterstock
Teams need to communicate in order to work effectively, but in the modern work-anywhere world with a scattered workforce this isn't as easy as just popping over to someone's desk for a chat.
Social intranet provider Incentive is helping organizations and enterprise teams stay in touch, with the announcement of its new mobile apps for iOS and Android and desktop apps for Windows, Mac and Chrome.
The new native collaboration apps are designed to help teams, regardless of location, connectivity or device, experience the business benefits of a seamless, intuitive and consistent social intranet. This should result in increased productivity for teams through improved collaboration and communication, all from one secure platform.
Using Incentive's online platform, the new mobile and desktop apps will help enterprise teams work together to share files across the entire enterprise, directly from a mobile device or desktop.
It will also allow staff to connect with anyone in the organization through private conversations or team chat rooms, as well as get notified when items are uploaded, edited, shared or commented on, or when a team member tags an individual or a group. There's instant access to collaboration features like wikis, blogs, tasks and photo albums, with a smart search engine that saves and indexes data, making it easily retrievable from any device.
It can help managers discover team members with particular skills or expertise to improve cross-team collaboration. It preserves an enterprise's collective 'braintrust' by housing corporate knowledge and assets within a single, secure, all-in-one platform.
"Today's employees are used to not only being constantly connected, but also enjoying a social user experience that mimics popular consumer applications on any device -- phone, tablet or desktop," says Rickard Hansson, CEO and founder of Incentive. "The availability of Incentive's native apps makes the social intranet experience seamless, consistent and fast, regardless of location, device or connectivity, so teams can get more work done, together".
For more information, a free trial and to download the apps you can visit the Incentive website.
Photo Credit: nmedia/Shutterstock
As our mobile phones become increasingly central to both our personal and working lives, securing them and the data they hold has become paramount. The nature of the mobile space means that threats are more dispersed and change fast, so traditional security solutions are struggling to cope.
How does this change in the security landscape affect businesses who may be faced with supporting a range of different devices and operating systems thanks to BYOD policies? We spoke to Gert-Jan Schenk, VP for EMEA at mobile security specialist Lookout, to get his view.
BN: There are lots of really affordable Android devices available now, many of which don't use Google Experience. What challenges do these pose for business?
GJS: Because of BYOD, enterprises' mobile footprints are no longer homogeneous -- it's not a Blackberry-only world anymore. Now, the devices that an IT department must take into consideration include Android, iOS, and Windows. But things have gotten a bit more complicated recently with the development and growing popularity of non-Google Experience devices and OSs like Cyanogen and Xiaomi.
These devices and OSs offer flexibility and customization along with a low-cost rate -- with this appealing proposition, you can only expect user numbers to increase. Already, an estimated 50 million users are using the open source Cyanogen OS on their smartphones.
If you're an enterprise, this changing landscape means one important thing: these new devices, which you're not used to seeing, are soon going to start popping up on your network as employees bring them through the front door, and they present new security challenges.
For example, on a Google Experience device, because there is such brand recognition, there is more expectation that the devices and the apps running on them are vetted by Google, the manufacturers, the carriers, or some combination of the three. The majority of apps downloaded on these devices are also by default funneled through Google Play. Non-Google Experience devices introduce much more fragmentation. When using these devices, apps can be downloaded from a variety of sources including unvetted third-party app stores. These stores are generally much less-regulated environments where "shadier" apps can exist unchecked.
BN: Shouldn't the onus on security of business data be with the network rather than the device?
GJS: Look no further than the recent example with XcodeGhost for proof that security needs to be implemented at the device level as well as the network.
Knowledge is key and having visibility into whether a potentially risky app or vulnerable device has entered your corporate network gives you the power to make fast remediation decisions. Within 24 hours of XcodeGhost being discovered, Lookout enterprise users were protected.
Visibility will become even more instrumental as new devices begin to enter the workplace, as we are seeing with Cyanogen. Traditional network security, device security, application security, and app vetting, all need to work toward one common goal: a safer corporate network and protected personal data.
BN: What do enterprises need to do to assess the risk of embracing BYOD?
GJS: One of the biggest risks that enterprises actually create is not embracing BYOD. We call this 'Shadow BYOD,' when a company doesn't think they have a BYOD program but in fact, employees are doing corporate work on their smartphones anyway. This becomes an issue of unmanaged personal devices connecting to the network and accessing corporate data.
I know I sound like a broken record, but visibility and protocol are really key here. Organizations must have sight of the devices connecting to their network. That means having a simple but clear BYOD policy, and ideally tools like MDM so that patches can be rolled out quickly and easily. Secondly, and this is the area that still needs work today, organizations must understand that it's impossible to track and have visibility of all threats yourself, which is why it's important to have a security partner.
BN: How can admins spot potentially risky apps or vulnerable devices, such as jail-broken phones, especially as the OS space becomes more fragmented?
GJS: Let's dig into jailbreaking as an example of how IT admins can deal with security in the fragmented mobile market.
Did you know that an estimated 7.5 percent of all iPhones -- amounting to more than 30 million devices worldwide -- are jailbroken? Jailbreaking a device is very tempting to many; who wouldn't want access to a whole new world of apps, easier international travel, and more control over their phone?
Jailbroken devices create a major enterprise risk given their ability to run apps developed outside of Apple's review, which may be malicious or contain vulnerabilities. Jailbreaking removes the normal signing certificate checks that prevent these apps from executing and gives them unrestricted access to the device, including the ability to use undocumented APIs that Apple otherwise prohibits. These private APIs can empower apps with a wide range of dangerous capabilities on jailbroken devices, such as the ability to install or launch additional code or collect location data without notification.
One of the other security implications with jailbreaking is that it often requires a person to downgrade some of the security settings in the stock version of iOS in order to make the jailbreak work. People who don't know what they're doing may not know how to reinstate some of those security settings to ensure their jailbroken device is protected post-jailbreak.
If a device has been jailbroken or rooted then your existing security investments can be rendered ineffective. While most MDM/EMM solutions claim to provide jailbreak/root detection, they are not always effective due to the nature of the attack targeting the kernel of the OS.11. Lookout's Mobile Threat Protection identifies devices that have been rooted or jailbroken, even if they bypass MDM detection.
BN: Doesn't part of the solution rely in educating users rather than relying on technology?
GJS: You need both, but you can't rely completely on employee education. You need to supplement it with technology.
Employees are obviously in control of what they click on, download, or install. If you educate them to be highly security-conscious and suspicious of everything, there would be a significant reduction in the number of security breaches.
But the bad guys will keep innovating and finding new and more clever ways to target users. A sound security or BYOD strategy should never take a leap of faith that the end-user will operate with caution 100 percent of the time, or be able to keep up with attacker innovation as quickly as the security technology providers.
BN: Will there always be a trade-off between security and the convenience of mobile access?
GJS: Forward-thinking organizations have today recognized the need to embrace mobile devices in the workplace, due to enhanced worker productivity, increased revenues, and reduced device and data expenses.
At the same time, if employees are not provided access to the mobile tools they want, they are likely to adopt their own productivity tools, which can put sensitive data at risk. We have all come to expect a great user experience on our mobile devices. If IT-provided solutions are too hard to use or too obtrusive on user privacy, you can bet that employees will not be utilizing them.
As businesses look to securely enable their organization's mobile productivity, it is especially important that they also select mobile security solutions that meet the high standards of today’s mobile consumer. Overall, one of the biggest hurdles we see when it comes to having employees actually adopt these technologies is usability. If you make the protection or enforcement too complex or if it requires heavy lifting at all for the end user, you greatly increase the risk that the employee won't use the protection or that they'll figure out a workaround.
Image Credit: Moon Light PhotoStudio / Shutterstock
Modern applications and services need to deliver content to users at unprecedented speeds, without sacrificing quality or reliability. But as more systems move to the cloud that highlights the shortcomings of traditional delivery systems and WANs.
Cloud based networking company Teridion is announcing general availability of its advanced Global Cloud Network which it claims can provide up to 20x performance improvement for end-user generated, bi-directional internet content.
"The Internet is an incredibly powerful tool, but until now, we have struggled to take full advantage of its capabilities. It's still common for us to fall victim to slow response times and volatile connections," says Elad Rave, founder and CEO of Teridion. "We are breaking down these boundaries and providing users with a seamless Internet experience -- no matter their location, device or application. It's our goal for our SaaS customers to be able to generate additional customer loyalty, and the funding and general availability of our product are major steps in this direction".
Teridion has achieved its speed and reliability using SoftLayer infrastructure from IBM Cloud. Through the IBM Global Entrepreneur Program, IBM Cloud's startup ecosystem, Teridion has received free mentoring, support and SoftLayer infrastructure via the program’s Catalyst option.
The resulting Global Cloud Network features intelligent routing using proprietary algorithms and the Teridion Management System, in conjunction with Teridion Measurement Agents, to provide a real-time congestion map of the Internet to find the best possible path, taking into account bandwidth, latency and geography.
Teridion Cloud Routers are created on demand, providing scalability and enabling users to only pay for the resources they consume. The solution works with the largest cloud providers in the world to ensure the speed and reliability of traffic, without customers needing to leave their cloud provider.
The system doesn't cache users' data, and uses end-to-end SSL encryption with no termination to secure data across the network. Since there's no hardware or software to install, and quick and easy provisioning, a typical cloud customer can be connected to the network in under an hour.
The Teridion solution is currently being used by more than 15 companies spanning some of the most bandwidth-demanding applications and services, such as hosting and file sharing, rich media and advertising. You can find out more on the company's website.
Image credit: Alexander Kirch/Shutterstock
Online retailers rely on the holiday season for a high proportion of their revenue, yet a new survey suggests that with Black Friday only two months away, 38 percent aren't yet prepared for this year's sales.
The survey from email marketing company Campaigner shows this lack of preparedness is despite 70 percent anticipating a rise in mobile sales and nearly 50 percent planning to prioritize social sharing for marketing success.
Other findings are that 50 percent are enhancing their mobile responsive design to prepare for increased mobile sales this year. Social integration is seen as crucial too, with 71 percent agreeing that the number one add-on for email marketing success is integration with sites like Facebook and Twitter.
Content strategy is also changing with 69 percent saying they're approaching their content strategy differently this season compared to last year. There doesn't seem to be much consensus on how to do this, however, with almost 28 percent saying they're using more informational content over promotional content but just over 26 percent saying the opposite. Meanwhile 22 percent say they plan to incorporate more video content in their efforts but over 15 percent are planning a simpler approach to content.
"It's shocking to learn that such a high number of Internet retailers have not yet begun executing holiday strategies for this year," says Seamas Egan, manager of revenue operations for Campaigner. "Black Friday is just a couple of months away, and for most retailers, the holiday season is ripe with revenue if they prepare adequately".
You can see a summary of the survey results in infographic form below.
Photo Credit: Robert Kyllo/Shutterstock
Additional reliance on social network platforms and social communication channels creates regulatory issues for enterprises.
This means that social media and communications content are becoming an increasingly popular target of opposing counsel in legal issues involving eDiscovery.
The problem for many companies is that they simply don't know what, if any, of these social communications are being used within their organization. As a result they're not actively capturing, managing or archiving all communications and social content -- potentially placing them at a higher risk of non-compliance and legal jeopardy.
In response to these issues IBM is announcing a partnership with real-time monitoring specialist Actiance. This will allow IBM to offer the Actiance Platform as part of its Information Lifecycle Governance (ILG) product portfolio to enable their customers to more effectively address the issues related to migrating their current technology solutions to the cloud.
"Unified communications, social media and cloud archiving are changing enterprise communications and how companies must control and manage those conversations so they are in compliance," says James Schellhase, worldwide business leader, IBM Information Lifecycle Governance Group. "With the Actiance Platform, IBM customers are now able to actively enforce and centrally manage policies to safely and securely govern all their communications data in the cloud at a lower cost".
Actiance's active compliance and archiving platform provides deeper insight into archived communications through the use of powerful cloud-based analytics. It will allow IBM customers to govern all of their enterprise communications across 70 plus different channels, including email, messaging, collaboration and social content, under one cloud platform.
This combined with IBM's deep expertise in the ILG space will enable companies across all industries, including financial services, manufacturing and insurance, to reduce the cost and risk of information governance and create and enforce policies for all business-critical communications.
You can find out more about the Actiance Platform on the company's website.
Image Credit: Jirsak / Shutterstock
New toolkits and training for developers allowing them to create intelligent applications have been launched by machine learning company Dato.
Developers can use Dato Toolkits to build software that uses machine learning technology, combining historical data and real time user interaction to make predictions and decisions to deliver rich and adaptive experiences to their users.
The machine learning tookits include recommendation engines that can be added to applications to personalize user experiences by mining patterns in purchase and activity history, matching common users' tastes, and predicting future purchases or interests.
Image search and feature extraction using deep learning can be used to create more intuitive search experiences, automatically tag photos, and improve other application performance by using features extracted from images. Churn prediction detects which customers are likely to cancel a subscription or service by using advanced analytics to detect specific patterns. It can be added to applications to identify which customers are at risk of leaving.
There's also sentiment analysis which uses natural language processing, text analysis and computational linguistics to identify and extract subjective information in source materials. The technology can be used to discover the tone of a post in support forums or a customer’s opinion of a brand or product in reviews for better targeting.
"Over the next five years, every disruptive business will be differentiated by the intelligence of their applications. Machine learning is the core technology to make such intelligence happen," says Carlos Guestrin, Dato co-founder and CEO, and Amazon Professor of Machine Learning at the University of Washington. "We see a huge number of developers adding machine learning to their applications using the Dato platform, which is really exciting for us. Recommendation engines, sentiment analysis, churn prediction and deep learning are some of the most sought after machine learning technologies that help companies like Pandora, Zillow and StumbleUpon create new personalized customer experiences in real time".
In addition Dato has announced a partnership with Coursera and the University of Washington to deliver a six-course Machine Learning curriculum. Participants will be able to master machine learning fundamentals in six hands-on courses using the Dato platform. The course explains how to apply machine learning techniques to large and complex datasets, build applications that can make predictions from data, and create systems that adapt and improve over time.
You can find out more about Dato toolkits and download a free 30-day trial on the company's website.
Image Credit: art4all / Shutterstock
Companies are leaving vulnerabilities unpatched for up to 120 days leaving them open to untargeted attacks, according to the findings of a new report.
Risk and vulnerability intelligence platform Kenna analyzed 50,000 organizations, 250 million vulnerabilities, and over one billion breach events from January 2014 to September 2015, and found that companies are regularly leaving vulnerabilities open for longer than it takes attackers to exploit them.
Unlike more widely publicized advanced persistent threats, non-targeted attacks pose a different challenge for security organizations. Rather than targeting a specific company, attackers attempt to steal valuable data from as many companies as possible, relying on automated tools and techniques to scale their attacks and exploit commonly found vulnerabilities. The recent discovery of the Heartbleed vulnerability in OpenSSL brought this to the forefront as a threat that exploited multiple targets at once.
"The public has grown plenty familiar with hacker seeking out a specialized target, such as Ashley Madison. But automated, non-targeted attacks still remain the most significant threat to businesses of all sizes," says Karim Toubba, CEO of Kenna. "Every company has data that hackers want to get their hands on, but security teams remain one step behind their adversaries. Security teams need to move quickly to remediate critical vulnerabilities, but they don’t have the tools needed to keep pace with hackers".
Among the report's findings are that automated attacks are on the rise with over 1.2 billion successful exploits witnessed in 2015 to date, compared to 220 million successful exploits in 2013 and 2014 combined -- an increase of 445 percent.
Despite their best intentions, most companies take an average of 100-120 days to fix found vulnerabilities. However, many companies have critical vulnerabilities that go unpatched altogether. The probability of a vulnerability being exploited hits 90 percent between 40-60 days after discovery, indicating that the length of time a company takes to react to vulnerabilities before attackers strike is critical. This creates a 'remediation gap', or time that any vulnerability is most likely to be exploited before it is close, of nearly 60 days.
"Companies will continue to face the cold reality that throwing people at the problem is no longer sufficient for remediating vulnerabilities and combatting the sheer volume of automated attacks," adds Toubba. "They need solutions that are as automated as the attacks that continue to hammer them -- fixing vulnerabilities manually is no longer possible in the 'new normal'".
You can read more in the full report which is available to download from the Kenna website.
Image Credit: alexskopje / Shutterstock
One of the main concerns companies have about moving to the cloud is security. Traditional security measures can have gaps that leave systems vulnerable.
To address this network security specialist Hillstone Networks is launching CloudHive, a cloud security solution that uses micro-segmentation to protect networks beyond the perimeter down to every virtual machine in cloud deployments.
"Security in the cloud remains a key concern for organizations and is a major reason some applications and workloads have not yet moved to the cloud," says Tim Liu, CTO and founder, Hillstone Networks. "With Hillstone's CloudHive technology, organizations can now fully realize secure cloud services at scale through full visibility, control, and security across networks, down to the virtual machines".
CloudHive allows all virtual machine access points to be monitored to provide visibility and control of traffic, applications and attacks. VM topology, traffic insight, application identification, and comprehensive log features allow Cloud Service Providers (CSPs) to meet compliance and security audit requirements.
Each CloudHive Virtual Security Service Module (vSSM) is deployed on a physical server, enabling micro-segmentation for inter-VM communication. East-West traffic is secured with L2-L7 security services, including firewall features such as policy control and session limits. It also offers advanced security features such as Intrusion Prevention System (IPS) and Attack Defense (AD), as well as fine-grained application control.
On-demand security services can be applied to any and all new workloads and VMs through the scalability of vSSM. The deployment of vSphere with Operation Management (vSOM) enables unified security policy configuration for each virtual machine. CloudHive also supports vMotion to ensure security services persist in the event the VM moves.
Hillstone claims that CloudHive deployment doesn't impact existing network topology. It minimizes deployment and configuration overhead, so there's no business impact or network interruption. In addition, because it's a single appliance it reduces operational errors and improves overall efficiency. Total cost of ownership is reduced too as CloudHive security services do not need to update to Vmware's NSX.
You can find out more about CloudHive on the Hillstone Networks site.
Image Credit: Maksim Kabakou/Shutterstock
Companies are increasingly turning to software as a service solutions. But these often lead to problems when needing to integrate workflows with in-house or other SaaS solutions.
To address this, cloud software specialist Azuqua has announced the availability of a new integration solution for connecting cloud applications and automating business-critical workflow.
Users and administrators of SaaS applications for marketing, sales, support, and customer success have a growing need to automate business-critical workflow between cloud applications. For example, triggering a hand-off from a closed sales opportunity in Salesforce to the support team in Intercom and professional services team in Workfront. However, existing integration options often don't meet these users' requirements. Predefined integrations available in SaaS marketplaces can't be extended to solve custom process requirements, and traditional integration platforms such as Enterprise Service Buses (ESBs) are expensive to purchase, and complicated to implement and modify.
Azuqua offers a simple and cost-effective approach to these business-critical integration needs. New and enhanced capabilities allow users to easily create, view, monitor and report on workflows. An easy-to-use visual designer expands the automation scenarios that can be defined with the addition of conditional branching. Data at each step in a workflow can be examined simplifying design, error-handling, and retries.
A log of all executions and reports summarizes usage and ensures workflows are always operating. Workflows can be arranged by process, team, or any custom classification. In addition, permissions ensure safe and secure collaboration on workflows by defining the individuals who can edit, view, or run them.
"The ability to use SaaS application APIs in workflows has become a fundamental business requirement, but the lack of easily customizable and affordable solutions only adds to the integration headache for many customers," says Jeffrey M Kaplan, managing director of THINKstrategies. "Azuqua is improving the way automations are developed and deployed, while significantly reducing the cost and improving the customer experience".
Azuqua will be on display at Integrate 2015 or you can find out more about the latest release and request a free trial on the company's website.
Photo credit: Alexander Supertramp / Shutterstock
New research carried out by non-profit certification organization (ISC)² and technology consulting firm Booz Allen Hamilton highlights a lack of gender equality in IT security roles.
Based on a survey of almost 14,000 global professionals, the report looks at the differences between men and women in the industry, the current and future outlook for women in the information security field and the unique skills women possess to fill information security positions today and in the future.
While women have represented only 10 percent of the information security workforce for the past few years, analysis from the last two (ISC)2 information security workforce surveys shows that women are quickly converging on men in terms of academic focus, computer science and engineering, and, as a gender, have a higher concentration of advanced degrees. Women in information security are making their largest impact in governance, risk and compliance (GRC) as one out of five women identified GRC as their primary functional responsibility compared to one out of eight men holding similar positions. The study identified GRC as a growing role in information assurance and cybersecurity.
"The information security field is expected to see a deficit of 1.5 million professionals by 2020 if we don't take proactive measures to close the gap," says (ISC)² CEO David Shearer. "Knowing this, it is rather frustrating to realize that we do not have more women working in the industry. Only 10 percent of information security professionals are women, and that needs to change. Through collaboration, research and partnerships, (ISC)² is committed to empowering under-represented minority groups in the industry, such as women, who bring skill sets that are critical to this industry’s future growth".
Among other key findings are that 58 percent of women have masters or doctorate degrees versus only 47 percent of men. In the GRC subgroup of respondents, women's average annual salary was 4.7 percent less than men. However, the study shows that men value monetary compensation slightly more than women who look for other incentives from their employers, such as flexible working.
Women are also more progressive in their views on training methods. Offering increased accessibility and wider diversity of information security training opportunities may prove to be increasingly valuable in retention and in elevating professionals' readiness to succeed in new roles.
The study is being released in conjunction with the (ISC)² Security Congress 2015 in California from September 28 to October 1, where there will be specific sessions discussing the issue of women in security.
Image Credit: Candy Box Images / Shutterstock
Cloud technology specialist NewVoiceMedia has released the results of a survey showing that customers using its cloud services are growing at 13 times the international average.
The study carried out in July 2015, based on the publicly available revenue data of a sample of 300 UK and US businesses from the last two years, showed that NewVoiceMedia cloud users increased revenues by an average of 44 percent in the last financial year, compared with global economic growth of 3.5 percent.
In the UK its customers are growing at an average of 41 percent. Broken down by sector, media, telco and utilities customers are growing at 85 percent versus eight percent market growth. Financial services are growing at 76 percent versus -0.10 percent market growth, and business services customers are growing at 39 percent versus four percent market growth.
In the US the average customer growth rate is 46 percent. Retail customers are experiencing 109 percent growth versus seven percent market growth, business services are growing at 69 percent versus four percent market growth, and CPG and healthcare customers are growing at 57 percent compared with 12 percent market growth.
"We are honored to be working with some of the most successful businesses in their respective industries," says Jonathan Gale, CEO of NewVoiceMedia. "Our cloud customer contact solutions are attracting some of the world’s highest-growth businesses because we are relentlessly committed to driving innovation that is revolutionizing the way they connect with their customers worldwide and growing their business with improved efficiency, reduced churn and greater customer advocacy."
You can see a summary of the results in infographic form below or read more on the NewVoiceMedia blog.
Photo Credit: inxti /Shutterstock
The in-memory performance and functionality of Spark is a valuable building block for enterprises looking to implement real-time data pipelines and streaming analytics.
This becomes more important as companies are faced with an increasing number of data points across different sources, and the need to deal with varied data types. Leader in real-time databases for transactions and analytics MemSQL, today released Spark Streamliner, an integrated Spark solution to give enterprises immediate access to real-time analytics.
It offers a one-click deployment of integrated Apache Spark to eliminate the pain of batch ETL (Extract, Transform and Load), and provides ease-of-use for broad adoption. With a web-based UI for pipeline setup, users can create multiple real-time data pipelines in minutes, perform custom transformations in real-time, and develop innovative applications inspired by fresh analytics.
"Spark Streamliner increases the opportunity for enterprises to work with real-time data, and now they can easily persist multiple data streams for ongoing analytics," says Eric Frenkiel, CEO and co-founder of MemSQL. "Streamliner is the first of many integrated Spark solutions to operationalize Spark, delivering intuitive access to sophisticated capabilities with the relational and in-memory architecture of MemSQL".
MemSQL Spark Streamliner, available as open source on GitHub, enabling development of innovative applications inspired by real-time data and easy access with full transactional SQL. Deployed along with a real-time data source like Apache Kafka, it can support thousands of concurrent users running real-time analytical queries, reduce data latency and stream data directly into MemSQL.
MemSQL will be at Strata+Hadoop World in New York next week or you can find out more on the company's website.
Image Credit: wavebreakmedia / Shutterstock
The rapid growth of mobility and the Internet of Things is driving a need for real-time data analysis, and intensifying demand for faster insight and action in the enterprise.
In response to this demand, database specialist VoltDB is announcing version 5.6 of its SQL in-memory operational database, a fast data platform that combines streaming analytics with transactions to support mission-critical, real-time applications.
"Global organizations are using revolutionary approaches to leverage fast data to automate better operational decisions, enable micro-personalized customer experiences in real-time and enhance the performance of mission-critical applications," says Bruce Reading, president and CEO of VoltDB. "VoltDB is the industry's only database platform to take the complexity out of building fast data applications, enabling enterprises to more quickly monetize the value of their real-time data streams. By unifying continuous streaming analytics with transactions and adding the power of Active/Active replication, VoltDB is accelerating the business impact of fast data applications for every organization".
Enhancements in the new version include support for import and export of multiple data streams without the need to write code. There's also support for Elasticsearch so that VoltDB data can be sent to Elasticsearch servers or clusters to perform full-text searches using the popular text search engine.
Active/Active database replication enables disparate clusters to serve write transactions with changes replicated to another cluster. Data compression makes WAN transfers faster and more efficient, and customers can partition database replicas with rack-awareness to prevent having replicas on the same physical rack, improving availability in the event of a rack, chassis or power failure.
The latest version of VoltDB is available to download now from the company's website.
Image Credit: alphaspirit / Shutterstock
Whilst moving systems to the cloud can deliver savings in costs and efficiency, it presents new challenges in terms of managing systems and data.
With the launch of its Universal Cloud Appliance, California-based RightScale is aiming to deliver the self-service access that cloud users demand and give IT teams visibility and control over any cloud, any virtual machine, or any server through a single pane of glass.
Universal Cloud Appliance (UCA) supports Bare-metal server farms, virtualized environments such as KVM and Hyper-V, as well as clouds previously not supported by RightScale such as vCloud Air and Digital Ocean.
"RightScale enterprise customers use a wide range of infrastructure options, from existing virtualized and bare-metal datacenter environments to a variety of public and private clouds," says Kim Weins, VP of Marketing at RightScale. "Now our enterprise customers can use RightScale across any infrastructure that they run -- any cloud, any VM, any server -- by leveraging the Universal Cloud Appliance. RightScale customers will get a single point for visibility, control, monitoring, cost tracking, reporting, automation, and more".
UCA is delivered as a software appliance that can be downloaded and run on any server that has connectivity to the target resource pool. It provides a variety of out-of-the-box capabilities that can be used to manage individual servers and a plug-in model allows for RightScale, partners or customers to extend the functionality to include provisioning new resources on any platform. Combined with the RightLink agent, UCA enables a broad set of management, monitoring and governance capabilities.
The company says it can reduce development cycles and increase agility with faster provisioning, eliminate manual work with automation and orchestration, drive down spending with built-in cost controls, and help reduce risks with policy-based governance.
More information can be found on the RightScale website.
Image Credit: ND Johnston/Shutterstock
Businesses are increasingly dealing with a mix of data, both real time and historical, and stored locally and in the cloud. This can mean that they end up having to use a mix of analytic tools.
Visual analytics specialist Zoomdata is announcing its AnyCloud initiative, which enables enterprises to visually interact with all data in the enterprise, whether on-premise or in the cloud.
This includes the release of Zoomdata 2.0, featuring Zoomdata Fusion, which is now available via one-click deployments on leading cloud providers and allows hybrid deployment between cloud and on-premise data. The AnyCloud initiative also includes the launch of a new partner cloud enablement program that accelerates the creation of end-to-end big data solutions. Together, these innovations enable 'analytics anywhere' -- the ability to access modern and traditional data, plus real-time and historical information, across data in the cloud and on-premise.
Zoomdata has also announced that it's become a certified partner on the Microsoft Azure Marketplace. Through Azure HDInsight, Zoomdata provides enterprise business units the ability to run Hadoop distributions from Cloudera or Hortonworks. Customers seeking to capitalize on the performance of big data can now use Azure's One-Click deployment to activate the Zoomdata Server, along with its Cloudera, Hortonworks and Spark smart connectors. Those looking to deliver visual analytic solutions for big data can now take advantage of Zoomdata’s multi-tenant, distributed architecture to make business users more productive in gaining actionable insights about their organization's big data.
"Microsoft is an ideal associate for Zoomdata because of its global reputation for meeting the cloud computing demands of the world’s largest companies," says Justin Langseth, CEO of Zoomdata. "For enterprises looking for an on-demand solution that delivers fast visual analytics on Hadoop and big data, Azure and HDInsight paired with Zoomdata are a powerful combination of performance and ease of use. We look forward to working with Microsoft to accelerate the adoption of solutions on Hadoop among the Global 2000".
You can find out more about Zoomdata and set up a free trial on the company's website. You can also try Zoomdata on Azure free for 30-days.
Photo Credit: wavebreakmedia/Shutterstock
As the digital world expands with more and more connected 'things' from computers, tablets and smartphones to gaming systems, thermostats, cameras and smart TVs, many people feel less secure.
As a result consumers are looking for uncomplicated security solutions from their Internet Service Provider (ISP).
This is among the findings of new research from DNS platform provider Nominum which shows that 63 percent of consumers surveyed would like it if their current ISP provided one simple solution to increase security across all their connected devices. A majority (51 percent) agreed they would switch to another provider if they offered a higher level of online protection, without additional monthly charges.
Other findings include that 58 percent of consumers have either never changed their home gateway or router password, didn't know how to, or haven't changed it in more than a year. Up to 22 percent have never changed their home gateway password at all. This is despite publicity surrounding growth in internet vulnerabilities, and many expert security recommendations to change default passwords on gateways and routers.
Almost half (49 percent) of all respondents say they are adequately protected from online threats on their computers, tablets and smartphones. In addition 52 percent feel they understand Internet security well enough to choose, install and maintain the right security tools for their own home.
Consumer confidence drops, however, when other connected home devices -- gaming consoles, smart TVs, thermostats, etc -- are taken into consideration, with just 37 percent feeling they are adequately protected from online threats. Only 36 percent say they have installed security tools to protect connected devices beyond computers, tablets and cellphones.
Above all it seems people want simplicity, 80 percent of those who responded say that they didn't feel adequately protected online and would prefer to have a simpler solution.
"Old threats like phishing continue and the growing number of connected devices in the home creates even more exposure for consumers and their families. ISPs have a great opportunity to deliver a better, safer online experience for everybody and every connected device in the home," says John Arledge, general manager of applications at Nominum. "Consumers are looking for a straightforward, uncomplicated solution that keeps up with fast moving online threats without burdening performance or their user experience".
You can find out more about the findings on the Nominum blog.
Image Credit: Rawpixel / Shutterstock
The online gambling industry is big business, estimated to be worth over $40 billion this year. But its success makes it a target for extortion and for DDoS attacks.
DDoS can prove particularly harmful for this type of site as around 60 percent of transactions are carried out in real time and are therefore sensitive to latency.
IT security specialist Gold Security has produced an infographic looking at how these attacks affect the industry. It points out that service outages during major sporting events can lead to people going to other sites to place bets. Some attacks may therefore be down to unscrupulous competitors seeking to steal business.
Anthony Khamsei CEO of Gold Security says, "E-commerce events are busy times. With online gambling sites in particular, it’s like experiencing Black Friday -- several times a year. A half-second delay renders a site unusable, unlike shopping where the tolerance for imperceptible delays may not make or break a sale". Online gaming sites also have predictable rush hours during the weekend or major sporting events, they become easy targets for these DDoS attacks.
You can see the full infographic below or read more on the Gold Security blog.
Image Credit: EDHAR / Shutterstock
Companies are increasingly required to retain, quickly search and produce, as well as supervise electronic communications to meet regulatory compliance and e-discovery obligations.
To help businesses deliver on these requirements, hosted archiving specialist Smarsh -- not a villainous organization from a Bond film, honest -- is launching an enhanced version of its cloud-based Web Archiving solution.
The latest version introduces an enhanced supervision workflow that enables organizations to easily monitor and track changes in content, as well as document reviews of archived web pages. This is combined with a new user interface designed for efficiency.
"With the latest version of Web Archiving, we've simplified and strengthened the review of website content for customers who need to regularly monitor and produce it for regulatory examinations, audits or litigation", says Stephen Marsh, CEO and founder of Smarsh. "Web Archiving is an important offering of ours that is growing at 90 percent year-over-year. More companies recognize that archiving web content -- alongside email, social media, instant messaging, text messaging and video -- is a critical component of a comprehensive information governance strategy".
The enhanced supervision workflow allows users to easily document content status, flag content for further review or as a violation, and add notes. Statuses and flags can be updated one at a time, or in bulk, and used as search criteria -- for example, a reviewer can search for pages annotated with a specific tag. In addition, an audit trail documents all review activities and actions taken, so customers have evidence of supervision.
The latest version of Web Archiving is available now and you can find more information on the Smarsh website.
Image Credit: Eugene Kouzmenok/Shutterstock
The complexity of the systems needed to handle it is often a major barrier to companies setting up big data projects.
A new release from big data platform BlueData aims to simplify things by offering a turnkey, purpose-built big data infrastructure solution for enterprises to accelerate their deployment times.
BlueData EPIC 2.0 uses Docker containers to simplify big data clusters, supports Apache Zeppelin notebooks and other new functionality for Apache Spark, and includes an enhanced App Store that provides one-click access to big data distributions and analytics tools.
It provides greater integration and support for new Spark innovations, including Apache Zeppelin for data exploration and visualization. By enabling self-service Spark clusters pre-integrated with web-based Zeppelin notebooks, EPIC can accelerate Spark data analysis and can be used by business analysts who may have less technical expertise than traditional data scientists. In addition, EPIC 2.0 introduces support for SparkR, Spark Streaming, MLlib and Spark Streaming-SQL. Enterprises can simplify and accelerate their deployment of Spark on-premises -- either with Hadoop or in standalone mode, independent of Hadoop.
"BlueData's mission has always been to provide customers with an 'easy button' for Big Data. EPIC 2.0 builds upon this mission and further extends our ability to offer Big-Data-as-a-Service in a multi-tenant, on-premises deployment model," says Kumar Sreekanti, CEO of BlueData. "Our software innovations continue to break new ground and shatter pre-conceived assumptions about deploying Big Data infrastructure and applications. With just a few mouse clicks, our customers can now deploy instant clusters for Hadoop, Spark, and other Big Data tools running on Docker containers".
BlueData will be featuring the new EPIC 2.0 release at the Strata + Hadoop Summit in New York next week. Alternatively you can find out more on the BlueData website.
Image Credit: Tashatuvango / Shutterstock
We reported back in July on the UK government's plans to help small businesses boost their cyber security. Today enterprises across the country are being urged to protect themselves by taking up the government's Cyber Essentials scheme.
Whilst £1 in every £5 earned by UK businesses now comes from the Internet, cyber attacks are considered a serious threat. The latest figures reveal that 74 percent of small businesses and 90 percent of major businesses have had a cyber breach of some sort in the last year.
"Good cyber security underpins the entire digital economy -- we need it to keep our businesses, citizens and public services safe. The UK is a world leader in the use of digital technologies but we also need to be a world leader in cyber security," Minister for the Digital Economy, Ed Vaizey says. "Trust and confidence in UK online security is crucial for consumers, businesses and investors. We want to make the UK the safest place in the world to do business online and Cyber Essentials is a great and simple way firms can protect themselves".
Speaking at today's Financial Times Cyber Security Europe Summit, the minister revealed that more than 1,000 businesses have now adopted Cyber Essentials -- the government's leading scheme which protects businesses against the most common threats on the Internet. Intel Security is among the firms who have recently achieved Cyber Essentials certification.
The Minister also announced a new £500,000 fund to help universities and colleges develop innovative teaching and learning to provide the cyber security skills needed to protect the UK now and in the future.
Commenting on the speech, Wolfgang Kandek, CTO at security management specialist Qualys says, "It's up to us all to make it easier to keep IT systems secure, from end-users knowing not to fall for phishing attacks or malware, through to IT teams keeping systems up to date and therefore protected. When one pound out of every five is driven by Internet activities, all sites and applications should be made secure by design, rather than having security bolted on as an after-thought".
Further details of Cyber Essentials, including the scheme documents and an online tool to help businesses assess themselves, can be found on the scheme's website.
Image Credit: Niyazz / Shutterstock
Despite the number of high-profile data breaches over the last year, many businesses and consumers are still not taking appropriate measures to ensure proper security online. The games industry is no exception, with several major game companies having been hit by significant breaches.
A survey by gaming industry backend service PlayFab of more than 500 users who play video games for more than four hours per week, reveals that 83 percent of respondents believe game developers should be responsible for securing players' personal data. However fewer than 40 percent say they feel confident in current safeguards.
In addition, while 86 percent of participants expressed concern with protecting personal data on the internet, for nearly half of all respondents data security ranked as one of their lowest priorities when making game purchases.
"Data breaches continue to plague businesses across the globe, and the games industry is not immune to these attacks," says James Gwertzman, co-founder and CEO of PlayFab. "These survey results underscore both the opportunity for game developers to improve trust by focusing on security measures, and the importance that they do so to safeguard an audience that relies on them. PlayFab plays a role in this by giving developers a battle-tested, secure backend that makes it easier to protect players' private data".
Other findings include that 46 percent of respondents say they provide the bare minimum of personal data required, and 20 percent indicate they will sometimes give false information, when making game purchases.
Nearly 60 percent cite cost and game play experience as the first or second most important factors when selecting a game, with almost half ranking security as one of the least important factors.
When asked about the security of their game accounts and experiences, more than 80 percent ranked either personally identifiable or financial related information as the most important thing to protect. Most respondents had minimal experience with compromised data -- only 30 percent were aware of data breaches that had affected the games industry, and 85 percent hadn't experienced a game-related security breach. 71 percent say they hadn't ever discontinued use of a game due to security vulnerability concerns, further highlighting a lack of awareness of potential risks.
The majority of participants, 55 percent, either view desktop and laptop systems as safer than other platforms, or believe all platforms to be roughly equal in terms of security, indicating a disconnect from the real world security landscape.
You can see more details of the survey results in infographic format below.
Image Credit: BonD80/ Shutterstock
Data is the lifeblood of business, but getting the answers to key questions from it can be time consuming and costly as it needs specialist tools and expert analysis.
Analytics specialist Looker is trying to simplify the process of gaining insights from data with the release of a new product called Looker Blocks.
These are apps that form components of business logic, such as churn prediction or lifetime value metrics, which can be put together and customized to address data needs company-wide as well as any industry-specific requirements. By combining a few Looker Blocks businesses can start to access and analyze data faster and have the tools to address all of their data needs across the entire organization. Looker Blocks can be used to analyze the sales funnel, monitor customer health, conduct sophisticated web analytics, or optimize an online storefront -- essentially any analysis that a company might need.
"In today's competitive market, every business in every industry should be leveraging data to make informed decisions, but available tools offer either limited views of the data or require data experts to answer even simple questions," says Frank Bien, Looker CEO. "Now with Looker Blocks, Looker’s Data Platform is clearly the solution to company-wide analytics -- offering a way for analysts to centralize their business logic while also offering access and exploration to everyone".
Looker began four years ago and became successful with data analysts because of its ability to describe, transform, and interrelate data directly within analytic databases. It's since added visualization and analysis tools and begun offering self-service exploration for business teams. With Looker Blocks it has made public the best of these centralized metrics and has turned its data modeling layer into a full platform that can easily consolidate all analytics functions across an entire organization.
You can find out more about Looker Blocks and set up a free trial on the company's website.
Image Credit: Nenov Brothers Images / Shutterstock
Many companies rely on the use of survey software to stay in touch with and get feedback from their customers.
But there are lots of options available for conducting surveys, so which are the most popular? Software finding service Capterra has produced an infographic revealing the top 20 survey tools.
SurveyMonkey tops the list with more than 2.3 million customers and 2.5 million users, followed by QuestionPro with fewer customers but a similar number of users. Third comes Qualtrics, all three of these solutions having well over a million users.
Not surprisingly SurveyMonkey has gathered more social media followers than any of the rest. However, some solutions from lower down the list have a stronger social media presence than some of the big players.
You can see the full breakdown of the top 20 in the infographic below.
Photo Credit: tanewpix/Shutterstock
A new report by internet security specialist Webroot on the eve of National Cyber Security Awareness Month (NCSAM) asked over 500 mothers with kids leaving for college this year about the security of their offspring's computers.
Among the findings are that a worrying 24.45 percent of moms report that their child does not have a security solution installed on their laptop or computer. The reasons for this are interesting, with 37.4 percent not having thought about it, 34.15 percent because they said the machine came with security already, and 17.07 percent who don't believe security is necessary.
"Almost 40 percent of survey respondents said they just didn't think to install cybersecurity, and almost 20 percent don't think it's necessary. That's why NCSAM, as well as other initiatives to educate the general public about the dangers they face in cyberspace, are crucial," says Grayson Milbourne, security intelligence director at Webroot. "From sophisticated malware to spear phishing and ransomware, cybercrime continues to get more advanced. People who are not concerned or aware of internet risks make easy targets. As we're faced with an increasing number of high-profile hacks, individuals need to be more cautious than ever about the websites they visit, the URLs they follow from emails and social networks, and the apps they use".
Despite lack of awareness of security products, mothers are concerned about the internet safety of kids at college, with 11.93 percent being 'very worried' and 55.67 percent 'somewhat worried'. Their views on what is likely to have the biggest repercussions on their child’s identity are interesting too. 69.18 percent believe downloading free music and movies is the biggest risk, but only 30.82 percent say it’s visiting porn sites.
When it comes to the biggest risk students face stolen identity comes out on top, just ahead of stolen financial information. Hacked social networks and private photos being released rank third and fourth. But although ID theft is the biggest worry, 62 percent of mothers are 'somewhat' to 'not at all' confident that if their child's identity was stolen, they would know what actions to take.
You can find more information about NCSAM at staysafeonline.org.
Image Credit: Monkey Business Images / Shutterstock
Most employees are interested in participating in BYOD, but many are put off by their employer's device and application management policies which are seen as too restrictive or invasive to privacy.
This is among the findings of a survey by data protection specialist Bitglass which also reveals that 67 percent of employees would participate in BYOD programs if their employers had the ability to protect corporate data but couldn’t view, alter or delete their personal information and applications.
The results show end users are challenging, and even rejecting, traditional mobile device management (MDM) and mobile application management (MAM) solutions, fearing their employer’s ability to access, alter or delete personal data stored on their mobile devices. Underscoring this, 57 percent of employees, and 38 percent of IT professionals are choosing not to participate in their company's BYOD program because they don't want their employer's IT department to have visibility into their personal data and applications.
"BYOD holds great promise for employee productivity and cost savings, but architectural challenges introduced by the first wave of solutions have inhibited adoption," says Nat Kausik, CEO, Bitglass. "Going forward, BYOD programs must comprehensively address privacy concerns while allowing users to maintain control over their personal data. Agentless, data-centric mobile security solutions solve these challenges and represent the next-generation of mobile security".
Despite lower-than-expected adoption, there remains a high interest in BYOD participation if the right conditions are met. Of IT professionals surveyed, 64 percent believe that their BYOD programs would be more successful without MDM hassles, such as installed agents and employee privacy challenges.
Other interesting findings are that 28 percent of organizations are doing nothing to protect corporate data on mobile devices. Also, 44 percent of millennials said they would participate in BYOD programs in which employers have the ability to wipe their personal mobile device to protect proprietary information. Perhaps most worrying is that 40 percent of security administrators have chosen not to participate in the same mobile policies that they're enforcing for their organization.
You can read more in the full report which is available on the Bitglass website.
Photo credit: Alessandro Colle/Shutterstock
Security ratings specialist BitSight Technologies has released a new report highlighting the differences in security performance across industries from August 2014 to August 2015.
Having analyzed security ratings of nearly 10,000 organizations across six sectors -- finance, federal government, retail, energy and utilities, healthcare and education. It reveals worrying performance trends in the critical energy and utilities sector, however, the federal government (despite recent headlines) is revealed as high performing and second only to finance.
BitSight Security Ratings range from 250 to 900, with higher ratings equating to better security performance. Industry ratings are calculated using a simple average of the BitSight Security Ratings of companies in that sector.
Over the past year, BitSight researchers noted a dip in the performance of energy and utility companies, with the average rating in this sector being 652. This is higher than the healthcare sector, which averages a 634 rating, but below the retail sector which averages 684 and has been grabbing the data breach headlines.
Analysis of federal government organizations shows that many are performing well when it comes to overall security performance. The average rating for the federal government sector was 688, while the average rating for finance, the top performing industry, was 716.
"There is no question that energy and utility systems are vulnerable and will be attacked. Organizations will never be able to protect against everything, but they need to continuously monitor their security posture in order to identify and mitigate issues before too much damage is done," says Stephen Boyer, co-founder and CTO of BitSight. "Benchmarking can also serve as a key indicator of security performance, allowing an organization to better understand their own posture, as well as that of the third parties with which they share their data. Given recent headlines that illustrate this security gap, we must look beyond our own companies and focus attention on those that access our information".
Other findings are that whilst most organizations have updated their servers to guard against Heartbleed, many haven't acted when it comes to POODLE and FREAK. The vulnerability rates for FREAK range from 30 percent in finance to 75 percent in education, meaning that at best, one in three finance organizations is vulnerable to FREAK. 79 percent of federal government entities analyzed were vulnerable to POODLE as were 90 percent of higher education institutions.
Finance has consistently been the top performing industry in BitSight's industry benchmark reports. In this report, the average rating was 716, in line with the 712 rating a year earlier. At the other end of the scale, education has consistently been the lowest performing industry, with an average rating of 554.
You can find out more in the full report which is available to download from BitSight's webpage.
Image Credit: Meryll / Shutterstock
In the modern workplace there’s increasing demand for people to be able to work remotely or bring their own devices into the office. That presents a problem for IT departments who need to deliver secure access to corporate data and ensure that everyone is using approved applications.
One way of allowing employees and contractors to use their own PCs but still ensure they’re running the approved corporate software is the IronKey Workspace. It’s a bootable USB stick that can be loaded with a corporate Windows image including applications, security controls and access policies. It will work on any reasonably modern PC and on some Macs too.
It’s the same size as a normal USB memory stick but a lot heavier -- not for nothing does it have iron in its name -- obviously designed to survive the rough and tumble of a life on the road. Provided your system is set up to boot from a USB drive it simply starts up from the IronKey rather than its internal drive.
In Use
Effectively the IronKey bypasses the host PC’s native operating system, in fact it’s purposely isolated from it in order to provide additional security. It uses a Windows To Go licence so businesses can use an IronKey for every existing Windows licence with no need for additional licensing. Since it’s using a solid state drive and it’s not encumbered by software that’s installed on the PC it runs quickly even on older machines. Our test sample came with Windows 10 installed, though 8.1 versions are available too.
The first time you boot from the IronKey there’s a short ‘preparation’ session then you need to re-boot again and it runs a normal Windows set up. This lets you select the language and set up Wi-Fi, then one more boot and you have the choice of using Azure AD or a domain to connect to a company network and you’re ready to go.
We tested the IronKey on a Lenovo laptop and there was little difference between the performance whether running from it or from the internal drive. It does feel a little odd to be using the machine without the noise of the hard drive whirring away though.
Once up and running you can still access most of the laptop’s features like the DVD drive and Bluetooth. The IronKey did a pretty good job of detecting our machine’s hardware, though we did have to tweak the display settings to get the right resolution and it couldn’t cope with the scroll part at the side of the trackpad, but neither of these are major issues.
The PC’s own hard drive is hidden from Windows when you’re running from the IronKey and on our 32GB version there’s around 20GB of space available on the device itself to allow you to store files and install programs. Higher capacity versions are available. It comes with the standard range of Windows software, Windows Mail, Media Player, Windows Defender, etc installed. In use it’s like any other desktop environment so you can access cloud based apps and services via a web browser.
Security
The main reason for using something like this is to secure corporate information and provide a barrier between personal and work use of the same machine. When it’s running the IronKey’s LED is green and, as we’ve already pointed out, you can’t access the PC’s hard drive. Plug the device in while the PC is running its own OS and the LED turns red to show that the device is encrypted, it’s the IronKey that’s now hidden from Windows Explorer.
It has it’s own control panel that lets you set the device password and there’s the option to reset or self-destruct the device if it falls into the wrong hands. You can also set a custom 'if found...' message to display on the lock screen.
It’s hardware encrypted to keep its contents safe. Different versions of the IronKey are available with varying levels of encryption, the W500 tested here uses hardware encryption but there’s also a W700 which provides stronger encryption and access to a Federal Information Processing Standard (FIPS 140-1) validated workspace, plus there are W200 and W300 versions with BitLocker protection. The company says that the cryptographic chip keys never leave the device and that it’s physically and logically impenetrable.
For IT managers the IronKey offers control over the ability to run business apps and the ability to remotely disable the device if need be.
Conclusion
The IronKey is aimed at IT departments who need to allow employees to telecommute, implement a BYOD policy, or give contractors access to systems. Because it will work on pretty much any PC that has the ability to boot from USB it’s also a good way of extending the life of older hardware, though performance is better if you have USB 3.0 capability.
It’s easy to use, and it offers impressive security features and the ability to keep itself separate from the host PC’s storage. It isn’t cheap at £166 for the 32GB version but then again it’s a lot less than buying a laptop.
More information is available on the IronKey website.
Pros
Cons
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Finding anomalies in data sets is an effective way of identifying performance issues or indicators of compromise before they impact a business.
Being able to link those anomalies together by identifying common traits among them would be even more effective and that's what a new Anomaly Detective tool from behavioral analytics specialist Prelert does.
"IT security and operations teams are drowning in log data that, if analyzed, could tell the story of most performance issues or security threats their organization faces. However, there’s no way a person can piece that story together on their own, which is why intruders go undetected for months and performance issues can persist indefinitely," says Mark Jaffe, CEO of Prelert. "With our machine learning capabilities, Prelert enables organizations to pinpoint issues that really matter. And with significant enhancements in this new version, teams can now see how those issues relate to one another, making it even easier to detect advanced threat activity or discover the root cause of operational issues".
Anomaly Detective V4 introduces a new feature called Insights that helps tell the story behind an organization's data. It identifies time-sequenced groups of anomalies linked by one or more common entities. By using machine learning to automate data analysis, Prelert can identify unusual or suspicious behaviors and the entities -- such as users, IP addresses and domains -- that influence them. Users can then access a list of other Insights that share a common influence, helping to make certain patterns of attack stand out as being more critical than others.
Key features include pre-configured Insight definitions to enable the system to automate Insight creation for activities including cyber kill chain progressions. It also delivers the ability for analysts to create Insights based on their own environmental factors and then save, label, comment and re-use them for future detection and investigation. An Anomaly Timeline shows the temporal relationship of anomalies included in any given Insight.
For more information about Anomaly Detective or to start a free trial you can visit the Prelert website.
Photo Credit: ollyy/Shutterstock
More and more devices now either connect through, or are powered by, USB connections which means you can easily find yourself running out of ports. This is especially true of the latest slimline ultrabook type systems.
Adding a USB hub is an easy way of expanding your number of ports and these latest offerings from Inateck give you a choice of solutions as well as a handy way of accessing wired networks.
Both versions -- the HB4102 and the HB4103 -- share the same size aluminium body which gives them a smart look with a nice solid feel whilst remaining light. Both support the latest USB 3.0 standard for 5 Gbps transfers -- that’s around ten times faster than USB 2.0 for those who are interested in these things. It is of course backwards compatible with earlier kit.
The HB4102 has four USB ports, three on top and one on the end panel, and connects via a standard USB socket. The HB4103 offers three USB ports on top as before, but the end panel now carries an Ethernet connection. Both are also available in ‘C’ versions to connect via a USB Type-C port, as found on the new MacBook for example, rather than standard USB.
They’re powered solely by USB so there’s no additional mains adapter required. The hardwired connection cables are quite short though -- about 30cm -- which means they’re better suited to use with laptop than desktop systems. There’s a white LED on top to indicate that the hub is active though this is a bit hard to see against the aluminium body.
The Inateck HB4102 is a nicely made USB hub, but it’s the HB4103 that’s likely to have more appeal to business users because of that Ethernet port. It’s not there to allow you to connect a NAS box or network printer, it acts as a gigabit Ethernet adaptor so you can use it to connect a PC to a router or to an office network.
Extra LEDs on this model show network activity. For devices like Chromebooks and MacBooks that don’t have a wired Ethernet port it’s a good option. The C version is compatible with Mac OS 10.6 without needing any drivers, settings can simply be handled from the Mac’s Network menu.
Combine HB4103 with a mini-USB adaptor and you can use the Ethernet port to connect to a wired network with a phone or tablet too. The advantage being that it will give you a faster connection than Wi-Fi for streaming or uploading large files, and allow you to connect if no Wi-Fi is available. It supports the 802.3az energy efficient Ethernet standard to reduce power consumption.
The HB4102 costs $11.99 on Amazon. The HB4103 costs $24.99 (or $28.99 for the HB4103C version). More information and technical specs can be found on the Inateck site.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
If you frequent Android forums you'll probably have seen references to 'Monkey Test' and 'Time Service' as users report that it's hard to get rid of these apps.
Researchers at Cheetah Mobile's CM Security Research Lab have discovered that the source of these apps is a virus called 'Ghost Push'. This installs unwanted and annoying apps on the device and can't be removed easily even by doing a factory reset or using normal antivirus software.
Disguised as legitimate apps, the malware can spread itself widely via commercial SDKs or browser ads. Once a Ghost Push infection is active, it will automatically be able to root the device and download apps without the user's permission. This will slow down the system as well as consuming large amounts of data. CM Security says it's the most widespread and infectious virus it's seen to date. So far it's been affecting 600,000+ users per day.
The virus is mainly spread through Europe, Russia, the Middle East region, and southern China. So far 39 apps have been discovered that contain Ghost Push and it has affected 14,847 phone types and 3,658 brands.
The virus has so far not affected apps from the Google Play store so if your device is set to not download apps from third-party locations you should be safe.
For more information on the infection and how to remove it you can visit the Cheetah Mobile blog.
Photo Credit: Dmitrijs Bindemanis/Shutterstock
Being locked out of your account because you mistyped your password is not only frustrating, it takes up valuable IT staff time as it has to be treated as a genuine security threat and investigated before resetting.
Behavior analytics specialist Exabeam has produced a solution to the account lockout problem that uses machine learning to model lockout behavior and apply that logic and related rules to its latest release.
This also records how many times a user has been locked out in the past so companies can add that information to the user's behavior history.
"Exabeam Version 2.0 empowers companies to maintain strict security policies without relegating their security teams to futile, endless lockout investigations triggered by everyday user errors," says Nir Polak, Exabeam's CEO. "Separating true security risk from accidental lockouts is no longer a full-time job".
Other features of the latest Exabeam include user watchlists, allowing admins to create arbitrary lists of employees and contractors that will require special monitoring. For example, a customer might create a watchlist of all users whose systems had malware within the past month, to detect potential re-infection.
Security alert searches allows the entry of an alert from another security product and the ability to view a timeline of all users and activities connected to that alert. It can also use organizational information to automatically identify all machines -- laptops, smartphones, etc -- used by company executives, to enable special data monitoring rules as required.
Exabeam 2.0 will be on display at Splunk.conf15 in Las Vegas this week or you can find out more on the company's website.
Image Credit: Gunnar Pippel/Shutterstock
We all know that DDoS attacks are capable of causing massive inconvenience, but according to a new survey they can have major financial and data loss implications too.
The study of over 5,000 companies by Kaspersky Lab finds that almost one in three DDoS attacks coincides with a network intrusion.
According to the research, 20 percent of businesses with 50 or more employees have suffered at least one DDoS attack. Furthermore, over a quarter of attacks lead to the loss of sensitive data, an unexpected and damaging consequence of a DDoS attack. Small businesses are most likely to lose data as a result of a DDoS attack -- 31 percent of SMBs reported data loss compared with 22 percent of larger enterprises.
There's a financial cost too. On average, a DDoS attack costs SMBs more than $50K in recovery bills, which is significantly more than the typical costs they face recovering from other types of attack. Larger enterprises spend a lot to recover from a third-party failure or cyber espionage attack, but a typical financial loss for enterprises from a DDoS attack is $417,000, below average compared to recovery from other types of attacks.
Most DDoS attacks only last for a few hours but in that time can cause complete disruption to a service. However, some attacks are even more damaging, nine percent causing a service to go dark for between two days and a week, and seven percent lasting for several weeks or more.
"Businesses have to re-evaluate their perception of a DDoS attack. The report clearly shows that the damage scope from such attacks goes far beyond the temporary downtime of a corporate website", says Evgeny Vigovsky, head of Kaspersky DDoS Protection at Kaspersky Lab. "Companies report total disruption to their operations, and in some cases -- loss of sensitive data. Still, many businesses feel that a mitigation strategy is too complex and expensive to implement. The solution to this is straightforward: vendors have to take technical challenges upon themselves, offering an easy to implement and use solution to clients. This is the approach that we have chosen for the Kaspersky DDoS Protection solution".
The full Corporate IT Security Risks Survey is available to download from the Kaspersky website.
Image Credit: sibgat / Shutterstock
DDoS attacks regularly make the news, but what are companies doing to help them fend off and guard against the threat?
Security company Incapsula has conducted some research to find out if companies are actively seeking candidates with DDoS mitigation skills.
By analyzing listings from the Indeed.com and Dice.com recruitment websites, it reveals a sustained increase in demand for professionals with DDoS mitigation experience across IT security, network engineering and operations, systems administration and DevOps, worldwide.
It finds that 85 percent of the listings seeking DDoS skills come from just eight counties with the US, China and the UK topping the list. The biggest demand is -- unsurprisingly -- for security professionals but demand for network engineers also showed a significant increase.
"Clearly, companies are looking to hire for DDoS mitigation skills. The growth in DDoS attacks makes it essential for every company to have a DDoS planning, prevention and mitigation strategy, and the staff to execute on that strategy," says Tim Matthews, vice president of marketing at Incapsula. "It can take months to hire a person with the right technical skills. We think finding people with good DDoS mitigation skills is especially hard, given that it crosses the domains of network and application layers, web infrastructure and applications, system administration, data center operations and DevOps. Also, DDoS attackers are skilled and nimble, and IT professionals need to be equally nimble and agile to stop new types of attacks".
You can read more about the research on the Incapsula blog.
Image Credit: Arcady / Shutterstock
The Internet of things is set to worm its way into many areas of our lives, but as our cars and domestic appliances become connected how can we be certain that they're secure? We've already seen issues with cars being hacked and do you really want to be installing security software on your fridge?
We spoke to Lev Lesokhin, Executive Vice President, Strategy and analytics, of software analysis and measurement specialist CAST to find out how developers of IoT products can keep them secure and retain consumer confidence.
BN: Many IoT devices are made by companies not traditionally involved in computing. Are they being caught out by lack of experience?
LL: Absolutely. It's a double whammy. Not only are these companies suddenly having to put together a software capability, where the market for software engineers is more and more demand-constrained, but they have to figure out how to manage software delivery. That's a long journey. Also, the traditional embedded software developers still haven’t caught up to the practices needed to develop internet-connected applications -- from a security, reliability and performance efficiency standpoint.
BN: Where in the product lifecycle does security need to be addressed?
LL: About 50 percent of security flaws are in the design and the architecture of an information system. Security needs to be addressed at the start of the design phase, making requirement tradeoffs as necessary. During code construction (i.e. development), security needs to be baked in that process all the way through. Security is then tested at the end of the development process. Security must be foundational -- it cannot be regarded as a mere 'bolt on'.
BN: Security is an ongoing process, how can companies deal with this and does it risk early obsolescence of devices?
LL: It may be counterintuitive, but it's actually the opposite. CAST Research Labs, in their latest research report (CRASH), found that security is highly correlated to software robustness. In fact, it may take a little bit more time upfront to build robust software, and it takes more management oversight, paying attention to their analytics about structural quality. But, as a result you have more secure and robust software -- which is actually more reliable and easier to maintain. So it will actually have a longer shelf life.
BN: Isn’t the answer to keep critical infrastructure devices isolated from the internet?
LL: You can have a solution to operate on secure subnets, but these will by definition be restricted to the other users of the same subnet. That may work for some business models, but for anyone that wants to access the worldwide market that’s on the internet, this won’t be a solution. As a result, embedded software components have to interact with internet-facing components in a safe way. This makes it much more difficult, because now the developers have to understand how these components will interact to ensure security, reliability and efficiency. This is a common problem in IT, but new in device software development.
BN: Won't IoT devices in the home be protected by being behind a firewalled router?
LL: The short answer is no. Some of the router security mechanisms can prevent novice hackers from entering home devices, but this is not failsafe. If we don't want an army of refrigerators creating DDoS attacks on critical infrastructure, we need to make sure the software onboard these devices is built with security in mind.
BN: Do device manufacturers need to be more open about why their devices are going online, what data they’re collecting and where it's being stored?
LL: Yes. The 'bad guys' will figure that out anyway. It's important for manufacturers to share this information with each other. It's also important for the consumer to know what information is being retained and/or broadcast by their devices. Manufacturers will also have to build in privacy options that can be invoked at the expense of additional functionality. This comes back to the first question about designing security in during the requirements phase of software development.
BN: What standards are in place which help businesses and developers meet specific goals for software quality?
LL: Software quality standards have existed for a long time. The traditional standard has been ISO 9126. Now that has been reworked into ISO 25010. The trouble with the ISO standards is they are vague and general. They specify the categories of 'what' should be measured, but they don’t specify 'how' to actually measure these criteria. There is also a standard being published by the Consortium for IT Software Quality (CISQ), the Object Management Group (OMG), and the Software Engineering Institute (SEI). It's aligned with ISO 25010, but gets into a great deal of detail as to 'how' these characteristics should be measured. Once this standard is rolled out, CISQ has made statements that they will provide a certification process in order to officially show that software follows the standard.
BN: In addition to measurement and analytics, what else needs to be a priority for manufacturers and developers?
LL: Keeping up with latest technologies, frameworks and coding practices. On the one hand, there are not enough experienced developers to go round, the flip side is that technical knowledge is among the quickest of all forms of learning to go stale. Managing this paradox is among the essentials of managing a development team. The best solution is to keep training all developers in the latest technology trends and practices. The best way of learning is on the job, and the best developers are the ones who feel they are being invested in.
Image credit: Gustavo Frazao / Shutterstock
For IT teams to deliver reliable systems with high availability they need to be able to spot problems and potential problems early. These challenges are greater as systems move to the cloud and software-defined data centers.
Operations analytics specialist Continuity Software is launching the latest version of its AvailabilityGuard software, providing enterprise IT teams with advanced predictive analytics, risk detection, and outage prevention capabilities.
The software allows teams to identify and resolve hidden design and deployment flaws that may introduce downtime risks, single-points-of-failure and deviations from best practices across the entire infrastructure.
"The transition towards the software-defined datacenter delivers higher levels of agility and control to IT organizations, but at the same time presents new challenges," says Doron Pinhas, CTO of Continuity Software. "The risk of misconfiguration does not go away with automation. If a certain configuration deviates from best practices, automation only helps it spread faster and makes it more difficult to pinpoint. AvailabilityGuard is a safeguard against the diffusion of bad practices and risky configurations throughout the infrastructure".
AvailabilityGuard helps ensure systems are properly configured according to vendor best practices and internally-defined standards. It does this by performing daily verification of the entire IT landscape to identify single-points-of-failure and other configuration risks while reducing the time and effort associated with pre-rollout testing.
It can verify configuration changes before they affect the business, provide actionable recommendations for applying best practices and removing availability risks, as well as measuring performance indicators to establish safer and more agile best practices over time.
In addition it helps enterprises realize the benefits of the software-defined data center. It offers a blueprint for safer transition towards automation by verifying the existing environment to ensure a clean start, validating that automation scripts are programmed correctly and ensuring ongoing automated validation following the transition.
"Automating standard validation means you get things done right from day one, as opposed to learning how to get there after years of trial-and-error," adds Pinhas. "Best practices not only protect against risks to your environment, but also help you get the best utilization and performance from your technology and make systems easier to maintain and update".
The latest AvailabilityGuard is out today and you can find out more and get a free demo on the Continuity Software site.
Photo Credit: dotshock/Shutterstock
If you work in IT it's generally the case that you're quite well paid and enjoy good career prospects. Yet according to a new survey you're probably also unhappy.
Workforce engagement specialist TinyPulse surveyed over 5,000 tech and IT workers and found that they are very, very unhappy. The top drivers of unhappiness were poor coworker relationships, little room for growth with their employer, and not enough praise for their work.
When asked to rate their happiness at work on a one to 10 scale, only 19 percent of IT workers gave a score of nine or 10, compared to 22 percent of other workers. Around half of non-IT workers say that their promotion and career path is clear compared to only 36 percent of IT staff.
They're similarly pessimistic when it comes to assessing their opportunities for professional growth and how well they believe their employer supports them in their interests and goals. When asked how valued they felt at work only 17 percent of IT workers gave a nine or 10 score compared to 22 percent of non-IT staff.
When asked whether their supervisor had given them any recognition for their work in the past two weeks, 69 percent of IT workers answered yes compared to 75 percent of non-IT staff. There's also a bigger mismatch between personal values and the organization’s values with only 34 percent of IT staff rating the match in values between nine and 10 compared to 45 percent of non-IT workers.
Relationships with co-workers are poorer in the tech sector too, with only 47 percent of IT staff rating these a nine 0r 10 compared with 56 percent of non-IT.
The report concludes, "These employees directly impact others with their work, so disengagement and unhappiness here has ripple effects throughout other industries. To drive the creativity and productivity we need, leaders must make it a priority to combat IT employees’ workplace dissatisfaction".
You can find the more in the full report available on the TinyPulse website.
Image Credit: Sergey Nivens / Shutterstock
A new infographic from enterprise mobile specialist OpenMarket looks at how companies are using mobile messaging to improve marketing and awareness, and make a positive impact on customer experience.
Findings include that mobile messaging is the most frequently used communication channel on the planet and that 90 percent of texts are read within the first three minutes of opening. The millennial age group is 40 times more likely to react and respond to a business via text.
When used for marketing, click-through rates for SMS are at nearly 20 percent as against email at a mere two percent. Read rates are higher too with 98 percent for SMS, versus email at 20 percent. Even for surveys, mobile response rates are 20 percent, which is twice as high as phone polls and five times higher than for online questionnaires.
A company's willingness to use mobile messaging also drives people's perceptions of it. 77 percent of millennials have a positive view of a company they can text. When using SMS, businesses have experienced a 20 percent decrease in customer call volume and a 25 percent increase in customer satisfaction. It also shows that 64 percent of consumers prefer texting over voice communication for customer service.
You can see more detail in the full infographic below.
Image Credit: Bloomua / Shutterstock
Once content has been published online it's almost impossible to retain control and know who sees it or where it's distributed.
A new solution from StoryCloud seeks to offer online content publishers control over how their material is consumed. Called Share By it provides user-controlled file transferring for media, videos, music and various file formats with easy to interpret analytics, integrated social networking and ecommerce.
By using permission-based technology that is tightly integrated with social networking, analytics and ecommerce, Share By allows content providers to easily determine who sees their content, when, and from what location. Other permissions include duration, view or download limits and scheduling time periods for sharing and the devices that are permitted. Once content providers upload content to StoryCloud and determine permissions, they receive a unique URL which can be shared with any online audience, including Facebook and Twitter.
Analytics graphically present how content is accessed and consumed, allowing owners to build an audience, engage users and monetize their offerings.
"StoryCloud is founded on the principle that content belongs to the content creator and publisher. We're providing users and publishers the ability to determine who sees their content, when, where, for how long and on any given device," says Ken Kalb, CEO of StoryCloud. "We then help them fully monetize with pay per view, subscription and advertising models".
Share By is now available in beta and you can find out more by visiting the StoryCloud website.
Image Credit: Toria / Shutterstock
Containerization makes deploying applications faster and more cost-effective than using traditional means. As a result container technologies have become more popular with Docker rising rapidly in popularity and market share.
But a new survey from enterprise security specialist Twistlock shows that 91 percent of respondents said they are concerned about container security.
According to the study 86 percent of IT decision makers say their companies already deploy containers, or they plan to do so within a year. Of these, 35 percent say containers are already broadly deployed across their networks.
Security is a major concern though with half of respondents saying they are very or extremely concerned. Of those who don't use containers in their data center, 81 percent say the addition of in-container security would prompt them to adopt a container strategy.
The three container security features that respondents say they would most-benefit from are, the ability to ensure that all containers have a consistent security model from development through to production (83 percent), preventing development mistakes from reaching production (82 percent) and detecting vulnerabilities in containers (80 percent).
"This survey shows what Twistlock has known all along -- that even though containers are accessible and easy to deploy, many companies do not have a good grasp of how to manage container security. This remains a major adoption hurdle that is keeping data centers from migrating to containers completely," says Ben Bernstein, CEO of Twistlock.
You can see more of the survey results in the infographic below.
Image Credit: Sergey Nivens / Shutterstock
With mobile overtaking desktop as the main way of accessing the internet, brands have new opportunities to reach their customers on their preferred platform.
Mobile technology company Zumobi has produced an infographic looking at the opportunities for brands to harness the power of mobile content marketing strategies.
The headline figure is that mobile use has increased by 76 percent year-on-year since 2013. It also reveals that 71 percent of consumers are open to receiving personalized promotions and offers from their preferred brands and retailers. This gives companies the opportunity to unite mobile with content marketing and open up a new phase in the way they engage with their customers.
Other findings include that Americans spend almost three hours per day on their mobile devices and that 61 percent of millennials prefer to use mobile over desktop. The biggest growth in mobile use has come in lifestyle and shopping -- 174 percent up between 2013 and 2014, followed by utilities and productivity up by 121 percent and messaging and social up 103 percent.
"With the mobile landscape so influential and content marketing proven to be the most effective way to reach consumers, we’re right at the ideal intersection between the two -- offering an untapped opportunity for marketers that's personalized and data driven," says Marla Schimke, VP of Marketing at Zumobi. "As the infographic presents, seven out of every eight minutes of mobile use is spent in app. If a brand is not leveraging its mobile potential through content marketing initiatives, they’re missing a massive engagement opportunity".
You can see more, including how brands are investing in mobile content, in the the full infographic below.
Image Credit: Slavoljub Pantelic / Shutterstock
PandaLabs, the malware research arm of Panda Security, has published its latest quarterly report showing that malware creation levels have broken new records.
It reveals that in the second quarter of 2015 there were an average of 230,000 new malware samples detected each day, which means a total of 21 million new types in these three months. Compared to the same period last year, where there were 160,000 registered samples, this is an increase of 43 percent.
The majority of these samples are variants of known malware, mutated by cybercriminals to try and stop the antivirus laboratories from detecting the infections. Trojans continue to be the most common source of infection, with 76.25 percent of users infected by this type of malware. This quarter also saw the proliferation of PUPs (Potentially Unwanted Programs) which accounted for 14.39 percent of infections, placed just behind Trojans.
Cryptolocker remains a major threat as cybercriminals have begun to reuse an old technique to infect users. This involves using macros in Office documents, especially Word. To complete the attack, the criminals included a blurred image which could only been seen if the user activated the macros. Once the user does this, they are infected with Cryptolocker.
"Cyber hackers are looking at businesses more and more as it is relatively easy for them to steal information," says Luis Corrons, Technical Director of PandaLabs. "Sometimes it's as simple as introducing a variant of Cryptolocker in a file that is sent to an employee and, once it’s opened, the security of the entire company is at risk".
Looked at geographically, the areas with the highest rate of infection were Asia and Latin America, which placed above the average of rate of infection (33.21 percent). China was the country with the highest rate of infection on 47.53 percent, followed by Turkey or 43.11 percent and Peru on 41.97 percent.
At the other end of the scale, Europe and Japan were the areas with the lowest rates of infection. Sweden on 21.57 percent, Norway on 22.22 percent, and Japan on 23.57 percent are the countries with the lowest infection rates worldwide, followed by Switzerland on 24.41 percent and the UK coming fifth on 25.17 percent.
Despite Europe's overall strong record, some European countries recorded infection rates above the global average. These include Spain on 36.37 percent, Poland on 38.48 percent, and Slovenia on 38.05 percent. In Latin America there were rates of 38.21 percent in Brazil and 37.86 percent in Colombia.
More detail is available in the full report which is available on the Panda website.
Image Credit: Sergey Nivens/Shutterstock
When it comes to marketing, smaller businesses often lose out to their larger competition because they can't afford sophisticated software tools.
Now digital marketing specialist IntellaSphere is looking to give small companies the edge with the launch of its new Freemium service, providing SMBs with access to a free suite of tools they can use to instantly start selling online, as well as find and expand online customers through targeted marketing.
Tools on offer include social media publishing to create and post content across popular social networks such as Twitter, Facebook, YouTube, LinkedIn and Google+, as well as blogs like WordPress, Blogger and Tumblr.
Users can create and distribute promotional coupons including percentage discounts, cash savings, buy 1 get 1 free, or buy 1 get 1 half price offers. IntellaSphere provides the ability to limit the number of coupon activations and can display the number of coupons still available. Offers can be shareable or limited to just one per customer.
There's a content planner and scheduler for easy planning, plus streamlined and automatic publishing of weekly or monthly marketing content. Campaigns and customer engagement can be tracked with notifications of engagements, coupon activations and company mentions associated with the business. Posts and offers are tracked and measured too and their effectiveness is reported, so businesses can identify the most effective and engaging content, the key social influencers engaging with company, and other analytics.
"IntellaSphere disrupts the market by leveling the playing field with our powerful, yet extremely low priced, all-in-one digital marketing platform for SMBs. With IntellaSphere you don't need to have dedicated marketing staff to effectively market your business and increase sales. Most large companies have sizable marketing teams and sophisticated marketing tools to increase prospects and customers. Now SMBs have access to an equally powerful, but much easier to use and affordable marketing solution," says IntellaSphere's CEO Bruce Worrall.
As well as its Freemium Service IntellaSphere offers three monthly business subscription plans ranging from $29 to $149 per month, and a $299 subscription plan for marketing agencies. For more information and to start a free trial you can visit the company's website.
Image Credit: arka38 / Shutterstock
As we rely more on using online services to control various aspects of our lives we end up with a host of login credentials that can be difficult to manage.
Toronto based identity specialist SecureKey is today launching its SecureKey Concierge service in the US. This allows consumers to choose a trusted credential they already have and use frequently to login to other sites, thereby eliminating the need for additional usernames and passwords.
The solution is being offered to online service providers in state and local government, healthcare, financial services, and other markets where consumer privacy, high assurance authentication and ID verification are required.
"As online fraud and security breaches increase, SecureKey Concierge is driving a new era of convenience, security and privacy, translating into peace of mind for consumers using the web for critical applications and services," says Charles Walton, CEO of SecureKey. "The US launch is part of SecureKey's commitment to expanding our ecosystem of trusted partnerships and online service provider communities to dramatically simplify the account opening process for increased customer acquisition, while facilitating greater efficiency in credential management".
SecureKey Concierge enables consumers to use their choice of credential from an Identity Partner in the SecureKey Concierge network to log into online service provider sites. For enhanced privacy, the service includes a privacy guard that ensures consumer online activity is not visible to the Identity Partners, and personal attributes, such as name, address and date of birth, are never shared without explicit consent. There are tiered levels of assurance to support a range of credentials from social IDs to high assurance, smart card-based digital IDs.
It also offers an Identity Verification Service, this allows online service providers to verify user identity data, such as social security number, date of birth, age, zip code and so on bound to a user's credential. A 'tokenization' process maintains the privacy of the consumer’s data, and consumer consent is always required at the start of the identity verification process.
You can find out more about the SecureKey Concierge service in the US on the company's website.
Image Credit: Gunnar Pippel/Shutterstock
Travel apps have evolved to make life easier for users, with regular updates and enhancements to features and usability. But new research highlights inadequate security in the 10 most popular mobile apps for travel on both Android and iOS devices.
The study by self-defending app specialist Bluebox looked at more than a dozen security parameters in the 10 most popular travel apps on the App Annie iOS Top App Charts and Google Play Top App Charts and revealed that critical flaws were present in all of the apps examined.
Flaws found include a lack of data security with only one in ten Android apps and none of the ten iOS apps examined encrypting the data stored, leaving sensitive information easily obtainable by attackers. Additionally, only two of the ten Android apps and one of the ten iOS apps used certificate pinning -- a technology for securing app data in transit and preventing 'man in the middle' attacks.
The study also uncovered the potential for app manipulation. Four out of ten Android apps and six out of ten iOS apps contained code that could enable admin functionality not intended for a normal user to access, and which would grant special privileges for the end-user if enabled. None of the apps incorporated anti-tampering measures either, so attackers could activate restricted functionality and take full control of apps to alter them for their own gain or to launch attacks on other apps.
On average, the app vendor is responsible for creating only 30 percent of the code, while the remaining 70 percent was made up of third-party components. As OpenSSL bugs like Heartbleed have demonstrated, third party libraries present a huge potential attack surface and expose security blind spots for developers.
"All of the apps we reviewed could be modified and changed to act in ways other than what the developers intended, putting sensitive information at risk regardless of device," says Andrew Blaich, lead security analyst at Bluebox Security. "Data must be protected at the application level and security should be integrated into the development process. Without it, users -- enterprise employees and consumers alike -- could suffer damaging loss of important and personal information".
More information on the results is available on the Bluebox website.
Photo Credit: William Perugini / Shutterstock
Britain's electronic intelligence agency GCHQ has released new guidelines to help individuals and businesses choose strong passwords.
In a report issued in conjunction with the Centre for the Protection of National Infrastructure it suggests that the use of complex passwords is no longer required.
It advises using password managers but warns that, "...like any piece of security software, they are not impregnable and are an attractive target for attackers". It also recommends that businesses make life easier for their users by only applying passwords when they're really necessary and only insisting they're changed when there's evidence of compromise. It suggests using alternatives like hardware tokens or RFID badges too.
The report warns of the limitations of common user techniques such as substituting letters for numbers, and of machine generated passwords -- principally that they're hard to remember. Instead it recommends using schemes that are more memorable such as combining four random dictionary words or adopting consonant-vowel-consonant constructions.
It also advises some common sense measures such as always changing default passwords on any new devices and never letting users share passwords. It suggests that administrator and remote user accounts be prioritized for stronger passwords.
Whilst much of the advice given is sensible, users may be forgiven for taking a negative view of security advice offered by GCHQ. The organization has in the past pushed for the introduction of back doors in software and a weakening of encryption. Cynical commenters on the Guardian website suggest that the advice is to ensure passwords are compatible with the agency's latest cracking algorithm.
At the risk of adding your IP address to a secret government database, the full guide is available to download from the gov.uk site.
Image Credit: Richard Peterson / Shutterstock
The introduction of as-a-service delivery models is affecting the way companies operate as they increasingly buy services to supplement their existing systems.
A new report by consultancy firm Accenture looks at how technologies such as cloud, automation, analytics, artificial intelligence and mobility have forever changed the way companies receive and deliver significant business value.
Among the findings are that 53 percent of senior vice presidents and above see as-a-service (AaS) being critical to their businesses. Yet despite this seven out of 10 enterprises don’t expect their core systems to be delivered on an as-a-service basis for five years. Interestingly small and medium businesses and Asia Pacific buyers are more likely to see AaS as critical.
"Every day our clients tell us they are under pressure to find new ways to create business value quickly," says Michael Corcoran Senior Managing Director of Accenture Operations, Growth & Strategy. "The marketplace has moved towards a new era of service delivery where applications, infrastructure and business processes are brought together and delivered 'As-a-Service'".
In order to achieve a successful transition to AaS the report says that businesses must be prepared to encounter resistance and manage change. They also need to learn to buy in new ways and focus on the leadership and talent needed to establish expertise across the business.
They need to blend analytics and automation strategies to deliver intelligent automation too. Currently 70 percent of companies have definitive plans for, or are considering, investments in analytics tools and skills. By contrast, only 40 percent are similarly advanced with their plans for robotic process automation.
Other recommendations include starting with a small AaS projetc before scaling it up to the rest of the business, and building a relationship with service providers and consultants to drive innovation.
You can find more information and the full report on the Accenture website and there's a summary of the findings in infographic form below.
Image Credit: wavebreakmedia / Shutterstock
Preview versions of Office 2016 have been available since March but Microsoft confirmed today the news leaked a couple of weeks ago that the official rollout of the product will begin later this month.
Writing on the Office blog Julia White, general manager of Office 365 Technical Product Management says, "You may have heard the rumors, but today I'm happy to confirm that Office 2016 will be broadly available starting on September 22nd. If you have a volume licensing agreement in place, you can download Office 2016 from the Volume Licensing Service Center starting October 1st".
The update model is improved with a Current Branch for Business option, allowing enterprises who don't want to take updates every month to have just three cumulative updates per year. This is consistent with the approach followed for Windows 10.
Microsoft has also addressed a number of business requests in Office 365 ProPlus. These include deployment support for Background Intelligent Transfer Service (BITS) to help control network traffic when deploying updates, and new reports on Office activation and usage available in the Office 365 admin portal.
The company has reiterated the pledge it made in March to ensure compatibility with existing Office customizations by not making changes to the extensibility model for macros or add-ins.
Guidance for admins on updating from Office 365 ProPlus to the 2016 version is available on TechNet. In addition Microsoft will be running a Cloud Roadshow in November with free two-day training sessions in 12 cities around the world covering topics spanning Office, Azure and Windows.
The growth of mobile, web applications and the Internet of things has meant more use of APIs which is changing the way businesses operate and communicate. IBM forecasts that APIs will represent a $2.2 trillion opportunity by 2018.
One of the fastest growing development frameworks to support this new 'API economy' is Node.js and to help unite this developer community with enterprise clients, IBM has announced today the acquisition of StrongLoop, a leading provider of enterprise Node.js capabilities.
"Enterprises are focused on digital transformation to reach new channels, tap new business models, and personalize their engagement with clients," says Marie Wieck, general manager, Middleware, at IBM Systems. "APIs are a critical ingredient. By bringing together StrongLoop’s Node.js capabilities to rapidly create APIs with IBM's leadership in Java and API Management on our cloud platform, we are unlocking the innovation potential of two vibrant development communities".
This acquisition means Node.js developers now have a richer, operating environment on IBM Bluemix, big blue's platform-as-a-service offering. JavaScript ranked as the number one language for discussion and usage followed closely by Java in the RedMonk Programming Language Rankings. Java remains the leading language for web applications and transaction systems. Combining StrongLoop's tools and services with IBM's WebSphere and Java capabilities, IBM will help clients bridge Java and Node.js development platforms, which will enable them to extract greater value from their application investments.
"With this acquisition, the industry benefits from Node.js' formal entry into the mainstream enterprise," says Juan Carlos Soto, Chief Executive Officer of StrongLoop. "As leaders in the Node.js open community, we plan to further advance open, community-driven innovation coupled with global, enterprise class software and services offerings to grow client value in the API economy".
More information on IBM's acquistion of StrongLoop is available on the company's website.
Image Credit: Tomasz Bidermann/Shutterstock
Modern sales teams are more than ever reliant on data to help them identify opportunities and analyze performance. But can they really be confident in the accuracy of their data and are they using it effectively?
Business management platform Domo has conducted a survey of more than 400 sales leaders to find out how data impacts them in the real world.
Among the findings are that more than half of sales leaders aren't able to access their data in real-time, despite nine out of 10 saying that real-time access is important. 60 percent say they have to wait for someone else to access their data for them and 38 percent say they can't get hold of the data they need.
Analysis is a problem too, 71 percent report struggling with slow data analysis and nearly 40 percent don't know what to do with their data once they finally receive it. A further 53 percent say they feel overwhelmed by the volume of data they receive. They also struggle with the systems they have to use, 38 percent have to use more than four systems in order to track their goals and priorities.
"Sales organizations have so much data, but have no way to get real value from it all," says Domo President Chris Harrington. "Data sits in too many places -- CRM applications, compensation systems, marketing automation systems -- and in too many formats for it to be effectively leveraged. The data is there, they just need to be equipped to leverage it".
In addition half of sales leaders worry that their data isn't accurate and spend many hours -- and sometimes whole work days -- trying to determine how best to use it and developing reports. 65 percent say that it takes too long to gain insights from their data.
When asked to rate their relationship with their sales data only two percent of respondents gave it an A- or better, 83 percent a B- or lower and 38 percent a C- score.
The full report is available to download from the Domo website.
Image Credit: Andrey Popov / Shutterstock
Backup specialist Spanning will be using next week's Dreamforce '15 event to showcase the latest developments in its Saleforce backup solution.
Spanning Backup for Salesforce will now offer a European data center giving companies a choice of backup destination and aiding compliance with policies that specify data must be stored within the EU.
There are also enhanced restore options which allow the recovery of permanently deleted objects, bulk restores which preserve 'parent/child' relationships, and easier restores of single items. Enterprises will soon be able to self-manage encryption keys, enabling them to better meet their organization's security and compliance requirements -- this feature is expected to be generally available early next year.
"Our latest annual survey of Salesforce admins shows an appreciable increase in the awareness of the importance of data protection for Salesforce," says Jeff Erramouspe, vice president and general manager of Spanning by EMC. "At the same time, the survey showed more than 73 percent of organizations do not use third-party backup, leaving their Salesforce data at risk to user-driven data loss. Our continued focus on customer needs -- including those who require that their Salesforce data stay in Europe -- and our backing by EMC, make Spanning a trusted enterprise-class backup and recovery solution for Salesforce data".
Spanning will be using Dreamforce '15 to share the results from its Second Annual State of the Salesforce Admin Survey.
Photo Credit: Andy Harbin/Shutterstock
Recent discoveries like Adult Player have brought ransomware back into the news, but it's not just individuals that are being targeted.
Data recovery specialist Kroll Ontrack says it's seeing a rise in ransomware attacks aimed at corporate virtual drives. Recently Bitcoin payment was demanded in exchange for stolen data with the threat of the user's information being auctioned off.
The new attacks on corporate systems involve hackers deleting virtual drives completely and replicating the files on their own servers. The first thing companies know about the attack is when they find a note from the hacker where the virtual drives used to be. This criticizes their security arrangements and requests payment for return of the data or threatens to sell it on the open market. In a recent case dealt with by Kroll Ontrack, payment was demanded in the virtual currency Bitcoins in exchange for stolen data within two weeks or the user's information would be auctioned off. Kroll Ontrack was successfully able to recover the customer's data saving them from having to surrender to the demands of the criminals.
"The methods used in ransomware attacks are constantly evolving, but our engineering team have developed their own methods to retrieve and restore data which mean that companies avoid having to make payments to criminal gangs just to get their information back," says Shane Denyer, Data Recovery Engineer at Kroll Ontrack. "We are seeing a definite move away from attacks that target large numbers of small business or home users towards more of a spearfishing approach where individual, larger corporations come under fire".
To keep their data safe enterprises are advised to keep anti-virus software up-to-date, create regular back-ups of corporate data on devices outside the network, and store additional back-ups of virtual drives on devices at a different location.
"Earlier versions of ransomware have been broken down and antidotes are readily available," adds Denyer. "However, we are seeing more and more attacks on corporate systems and predict that there will be even more incidents as ransomware technologies continue to develop. The key is to ensure that data is always backed up on a regular basis and that reputable partners are involved in restoring data that is hacked".
Image Credit: Carlos Amarillo / Shutterstock
According to the latest quarterly update from vulnerability management company Secunia, the product with the most vulnerabilities over the three months from May to July was the Avant browser and, once again, IBM is the vendor with the largest number of vulnerable products.
Avant clocked 206 vulnerabilities over the period, and this is partly because it uses both the Chrome and Firefox engines making it open to the vulnerabilities in both. Also Avant's July 2015 update was the first major version since March and will therefore include many of the Firefox and Chrome vulnerabilities uncovered in the meantime.
IBM tops the vendor list due to the large number of products it produces. Those making Secunia's top 20 lists over the quarter include Intelligent Operations Center, Security Access Manager for Mobile, and Cloud Manger with OpenStack.
The Stagefright vulnerability shone a spotlight on Android security in July with the ability to remotely control a device by sending code in a multimedia message. Secunia notes that some good has come of this as Google and some handset makers -- notably LG and Samsung -- have made a commitment to send out monthly security patches to users that will fix any upcoming issues in the operating system.
"For as long as Secunia has been in business, we have tried to get exactly that message across to IT security professionals across industries: you cannot predict what products will be making your infrastructure vulnerable next month, based on what made it vulnerable this month. And you certainly shouldn't assume that, by patching the 10 high-profile software names that spring to mind when you think about what is in your infrastructure, you are all set and secure," says Kasper Lindgaard, Secunia's Director of Research and Security. "Keeping track of what makes your environment vulnerable is an ongoing and complex task, that requires a combination of vulnerability intelligence and visibility of applications, devices and business critical data in your systems".
The full report is available to download from the Secunia website.
Image Credit: Pavel Ignatov / Shutterstock
Over a third of companies are planning to adopt a new file, sync and share (FSS) solution in the next year according to the findings of a new survey.
The study released by enterprise sharing specialist Connected Data shows that 21 percent of companies surveyed plan to make a change in their current FSS solution within the next year. It also finds that 13 percent of companies plan to adopt their first-ever FSS system within the next 12 months.
The survey conducted by Wilson Research Group asked IT managers, directors and other IT executives and consultants what their objectives for implementing FSS systems were. Enhancing teamwork and collaboration was cited by 51.3 percent, providing FSS for remote employees by 46.2 percent, and backing up company data on notebook and portable computers by 41 percent. In addition 33 percent listed acquiring a capability to share or distribute files too large to send via email, and 28.2 percent wanted to provide mobile access for all employees.
A large majority (87.3 percent) want to own and manage their FSS function rather than rely on a third-party provider. Also 12.8 percent wanted a corporate option to eliminate the use of unauthorized service providers.
"The Wilson Research Group study confirms the rapidly growing need for secure and compliant FSS solutions-particularly for larger companies," says Geoff Barrall, CEO of Connected Data. "From the data it is clear that these companies are looking for solutions that are able to deliver all the convenience of public cloud, combined with the security, performance, protection and control that only a private cloud onsite solution can provide. Unfortunately, as many have learned the hard way, there are very few options that can meet all, if any, of these requirements".
There's a summary of the results in infographic form below or there's more information on the Connected Data website.
Image Credit: Chiran Vlad / Shutterstock
Microsoft and Dell are teaming up to deliver Windows 10 devices, services and support to enterprise customers, starting next month with a new Surface Enterprise Initiative.
Beginning in early October in the US and Canada, Dell will sell Microsoft Surface Pro tablets and Surface accessories through its North America commercial sales organization. This will be rolled out to the remaining 28 markets of Microsoft's Surface commercial channel starting early next year.
"Windows 10 is off to a great start, and we're ready to help make the transition to Windows 10 as easy as possible for all of our customers," says Michael Dell, chairman and chief executive officer of Dell. "Together with Microsoft, we are giving our customers great products, including Surface, with the best sales, service and support in the world".
Surface Pro devices sold through Dell will offer the option of Dell Services, including up to four years hardware warranty, ProSupport with Accidental Damage Service, and Configuration and Deployment Services. The Surface Pro will be sold alongside Dell's existing Windows tablet portfolio.
"We want to move people from needing, to choosing, to loving Windows and so do our partners," says Satya Nadella, CEO of Microsoft. "Our global enterprise customers have asked us to match the Surface Pro 3 and Windows 10 experience with enterprise-grade support and services -- and our partnerships like this one with Dell will do just that".
New Windows 10 enterprise features will also roll out to Windows Insiders this month, with wider availability later in the year. These will include Enterprise Data Protection (EDP), which provides personal and corporate data protection wherever data flows, and Microsoft Passport for enterprise, which helps workers securely login to applications, websites and networks without the need for a password. There will also be a Windows Store For Business, delivering business customers a unified Windows app store experience with a choice of Windows store apps alongside company-owned apps, and allowing IT administers to acquire apps in bulk.
You can read more about the announcement on the official Windows blog.
Users of enterprise systems are often deterred from completing tasks via mobile apps due to complexity or poor user experience.
Enterprise mobility specialist Capriza is aiming to change that with the launch of a platform that will for the first time make legacy enterprise applications fully contextual and end-user relevant.
"Enterprise applications have been broken for decades, and for some reason we've come to accept this complexity and irrelevance in our work lives in a way we never would as consumers," says Yuval Scarlat, CEO and co-founder of Capriza. "Consumer apps work for us -- information is contextual and presented in a way that takes seconds to consume and act on. It’s time for the enterprise to catch up".
The Capriza platform provides a fully customizable and personalizable user experience, reducing the time it takes to complete complex work functions. Unlike current enterprise software, it uses smart sensors to remember behavior and data preferences and allows users to create proactive business alerts based on behavioural or performance indicator triggers. For example, a user could establish an alert to tell them once sales figures for a particular region are met, or if their teams have exceeded their maximum number of hours for the month on a particular project.
"Despite advances in intelligent mobile operating systems such as Google Now, Microsoft and iOS 9 Proactive, enterprise applications still suffer from a severe case of amnesia," adds Scarlat. "Every time the user logs in, they have to start from the beginning. They navigate dozens of screens to get to the same information they access every single day. With this release, that changes".
Capriza strips away complexity and enables new application users to be up and running within minutes, with no training required. The new platform learns from user behavior and allows the user to choose which data streams to follow in order to personalize their experience and deliver information that is most relevant to them. Apps can be deployed with zero disruption, coding or new infrastructure.
Smart sensors deployed by Capriza within the enterprise applications send users business alerts when certain pre-defined criteria and thresholds are met. This can be used to trigger actions like automatically reordering stock or prompting a phone call to a sales contact.
The platform is application agnostic, and consolidates workflows from multiple applications regardless of vendor and application age. These workflows can be pulled into the Capriza App, designed specifically for the role of the end-user, allowing businesses to get more from their enterprise systems.
More information is available on the Capriza website.
Image Credit: talitha_it/Shutterstock
According to a new report from research company IDTechEx the wearable market will be worth over $24 million this year. But much of this is for existing technology like smartwatches and fitness trackers.
Where are wearables headed in future though? According to the report the biggest opportunity is in medical and healthcare applications. Including blood glucose monitoring, healthcare is already the largest single sector by revenue in wearable technology and is likely to stay that way.
"More than any other sector, healthcare applications require data reliability and accuracy," says Raghu Das, CEO of IDTechEx. "Whilst many of the tests that are currently carried out under hospital conditions can be made wearable, the challenge is to achieve equivalent or superior reliability and accuracy at sensible price points. That said, wearable technology solutions offer more practical, comfortable and convenient solutions in many healthcare situations".
Expanding wearables into healthcare involves long lead times due to the need for clinical trials. However, there is potential for very lucrative sales for companies that get things right.
Other expanding sectors include infotainment, although devices like Google Glass and Oculus VR headsets have driven the hype in this area they haven't translated to large scale sales. IDTechEx points out that devices in this field such as smartwatches are subject to commoditization by Chinese manufacturers which drives up volumes and reduces prices.
Commercial use is the other area to watch. It has lower barriers to entry than healthcare and is less subject to commoditization than infotainment. Uses range from tracking technologies in wearable devices to replace scanners for warehouse processes, to tracking systems in smart glasses for providing assistance to workers in a hands free way, or wearable cameras used for quality control.
"Many of the opportunities using existing sensors are still to be explored, but in many cases components such as sensors would need specific adaptation for these applications. This acts as a barrier that has restricted the number of easy wins so far, but those that have invested heavily will begin to see the rewards in the next 2-5 years," Das says.
For more information and to buy the full report you can visit the IDTechEx website.
Photo Credit: mindscanner/Shutterstock
At the very top of the Acer range are the Aspire V Nitro gaming laptops. Slotting in below those, the workaday Aspire V models deliver decent performance and smart design at a price that’s more attractive to business and home users who want a fast machine without needing, or wanting to spend a lot of money on, a premium gaming rig.
The latest release is part of the V15 range, meaning it has a 15-inch screen, though rather confusingly it’s called a V3 -- V3-574G-51ZI to give it its full official title -- so what does it have to offer?
On paper the machine’s specification is pretty impressive; the 574G has a Core i5 5200u dual-core processor and 8GB of DDR3 memory. It comes with Nvidia GeForce 940M graphics with 2GB of dedicated RAM, and a hybrid storage system with 8GB of SSD and 1TB of conventional hard disk.
There’s a DVD burner and two USB 3.0 and one USB 2.0 ports, plus VGA and HDMI outputs too drive external displays. The screen is a 15.6-inch with 1080p HD resolution and uses Acer’s BluelightShield technology that reduces blue light emissions from the screen to make it easier on your eyes. For connectivity there’s a wired Ethernet port and dual-band 802.11ac Wi-Fi plus built-in Bluetooth.
First Impressions
Open the box and lift the PC out and you’re presented with a system that’s slim and looks smart with a subtly patterned machined aluminium finish to the top. The keyboard surround and the hinge mechanism is silver colored plastic, though it’s grained to look like aluminum.
The underside and the top edge above the screen where the wireless antennas live are grey plastic. Turn it on and you’ll find that the keys are backlit should you want to type in the dark. You can turn this off if you prefer and it gets switched off automatically when you’re running on battery.
The screen surface has a semi-matt finish that does a good job of warding off reflections in bright light. You don’t really notice the BluelightShield technology in operation but there’s no doubt that the screen is nice to look at. Excessive exposure to blue light is supposed to make it more difficult to sleep so it’s good to know Acer is looking after your well being. If you find yourself dozing off while using the laptop you’ll know it’s working.
The track pad is a larger size than many and supports gestures for scroll and zoom, there are no separate left and right buttons but the bottom edge of the pad itself rocks which feels a little odd at first and you can trigger it by accident if you’re not careful, but you quickly get used to it. The keyboard is okay although the keys are flat and have only a short travel and no positive click which may not suit touch typists. Acer has made use of the machine’s width to provide good spacing though, and there is a separate numeric pad on the right which will please spreadsheet junkies.
There’s a fair amount of pre-installed software on the machine including some CyberLink DVD and video programs, McAfee Live Safe Security, Spotify, Dropbox plus a trial of MS Office and Acer’s own BYOC (Bring Your Own Cloud) suite. Perhaps most useful is a Power Button app that steps in to prevent accidental shutdown should you hit the power switch without meaning to.
Performance
Switch on and the 574G boots up fast -- Windows 8.1 64-bit is pre-installed and of course it qualifies for a free Windows 10 upgrade -- it takes around 17 seconds from hitting the power button to seeing the lock screen, that hybrid drive helps here. It’s quiet in operation even when working hard with only a gentle whirr from the fan and it doesn’t get too hot either on the areas where you rest your hands or the underside.
The screen is the star feature here, it offers crisp clear colours and impressive viewing angles, helped by that matt finish which means you’re not troubled by reflections. This isn’t really intended to be a gaming machine but it turns in a respectable 2533 on 3DMark 11 and 2135 on PCMark 8. What this means in practice is it’s more than fast enough for day-to-day use and it provides smooth video playback too.
Sound comes from speakers on the bottom of the machine, they produce a response that’s easily good enough for day-to-day listening whether you’re streaming music or watching a movie. Being underneath they sound better if the PC is on a hard surface. If you were being really picky they’re a little lacking in bass but as laptop speakers go though they’re well above average.
Battery life will obviously vary depending on how you use the machine. Using it for general web surfing via Wi-Fi you should get around three hours out of a full charge which is okay but not brilliant.
Conclusion
The latest Aspire V15 model is slim, reasonably light and looks and feels well finished, the aluminium top panel in particular providing a classy touch. Its performance is easily good enough for everyday use like surfing the web and routine business tasks and the screen is particularly impressive making it a good choice for watching videos.
The only real downsides are average battery life and a not particularly nice keyboard feel. If you can live with those then at £579 it’s a good choice.
Pros
Cons
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
A new piece of Android malware appears to offer pornographic images but instead takes pictures of the user via the phone’s front facing camera, then locks up the device and demands a $500 ransom.
Called Adult Player it was discovered by researchers at Zscaler. Having checked that a camera is available and taken a picture, it sends details of the victim's device and operating system to the remote servers before displaying the user’s picture on a personalized ransom screen.
Once infected the device will display the ransom screen even after a reboot. Researcher Shivang Desai writing on Zscaler's blog says, "The ransomware is designed to stay stagnant on screen and does not allow the the victim to uninstall it. Rebooting the device does not work in such cases as ransomware app becomes active immediately after reboot, which leaves no scope for the victim to get into device 'settings' and uninstall the ransomware".
The best way to avoid this type of infection is to only download apps from trusted sources and enforce this by unchecking Unknown Sources in the device's security settings. If you have been infected the malware can be removed by booting the device into safe mode.
Depending on the device and version of Android you can access safe mode by a long press of the Power Off option after pressing the physical power button -- you should be asked if you want to boot into safe mode. Or on older hardware or Jelly Bean systems by holding down both up and down volume buttons as the phone boots.
Adult Player is the second instance of porn themed ransomware uncovered by Zscaler following on from Porn Droid in May of this year.
Image Credit: LoloStock / Shutterstock
We're used to seeing malware that exploits unpatched vulnerabilities in software. But in a new twist attackers are bundling an old version of remote access package TeamViewer with their malware in order to take advantage of a flaw.
The malware known as TVSPY has been uncovered by researchers at security company Damballa. While the current version of TeamViewer has fixed this vulnerability, the bundled version works independently of any existing TeamViewer installation on the target PC.
Although TVSPY first appeared in 2012 researchers have seen more than four times the number of unique variants surface in 2015. It's been distributed by a targeted email campaign which included a malicious Excel file with a macro to download the malware. The email purported to come from the All-Russian Research and Design Institute of Nuclear and Energy Engineering. Analysis of the command and control server for this latest variant suggests it's owned by professional criminals.
The researchers point out that, "This particular threat is very dangerous as the attacker will have total control over the affected machine. It can be used during a regular infection campaign or by some advanced persistent threat actors for specific attacks against particular targets".
More information about the threat including how to tell if your system is compromised is available on the Damballa blog.
Photo Credit: Sergey Nivens / Shutterstock
There is a growing skills gap in the apps economy. As businesses become increasingly software-driven, this gap becomes more obvious than ever, and hiring managers are faced with a constant struggle to find the skilled developers they need.
Yet a new survey by freelance work marketplace Upwork suggests that there are developers around the world who have time available and are actively seeking work to fill it.
The company surveyed more than 1,000 of the most successful coders on its platform. The results suggest that developers choose to offer their services on a freelance basis in order to have a more flexible work pattern, earn better pay and get to work on more interesting projects. Freelance developers work an avearge of 32 hours per week and 55 percent expect to be working longer hours in the next year.
What does this mean for managers looking to hire developers? They need to properly set out the details of their projects and over time build up trust with their developers by collecting feedback on how projects have gone. They also need to be realistic about rates of pay and about the timescale of the project.
You can see a summary of the survey results in infographic form below.
Image Credit: Stokkete / Shutterstock
It's usually the case that the weakest link in any security system is the human element. That's particularly true when it comes to phishing attacks. Hackers have become more creative in the social engineering methods they use to gain access to sensitive information.
A new service called LUCY, aims to educate people and identify vulnerable endpoints by allowing businesses or individuals to simulate phishing attacks. We spoke to LUCY founder Oliver Muenchow to find out more about this approach.
BN: How big a problem is phishing?
OM: There have always been phishing attacks, but the amount of attacks we see right now is at an all-time high. Hackers know that people make the easiest and most valuable targets. Criminals have learned the most efficient way to get information is sometimes simply just to ask. Many companies who felt their data was 'safe' are now feeling the financial impact of a security breach.
BN: What kind of attacks can LUCY simulate?
OM: Other than a typical phishing attack which would generate a mail that redirects the user to a webpage, we can simulate more sophisticated customized attacks including also malware simulations. Some recent examples like the Sony hack or a group of modern day bank robbers called the Carbanak gang used essentially the same type of combination attack.
BN: Can the product also check for vulnerabilities that may already be on a network?
OM: Yes, LUCY can check for vulnerabilities on the network, system & application layer. This feature allows users to perform security checks without involving employees outside their own IT department. The portable security scanner we also include in LUCY basically acts as an advanced persistent threat (APT), replicating typical malware attack patterns -- reverse tunneling techniques, privilege escalation techniques etc -- but without harming your infrastructure. You will get the inside view of your security defence layers -- but from the point of a piece of potential malware.
BN: Is education a better approach than prevention where phishing is concerned?
OM: I think both are important. A company should aim to prevent malicious mails from getting delivered to the end-users inbox, but as this is not always possible, we turn to our people as they are the last line of defence. The awareness is only one part. Keeping your employees up to date about phishing threats while presenting the information in an educational manner is the key.
BN: Why did you choose to make LUCY free for smaller businesses?
OM: The idea behind a community version is that larger companies are able to perform some sample testing with LUCY. But that 100 user test model can of course fit the needs of smaller businesses as it stands.
Image Credit: Maksim Kabakou / Shutterstock
We recently reported on HP's new services to help enterprises migrate to Windows 10. Part of this being the WebApp Accelerator Service for Internet Explorer 11.
Web technology specialist Browsium has revealed that HP has selected its browser management solution as a core component of this service.
Because many business applications today run in a browser, web application incompatibilities can have a significant negative impact on business productivity, and become a barrier to a successful operating system or browser upgrades. With the Windows 10 upgrade cycle beginning this year, and added pressure to migrate to Internet Explorer 11 on Windows 7 systems by January 2016, enterprise IT departments are in need of complete browser management solutions.
"Each new operating system and browser release can result in complex and costly web application compatibility challenges for our enterprise customers", says Simon Hughes, vice president, Network and Mobility at HP Technology Services Consulting. "The combination of Browsium's browser management software and the HP WebApp Accelerator Service for Internet Explorer 11 give customers a cost-effective, comprehensive solution designed specifically to address their web application compatibility needs".
Browsium's browser management solution addresses these challenges by enabling legacy web applications to work in IE11 on Windows 7 or Windows 10, without modifying server-side code or virtualizing operating systems. It also ensures Java updates can be deployed quickly to keep IT infrastructure secure while retaining the legacy versions of Java needed for application compatibility. This approach is easy to deploy and manage, cost-effective, and provides an improved user experience. Browser management can also deliver a quick and cost-effective response to future changes in web technology.
More information about the Browsium solution is available on the company's website.
Being able to accurately and safely verify identity is increasingly important as online fraud remains a major threat.
Mobile identity solutions specialist TeleSign is announcing the launch of TeleSign Smart Verify, a new unified API that simplifies end-user verification and two-factor authentication (2FA) for online and mobile app-based accounts to help prevent fraud and stop account compromise.
TeleSign Smart Verify uses a proprietary 'Smart Decision Engine' that provides a configurable workflow to determine the optimal use of verification and authentication methods -- choosing between SMS, voice or push notifications.
It allows developers to make use of a single API to access a configurable verification workflow based on industry best practices. It can help detect potential fraud with patented real-time analytics of a phone number's attributes, usage and fraud history to automatically determine if a verification process should proceed.
By using the optimal verification methods in each scenario, such as push notifications to mobile app users instead of SMS messages, and eliminating SMS messages being sent to non-SMS enabled numbers Smart Verify can help cut costs. It can also lead to better visibility by tracking user verification and authentication activity as well as costs incurred with a single reporting tool.
"As online fraud continues to surge, it is more critical than ever to verify the identity of those registering and accessing online accounts," says Steve Jillings, CEO of TeleSign. "Smart Verify brings to bear the full power of TeleSign’s product portfolio with a single API. The end result is that our customers can verify end users and stop account compromise in real-time and in the most reliable, cost-effective manner available."
Smart Verify is available from today and full product details are available from the TeleSign website.
Image Credit: Kirill Wright / Shutterstock
Modern organizations collect large amounts of data across multiple platforms, but they can find it hard to extract useful, actionable insights from the raw information.
San Francisco-based Zenput provides real-time data capture and analysis to retail, restaurant and consumer goods companies to help them centralize operations and support more informed decision-making. How much difference can this technology make to businesses? We talked to Zenput CEO Vladik Rikhter to find out.
BN: Don't existing PoS systems provide all of the data that retail businesses need?
VR: Quite the contrary, they're just the tip of the iceberg. One of the common frustrations of our retail customers occurs during big promotions. For example, a retailer plans for a July 4th promotion at all of their stores and sends out the materials to all 400 of their locations and then sits back to wait for the sales data from the PoS. One week later, they see that 80 of the stores have $0 in sales because they never set up the display or it got lost in the shuffle. What Zenput does is focus on helping retailers track the execution of these programs in real time via our mobile solution, so they know about those 80 stores before the sale even goes live and can address exceptions, which means no more missed sales numbers.
BN: Can using mobile data collection help store employees become more involved in decision making?
VR: We see a tremendous amount of collaboration between store managers. This could be anything from a clever way to set up a new display to get more visibility or a different way to showcase certain products -- anything that will boost sales. Before, it was difficult for the central support center to get this type of feedback from store employees, but with Zenput they can see these photos and share them with other team members. In a lot of ways, store employees can become innovators.
BN: In 'crisis management' situations isn't there a risk that technology will simply get in the way?
VR: We believe that mobile can only help in this situation. Most of these stores have desktop computers locked in a back office somewhere, making it difficult to get a timely message out to everyone. With mobile, retailers can deliver a message directly to employees' phones with key tasks that need to be actioned during the crisis. A vice president is able to track progress and can respond in real time to stores that need more help.
BN: How can Zenput help multi-site businesses achieve consistency across different locations?
VR: It's all about execution. One of the tough parts of being a multi-unit operator is not being able to be everywhere at all times. Zenput effectively achieves that on the behalf of the operator. With its ability to assign hundreds of tasks at once and bring back hundreds of photos, an operator can sit in her chair and view all of this from her phone or tablet. If something doesn't adhere to consistency standards, she can make comments on the task at hand and the individual concerned will receive them so they can immediately make the fix.
BN: Is there potential for similar mobile technology to be applied to other business models, field service operatives for example?
VR: Absolutely, there are opportunities for real estate, construction, oil and natural gas, manufacturing, etc. We've seen a lot of great verticalized solutions that have popped up in some of these industries and we believe that because 80 percent of the world doesn't work behind a desk, we should expect to see a large stream of mobile-enabled industries in future.
Image Credit: Tashatuvango / Shutterstock
Business intelligence has traditionally relied on centralized data, an approach which is not only time consuming but also represents a barrier to end-user self-service.
Now cloud analytics specialist Birst is launching a new Networked BI technology which aims to redefine the way BI is delivered and consumed by enabling global control with local execution.
Built on top of Birst's modern, multi-tenant cloud architecture, Networked BI creates a grid of interwoven BI instances that share a common analytical fabric. This enables organizations to expand the use of BI across multiple regions, departments and customers in a more agile way, and empowers these decentralized groups to add to the global analytical fabric with their own local data.
This makes BI scalable across the enterprise, at the same time delivering speed and end-user freedom with self-service data preparation capabilities, along with transparent governance. By bringing analytics to the virtual world with Networked BI, Birst does away with data silos and accelerates the delivery of BI across the organization.
"Antiquated BI and analytics architectures force companies to trade off between agility and governance", says Brad Peters, Chief Product Officer at Birst. "Now, with Birst Networked BI, companies no longer have to make that trade off. Our modern, multi-tenant cloud architecture makes it possible to create a network of virtual BI instances so companies can achieve both rapid deployment and easy access to robust BI capabilities".
The company points out that this approach is also of value to software vendors, allowing them to embed analytics in their applications. By rolling out new virtual instances of analytics, without having to physically recreate metadata, data and BI content, application vendors can extend analytics to new customers, fast and at scale.
More information is available on the Birst website.
Image Credit: Andrea Danti / Shutterstock
Attackers are increasingly capable of modifying their existing malware to slip into a victim’s infrastructure undetected. Because traditional security solutions are reactive and can only protect against already known threat vectors this leaves a gap in defenses.
Security company Check Point is launching its new SandBlast product that uses CPU-level threat detection to uncover threats at the pre-infection level. It elevates threat defense with evasion-resistant malware detection and comprehensive protection, significantly reducing the risk of expensive breaches.
"Enterprises are at risk of falling victim to targeted attacks, but implementing proactive, preventative technologies to block malware from entering the network will protect your business without compromising efficiency. Check Point SandBlast provides an additional layer of security from even the most sophisticated attacks by catching more malware, with minimal impact on delivery times", says Gil Shwed, CEO and chairman of Check Point Software Technologies. "The growth of our Threat Prevention portfolio continues to extend our depth of technology to enable us to continue to arming our customers with innovative defensive strategies against cybercrime. Together with Check Point Mobile Threat Prevention announced at Black Hat last month, Check Point is moving quickly and aggressively to secure the future".
Among SandBlast's features are the ability to identify malware at the exploit phase, even before evasion techniques can be applied. It can't be bypassed by delay loops, attempts to determine if a virtualized OS is in use, or other methods aimed at circumventing the sandbox.
By combining the power of CPU-level detection with OS-level emulation it works with a broad range of file types, including MS Office, PDF, flash, executables, and archives. An integrated Threat Extraction capability allows it to deliver safe versions of files. This means Check Point SandBlast can be deployed in prevent mode, while traditional sandbox products are typically run only in detect mode to avoid delivery delays.
SandBlast is available as a cloud service or an on-premise appliance and is part of a new generation of threat prevention products. Find out more on the CheckPoint site.
Photo Credit: Balefire / Shutterstock
Secure file sharing specialist Egnyte is releasing new integration between its product and Microsoft’s Office 365. These will allow business users to seamlesly access, manage and share their files.
Features include the ability to open Egnyte files directly from Microsoft Office Online for viewing and editing and changes are automatically saved back to Egnyte.
Native integrations within all of the Office tools will provide users with a variety of choices to easily open, edit, and share any of their Egnyte files. In addition users on the move can remotely access and edit Egnyte files from any of the native Office Mobile Apps.
"Egnyte's security-enhanced and hybrid architecture enables Microsoft users to seamlessly share and manage documents stored across heterogeneous storage locations -- in the cloud and on-premises -- while enhancing the user experience by connecting workflows across their favorite business applications, including Microsoft Office", says Steve Guggenheimer, corporate vice president and chief evangelist at Microsoft. "We are pleased to count Egnyte in our partner community as a hybrid file services platform for our customers to easily collaborate with their Microsoft content across desktop, mobile and online -- wherever business may take them".
Egnyte is also launching a new Technology Partner Program, providing enhanced value-added services on top of their open, hybrid technology -- which uses existing infrastructure on-premises, in the cloud, or a mixture of both.
"By partnering with key enterprise players and integrating their applications with the Egnyte solution, we’re creating seamless workflows around content that is mission critical for the enterprise", says Isabelle Guis, Chief Strategy Officer at Egnyte. "We're significantly scaling our ecosystem of infrastructure and application partners, on-premises and in the cloud. Supporting a broad variety of IT environments facilitates adoption and makes business users and IT professionals more efficient, allowing our customers’ businesses and ours to thrive".
More information on the Technology Partner Program is available on the Egnyte website.
Photo Credit: EDHAR/Shutterstock
Sales are the lifeblood of a company, yet they can also be a frustratingly slow part of the whole business cycle. Finding a way of accelerating the sales process is therefore a bit of a holy grail for many organizations.
Salesforce solution specialist Velocify is launching a new enterprise-class sales acceleration platform. Velocify Pulse takes a universal approach that accelerates every step in the sales cycle, and aligns everyone in the sales organization on the same platform.
"Companies aiming to achieve exceptional growth all want to accelerate their sales process, but the problem is they can't operate at speed if they don't have control", says Nick Hedges, president and CEO of Velocify. "Focusing on speed alone is like giving a Ferrari to someone who has never driven a car before -- it will probably end badly. That’s why Velocify focuses on allowing teams to operate with velocity and discipline simultaneously".
The platform takes an insight-driven approach to developing the optimal sales processes, motivating people to follow the plan through 'Rewardification' -- delivering valuable incentives to salespeople that follow best practices and generate results -- and keeping the entire organization on a single platform that covers everything from prospecting to lead response to closing the final deal.
By using rules, logic, behavior, and historical data it can help determine the most effective sales strategies. There is complete visibility into how each part of the sales process works, so that leaders can adjust specific aspects to continually improve team performance.
"Predictive analytics is certainly a part of the equation, but sales leaders should not hand control over to predictive analytics entirely", adds Hedges. "A prescriptive, insight-based approach is really critical to optimizing sales processes and accelerating sales performance."
It includes a tool called SalesCaddy which has two components, SocialCaddy, to enable sales reps to build prospect lists using LinkedIn, and MailCaddy, to connect to Gmail and Office365 for seamless communication with prospects.
For more information on Velocify Pulse and to request a demo you can visit the company's website.
Image Credit: iQoncept / Shutterstock
During the summer months, many organizations see a significant expansion in the number of remote workers, which can make the job of network managers or system admins more difficult.
Software company Ipswitch recently polled 239 IT professionals in the United States to identify the issues that most affect them over the summer.
A third of all survey respondents saw nearly half of their colleagues working remotely during the summer. Malfunctioning laptops were named as the top problem by 42 percent, followed by network connectivity issues (32 percent) and poor application performance (16 percent).
Wireless devices were named as a problem too. When asked what type of device they'd like to see eliminated from use on the corporate network, 49 percent of all IT pros surveyed chose tablets, followed by smartphones at 31 percent. Only 10 percent named wearable technology which may be due to relatively small size of the market at the moment.
When asked what employees could do to reduce the load on IT staff, 42 percent said eliminating the shadow IT effect, when employees download apps without telling or seeking permission. Nearly one third (29 percent) said they'd most appreciate if an employee rebooted their computer before seeking assistance. In order to feel more empowered at work, 32 percent of IT professionals would like the ability to choose and buy technology, while 25 percent wanted to have X-ray vision to figure out the source of problems.
"The summer months are a busy time for IT pros as employees expect continuous unfettered access to company networks while working from home or on vacation. A single organization can find itself with a significant bump in remote workers, all of whom may need support and assistance", says Jeff Loeb, Chief Marketing Officer at Ipswitch. "A unified network and server performance monitoring solution will help IT pros to solve network issues before they affect employees, wherever they are working".
The full report is available from the Ipswitch website and there's a summary of the findings as an infographic below.
Image Credit: Creative Images / Shutterstock
Despite being thought of as the generation that organizes pretty much everything in their lives through social media, new research from call center specialist Mattersight reveals that when it comes to service issues millennials prefer to speak to a human being.
Only one percent of millennials want to use social media to contact a brand when they have a product question or problem. Of those surveyed, 76 percent say they prefer to call (56 percent) or email (25 percent) brands for customer service issues.
In addition more than 85 percent have been disappointed with a brand's service and support in the past year. All of this is in stark contrast to the views of brands, 67 percent of which believe social media-based service is growing in importance.
"Despite growing up in the digital age, millennials haven’t abandoned person-to-person contact", says Mattersight CEO Kelly Conway. "Contrary to popular belief, we found that most millennials prefer to communicate in-person and over the phone because it allows them to have the most meaningful conversations".
These communication preferences go beyond customer service too. At work, 85 percent of millennials surveyed said that they prefer to meet and communicate in-person with their co-workers. The second most preferred method of communication at work is a tie between email and talking on the phone, which indicates millennials' equal desires for efficiency and social interaction. Over half of those surveyed said that outside of work they prefer to communicate in person, and that an important characteristic of a quality conversation is having chemistry -- which is hard to cultivate through digital and online means only.
"Just like in the workplace, millennials want to be able to communicate with a company person-to-person in order to quickly solve problems", says Conway. "Unfortunately, companies generally aren’t providing the call center experience that millennials are seeking, forcing them to abandon phone options for less preferential ways to connect with brands, or even disengage completely."
You can find out more in the full report which is available to download from the Mattersight website.
Image credit: Prazis/Shutterstock
In the modern world of virtual servers, infrastructure can be complex and changes come fast. This also means that the potential for change-related risk to applications is greater than ever before.
IT administrators don't always have the ability or time to study all the known or unknown configuration issues in their vSphere infrastructure. They can therefore struggle to understand whether changes -- intended or accidental -- result in performance disruptions and availability issues in waiting.
Smart IT solutions provider CloudPhysics is launching a new release of its SaaS offering, expanding its analytics solution so that VMware users can spot and eliminate operational hazards that threaten to disrupt IT operations and applications.
CloudPhysics reduces disruption and incidents with always-on diagnostics that show up hot spots and emerging problems via configurable dashboards, enabling admins to get ahead of developing performance problems. It also improves mean-time-to-resolution with directed exploration, enabling admins to home in on the root cause and resolve application disruptions more quickly.
By generating insights that allow admins to spot misconfigured infrastructure CloudPhysics can help make corrections to prevent future performance and availability issues and improve efficiency. It uses a library of 'cards' to assist with managing health and pre-empting hazards.
"Dealing with unforeseen system disruptions kills IT productivity, and the most common 'cure' -- to add more hardware -- simply adds costs and masks the underlying problem", says John Blumenthal, CloudPhysics' vice president of product management. "Our unique insights and exploration capabilities are the fastest, easiest way for IT to get ahead of potential risk in their infrastructure, using an intuitive solution that uses predictive analytics to spot trouble early, guide to the root cause, and ultimately tune your infrastructure to prevent recurring hazards".
CloudPhysics is sold on a subscription model, it will be on display at VMworld and users can try it out with a Free Edition available to download from the company’s website.
Photo Credit: leedsn/Shutterstock
Increasingly businesses are turning to the cloud or to hybrid solutions for their IT. But this can make it harder to track usage and keep control of costs.
Californian company Cloud Cruiser is launching a new CloudSmart-Now solution that allows customers to easily track hybrid cloud usage by user and keep an eye on costs with built-in analytics.
It's designed so that businesses of all sizes can quickly understand the financial and operational impact of the cloud with a single pane view of their total consumption of cloud services. It has pre-configured templates with built-in workflow to collect detailed usage and cost data from Amazon Web Services (AWS), Azure, Windows Azure Pack (WAP), VMware and Openstack.
"Hybrid cloud is simply a reality for most businesses. The single biggest area of improvement continues to be around efficiencies and reducing costs", says Fraser McKay, VP Products at Cloud Cruiser. "We love the promise of low-cost cloud but it's not unlimited and unless you track and measure, sprawl and anarchy quickly creep in. Our customers stay ahead and better forecast to meet business demands. We directly address this problem with a single solution to manage all hybrid cloud environments. You can't manage what you can't measure and we've done the heavy lifting with this new packaged offering".
CloudSmart-Now provides pre-configured collectors, built-in data mapping to existing business structure, report templates and an automated workflow so businesses can distribute reports to business users.
Users need to select which of the 'Big 5' clouds they want to measure and select Cloud Cruiser workbook templates. Then using built-in API for public cloud and automated private cloud collectors they can import usage and rate data at a detailed level.
With organizational structure in place, business mapping allows them to map usage to department and owner. Finally a standard set of rich reports including top spenders across the business, cloud spend by provider, and potential savings.
CloudSmart-Now will be on display at VMworld this week or you can find out more on the Cloud Cruiser website.
Photo Credit: everything possible / Shutterstock
There are currently an estimated 1.91 billion smartphone users worldwide, and 82 percent of them use their mobile devices to shop. As consumers are five times more likely to abandon shopping if the site isn’t optimized this means embracing mobile is crucial for businesses.
Online shopping portal DirectBuy has produced an infographic looking at how the world is moving towards a mobile shopping environment.
Interesting findings are that for younger users in particular the smartphone may be their main point of internet access. Shoppers already use their smartphone to compare in-store pricing, and the mobile device is becoming the consumer’s go-to tool for all shopping needs, 81 percent of people research online before buying locally and mobiles have a higher conversion rate (78 percent) than desktops and tablets.
As numbers increase the mobile experience becomes crucial. It’s estimated that by 2020 user experience will surpass pricing and product as the main differentiator between brands. If marketers aren’t optimizing their websites, they’re leaving a rapidly growing demographic without access to products.
You can see more detail in the full infographic below.
Image Credit: 3Dmask / Shutterstock
Macs have around six percent of the business endpoint market and Mac specific malware is on the increase. In the rapidly evolving world of malware and security, Mac users can no longer afford to be complacent when it comes to protecting their systems.
To tackle these threats Kaspersky Lab is updating its Kaspersky Endpoint Security for Business suite with Endpoint Security 10 for Mac. This offers a combination of deep protection, efficiency and manageability, designed to serve the needs of protecting diverse IT environments.
It delivers a broad array of tools and technologies which are easy to deploy and use, offering Mac owners a host of new security benefits. Features include integration with the Kaspersky Security Network which allows businesses to take advantage of cloud-enabled security intelligence for the quick identification of malware and other suspicious activity.
A Network Attack Blocker monitors suspicious activity on company networks and lets IT specialists pre-define how their systems will respond if any suspicious behavior is detected. This component can block network attacks including port scanning, denial-of-service attacks, buffer-overrun attacks and other remote malicious actions taken against programs and services working on the network.
To combat web threats it offers web protection and anti-phishing technology. This scans all incoming and outgoing traffic, blocks harmful scripts without impacting system resources and helps ensure users don't fall prey to phishing sites.
"At Kaspersky Lab we believe that every business, regardless of its size and market, has unique and complex infrastructure, which requires deep multi-layered cybersecurity protection," says Konstantin Voronkov, Head of Endpoint Product Management at Kaspersky Lab. "We believe that each component of corporate infrastructure should be protected because cybercriminals will use every chance they can to infiltrate a corporate network. Enhancing our Kaspersky Endpoint Security for Business line -- providing flexible multi-layered protection for different infrastructures and platforms against modern cyberthreats -- will make it easy for businesses to protect themselves, including those businesses using Mac platforms. We believe that this approach allows our partners to concentrate on business development without having to worry about cybersecurity".
You can find more about Kaspersky Endpoint Security for Mac on the company's website.
Image Credit: Kotka fotoaloja / Shutterstock
It's not unusual for modern cars to have a built-in USB facility, but generally you only get one port and it has to do duty as both a charging point and an input for the audio system. That means family journeys with multiple devices demanding power can lead to squabbles.
For those who need extra USB charge points in the car Inateck has produced two new solutions in the form of adaptors that plug into a standard 12V power socket -- lighter socket for older readers and classic car owners.
The AL 4001 is a 4-port device with a smart white and silver finish and comes supplied with two micro USB cables. The AL2001 has two ports and a choice of white or shiny black finish, it comes with one cable but it also has a hard-wired Lightning cable to charge Apple devices.
Both have a blue LED indicator to let you know when they're working. The 4-port delivers a maximum of 5V/2.4A, the 2-port gives 5V/2.1A on the USB sockets and 2.4A on the Lightning cable. Talking of cables the Lightning cable is three feet long, the supplied USB cables with both units are a more generous four feet allowing you to power a device like a satnav or camera that's sitting on top of the dash.
Inateck uses intelligent charging technology to detect the connected device and deliver the appropriate current. The chargers also have short circuit, over current, over watt and overheating protection for safety.
The units feel well made and are easy to use straight out of the box. The 4-port charger is a bit bulky so may be awkward to use depending on where your power socket is located but other than that there's not much to criticise here.
The two port costs $19.99 on Amazon (£20.99 in the UK) the 4-port is $14.99 and £13.99 in the UK. More information is available on the Inateck website.
DNS is essential to the smooth running of the internet but the rise of the cloud and the spread of distributed applications has placed it under increasing strain.
This has led to the rise of managed DNS services that streamline reporting, traffic management and more. But how has managed DNS evolved? Specialist in the field NSONE has produced an infographic showing its history and looking at its future.
Managed DNS first took off in the 2000s initially to improve redundancy and reliability and ultimately allowing domain owners to achive faster response times and improve reliability. By the 2010s with applications becoming increasingly distributed, managed DNS services have to offer advanced traffic management to reliably route users to the correct service.
In future managed DNS will need to become application aware to ensure users always arrive at the most appropriate service endpoint. They'll also need to be easy to use without coding and be able to adjust based on real-time conditions to deal with varying loads and network congestion.
You can see more including a list of what to expect from a modern DNS platform in the infographic below.
Image Credit: Tashatuvango / Shutterstock
Mobile identity specialist TeleSign has announced an agreement with Spanish telecoms giant Telefόnica -- the company behind O2 in the UK and Germany -- to deliver a suite of services to address account security and fraud prevention for enterprises and service providers.
The partnership will use TeleSign's products and infrastructure, along with Telefόnica's consent-based insights, to increase account security, reduce fraud, and improve customer experience for consumers. At the same time it will help to manage costs for service providers across financial services, e-commerce, cloud and social media.
"With its market leadership and unique technology to secure mobile identity, TeleSign is a natural partner to improve our customers' experiences, while protecting them from fraud at the same time," says Phil Douty, Managing Director of Telefόnica Dynamic Insights. "The services we are launching together will have meaningful impact for consumers, banks and service providers, and are built on unique data insights only available from mobile network operators. The service will be optional for our customers, requiring consent for data to be used. This means that they remain in control of their data and how it is used".
The first products of the partnership will focus on using phone verification and real-time country location information to help combat fraud and poor customer experience in payment card transactions. Legitimate cardholders should enjoy a swift and secure experience, while fraudsters will be frustrated, thanks to a secure link between TeleSign, Telefόnica and participating financial institutions. The solution does away with the need for special smartphone apps and works on any mobile device when traveling -- once the customer requests the service, it automatically protects them from the minute they switch their phone on.
"Telefόnica has a strong history of innovation amongst mobile operators for delivering new services which benefit their subscribers," says Steve Jillings, CEO of TeleSign. "TeleSign is excited to join with Telefόnica to bring offerings to market that respect user privacy and make it easier for individuals to assert their identity in a simple and reliable manner".
More information on TeleSign's mobile identity offerings is available on the company's website.
Image Credit: photomaimai / Shutterstock
Spare a moment to consider the plight of the humble password. It has become an essential component of modern life, but it would be wrong to say we've grown to know and love it.
In fact a survey by mobile authentication specialist LaunchKey shows that 84 percent of respondents would like to do away with passwords altogether and 76 percent believe their information would be more secure with an alternative form of authentication.
Almost half of the survey respondents (46 percent) say they currently have more than 10 passwords to manage, and 68 percent acknowledge that they reuse passwords for multiple accounts. In addition, 77 percent say they often forget passwords or have to write them down. Among respondents' top password peeves are those systems that require users to change their password frequently, and systems that require users to create passwords that do not fit the model of one they regularly use. 27 percent admit that they've shared passwords with someone else.
"Today, the pace of security breaches directly related to stolen passwords and bypassed authentication is increasing along with the severity of their consequences," says Geoff Sanders, CEO, LaunchKey. "Passwords are inherently insecure as a method of authentication, and their efficacy relies on end users, developers, system administrators, and the applications themselves, all of which are vulnerable to a wide variety of attack vectors currently being exploited by cyberattacks around the world".
Whilst two-factor authentication is often touted as a solution, 64 percent of those surveyed say they don't know what 2FA is, while only 20 percent say it's easy to use.
The survey also looked at how much people trust enterprises with their data. Given recent breaches at stores such as Target and Home Depot, it's not surprising that 52 percent of survey respondents expressed little to no confidence in retail stores being able to properly secure their data and 43 percent lacked confidence in online retailers. On the other hand, 48 percent of respondents expressed high confidence in banks being able to protect personal information.
"The future of authentication is free from traditional passwords," Sanders concludes. "We must remove the vulnerability and liability that passwords have created while implementing more secure authentication methods that account for an evolving and diversified landscape of use cases, end users and threats".
You can find more about the survey results on the LaunchKey website.
Image Credit: Zsolt Biczo / Shutterstock
The rapid growth in cloud adoption might suggest that every workload businesses currently have on-premise is destined for some sort of cloud-based service. The reality is that, other than for small companies, that's probably not the case.
Entrusting key applications to a third party requires intelligent planning in many areas such as management, portability, security and support requirements. What can IT organizations do to reduce risks, tame the complexity and increase their potential for success? We spoke to Jerry McLeod, vice president of business development at hybrid cloud management provider HotLink to find out.
BN: The cloud is rapidly becoming the norm for many businesses. How important is it to choose the right provider?
JM: It's critically important to choose the right cloud provider; it's one of the most important IT decisions most businesses will make. However, no one provider is right for every business. There are some cloud options that have a wider portfolio of robust features, but are essentially self-service. At the other end of the spectrum are providers that offer more of a managed service. The 'right' provider for any individual business could actually be a mix-and-match of cloud services, but that will depend on your workloads and support needs, which can change over time.
BN: As more enterprises choose a mix-and-match approach for cloud providers, what struggles do they face in terms of managing those resources?
JM: There is certainly operational complexity related to managing multiple cloud providers. If you're administering several platforms -- say, Microsoft Azure, Amazon EC2 and OpenStack -- monitoring, managing and automating those resources individually becomes a real challenge for IT teams.
However, the reality for most enterprises is even more difficult, because they're building hybrid IT infrastructures that span internal and external resources. So, at the same time teams have to figure out how to manage a spectrum of cloud alternatives, they're also grappling with managing existing on-premise virtual infrastructure and platforms like vCenter, Hyper-V, XenServer or KVM. The difficulty inherent in doing that can threaten the benefits that draw companies to the cloud in the first place: reduced cost, increased agility and faster time to market.
BN: Most organizations will be worried about security when moving to the cloud. What can they do to minimize vulnerability during migration?
JM: Many cloud providers are more secure than some on-premise data centers. Why? Because they have spent years making them that way. Businesses should be worried about their security all the time, not just when the cloud is involved. Unfortunately, many companies believe they're secure simply because they're on premise, even if they don't have a security expert on staff to assess their risk. When those businesses move to the cloud, they gain a team of security professionals who are constantly updating security to stay ahead of evolving threats. During the migration itself, companies can minimize their vulnerability with a tool that creates a VPN tunnel between their on-premise systems and the cloud with secure agent proxies.
BN: Isn't having your applications and data in the cloud always going to be riskier than keeping them in house?
JM: Physically, the cloud is more secure than most companies' data centers. I equate it to the difference between the deadbolts you might have on your house and the purpose-built buildings your bank uses -- there's just no question which one is more secure. Cloud providers build their businesses on security, and they have the infrastructure and personnel power to keep their sites safe.
BN: What are the challenges of the cloud when it comes to ensuring business continuity?
JM: The cloud's economics make it feasible for companies to have a comprehensive data protection solution for all their workloads, not just their critical workloads. That encompasses backup, data replication, disaster recovery (DR) and business continuity (BC) at a fraction of the cost and complexity of traditional, physical DR/BC sites. Comprehensive cloud data protection is now an option for everyone. However, cloud providers don't deliver business continuity. Each individual company has to be responsible for that by adopting adequate tools, processes and plans. If you don't have a business continuity plan for managing your infrastructure, then it's on you when there's a failure.
BN: What are the keys to ensuring an early return on cloud investments?
JM: An apples-to-apples comparison is the key to ensuring ROI. What are your on-premise costs and what will the same usage cost in the cloud? People tend to assume the cloud is almost free, so they end up running three times as many applications in the cloud as they did on premise; that won't be cheaper. Let's say you're paying 10 cents per instance per hour, for example. That's around $1,000 per year. Multiply that by 20 or 30 instances, and it adds up quickly. To make sure you're not chewing through your potential savings, first make sure you understand what your on-premise costs are, and then closely monitor and manage your cloud usage.
BN: Are there times when the cloud simply isn’t the right approach?
JM: If you're running, say, a large logistics company using internal mainframes in secure data centers around the world, it probably doesn't make a lot of sense to move everything to the cloud right now. There are critical enterprise workloads that may never be well suited to the cloud. For those companies, it makes sense to have some workloads in the cloud and some on premise.
HotLink has been working with companies since 2011 to streamline the management of those types of hybrid environments, and we recently released HotLink Cloud Management Express to take that to the next level. For enterprises with multiple cloud providers and several on-premise resources, the ability to unify management and administration into a single, familiar interface such as VMware vCenter means that 'the right approach' can be a multi-faceted one that is also intuitive and flexible.
Image Credit: everything possible/Shutterstock
Successful phishing attacks can lead to costs from loss of employee productivity and credential compromise, among other factors, which together may cost an average sized company $3.77 million per year.
New research released by Wombat Security Technologies and the Ponemon Institute finds that the phishing email click rate improved an average of 64 percent following security training.
"In talking with security officers, we know that many do not expect much benefit from employee training as part of their defense against phishing attacks. This research proves that security officers should expect more from employee education and seek providers like Wombat Security who can provide results like these", says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "As the threat landscape continues to intensify and phishing tactics become more sophisticated, this research shows that employees who have undergone security training are far less likely to fall victim to a phishing attack".
As a result of training provided by Wombat, Ponemon estimates a cost saving of $1.8 million or $188.4 per user. If companies paid Wombat's standard fee of $3.69 per user for a program for up to 10,000 users, Ponemon determined a substantial net benefit of $184.7 per user -- an annual rate of return on investment of 50X.
Other findings include the average total cost for a company to contain malware is $1.9 million per year. Uncontained malware can cost an average-sized company as much as $105.9 million. The cost of business disruption due to phishing is $66.9 million and employees waste an average of 4.16 hours annually due to phishing scams.
The average annual cost to contain a credential compromise that resulted from a successful phishing attack is $381,920. An uncontained credential compromise could cost a company as much as $105.9 million.
"This is yet another proof point that an overall security posture is multifaceted and needs to include employee education to prevent against increasingly more sophisticated phishing attacks, which leave companies vulnerable to significant losses and business disruption", says Joe Ferrara, President and CEO of Wombat Security Technologies. "This research reveals the compelling value and ROI from putting in place a comprehensive security training program. Our methods have shown that a continuous training methodology does change employee behavior and reduce risk within an organization".
The full report, The Cost of Phishing and the Value of Employee Training is available on the Wombat Security website.
Photo Credit: Ivelin Radkov/Shutterstock
Cloud security specialist CloudLock has released a new report looking at the risks of user behavior to businesses using cloud systems.
It reaches the startling conclusion that just one percent of users account for 75 percent of the security risk. The top one percent of users are responsible for 57 percent of file ownership, 81 percent of files shared, 73 percent of excessively exposed files and 62 percent of app installations.
Understanding the composition of this one percent of users is crucial for security teams. Often it includes super-privileged users and software architects, as well as machine-based identities (such as applications with programmatic access) that grant access privileges and archive data.
A similar imbalance also shows in cloud-based collaboration. While organizations on average collaborate with 865 external parties, just 25 of these account for 75 percent of cloud-based sharing. Also, 70 percent of external file sharing occurs with non-corporate email addresses which security teams have little control over.
Risky installs are a problem too. Many cloud applications support integration with third-party applications, outside the network and undetectable via traditional security tools, such as proxy- or gateway-based solutions. These apps may be targeted by cybercriminals as entry points to organizations. CloudLock research reveals that 52,000 instances of applications are installed by highly privileged users -- this represents a high risk given that privileged accounts are highly coveted by malicious cybercriminals.
"Cyber attacks today target your users -- not your infrastructure. As technology leaders wake up to this new reality, security programs are being reengineered to focus where true risk lies: with the user," says CloudLock CEO and co-founder Gil Zimmermann. "The best defense is to know what typical user behavior looks like - and, more importantly, what it doesn't".
You can read more in the full report which is available to download from the CloudLock website.
Image Credit: Creativa Images / Shutterstock
Decision makers at Fortune 1000 companies are increasingly seeking to make use of big data to help their IT strategy.
Analytics specialist ExtraHop has released the results of a survey conducted by research firm TechValidate which shows how organizations are evolving their IT Operations Analytics (ITOA) practices.
The popularity of ITOA is on the rise particularly for network performance monitoring, application performance monitoring, root-cause analysis and IT security, 65 percent of respondents are planning to integrate data sources for ITOA in the next year. In terms of big data types, wire data and machine data are ranked as the most valuable sources for IT visibility. In addition, organizations that combine multiple data sources for ITOA gain greater insights from the data, resulting in quicker, more accurate data analysis. Of IT professionals who are combining wire data with other sources machine data is used by 54 percent, agent data by 31 percent and probe data by 26 percent.
60 percent of IT professionals understand the value and benefits of wire data for obtaining deeper ITOA insights. 93 percent of IT decision makers rely on wire data sources for IT management and monitoring, more so than any other traditional big data sources like machine, agent and probe information.
"As awareness of Big Data matures, we are seeing faster and more widespread adoption of ITOA, and the importance of wire data as a source of insight has become a key topic in conversations with customers," says Erik Giesa SVP Marketing and Business Development at ExtraHop. "Businesses rely on IT as the lifeblood of their organizations, so the stakes are high for keeping that machine running as efficiently as possible. That's where ITOA has really proven itself as a high-value, must-have initiative".
The full report is available to download from the ExtraHop website and there's a summary of the findings in infographic form below.
Image Credit: bleakstar / Shutterstock
Although millennials are the first fully connected generation, having lived their whole lives in the Internet era, new research suggests that they're beginning to recognize that their identity and personal data may not be properly protected.
Digital identity specialist Intercede surveyed around 2,000 16-35 year-olds in the US and UK to get their views on current security measures. The results suggest what the company calls a 'millennial malaise' towards existing safeguards, in particular the use of easily-hackable but widely used password-based authentication methods.
A quarter of the millennials questioned access more than 20 password protected websites, applications or devices over the course of a year, with 45 percent claiming they only ever change passwords when they have to. Only six percent believe their data is completely secure based on the password policy they apply.
When asked about the impact of an increasingly digitally-connected world, such as the increased use of mobile devices and tablets on their digital privacy, nearly 70 percent of millennials believe the risk to their online safety will increase -- with 31 percent believing this increase will be dramatic. More worrying is that 54 percent feel the failure of companies and governments to adequately protect identities and data will result in public distrust of their goods and services. A further 44 percent believe there will be an eventual decline in data sharing and 36 percent predicted demands for action. Smaller but still significant percentages of the research group say there is even potential for a decline in economic or political stability.
"It's time for organizations to stop playing fast and loose with what, in a digital economy, are our most important assets -- our identity and our data," says Intercede CEO Richard Parris. "There seems to have been a collective consensus that millennials will accept sub-standard security in exchange for online services. This clearly isn't the case. The humble password should be consigned to the dusty digital archives where it belongs. To restore trust, smart companies need to look to stronger authentication techniques to ensure the future of digital commerce and information exchange and their own competitive edge".
Growing levels of distrust may partly be down to adverse publicity as news of high-profile breaches means people are more aware of the risks. But Parris points out, "Trust is hard to win and easy to lose. There is a tipping point coming soon where the consequences of doing nothing could be severe, yet the technology to resolve trust issues already exists, service providers just need the vision to use it".
Image Credit: Lane V Erickson / Shutterstock
Businesses are under pressure to get applications out quickly and that means they benefit from having real-time streaming analytics as a way of cutting preventable losses, gaining operational insight and uncovering new business opportunities.
Big data specialist Impetus Technologies is helping developers do this by launching free versions of StreamAnalytix, its enterprise-class, streaming analytics platform, based on open source technology components.
It uses a GUI-based platform to allow developers to gain experience, conduct pilots and take a wide range of applications into production. The free versions of StreamAnalytix are intended to address the heightened interest among Fortune 1000 enterprises which want to quickly and easily capitalize on real-time streaming analytics.
The product comes in three flavors, StreamAnalytix Lite is a free, perpetual license to a production ready, unlimited scale, limited functionality version of the StreamAnalytix platform. It's aimed at developers looking to pull streaming data into Hadoop and use a powerful visual toolkit for developing real-time applications based on Apache Storm.
StreamAnalytix Developer is a free, one-year trial of StreamAnalytix Enterprise with all features included and scale limited to a maximum of eight processing cores of Apache Storm. It’s designed to provide maximum power and flexibility for developers to build real-life and complex enterprise applications and perform functional testing before expanding to a full scale deployment.
Finally StreamAnalytix Sandbox offers a free, one-year pre-licensed copy of StreamAnalytix Enterprise limited to eight processing cores, integrated with underlying open source components and pre-packaged in a binary virtual machine format that can be downloaded and used within minutes with no software installation process required other than the sandbox player tool.
"The power to ingest and analyze real-time streaming data at scale is one of the core value propositions of the big data eco-system. We are delighted to unleash that power in an easily consumable manner at no cost to a wide audience with the free versions of StreamAnalytix," says Anand Venugopal, head of product for StreamAnalytix at Impetus Technologies. "StreamAnalytix is being recognized as a leading solution among enterprises and analysts specifically because it offers the power and flexibility of the underlying open source systems along with the usability and manageability features, as well as support and professional services that are critical for enterprises to achieve business ROI through these technologies".
All three versions are available to download from the StreamAnalytix site as is a 60-day trial of the Enterprise version.
Image Credit: Rawpixel / Shutterstock
For enterprises to stay on top of their IT and in particular to deal with incidents they need to be able to navigate through high volumes of information and work out what’s important.
In order that operations teams can minimize time lost from searching mixed information sources and spend more time on resolving incidents, ops performance specialist PagerDuty is announcing integration with VMware's Socialcast enterprise social collaboration tool.
"During an incident, enterprises must currently navigate through a glut of information sources to resolve issues and maintain uptime," says PagerDuty Vice President of Product Management, Jonathan Wilkinson. "With this integration, we're deepening our commitment to supporting the enterprise and enabling faster and more efficient resolutions".
By linking with VMware, PagerDuty creates an integrated workflow across the tools that IT operations teams are already using. Incidents can be understood and resolved more efficiently with a means to share the data needed to fix the problem and the ability to seamlessly access that information from any device or platform.
"Two-way integration between Socialcast and the PagerDuty operations performance platform sets a new bar in helping our common customers identify and resolve IT issues rapidly," says Bob Schultz, vice president and general manager, Workspace Services, End-User Computing at VMware. "The ability to swiftly communicate about time-sensitive incidents is critical, and our collaboration with PagerDuty will provide our customers an even better solution to resolve issues quickly".
The feature is available now via the Socialcast Integration Store. It will also be demonstrated at next month's VMworld conference in San Francisco.
Photo Credit: dotshock/Shutterstock
Work collaboration specialist Clarizen is launching the latest version of its software aimed at delivering 360-degree visibility at any level of the enterprise, so teams can improve transparency within projects and among users and increase efficiency, accuracy and overall project quality.
Features include pre-built dashboards and reports that provide immediate visibility into projects and company wide effectiveness. New in-context data formatting automatically highlights key problems across all work items, as well as reports based on configurable rules.
An enhanced interactive resource load allows managers to make smarter resource deployment and project approval decisions. New mobile improvements enable team members to stay on top of changes as well as provide updates back to the rest of the team wherever they are.
It allows users to perform 'what if' analysis by filtering work items in or out to understand the impact of demand changes to a resource's workload. They can review the full work plan details on the same page as resource load, and view resource load data with more display and filtering options. Together the package offers a fully centralized resource planning process.
"Better work management starts with better visibility, and the fastest way to visibility is collaboration," says Avinoam Nowogrodski, CEO of Clarizen. "Executives, project managers and team members all need easy access to relevant information, not only to review off-track efforts, but also to properly allocate resources against ever-changing demand. Collaborative work management can only be achieved with visibility within projects and among team members. By simplifying work, businesses can move faster".
Clarizen's summer release is available now at no extra charge to existing customers. For more information visit the company's website.
Image Credit: Tischenko Irina / Shutterstock
Wave 2 Wi-Fi -- otherwise known as 802.11ac -- brings a number of advances to help wireless networks keep up with the increased demand from mobile devices.
Wireless network specialist Xirrus is aiming to make Wave 2 more accessible for business by introducing the industry’s fastest and only customizable Wave 2 Wi-Fi solution.
Xirrus' new Wave 2 access points (XD2) deliver triple the speed of competitive solutions, also allowing vendors to scale based on their specific connectivity needs. It includes two Wave 2 radios each capable of up to 3.47 Gbps, which enables customers to deploy a Wi-Fi network that keeps up with the demand from their environments, and ensures a longer network lifespan.
Other advantages include double the speed of competitive Wave 2 solutions with 7 Gbps per AP, four-stream multi-user MIMO (MU-MIMO) compared to three-stream MU-MIMO supported by other solutions. XD2 is fully customisable with the ability to enable both radios to Wave 2 with the click of a mouse and is also Bluetooth low energy (BLE) enabled for location based services.
"Until the XD2, all Wave 2 Wi-Fi solutions introduced to the market to date have been effectively 'Wave 1.5' because they do not fully support the MU-MIMO standard," says Bruce Miller, vice president of product marketing at Xirrus. "Customers should steer clear of Wave 1.5 solutions and verify they are getting Wave 2 technology in order to deploy the fastest solution available and achieve the best return on their investment".
The company is also launching a low-cost range of X2 access points. The X2 delivers affordable, fast, reliable cloud managed Wi-Fi for the small to medium enterprise, hospitality and education markets.
The X2 delivers 1.2 Gbps of bandwidth per access point, a graphical interface for seamless, simple management, easy one-step, device-agnostic connection, and cloud-based activation to cut down on the need for on-site IT support.
You can find out more about Wave 2 solutions on the Xirrus website.
Photo credit: Shutter_M / Shutterstock
Businesses may be paying a lot more to recover from security breaches if they're using virtual rather than conventional in-house infrastructures.
According to a study by Kaspersky Lab enterprises pay more than $800,000 on average to recover from a security breach involving virtual systems, which is twice as much compared to incidents involving only physical infrastructure.
The problem affects smaller businesses too. SMBs reported damage of more than $26,000 for an attack on their physical infrastructure. The involvement of virtual infrastructure in a security breach, however, drives the cost up to nearly $60,000.
The main reason behind the additional cost is that many businesses use virtual infrastructure for their most important operations. The survey finds 62 percent of companies use virtualization in some form. As a result, many organizations are likely to entrust virtual environments with critical business processes. While an attack on physical nodes leads to the temporary loss of access to business critical information in 36 percent of incidents reported, this rises to 66 percent when a breach affects virtual servers and desktops. Attacks affecting virtual environments also typically require additional third-party expertise to fix. Businesses have to request help not only from IT consultants, but may also involve also lawyers, risk management experts and others.
The survey found that 42 percent of businesses believe that security risks in virtual environments are significantly lower than in 'physical' ones. In addition, 45 percent of companies report that security management in virtual infrastructures is seen as a problem and yet only 27 percent of businesses have deployed a security solution specifically designed for virtual environments.
"Businesses expect that going virtual will drive down their IT spend and streamline their infrastructure," says Matvey Voytov, Corporate Products Group Manager at Kaspersky Lab. "However, the survey results show us that if there is not enough attention paid to security matters in the virtual environment, expenses may exceed the benefit. Our view is that businesses should use customized, virtual-aware security solutions with centralized management and reporting. The solution should have a low impact on resources, a high detection rate and the ability to spot suspicious activity right away".
The full report is available on the Kaspersky Lab site.
Photo Credit: Andy Dean Photography/Shutterstock
We reported earlier today that streaming music service Spotify had upset a lot of users with changes to its privacy policy. In particular sections concerning what information the company is allowed to collect have sent some users into a spin.
Evidently stung by the reaction, Spotify has been quick to respond. In a blog post by CEO Daniel Ek it says sorry and explains more about what the changes actually mean.
"We are in the middle of rolling out new terms and conditions and privacy policy and they've caused a lot of confusion about what kind of information we access and what we do with it," writes Ek. "We apologize for that. We should have done a better job in communicating what these policies mean and how any information you choose to share will -- and will not -- be used".
He points out that although the policy asks for permission to use information including photos, mobile device location, voice controls, and contacts, Spotify will seek express permission before accessing any data and will only use it to improve the Spotify experience.
Ek gives specific examples of how data might be used, for example on location information, "We will never gather or use the location of your mobile device without your explicit permission. We would use it to help personalize recommendations or to keep you up to date about music trending in your area. And if you choose to share location information but later change your mind, you will always have the ability to stop sharing."
There are similar clarifications for other areas which you can read in full on the blog. Ek says that the privacy policy will be updated in the next few weeks to better reflect how data will actually be used. In the meantime users with concerns or questions can email privacy@spotify.com.
Does this reassure you about what Spotify is up to? Do let us know.
In recent years cloud technology has allowed organizations of all sizes and across all industries to become more flexible and more productive.
Identity and mobile management specialist Okta has produced a report based on usage data across more than 2,500 customers and 4,000 apps that sheds light on how organizations and people get work done today, and on what security measures companies use to keep data safe.
"We're seeing companies of all sizes, industries and regions depend on cloud and mobile to propel their businesses forward," says Todd McKinnon, CEO of Okta. "Business leaders are making big investments in cloud and mobile, and Okta's dataset offers some insightful trends into the apps, services and security measures businesses are choosing to leverage".
Among its findings are that company size is no longer a strong indicator of how many cloud or mobile apps a company licenses with a median of between 11 and 16 off-the-shelf cloud apps. There has also been a 40 percent increase year-on-year in companies protecting their sensitive data with multi-factor authentication for at least one app.
Some enterprise apps have maintained their early leadership positions, for example Salesforce.com in CRM, AWS in infrastructure and Box in content storage -- but others have lost ground to the competition, these include Google Apps which is now trailing Microsoft Office 365 in almost every category. Media darling Slack has also done well, increasing its user base by 50 percent in the second quarter of 2015.
The report also finds that businesses are making aggressive efforts to enable their partners, customers and contractors through new cloud-based applications, websites or portals. The number of the external identities in Okta grew by 284 percent from July 2014 to July 2015, while internal identities grew 192 percent in the same timescale.
Companies are also looking at more sophisticated authentication methods. Usage of traditional security questions has dropped 14 percent since April 2014. Businesses increasingly prefer SMS authentication, with usage increasing by eight percent in the same period.
With companies putting a premium on security, developers are increasingly creating apps using the Security Assertion Markup Language (SAML) authentication system from the start. 19 percent of applications that are in the Okta Application Network (OAN) today are SAML-enabled, a six-fold increase over the past two years.
You can get the full Businesses @ Work report from the Okta website.
Photo Credit: RPeshkova/Shutterstock
The number of high profile security breaches in recent years highlights the risk for individual organizations. But what about the risks that stem from other businesses in the supply chain?
Security ratings specialist BitSight has released new data that looks at the overall security ratings of four common business services industries -- law, PR, accounting and benefits administration -- each of which have access to sensitive data.
BitSight scores the performance of companies across different sectors to produce a security rating between 250 and 900, it also looked at the average number of days taken to fix a problem. The benefits administartion sector comes out on top with an industry average score of 740 and a fix time of 1.8 days. Next is accounting with 725 and 1.9. The legal sector only manages a score of 670 but has an impressive remediation time of 1.3 days. PR brings up the rear on 615 and 2.3 days.
The study underlines that businesses need to be aware of which third parties have access to their data, what security measures they have in place and communicate any potential issues.
You can see more information including how the ratings are calculated in the infographic below or on the BitSight blog.
Photo Credit: Alexander Kirch/Shutterstock
They say lightning never strikes twice, but they're wrong as Google reports that it's lost some data after the power grid serving one of its European data centers suffered four consecutive lightning strikes last Thursday.
Google Compute Engine (GCE) disks in the europe-west1-b zone data center, located in Belgium, suffered I/O errors in the strikes and 0.000001 percent of disks suffered permanent data loss. GCE allows customers to run virtual machines and store data in the cloud.
It's not known what data was lost or which customers have been affected, but writing on its Cloud Platform status page yesterday Google points out that, "The issue only affected Standard Persistent Disks that existed when the incident began at 09:19 PDT. There was no effect on Standard Persistent Disks created after 09:19. SSD Persistent Disks, disk snapshots, and Local SSDs were not affected by the incident". We understand that customers have been able to successfully recover from Persistent Disk Snapshots and from their own backups.
Google has apologized to affected customers and says that it's working to improve the reliability of its GCE storage layer. However it does say that, "GCE instances and Persistent Disks within a zone exist in a single Google datacenter and are therefore unavoidably vulnerable to datacenter-scale disasters. Customers who need maximum availability should be prepared to switch their operations to another GCE zone. For maximum durability we recommend GCE snapshots and Google Cloud Storage as resilient, geographically replicated repositories for your data".
Fans of Douglas Adams' Hitchhiker's Guide series will know that 'Belgium' is the most unspeakably rude word in the galaxy, customers of GCE now understand why.
Photo Credit: Igor Zh /Shutterstock
The rise of BYOD offers businesses improved flexibility and employee productivity, but those things come at a price. BYOD can lead to extra costs such as needing to reimburse staff for air time.
Mobile platform provider Syntonic is launching DataFlex, an operator-independent split billing solution designed to cost-effectively deploy, operate, and manage BYOD usage for businesses of any size.
The solution offers separation of personal from business use on any mobile operator network, including AT&T, Verizon, T-Mobile and Sprint. Syntonic DataFlex can also be easily integrated into any existing expense management platform to streamline employee reimbursement. It can be accessed via a self-service portal for easy provisioning of employee devices with business applications and website access.
"BYOD has transcended the large enterprise and is now regarded as an essential business function for businesses of all sizes," says Gary Greenbaum, Syntonic CoFounder and CEO. "With Gartner anticipating nearly half of all businesses to require employees use of personal devices for work by 2017, it will be imperative for business owners to adopt solutions that help control BYOD costs now. Syntonic DataFlex allows businesses to cost efficiently initiate and scale BYOD programs".
Key features of DataFlex are that it will work with both Android and iOS devices across all mobile operators. It doesn't require any app modifications like SDK integration and it protects businesses with threat detection and encryption even if the employee is using an unsecured network. For managers and accounts teams it offers detailed app-level analytics segmented by employee, department, company, time period, data used and other details to help guide mobile forecasting, budgeting and investments.
You can find out more and sign up for a free trial on the Syntonic website.
Image Credit: Peter Bernik / Shutterstock
A new survey of security executives at large companies in the US reveals that many don't have confidence in their enterprise security posture. Less than a third of these executives are confident in their organization's security position, and only slightly more than a quarter feel that their communications on security to senior management are effective.
The survey commissioned by Raytheon|Websense shows that many still rely on technology aimed at preventing breaches but do little after one has occurred. Yet 9 out of 10 of the organizations represented in the survey have had at least one breach involving a loss or compromise of data in the past year.
Despite this only a third of the executives surveyed employ qualitative techniques, such as dwell time, that help them understand the state of their network post-breach. 57 percent measure their security position simply by counting the number of breaches.
"With security spending continuing to skyrocket, it is more important than ever to be able to report on metrics that matter, not just quantitative metrics like counting breaches. When breaches are constant, and inevitable, we need a better way," says Ed Hammersla, president of Raytheon|Websense. "We know threats are going to get in. If we want to be more confident, we need to shift our thinking to metrics such as dwell time, or reducing the time a threat is in our network, which reduces damage and helps strengthen our overall security posture".
When asked about metrics used to communicate their security posture, only 28 percent of executives surveyed felt the ones they used were 'Completely Effective'. 65 percent felt the metrics were only 'Somewhat Effective'. Only 33 percent of those surveyed use dwell time (the elapsed time from initial breach to containment) alongside the other more established measurements such as Cost of Incidents (39 percent) and Reduction in Vulnerabilities (39 percent).
Intruders can do more damage to a business the longer they have to poke around and move within the network. The lesson from this research is that if an organization can limit the length of time a threat exists, the damage will be minimized. Enterprises therefore need to employ different detection, analysis, and ejection techniques to stay secure.
More information on the report is available on the Raytheon|Websense site.
Image Credit: Manczurov / Shutterstock
We all know that using public wireless hotspots can be risky, but is seems that some places are more of a threat than others.
Mobile threat defense company Skycure has put together a study into the most dangerous tourist destinations to use your mobile device, the type of threats you might encounter, and offers some tips on how to avoid falling victim to an attack.
Large city locations dominate the list but Disney theme parks, places where you might expect to feel pretty safe, also feature -- insert your own Mickey Mouse security joke here.
The safest attraction is India's Taj Mahal, though the good karma there is largely down to limited connectivity and a ban on using mobile phones within the monument. The safest destination in the US is the Great Smoky Mountains national park in Tennessee, again largely because it's hard to get a signal.
The research also finds that Android devices encounter network related threats almost twice as often as iOS devices. Even though iOS devices connect on average to more Wi-Fi networks, Android devices manage to connect to more threatening ones.
"Unfortunately for mobile tourists, the most magical places on earth can sometimes be the most dangerous," says Adi Sharabani, CEO of Skycure. "When you’re in a high-traffic area like these famous destinations, you're a target for hackers. Unlike your computer, your phone is always on, even when you're taking in the sights. Mobile tourists are a lucrative target for cyber criminals".
The most frequent threat comes from SSL decryption attacks, which allow cyber criminals to capture personal and work information like logins, passwords and corporate credentials even when the user thinks they're secure. The research also revealed cases of SSL stripping, which downgrades secure URLs (https) to non-secure URLs (http). Like SSL decryption attacks, this allows hackers to gain access to private information and communication while the user thinks they're safe.
To protect yourself, Skycure suggests avoiding networks with 'Free' in their name, eight percent of the total reported threats originated from these. You should also read the warnings on your device and don’t continue if you’re not comfortable with the exposure. You should also ensure you have the latest updates on your device and use a mobile security app. If your phone begins to behave oddly you should disconnect immediately.
You can see the list of the riskiest and safest destinations in the infographic below. You can also check for threats in your area using Skycure's interactive map.
Photo Credit: William Perugini / Shutterstock
Phishing is a popular route for cyber criminals to gain a foothold in organizations as the weakest link in security is usually the person sitting at the keyboard.
To help combat this Wombat Security is adding a new PhishAlarm to its security awareness and training platform. PhishAlarm is a plug-in for Microsoft Outlook that enables end users to report suspected phishing emails to security and incident response teams with a single mouse click.
The software reinforces the right actions that are key to achieving long term behavior change and protecting organizations from attack. It simplifies the reporting process and therefore shortens the time it takes information security analysts to recognize and respond to phishing attacks. PhishAlarm also provides positive behavior reinforcement by immediately thanking end users (via a pop-up message or email) for reporting suspected phishing emails and encouraging them to continue those actions in the future.
"Future versions of PhishAlarm will give security officers enhanced intelligence to quickly act on phishing attacks as they are reported," says Joe Ferrara President and CEO, Wombat Security. "We continue to keep the needs of security officers as a driving force behind our solutions. Wombat's best-of-breed security education solutions, including our anti-phishing products, are appreciated by our customers because of their effectiveness and ability to deliver results for the organization".
You can find more information on Wombat's security and phishing awareness products on the company's website.
Image Credit: Maksim Kabakou / Shutterstock
VMware vSphere is the world’s leading virtualization platform, estimated to run on more than six million physical servers in businesses. But enterprises looking to implement private clouds often turn to OpenStack and up till now this has had limited support for vSphere.
Cloud specialist Platform9 has an answer with the general availability of Platform9 Managed OpenStack for VMware vSphere environments. This is a SaaS solution that transforms an organization's existing servers into an AWS-like agile, self-service private cloud.
"Platform9's mission is to make private clouds easy to deploy and manage for the enterprise. By fully supporting VMware vSphere, we are enabling every VMware customer to instantly derive greater value and infrastructure agility from existing virtualized infrastructure," says Sirish Raghuram, Co-founder and CEO of Platform9. "Customers no longer need to choose between the world's leading private cloud platform (OpenStack) and the world's leading virtualization platform (VMware vSphere): Platform9 Managed OpenStack is 100 percent interoperable with VMware vSphere, allowing customers to integrate OpenStack and vSphere seamlessly. Developers can have self-service provisioning using OpenStack while at the same time, IT Operations manages the underlying infrastructure using vSphere".
Using a SaaS delivery model Platform9 Managed OpenStack not only makes it easy for IT to quickly deploy an OpenStack private cloud but also provides ongoing operational support by including monitoring, troubleshooting and updates for OpenStack. It fully supports VMware vSphere environments and a new VMware specific Virtual Appliance is now available to integrate the OpenStack controller services with vSphere resources.
It offers self-service automation making life easier for developers, support for OpenStack APIs, a single pain view with KVM and VMware vSphere virtualization. Docker support is in development with a beta expected later this year. Platform9 takes care of monitoring, troubleshooting and upgrading the OpenStack framework, ensuring customers have a reliable production environment.
Platform9 Managed OpenStack is available now and there's a free trial available on the Platform9 website.
Photo credit: Maksim Kabakou / Shutterstock
We all know that virus infections are a pain, not only do they disrupt your work they can also be hard to remove as they often prevent you from downloading or running cleanup tools or even from accessing Windows.
If you don’t have access to a friendly geek with the right tools you can be faced with hours of work or even having to wipe out and reload your machine.
Now there’s a solution in the form of FixMeStick. It’s a USB stick that removes viruses and infections from both Windows PCs and Macs. It follows the same process that professionals do by running multiple scanning tools to increase detection rates and operating outside the machine’s normal operating system to prevent interference.
How It Works
The FixMeStick is a bootable drive so if your BIOS is set to start from USB you can just plug it and switch on the machine. Alternatively you can plug it in while the operating system is running and it will read your Wi-Fi details so it can get online and then force a reboot. After booting it will update itself over the Internet -- you’ll need to enter your wireless details if you didn’t run it in Windows first -- and begin a scan.
Depending on the size and condition of your machine scanning may take several hours to complete. It uses three anti-virus engines, Sophos, Kaspersky and GFI Vipre to ensure that it has the best chance of finding all infections. There’s a custom scan option for advanced users that allows you to restrict the scan to specific disks or files if you want to.
When the scan is complete you get the opportunity to review the detected items before removing them to quarantine. After booting back to Windows you’re presented with a browser page giving contact details should you want to follow anything up, though the phone number supplied is in Canada. The important thing to note here is that it only quarantines files, it won’t repair infected system files so if a key Windows file gets canned you might find your system won’t boot and you need that support. It doesn’t remove virus traces from the registry either, you’ll need to scan with another product to do a complete clean up once FixMeStick has got you up and running again.
FixMeStick copies itself to the hard drive and leaves a quarantine folder there too so you can get back any files that have been wrongly removed. It sends you an email too with a link to view your scan results via an online portal.
FixMeStick costs £45 which allows you to use it on three machines for a year -- you need to specify whether it’s for PC or Mac when you order. After that you can reset it for £37 to give you a further year’s use. There’s a pro version available which gives use on unlimited numbers of machines for a year costing £200.
Is It for Me?
So, should you buy one? There are of course plenty of free bootable rescue discs available to download but they’re generally not easy to use. FixMeStick is. If you’re not confident with using conventional anti-virus tools or creating rescue disks then FixMeStick provides a fully automated scan and it’s cheaper than paying a specialist to clean up your machine. You get access to email and telephone support should you need it too.
It isn’t intended to be a complete solution and there’s no long-term protection. However, it will get a heavily infected machine working again so that you can complete the clean up with a conventional installed antivirus product.
Not for experienced PC wranglers then, but as a get-out-of-jail card for non-techies it’s hard to beat. You can find out more at the FixMeStick website or click the button below to get one for yourself.
Pros
Easy to use
Multiple scan engines
Access to support
Cons
Quarantines infected system files
Doesn’t remove registry traces
No ongoing protection
Company | Release Price |
ITProPortal Review |
Latest Prices |
---|---|---|---|
FixMeStick | £45 | 7/10 | $58.99 |
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
More and more of the devices we use these days rely on wireless signals for their connectivity. If you're male you quite likely carry your smartphone in your trouser pocket or use your laptop or tablet on your knee, which means these signals are being transmitted in close proximity to your gentleman's area.
Should you worry about this? A 2014 study by the University of Exeter suggests that just one hour's exposure to radiation from a mobile phone can reduce in vitro (outside the body) sperm motility to 49 percent and viability to 52 percent. In addition the World Health Organization has classified electromagnetic radiation in the same category of harmfulness to humans as petrol exhaust fumes.
So, short of going back to wired connections or lining your trousers with tin foil what can you do? A British scientist has come up with a solution in the form of underpants made with silver. By using a mesh of pure silver woven into fabric the pants claim to shield against 99.9 percent of harmful electromagnetic radiation (EMR) emitted by Wi-Fi devices.
For people of a certain age the mention of silver underpants will probably bring to mind the scene in Dune where Sting emerges from the shower in a rather disturbing pair of budgie smugglers and an even scarier ginger hair do. But fear not, Wireless Armour uses silver threads woven into the cotton so you won't look like you're wearing a cast off from NASA.
"Like so many people, my smartphone and laptop use has increased dramatically in recent years which made me realise that I was exposing myself to large amounts of electromagnetic radiation, mostly centred on my groin," says London scientist and Wireless Armour inventor, Joseph Perkins. "With my physics background I knew there must be a way to shield from electromagnetic radiation using a simple solution. Wireless Armour has been tested by an industry leader in wireless shielding and the results show that our fabric shields against 99.9% of the radiation emitted between 100MHz to 2.6GHz. Put simply, this covers the entire range of radiation emitted by wireless devices, from voice and text through to 4G and Wi-Fi, almost everything is blocked."
Silver has the added advantage of being anti-microbial so you'll end the day fresher and more hygienic as well as being protected against wireless emissions.
At between £24 and £35 ($37 to $55) a pair from the company's website Wireless Armour undies aren't cheap, but what value do you place on your fertility?
IBM is making a serious bid for a slice of the enterprise Linux market with the launch of a new range of mainframe servers called LinuxONE.
At the top end of the market is LinuxONE Emperor, a machine based on the IBM z13 and which can scale up to support 8,000 virtual machines or thousands of containers. It also delivers the security and advanced encryption features needed by large enterprises.
For the entry level market there's also LinuxONE Rockhopper. This is aimed at customers who need the speed, security and availability benefits of a mainframe but in a smaller package.
Big blue says that the LinuxOne system will work with open source software including Apache Spark, MariaDB, PostgreSQL and Chef. It's also announced a partnership with UK-based Canonical to distribute its Ubuntu open source OS software on LinuxONE and z systems.
All of this is backed up by a LinuxONE Developer Cloud which provides a virtual research and development engine for creating and testing new applications, and generating links to mobile apps, hybrid cloud apps and more.
More information about LinuxONE is available on the IBM website.
Many companies would like to use the cloud as a new approach to storage management, but it isn't without problems. High latency, unpredictable performance of internet transport and fear of data breaches may make the public cloud services unsuitable for many production applications.
We spoke to Ellen Rubin, CEO and founder of enterprise storage startup ClearSky Data to find out how enterprises can address these issues and get their cloud storage projects moving.
BN: What proportion of enterprises are using cloud storage solutions, and how will changes in enterprise needs drive storage-as-a-service?
ER: There is a chronic, incredibly expensive problem in the enterprise data center. It stems in part from the longevity of data. Enterprises have data buried in files, databases, emails and other places where it sits -- basically -- forever. That data is used in varying degrees depending on its timeliness and value to the enterprise, but no one ever wants to throw anything away, so the data center footprint keeps growing.
As enterprises struggle with that scenario, we hear a variety of numbers suggesting IT's approach to managing growing data stores. At the end of 2014, 451 Research said 32 percent of enterprises were using the public cloud and 39 percent had hybrid infrastructure in place. Enterprises like the idea of extending their data centers out to the cloud. Even more attractive is the potential for managed cloud -- being able to tap into an enterprise-class storage-as-a-service offering that takes the weight off their data centers and infrastructure teams. They want all the things that are great about the cloud, but they need the hybrid storage management aspect to protect them from security concerns as well as performance and latency issues. There is the potential in the market now to challenge the long-standing enterprise storage status quo, and the service aspect will be key to that disruption.
BN: What is the biggest concern for enterprises wary of straying from the traditional approach to storage?
ER: We see the answer to that question in every industry survey. The main hesitations about cloud storage adoption are control and security. Companies want the scalability, agility and economics of the cloud, but they worry about losing the control they feel with local enterprise storage. Because of that, enterprises are making their way to the cloud with Web apps or test and development workloads. If they could mitigate concerns around control and security issues, enterprises could shrink the expense and complexity in their data centers while improving performance.
BN: Data security is a major concern for enterprises that use cloud storage, how can that issue be addressed?
ER: The major cloud providers have made significant strides in meeting enterprise security concerns over the past few years, but there are still several issues to address. The most critical ones are around data encryption and key management – these are table stakes for putting data in the cloud. A managed service provider (MSP) can address these issues upfront for enterprises, as well as provide many other requirements, such as third-party audits, operational controls, background checks and more.
BN: Is there a cost benefit to having storage in the cloud? How does that vary based on the amount of data a company creates?
ER: There is a huge cost benefit to putting archival, backup and cold data in the cloud and leaving it there. That kind of storage is dirt cheap. But -- and this is a big but -- it's not cheap to pull that data out of the cloud and use it in a production-ready way. Plus, there is unpredictable performance and a level of latency that is unacceptable for most production applications. The amount of data enterprises create isn't the point. The cloud is endlessly scalable -- if they want to put a ton of petabytes in the cloud, they can go ahead. However, the speed and performance required for enterprise apps needs to be addressed.
BN: What are the biggest misconceptions surrounding enterprise storage?
ER: Enterprise IT teams believe they have no choice but to invest and reinvest in data center infrastructure every few years as their data stores grow and technology changes. They are stuck on a commodity storage treadmill.
Secondly IT teams often view new platforms as cure-alls for storage headaches, but if enterprises are going to become more agile, they'll have to focus on something different: managing their data more effectively as it cycles through the hot, warm and cold lifecycle stages.
Also some label the public cloud as a panacea for storage management, but enterprises have security and control questions about the cloud, and performance and latency are also barriers. There are unavoidable latency issues around moving data between clouds and across complex networks that span hundreds or thousands of miles. Fixing this will require the help of service providers with regional resources and the ability to help enterprises maintain the performance levels their users demand.
MSPs and enterprises need to partner with companies that are focused on helping them overcome these market challenges.
Photo Credit: fbmadeira/Shutterstock
Given the current threat landscape and the fact that attackers are finding new ways to bypass traditional security, it's no surprise that many companies are turning to the use of breach detection to protect their systems.
Independent testing organization NSS Labs has evaluated eight of the leading BDS vendors -- BlueCoat, CheckPoint, Cisco, Fidelis, FireEye, Fortinet, Lastline, and Trend Micro -- for security effectiveness, performance, and total cost of ownership.
The security effectiveness test looked at detection rate, anti-evasion capabilities, device stability and reliability and time to detect. Cisco came out on top with a 99.2 percent overall effectiveness score with Trend Micro second on 96.2 percent, Checkpoint and Lastline tie for third on 95.9 percent. Worst performer is FireEye on 51.8 percent.
Assessed on performance, BlueCoat and Fidelis both offer higher throughput rates. The front runners for detection all have similar throughput rates with FireEye again bringing up the rear. Lastline lags behind the others for devices with 4.5 and 1.7Kb responses, but on 'real world' traffic patterns it's on a par with Cisco, Trend Micro and the others.
Looking at total cost of ownership (TCO) BlueCoat comes out on top at $50 per protected Mbps followed by Fortinet on $76 and Lastline on $106. Cisco does less well here with a TCO of $228 per Mbps. FireEye again brings up the rear on $541 thanks to its lower throughput rates.
NSS also calculated a Security Effectiveness value indicating whether a product is underpriced, overpriced, or priced accurately depending on the performance and overall security effectiveness. A product with a Security Effectiveness value that is higher than its purchase price can be considered good value for money. Looked at in these terms the top four are BlueCoat, Fortinet, Lastline and Fidelis.
The full reports are available for NSS Labs subscribers. You can download a security value map with an overview of the findings free from the NSS website.
Image Credit: Balefire / Shutterstock
One of the big under-the-skin changes Windows 10 has made is the way it updates, thanks to Microsoft's new system of continuous updates.
For businesses this presents a problem as there may be some parts of the update process they'd rather opt out of.
There are options to allow IT managers to control the update process and Deepak Kumar, CTO and Founder of systems management company Adaptiva has put together an infographic explaining the differences.
Aside from the Current Branch which home users get, there are essentially two options for enterprises. Current Branch for Business (CBB) which allows IT managers to install security updates immediately but delay new features and bug fixes. The alternative is the Long Term Servicing Branch (LTSB) option which gives them the flexibility to put off the installation of new Windows 10 features for up to 10 years.
You can see the different branches explained in the infographic below.
The days of spending all of your working hours in a single office location are increasingly behind us. Both employers and staff are demanding more flexible solutions. Add to this a new generation of millennial workers demanding a better work/life balance and it’s clear that enterprises need to deliver on new ways of working,
But how can they do this and what effect does the change have on corporate culture? We spoke to Rickard Hansson, founder and CEO of enterprise collaboration specialist Incentive, to find out.
BN: What's driving the demand for more remote working?
RH: Several things, actually. First, I would say the way people in general get stuff done nowadays. Everything is a finger tap away -- your "computer" is in your pocket. What everyone realizes and experiences is that they can get stuff done -- everywhere and any time -- so why not when it comes to work? And this has finally reached the C-level as well, meaning they have also discovered this in their own lives and are therefore more open to implementing it in the workplace.
Second, it's the need for work/life balance -- picking up kids, waiting for the service technician, etc. Getting control of your time gives you more time. And if you can get the same amount of (or often more) work done from home, why not do it? This is very tied into trust from management, of course, and dependent on the culture in the workplace.
Third, I would say is the need for "focus time". An office space can often be the most disruptive place you can be when you really need to focus on that report or preparing that presentation. I make it a habit to work from places other than the office -- a coffee shop, a startup incubator, etc. I always have my co-workers there, but I can still keep in touch and interact through our social intranet.
BN: What benefits can remote working bring for the enterprise?
RH: Some -- if not most -- enterprises have no choice working remotely with a distributed workforce in multiple offices around the country or world. Remote working is often translated into working from home, but remote working is really everything you do when you're out of the office or not in the same office as others.
If you succeed with remote working across the board, your enterprise will be better on every level. Cross-communication between departments will be improved, you will be more responsive when you have access to all knowledge and information all the time -- you can even get stuff done when you're stuck in your two-hour commute.
BN: Doesn't having people working remotely mean missing out on opportunities for in-house collaboration?
RH: You can NEVER replace the human meeting, especially when you need to work as a team. We do it all the time. We have offices on the West and East Coasts and one office in Sweden.
I fly to Sweden and the East Coast every five weeks or so, then I fly over people from the other offices to LA on a regular basis. The meetups are for what I call "focus sessions" -- issues we need to discuss in-depth and sort out so we can create a roadmap for the next 5-6 weeks. In between the meetups, remote working is a wonderful way of continuing the work. It maximizes the value and outcome of your focus sessions continuing your work through your social intranet using video chats, instant messaging, document collaboration, file sharing and more -- you just pick up where you left off, seamlessly.
BN: How can the corporate environment adapt to be viable regardless of employee location?
RH: This is always tricky, but it's something many businesses have been dealing with successfully for ages. Enterprises should create a strong foundation and policy for remote working, and not just about security and codes -- there has to be more focus on the people and the social layer where people can connect on mutual (business) interests instead of just finding people based on their title on the business card or hierarchy charts.
If remote workers are already implementing the social part, meaning employees are connecting and collaborating regardless of their location, you can easily weave it into the business' core values and culture.
BN: Doesn't reliance on the cloud for collaboration lead to additional risks for the business?
RH: The reality is you need the cloud to be truly remote. Even if you have everything on premise, you need VPN and therefore you are dependent on a carrier -- the Internet. So the cloud is always going to be there, whether you like it or not.
Instead of worrying about the cloud itself, focus on the services you are using and what control you have over them. Most breaches you read about aren't the cloud per se -- it's the service, and most services are in a multi-tenant environment. That means all data is stored in the same location for all customers and the only thing that differentiates one customer from another is a key in the database. The risk here is hackers can get in and find the "master key" to dump all the data.
Enterprises should look for single-tenant solutions with multi-tenant capabilities. The advantage of multi-tenant solutions is the never-ending stream of new features and upgrades that happen automatically. There are single-tenant solutions that have that same capability. In fact, many people will probably be reading this on a device that is single-tenant but still updated: the OS.
With single-tenant, you're in control of your data -- where it's stored and geographically located. You can have it on premise or in the cloud -- it's all up to you.
Image Credit: Dragon Images / Shutterstock
A script injection vulnerability in the popular Salesforce cloud CRM system could have left users open to attack from phishing emails that appear to come from within a trusted domain.
Cloud application security specialist Elastica has released details of the vulnerability -- disclosed to Salesforce in early July -- which opened the door for attackers to use a trusted Salesforce application as a platform to conduct phishing attacks to steal end-users' login credentials and hijack accounts.
Though it was considered to be a low-impact threat because it existed in a sub-domain rather than the main Salesforce domain, Salesforce patched the vulnerability on August 10, a finding validated by Elastica researchers.
The flaw enabled attackers to execute JavaScript to steal cookies and session identifiers, which could have led to a potential Salesforce account takeover depending on Same Origin Policy (SOP). They could also force Salesforce users to visit phishing sites to potentially extract credentials via social engineering tricks. Attackers could also have injected pop-up windows to facilitate phishing attacks or forced users to download malicious code on their machines by executing unauthorized scripts in the context of the browser running a vulnerable application.
"Exploitation of XSS vulnerabilities is among the most prolific methods of Web application hacking today," says Dr. Aditya K Sood, lead architect of Elastica Cloud Threat Labs. "Although this particular flaw was only present in a Salesforce subdomain, exploiting the trust of the company's primary domain could have allowed attackers to easily implement phishing attacks to gain access to user credentials. With stolen credentials, attackers can then access users' accounts and exfiltrate sensitive data undetected for long periods of time".
You can find a detailed analysis of the flaw and how it could be exploited on the Elastica blog.
Photo Credit: Ivelin Radkov/Shutterstock
According to a new report by endpoint security specialist Invincea malvertising is causing more than $1 billion worth of damage each year.
Based on data gathered in the first six months of this year the company detected and blocked approximately 2,100 malvertising attacks against its customers, representing 2.1 million malicious advertisements. Invincea estimates this caused $525 million of damage in repair and recovery expense, excluding the impact of any data breaches.
Other trends identified include the emergence of just-in-time (JIT) malware assembly. This technique builds malware executables on targeted machines, using native Windows utilities from those machines to assemble their malicious payloads. JIT malware is able to bypas filters and sandboxes that look for complete malicious executables in network traffic.
Microsoft Office files are also being used by multiple criminal gangs via weaponized documents sent in spear-phishing emails. Adding a new twist to malware delivery via e-mail attachments, adversaries are using Visual Basic scripts available on Pastebin and elsewhere to flexibly adapt weaponized documents to distribute malware payloads.
It also highlights that recent spear-phishing initiated attacks against the White House and health insurer Anthem shared key common attributes. In each case, employees were lured into clicking on malicious content that enabled the threat actors to gain a crucial foothold on the targeted networks. The malware employed in each attack was also similar, although customized to avoid detection by traditional security tools.
"Our latest research shows the relentless innovation of threat actors' techniques that in turn highlights the inadequacy of most organizations' network defenses. This is consistently leading to intellectual property loss, costly remediation, loss of employee productivity, and reputational harm," says Invincea Founder and CEO Anup Ghosh. "The endpoint is today the pivotal battleground in security, as both traditional anti-virus and newer network security controls are blind to now common attack techniques used in pervasive cyber-crime, industrial espionage, and nation-state campaigns".
More details are available in the full report which can be downloaded from the Invincea website.
Image Credit: Sam72 / Shutterstock
With increasing numbers of credentials being stolen in data breaches it makes sense to use a password manager to protect your online accounts.
Popular password manager LastPass is encouraging users to make the leap by making its service available free on mobile devices, including smartphones and tablets from today.
The new version also enables first-time users to sync data across the same device type they get started on, without needing to upgrade to LastPass Premium. Users can still choose to get started with LastPass on a desktop or laptop computer if they prefer.
"People often hear about useful apps on the go and want to get started right away from their smartphone," says Joe Siegrist, CEO of LastPass. "This new freemium model allows LastPass users to get started with our password manager on the device of their choice".
Whatever device users choose to get started on, they can use LastPass on that device and any others of the same device type -- desktops, smartphones or tablets -- for free. With this latest change, LastPass is making it easier and more affordable for people to organize their digital lives and improve overall online security.
To sync across an unlimited number of devices, including desktops, laptops, smartphones and tablets, users can upgrade to the LastPass Premium service, which comes with a free 14-day trial and costs $12 per year. You can get started by downloading the free version from the LastPass website.
Photo credit: shutteratakan / Shutterstock
IT departments and developers are under increasing pressure to support innovation at a much faster pace. This requires agility but also the needs to meet governance requirements and allow people both inside and outside IT to build cross-platform apps that conform to best practices and standards.
Digital transformation specialist AnyPresence is launching a new platform that offers a comprehensive solution for API-driven enterprise app development and enabling the Internet of Things.
"We see increasing demand for enterprise IT to support digital transformation and innovation initiatives at a much faster pace, creating challenges balancing agility and governance," says Anirban Chakrabarti, CEO of AnyPresence. "This requires proliferation of microservices and empowering anyone within or outside IT to build cross-platform apps that conform to IT governance standards and best practices. The latest release of AnyPresence goes beyond typical MBaaS capabilities to meet these needs by enabling rapid API development, direct connectivity to APIs from client SDKs, and generation of IT-sanctioned app starter kits from any web portal".
Key features include Smart SDKs that can connect directly to REST web services without going through a backend server. This allows developers to have the benefits of client-side SDK acceleration by connecting directly to any API gateway, which can then pass the call on the AnyPresence backend server as required.
Integration Kits are pre-configured components that can be used to enable specific functionality such as connecting to an IoT hub, or implementing business logic such as an approval workflow. Customers can use integration kits as either a starting point to build an app, distribute as best practices via an app template, or as a working example of how to meet specific enterprise requirements.
A JustAPIs feature supports endpoint connectivity to Microsoft SQL Server databases, and adds an API Workflow Test Console to improve developer productivity. In addition AnyPresence now provides faster integration to virtually any enterprise data source via powerful connectors and authentication adaptors. Legacy or custom web services can be easily transformed into RESTful APIs within the AnyPresence Designer, minimizing the amount of code that needs to be created and maintained.
Support IT governance and policies is provided via a detailed history of all user actions on app definitions made within the AnyPresence Designer.
You can find more information about the latest version on the AnyPresence website.
Image Credit: Stokkete / Shutterstock
The shifting of systems to the cloud has an effect on many areas of the enterprise, not least IT. The role of IT professionals is beginning to enter new territory.
In the latest of its Trends in Cloud IT series automated management specialist BetterCloud looks at how the emergence of the cloud is altering perceptions. It's freeing up valuable time that cloud IT admins are using to become proactive decision makers in their organizations, rather than simply reacting to problems.
Based on data collected from more than 1,500 IT professionals the report finds that the average cloud IT admin has 15 years experience and two certifications. Of Google Apps admins 13 percent have Certified Administrator status and seven percent are Google Apps Deployment Specialists. In Office 365 shops 19 percent of admins have a Certified Solutions Expert (MSCE) qualification and 15 percent Certified Solutions Asociate.
Other findings are that cloud IT admins are substituting routine work with a wide variety of strategic and proactive tasks such as improving security, end-user training and application integrations. Regardless of organization size or admin experience, around 25 percent less time is being spent on routine maintenance tasks and 20 percent less on storage management.
Office 365 and Google Apps admins are similarly involved in their companies' migrations to cloud office platforms, with the majority of migrations happening in house (67 percent vs 68 percent). Office 365 admins are managing multiple cloud office systems more often than Google Apps admins (47 percent vs 24 percent).
"With cloud adoption set to rise in the coming years, cloud IT admins need to prepare themselves for the changes to come -- especially as they become significant decision makers within their organizations. For some, these new roles are already taking effect, for others, change will come more gradually," says founder and CEO of BetterCloud David Politis. "But for every IT admin, the cloud has the potential to expand their roles and reverse the 'cost center' perception that IT departments often wear like a scarlet letter".
As cloud adoption increases admins will need to gain the skills, and tools, necessary to manage a wide variety of cloud applications, regardless of where their organization sits on the adoption curve. They're also likely to become more influential within their organizations meaning that businesses with strong cloud skills will gain a competitive edge.
You can read more about the findings on the BetterCloud blog.
strong>Image Credit: ND Johnston/Shutterstock
Security professionals are naturally concerned with protecting sensitive data within their organization and elsewhere, particularly given the increasing numbers of threats.
A new survey of more than 100 information security professionals by data security specialist Vormetric and risk management research organization IANS reveals that 84 percent of respondents had considered a security strategy of encrypting all their sensitive data.
The top reasons given for encrypting information include preventing data breaches, cited by 66 percent, fulfilling compliance or audit mandates (54 percent) and protection of financial and other assets (53 percent).
Respondents to the survey are keen to implement encryption to solve problems with securing information held in databases, laptops, emails, private clouds and big data environments. 54 percent say that their top challenge when implementing encryption is legacy technology and support for encryption. Other roadblocks include the cost of encryption technology (52 percent) and worries about performance impact (44 percent). But interestingly, and in spite of these pain points, a massive 84 percent of respondents have considered a security strategy of 'encrypt everything'.
"Not only are perceptions of difficult and expensive implementations outdated, but encryption now also enables business velocity and advantage," says Vormetric's VP of Global Marketing, Tina Stewart. "Modern encryption solutions enable organizations to not only safeguard traditional applications, but also to take advantage of cloud, SaaS services, IoT and big data without incurring new risks to data. As a result, encryption in now a critical driver of lower operational costs as well as the rapid development new services and offerings for competitive advantage and market expansion".
The full report is available to download from the Vormetric website.
Image Credit: Maksim Kabakou / Shutterstock
Perhaps more than any other type of business, retailers are always keen to gain an advantage over their competitors. A new study by IDC suggests that they're increasingly turning to technology in order to stay ahead.
It reveals that 64 percent of retailers in Western Europe are currently undertaking some form of digital transformation effort while 21 percent are planning to do so by the end of the year.
Among other findings are that it's essential for retail companies to have a single view of core data elements such as orders, customer details, and inventory. They are expected to strongly focus on these areas, a view backed by the high percentage of new investments in them.
Retailers are increasingly seeking to add digital elements to their physical stores, though there's no single way to achieve this objective. Western European companies are prioritizing two areas of investments -- empowering sales associates with mobile capabilities and replicating personalized online engagements in-store.
IDC expects to see considerable investments made in the eCommerce space. The technology and business situation is rapidly evolving and pushing retailers to add more advanced capabilities to their traditional eCommerce platforms. However, they're also expected to embrace mobile commerce to optimize customer experience.
There's a challenge for retailers to fulfil complex customer order requirements across multiple platforms and customer interfaces. This is expected to trigger a wave of new investments to provide the capabilities needed.
"As retailers in Europe seek new ways to differentiate themselves from the increasing competition in the region, digital transformation is a train they cannot afford to miss. Today, all the top Western European retailers are in the process of determining how digital impacts them and what their digital transformation approach and strategy should be," says Luca Bonacina, senior research analyst, IDC Retail Insights.
The full report Digitally Transforming Retail Businesses: The Western European Perspective is available from the IDC website.
Image Credit: Hasloo Group Production Studio / Shutterstock
Over the past week and a half many thousands of people worldwide will have taken the plunge into Windows 10. But, as we've previously pointed out the free upgrade comes at a price in terms of privacy.
So what can you do to enjoy the advantages of Windows 10 without giving away too much of your information? Here are some tips to help you protect your details.
Installation Options
If you’re yet to install Windows 10 you’re probably keen to get started, but don't just accept the Express Settings option in a bid to be up and running as soon as possible. The Express option allows the OS to share speech, typing, contacts, calendar, and location data and advertising ID information to Microsoft and its partners. If you choose the Custom install option you can turn most of these off to guard your privacy. These can also be turned off later from Settings, Privacy, General.
Stop Sharing Updates
As we pointed out last week Windows 10 will try to use your network connection to share updates with other systems. This uses a P2P-type system called Windows Update Delivery Optimization (WUDO). To stop this open up Settings and click Update & Security. In the Windows Update section on the left select Advanced options and click Choose how updates are delivered. You can switch off WUDO by flicking the toggle switch to the Off position. Or if you have other PCs on your network you can continue to share updates with these but not with the outside world by leaving this toggle in the On position and selecting PCs on my local network.
Cutting Feedback
If your system or a piece of software you're running crashes, the OS will send diagnostic data back to the software vendor. There's a risk that these could include memory dumps which contain personally identifiable data. You can't stop Windows sending these reports but you can reduce the amount sent by going to Feedback & diagnostics from Privacy settings and changing the Diagnostic and usage data drop-down to Basic.
Taming Cortana
Windows 10's digital assistant might look nice and friendly, but in order to be responsive to your needs it uses machine learning. This means Cortana can snoop into your emails and contacts, if you’d rather it didn’t do this turn the assistant off. To do this go to Settings and select Privacy, Speech, Inking & typing and then click the Stop getting to know me button.
Keep It Local
Microsoft is very keen to get you to sign in using a Microsoft ID so that you can synchronize information with other machines, but doing this means some of your details will be stored in Microsoft's cloud. It is still possible to use a local ID to access Windows 10 but in order to do so you need to have your internet disconnected during installation up to the point where you're prompted to create a Microsoft account.
Limiting Account Information Sharing
By default Windows 10 will happily share some of your account details, including your picture and your name, with third-party apps. You can stop this from happening in the Account Info section of Privacy settings.
Photo credit: Anton Watman / Shutterstock
Smaller businesses often have a limited budget for securing their IT systems which can leave them uniquely vulnerable. Antivirus company Avast launched its free Avast for Business cloud offering aimed at SMBs earlier this year and has been surveying users to find how they handle their security.
Among the findings are that almost three-quarters of respondents say that all of their employees use the internet. Yet despite the high number of data breaches 57 percent of SMBs in the UK invest only between zero and two percent of their IT budget on security.
There's little consistency in who handles security either. One out of 10 said respondents say that an employee who isn't a dedicated IT admin handles the company's IT support services. Almost half have an in-house technician, 10 percent have an external supplier or technician to handle the company's IT support services and 28 percent of SMB owners handle their company's IT.
Before switching to Avast for Business 55 percent of SMBs were relying on free consumer security solutions. Only 23 percent used premium business solutions and a worrying three percent used no solution at all.
The biggest threats are seen as losing valuable data (31 percent) along with loss of productivity (23 percent) and losing customers (16 percent). Where BYOD is concerned 52 percent allow employees to access company data on their own devices, but more than half of these (54 percent) don’t have a BYOD policy in place.
There's a summary of the survey findings in infographic form below or you can read more on the Avast blog.
Image Credit: Manczurov / Shutterstock
Stagefright detectors seem to be flavor of the month at the moment, not surprising when the vulnerability could affect around 95 percent of Android devices. We reported yesterday on Zimperium's version and now mobile security specialist Lookout has launched its own detector.
The app will tell users whether or not their Android device is vulnerable to Stagefright. If it is affected, it provide a run-down on how to reduce the risk of being attacked. Uses will also be able to check back in after receiving a security patch to confirm it contained the fix for Stagefright.
Once downloaded, the app checks to see if the device has a vulnerable version of the media player. It will then inform you if you’re not vulnerable or your device has already been patched, or that you are vulnerable and it hasn't.
If you are vulnerable Lookout provides detailed instructions on disabling the auto-fetching of MMS messages in your default messaging app. Depending on your phone, this app may be 'Hangouts,' 'Messages,' 'Messaging,' or 'Messenger.' By disabling auto-fetching attackers are prevented from getting the device to automatically download a malicious video containing Stagefright exploits.
You can download the detector free from the Play store and there more is information on the Lookout blog.
Danish security company Secunia is using the Black Hat conference to reveal an early look at the vulnerability trends to date for 2015.
One of the main findings is that 15 zero-day vulnerabilites have been discovered so far in 2015, making it likely that the total for the year will exceed the 25 discovered in 2014. The 2015 zero-days were all discovered in popular Adobe and Microsoft products widely in use across both personal and professional IT systems.
"The increasing number of zero-days is not a surprise," says Kasper Lindgaard, Director of Research and Security at Secunia. "It would be more of a concern if the number dropped, because that would mean that the zero-days we can be sure are out there were going undetected -- after all, Hacking Team, the Italian company reported to be selling a product utilizing bought zero-days to governments and corporations, is not the only company of its kind out there".
The total number of vulnerabilities discovered from January 1 to July 31st at 9,225 is on a par with the 9,560 discovered over the same period last year. However, Secunia's preliminary findings do indicate a shift in how critical they are. A slightly higher share of the vulnerabilities discovered are rated as 'extremely critical' (from 0.3 percent to 0.5 percent) and 'highly critical' (from 11.1 percent to 12.7 percent) while there is a drop in the 'moderately critical' category (from 28.2 percent to 23.7 percent).
The company has also looked at vulnerabilities for mobile operating systems and discovered around 80 vulnerabilities in iOS, and approximately 10 in Android. Lindgaard says, "The fact that fewer vulnerabilities are discovered in Android should under no circumstances be misinterpreted to imply that Android OS is more secure than iOS. The trouble with a vulnerability in Android OS is that Google, the vendor behind the operating system, has no control of its patch status on majority of the devices that run it, because those devices are produced and maintained by third-party vendors. The 'Stagefright' vulnerabilities discovered by Zimperium, which was disclosed last week, is a perfect example of the problem: Google has acted quickly and issued a patch, but from there on it’s up to phone vendors -- Samsung, HTC, Sony, etc. -- to push the patch live to the users. In comparison, Apple can issue patches and push updates directly to all devices running iOS -- a much more controlled process".
Secunia also points out that since Heartbleed brought OpenSSL vulnerabilities to public notice there have been five distinct waves of OpenSSL vulnerabilites. Lindgaard points out that, "Because OpenSSL comes bundled in many third-party products, customers are not necessarily aware that they have it in their inventory, and so cannot take appropriate action".
You can find more information about the company's findings on the Secunia website.
Image credit: fotogestoeber / Shutterstock
As APIs fast become the dominant channel for exchanging data between both external and internal audiences and services, there's increasing concern over the threats and vulnerabilities they present.
A new survey by API management company Akana reveals that API security is as much an issue for the business as it is for IT, with 75 percent of respondents saying that API security was a CIO-level concern whilst 65 percent say it's an issue for business managers. As APIs are increasingly being adopted to drive digital initiatives, both business and IT increasingly see value in securing them.
The survey is aimed at understanding the maturity of API security practices amongst the leading digital enterprises, its results reveal that while the majority of respondents are taking steps to secure API access, only few had taken steps to ensure that sensitive data was being securely handled in the Apps that access the APIs.
Just as the emergence of Web brought web-based threats and resulting countermeasures to the forefront, the survey indicates recognition from security practitioners of threats that are unique to the API channel.
"APIs are new enough in the enterprise that people want the latest on how industry peers are dealing with security threats," says Roberto Medrano, EVP at Akana. "We felt there was an opportunity to ask others to share their insights and worries. The survey report should be a helpful starting point for determining best practices in API security going forward".
Other findings are that more than 65 percent of respondents report that they don’t have processes in place to ensure that the data being accessed by applications using APIs is managed securely. With mobile apps and IoT devices increasingly being API consumers, enterprises face exposure to threats of unauthorized access to data once it's been accessed through an API.
Almost 60 percent of survey respondents indicated that they weren't securing API consumers. A large proportion of survey respondents -- more than 45 percent -- also didn't rate limit access to their APIs, a control that can reduce the risk of hacking.
Respondents identified JSON (JavaScript Object Notification) Scheme, DDoS, message-level security and encryption amongst the top API security threats. The overall results suggest that a digital divide is developing as high-performing companies embrace core digital capabilities and APIs to move ahead. But enterprises needs to recognize and take steps to address the additional threats that API use might be exposing their data and organization to.
You can download the full report from the Akana website and there's a summary of API security risks in the graphic below.
Image Credit: Profit_Image / Shutterstock
Smooth management of IT systems relies on being able to spot issues early and resolve them before they have a major impact on performance.
Infrastructure analytics specialist Virtual Instruments is launching a new version of its VirtualWisdom solution, a vendor-agnostic platform that ensures performance for enterprise applications spanning physical, virtual and cloud computing environments.
VirtualWisdom4.3 offers new software probes that support Microsoft Hyper-V and IBM PowerVM. It's also introduced a flexible cloud delivery model, moving a customer's platform appliance and data analytics to the cloud, as well as new hardware probes for NAS and fibre over Ethernet (FCoE).
By correlating and analyzing millions of data points across the entire infrastructure, VirtualWisdom 4.3 provides business leaders, IT operations and application teams with definitive answers to optimize their systems. As a result, IT teams can spend less time troubleshooting and more time focusing on the business, enabling greater cross-department collaboration and increasing the value that IT delivers.
"Successful performance management centers on being proactive, and the new components of VirtualWisdom4.3 enable our customers to get ahead of looming performance issues," says Barry Cooks, senior vice president of products, engineering and support at Virtual Instruments. "Heterogeneous, multi-vendor IT infrastructures are the norm in enterprise IT, and our engineering team is committed to bringing our customers a solution that solves performance problems throughout the entire infrastructure ecosystem. Multi-hypervisor support, expanded analytics and our cloud delivery option combine to make VirtualWisdom4.3 a critical platform for a greater range of enterprises that are recognizing the role IPM can play in driving a business toward its higher level goals".
VirtualWisdom 4.3 is available now, to find out more visit the Virtual Instruments website.
Image Credit: alexmillos / Shutterstock
Bing is the second largest search engine in the US and in order to maintain its position the team behind it needs to make constant improvements and for that they need insights into how it gets used.
Microsoft has chosen behavioral analytics solution Interana to analyze the massive volumes of clickstream event data generated daily on Bing.
"Interana and Microsoft share a common vision of innovation. During the proof of concept, Interana met the challenge of delivering the insights we needed from our massive volumes of event data," says Craig Miller, group engineering manager for Bing Experiences. "Interana's scale is impressive. It took only minutes to get answers to questions, opening new possibilities as to what we can do with analytics at interactive speeds. We look forward to continuing to work with the team".
The Bing team will use Interana to analyze experiments at interactive speeds for tasks like A/B testing, trend analysis, automated reporting, ad hoc exploration and discovery, and knowledge sharing. Interana's behavior-based tools will allow Bing to quickly work through a variety of testing, optimize its search engine, and measure how new and current features perform with users. Bing will also enable new data producers and consumers by allowing non-technical team members to access their data via Interana’s end-to-end self-service experience.
"Bing and Interana illustrate how a business can draw actionable insights quickly from massive amounts of data," says Ann Johnson, co-founder and CEO of Interana. "Interana helps organizations like Bing better understand their customers and business. We do this with a solution that’s sophisticated enough to provide insights for seasoned data scientists and simple enough to produce value for business users".
Interana's scalability and performance will enable Bing to interactively analyze the growing amounts of event data generated by searches to better understand users' preferences and accelerate its speed of innovation.
We reported on the Menlo Security Web Isolation Platform, which aims to eliminate threats before they reach the desktop, earlier this year.
Now Menlo Security is beefing up its offering, announcing a partnership with threat intelligence specialist Webroot. The link up will deliver granular threat intelligence for the Web Isolation Platform through integration with Webroot's BrightCloud Web Classification Service.
"Webroot has the most comprehensive and effective Web classification service in the market," says Poornima DeBolle, chief product officer at Menlo Security. "Integrating Webroot's BrightCloud Web Classification Service with our Web Isolation Platform enables us to give our customers comprehensive control, security and visibility for their organization's Web activity".
For most enterprises, restricting access to unproductive and known-malicious websites is a best practice for preventing productivity loss and reducing risk. However, according to Menlo's recent Vulnerability Report, more than 20 percent of the top million websites are running vulnerable software and are therefore open to compromise by attackers. As a result, even those sites considered to be 'safe' may be compromised and used to serve malware at any time.
The Menlo Security Isolation Platform provides an extra level of security that prevents any malware from reaching user devices via compromised or malicious sites. By isolating and executing all web content in the public or private cloud and delivering only safe, malware-free information to the user's device, the Menlo platform eliminates the risk of malware.
Adding classification data and threat intelligence from Webroot lets administrators of the Menlo Security Web Isolation Platform establish policies that selectively allow, block or isolate websites based on category. The classification data from Webroot also augments the logs and reports provided by the Web Isolation Service, enabling administrators to track and analyze all web usage.
Webroot Web Classification is available now as part of the Web Isolation Service, visit the Menlo Security website for more information.
Image Credit: Maxx-Studio / Shutterstock
In the past making money from a mobile app has usually involved signing up to an advertisement network and allowing the app to display banner ads.
The problem with this is that it doesn't make for a particularly good user experience and may actually turn people off using the app. For some time now the buzz around the industry has been about 'native' ads within apps. But exactly what is a native ad and what are the benefits? We spoke to Yannis Dosios, VP of Yahoo Publisher Services to find out.
BN: What is a native ad and how do they differ from more traditional options?
YD: At Yahoo, we believe advertising doesn't have to compromise how users enjoy an app, and that advertisements should, and can, complement the user experience. This is why Yahoo introduced native advertisements inside its own mobile applications. What makes these advertisements native is how seamlessly they are integrated into the user experience. For example, users scrolling through the Yahoo Finance application articles see a native advertisement after every few pieces of content. This ad has the same look and feel, and layout as the other content sections, while clearly denoting that this content is sponsored.
What we have found is that these native ads deliver significantly higher revenue and eCPMs (revenue per thousand impressions) than the traditional banner or full-screen interstitial advertisements. We also have found that these ads perform well for advertisers, delivering superior click-through rates and post-click conversion rates. Users notice and engage with these advertisements.
BN: Yahoo announced back in February that it was launching native ads following its acquisition of Flurry. What success has this brought?
YD: The Yahoo Mobile Developer Suite is helping mobile developers measure, advertise, monetize and enhance their apps. We've seen a lot of early success with Gemini, Yahoo's native advertising solution. According to a recent Flurry from Yahoo survey, nearly half of mobile app publishers already have or are planning to introduce native ads, and that number is growing rapidly. We’ve seen publishers express that revenue and control of the user experience are most important to them right now. It's a rapidly evolving space, and we're excited to be a leading player in it.
BN: Is Yahoo competing directly with other mobile ad networks?
YD: With its Yahoo Mobile Developer Suite, Yahoo offers mobile developers a comprehensive solution for acquiring, engaging and monetizing users, and for deeply measuring and optimizing their mobile applications. In particular, with Yahoo App Marketing, developers can use just one platform to gain exposure to an enormous audience of highly engaged and active users across desktop, mobile and social. With Yahoo App Publishing, developers can maximize their advertising revenues through a combination of well-integrated Gemini native, video and search ad units, extensive and unique data from both Yahoo, Tumblr and Flurry, and a powerful ad selection algorithm that leverages this unique data. And with Flurry Analytics and Explorer, developers can instantly measure their application performance and identify problem and opportunity areas to maximize performance.
BN: Are search ads as important for mobile apps as they are for the desktop?
YD: Search ads are certainly also important in mobile. But the search context and experience are also very different in mobile. Flurry data shows that about 88 percent of time spent on mobile devices is spent inside mobile applications, so it makes sense that mobile searches also get initiated directly from those applications. This is why Yahoo offers a Search-in-Apps service, which enables app developers to introduce search capability from within their apps. For example a user of the Pinger messaging application can easily search for movie times for the movie that they have just chatted about with their friends, all without leaving the Pinger application. This is an exciting space with lots of room for innovation.
BN: What trends are you seeing in the mobile advertising market?
YD: This is a fast changing market, but the main trends I would call out are:
1. Growing interest of brands in spending more on mobile -- in recognition of the very rapid increase in mobile usage.
2. Increased advertiser focus on measurement and impact assessment from mobile campaigns.
3. Growing importance of data and programmatic for more precise and better optimized advertising campaigns.
4. Rapid growth of native and video ad formats.
BN: Native ads are obviously good for the end user but what benefits do they offer advertisers?
YD: What's special about native ads is that they appear to be meeting the needs of all three key parties: they monetize well for developers, they perform for advertisers, and they are accepted and even liked by users. In particular, a recent Yahoo/Ipsos Consumer Perceptions study showed that 60 percent of consumers have said they feel positive about native ads. And 80 percent of advertisers say they will invest in Native in 2015. This, combined with the superior monetization performance of native advertisements over other ad formats makes native advertising a very compelling ad format.
Photo Credit: 3Dstock / Shutterstock
Businesses are constantly on the look out for information to support their decision making processes. But they need to understand industry and market trends as well as what’s happening internally.
Today enterprise services platform and marketplace provider blur Group is launching an online business intelligence tool that provides a comprehensive industry overview on specific trends in business services -- including insights into geographical focus, technology and more.
Called blur Data it’s designed for anyone in the business services industry searching for insights to support forecasting and budgeting. It combines insights from blur Group's established global marketplace with analytics gleaned from external data across search engines and social media to offer a one-stop source of information.
"Imagine having immediate access to trending technologies and global, up-to-date statistics to inform your upcoming budget projections. We believe blur Data will become a key strategic tool for buyers of business services when it comes to making informed pricing, forecasting and procurement decisions." says Philip Letts, blur Group's CEO. "This product launch comes at an exciting time for the Group, which is attracting more enterprise level buyers and service providers than before. We remain committed to our goal of attracting large enterprise customers to the platform and this launch will position us even better to service their needs".
Offered as a standalone product from blur's Enterprise Services Platform, blur Data will be available to customers for $39 per user per month. More details can be found on the blur Group website.
Image Credit: Mopic / Shutterstock
At the beginning of this year the RIG exploit kit had its source code leaked online by an unhappy reseller. This led to a hit in its success rate as security company Trustwave published details of its workings.
Trustwave has revealed today at BlackHat that RIG's authors have been working on a new RIG 3.0 version. The company's researchers say there are now up to 1.25 million victims worldwide and more than 3.6 million attack attempts. A remarkable success rate of 34 percent.
RIG 3.0 has multiple layers making it more robust. It targets via outdated versions of Internet Explorer and browser plugins, particularly Flash. RIG attacks via three routes, infected adverts which account for over 90 percent of victims, already infected computers being re-infected (the malware enables hidden browsing on an already infected computer so it browses other exploit kits to then re-infect the machine) and by simply visiting a compromised website.
The developers have also learned from the leaking of RIG 2.0's code. "This time around they're not using resellers but hosting the kit directly in Russia and protecting the server using CloudFlare," says Arseny Levin, Lead Security Researcher at Trustwave SpiderLabs. "They've also fixed the vulnerabilities that allowed the leak back in February".
The country most hit by RIG 3.0 is Brazil with 450,529 infected victims followed by Vietnam with 302,705 infections. The US has 45,889 victims, Canada 3,913 and the UK 9,662. The software is able to deliver various payloads, each depending on the specific customer, but the top one delivered so far is the Tofsee spam bot, representing 70 percent of all infections.
To avoid falling victim to this attack, users should make sure all software -- including browser plugins -- is up to date, and uninstall any software that is actually not in use to reduce the attack surface. "It's also worth enabling click-to-play in your browser so that plug-in content from Java, Flash, Silverlight, etc isn't automatically opened when you visit a website," says Levin. Businesses should be using managed anti-malware controls, such as gateway technologies that can detect and strip out malware in real-time.
More information about RIG 3.0 is available on Trustwave SpiderLabs' blog.
Photo Credit: ra2studio/Shutterstock
A portable PC used to mean something the size of a suitcase, then it became a laptop or notebook. Now with the FreePC you get one that you can slip into your pocket with no need for specialist tailoring.
You’ll need to have an HDMI screen, keyboard and mouse available to be able to use it, but if you know they’re going to be available at your destination why take anything bigger?
The FreePC is about four times the size of a USB memory stick, but it manages to pack in a lot of technology. There’s a 1.83GHz quad-core Intel Atom CPU, 2GB of RAM and 16GB of storage, it comes with Windows 8.1 pre-installed. You can extend the storage with a microSDHC card. It also has Wi-Fi, Bluetooth 4.0, a USB 2.0 port and a micro USB port with OTG, and it’s capable of driving a full HD, 1080p screen.
In the box you get a short HDMI extension cable, a power adaptor and a microUSB to USB adaptor. There’s a multi-language quick start guide which only devotes four pages to each, so doesn’t tell you a lot. You’ll search in vain for more documentation on the maker’s website, so if you need to access the BIOS or perform a system refresh you’re left to figure it out for yourself or contact support.
Performance
Being Windows 8.1 and having solid state storage the FreePC boots fast and is ready to use within 30 seconds or so of you pressing the power button. Performance for surfing the web is perfectly fine, but try to do other things and you do notice the lack of storage.
It comes with a trial of Office 365 pre-installed, so out of the box you’re left with just 3.7GB of free space. This means that file operations like copying documents and unpacking zip files can seem painfully slow so you will want to budget for an SD card. You can of course use OneDrive -- which comes installed -- or your choice of cloud storage to store your files and documents.
You aren’t really going to be using this in the same way you would a desktop or laptop so file performance isn’t the whole picture. For the sort of things it will be used for it works well. The FreePC is quite at home playing videos from YouTube, iPlayer or the like so you can use it to turn your television into a smart TV.
For business use the FreePC is ideal for presentations as you can simply hook it up to a big screen or even a projector with minimal hassle.
Should You Buy One?
This isn’t a machine you’d choose to play the latest games or crunch massive spreadsheets, but for making presentations, or to turn a TV into a smart media centre, it’s a lot better than you might expect from something so tiny.
Of course for multimedia use there are cheaper, Android powered, options. Worth noting too that you can buy a full size desktop PC -- less portable but more powerful -- for around the same money. That leaves the FreePC appealing to a particular type of business user who needs to access cloud apps or make presentations on the go with the comfort of a familiar Windows environment.
The FreePC costs £159.99 on Amazon and you can find more information on the MODECOM website.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
The millennial generation has grown up with the internet, so naturally they demand more from their business systems and online service providers. Product managers need to recognize this dynamic and ensure that their SaaS products deliver.
We spoke to William Colleran, CEO of online contextual help provider AnswerDash to explore this wake-up call for businesses.
BN: What impact is the millennial generation having on service delivery?
WC: Millennials are influencing service delivery more than any generation, especially by expecting and demanding efficient, reliable and intuitive technologies. At over 75 million strong according to Pew Research, millennials are now the largest demographic cohort, and with immigration expanding this group more than any other, that population is projected to peak in 2036 at over 80 million. Because of these huge numbers, the preferences of millennials strongly influence the user experience that technology companies are designing into their products and services, impacting everything from tablets to smartphones and from SaaS apps to mobile apps. This emphasis on enhanced user experiences requires not just intuitive, easy-to-use interfaces but also systems that respond rapidly to create interactive, real-time experiences. Millennials want information at their fingertips, they want it easy to consume, and they want it now.
BN: Are businesses going to lose out if they don't embrace this trend?
WC: To put it simply, yes. Being steeped in technology, millennials are self-reliant with no patience for poor customer service, and businesses must cater to this generation to stay relevant and trusted. Industry research indicates that by 2017, the millennial generation will comprise the largest online audience and will have more buying power than any prior generation, including baby boomers. Given millennials' massive market impact, businesses must appeal to their values, lifestyle and preferences.
BN: How can virtual service agents and alternatives enhance the customer experience?
WC: We see self-service options, such as that offered by AnswerDash, as improvements over the experience that virtual agents provide. A "virtual service agent" is a software program that imitates live chat but without the "live" part -- meaning, there’s no human in the communication loop. Instead, the software program provides responses to textual inquiries by mining information in a knowledgebase. We advocate a more direct interaction, where users point and click on questions and answers that are selected from the knowledgebase because they are highly relevant based on the history of prior users in similar contexts. We have found this approach to be more effective and less burdensome on users than the mock-dialogue (typing large amounts of text back and forth) required by a virtual agent. AnswerDash's approach is more familiar to users, since people are accustomed to tapping on content via their smartphones and tablets. Tapping an image or text takes less effort than typing and is more intuitive, making it easy for users to find answers they are looking for.
BN: Can we expect to see enterprise systems adopting a similar self-service approach in future?
WC: Absolutely. In fact, we all see rapid adoption of self-service kiosks in airport terminals, grocery stores, banks, movie theaters and many other venues. Online businesses are starting to see the same value in adopting self-service on their websites. Self-service kiosks in the physical world reduce the time for customers to achieve their goals while simultaneously reducing the labor costs for business owners to service those customers. Similarly, online self-service enables users to help themselves, obviating the need for customers to engage with customer service agents. This approach saves businesses time and money while enhancing customer satisfaction.
BN: Isn't there a risk that adopting a 'millennial approach' will alienate older users?
WC: Adopting a millennial approach with self-service solutions doesn't mean abandoning other options, such as email, FAQ, phone or live-chat, that appeal to older generations. Rather, adopting millennial-friendly, self-service technologies represents an evolved approach to customer care, providing a faster, more efficient option for customers who grew up with technology. Businesses that provide a variety of customer care options, allow customers to make their own decisions on what level of attention is best.
Image Credit: Zurijeta / Shutterstock
Businesses usually like to wait a while before rolling out a new operating system to allow any initial snags to be ironed out.
Of course systems providers have to be ready to support them when they do make the move and HP has announced the availability of a full suite of Windows 10 services designed to help enterprises control costs and smooth out the move to the new operating system.
The new Windows 10 services include HP Test Drive Services for Windows 10 which lets enterprises test the new operating system with a control group of users to evaluate the new user experience, capabilities and potential incompatibilities in advance of any wholesale migration.
HP Transformation Services for Windows 10 offers a suite of services to assess, design, implement, deploy and support Windows 10 as part of a digital workplace transformation. The service helps build and integrate supporting infrastructure, transform client and web applications for the new environment, build operating system images, and then manage the rollout.
HP Roadmap Service for Windows 10 is a workshop-based advisory service which will deliver a roadmap for an organization's Windows 10 implementation. This will focus on productivity, security and manageability improvements, as well as how Windows 10 can fit into a broader workplace transformation opportunity.
Finally the HP WebApp Accelerator Service for Internet Explorer 11 is an implementation and migration service to ensure that critical web applications built for legacy versions of Internet Explorer will continue to work effectively in the latest browsers and operating systems.
"HP's unique relationship with Microsoft allows us to offer Windows 10 in a controlled manner integrated into the client's world -- giving both IT and the user the chance to experience the new operating system," says Eric Harmon, Senior Vice President, Global Practices and Transformation at HP Enterprise Services. "IT and developers get to validate the application portfolio in advance -- lowering the cost and risk of a large scale migration, and the user sees innovation and a more personal computing experience".
Most of these services are available now, HP Transformation Services for Windows 10 will be out on October 1st. More detail is available on the HP website. HP also has additional products to help small- and medium-sized businesses, deploy Windows 10 across their organization.
In case you haven't heard of it Splunk is one of the most popular machine data analytics tools, used to provide early warning of network and system issues.
IT teams often rely on access to this data for security information and event management (SIEM), but as malware becomes more sophisticated it can be difficult to spot what's important in time to prevent major breaches.
Breach detection specialist TaaSera is launching NetTrust for Splunk which allows users to integrate NetTrust's preemptive breach detection solution into Splunk-based security management applications.
"Splunk is one of the most widely used analytics platforms on the market today and is becoming increasingly popular for cybersecurity purposes as a SIEM. But when malware is increasingly able to avoid leaving traces in logs, critical IOCs and similar pre-breach behaviors can go unrecognized by SIEMs allowing dangerous and malicious activity to go undetected within a network’s perimeter," says Ivan Shefrin, Vice President of Security Solutions at TaaSera. "With many of TaaSera’s customers invested in Splunk, we are ensuring that they have access to the best possible data and analytics necessary to act in time before sensitive information, business continuity and reputations suffer due to data breaches".
NetTrust uses patented 'Threat DNA' mapping technology to identify otherwise hidden network behaviors at run time and continuously analyze behavioral and contextual evidence. At the same time it integrates tightly within Splunk Enterprise 6.1 and 6.2. It gives users access to real-time visualizations of network systems at the greatest risk, along with the ability to identify the precise indicators of compromise (IOCs), in the right context and at the right time. This allows it to provide a more actionable early warning system for breach containment and response.
NetTrust for Splunk is available now, more information and downloads can be found on the TaaSera website.
Image Credit: Balefire / Shutterstock
A technology writer's world can often seem full of Bluetooth speakers, they have successfully colonized a corner of my office, so it takes something special to stand out from the crowd. In terms of build quality the latest from Inateck makes an immediate impression but does it live up in other areas?
The whole package has a premium feel to it, even the cardboard box is nice. The speaker itself is a neat design with an aluminum chassis that feels solid and weighty. There are rubber end caps, one of which has a fold-down flap covering the USB and Aux ports, and a rubber panel on top with buttons for power, pause, +/- and Bluetooth calls. It comes with braided USB and 3.5 mm jack cables both of which have Velcro ties to keep them tidy when not on use, another quality touch, a wrist strap and a soft pouch to carry the speaker around in. There's a well-produced instruction leaflet too.
Inside are two 5w speakers and a polymer lithium-ion battery. The design is compliant with the IPX5 standard for waterproofing, this means it's protected against dust and 'low pressure' water jetting. So while you won't want to drop it in the bath it should be fine to take to the beach or use in the rain.
When you switch it on the speaker goes into pairing mode automatically, making it easy to link it to your phone. The +/- buttons have a dual function, a short press will skip tracks while a longer press adjusts the volume. The need for a long press does make it tricky to set the volume accurately though. It has a built-in microphone so you can make calls or use it with the likes of Cortana and Siri.
For such a compact unit (165 x 58 x 27mm, small enough to slip into a pocket) the MercuryBox produces a surprisingly good sound. There's decent bass and although it won't fill a big room it's perfectly adequate for everyday listening. There's decent battery life too, you should be able to get about 15 hours of playback on a full charge.
At $54.99 on Amazon or £49.99 in the UK the MercuryBox isn't the cheapest Bluetooth speaker around. It does, however, feel like a quality item -- an impression reinforced by the accessories -- is easy to use, though the volume control lets it down a little, and produces acceptable sound quality.
You can find out more about the MercuryBox on the Inateck site.
Vulnerability intelligence firm Secunia has released its second quarter 2015 country report for US and 14 other countries around the world. This looks at what programs users have installed and which are most at risk.
The big news is that a high percentage of users have unpatched versions of Adobe Reader. Adobe has the highest market share in this segment and PDF readers are a common target for hackers.
Kasper Lindgaard, Director of Research and Security at Secunia says, "PDF readers remain one of the world’s most popular targets for hackers so it is concerning that we are still seeing 75 percent of PCs that have Adobe Reader 10 or 11 installed are unpatched. There are steps that PC users can take to defend themselves, and any system they are connected to, against known exploits. By upgrading to the latest version of the program and by applying priority patches in a timely manner, PC users can make great strides towards minimising their exposure to security risks".
Among other findings are that the average US PC user has 76 programs installed from 27 different vendors, 43 percent of those installed are Microsoft programs. Unpatched operating systems are in use by 13.2 percent of users and 11.9 percent have other Microsoft programs unpatched. End of life programs -- those that are no longer patched by the vendor -- are in use by 5.5 percent.
Oracle's Java Runtime Environment is least likely to be up to date, with 80 percent of version 1.7 and 38 percent of 1.8 users running an unpatched version. Among VLC Media Player 2 users 54 percent have an unpatched version and Apple QuickTime 7 is 31 percent unpatched.
The reports are based on data from users of Secunia's Personal Software Inspector (PSI). The data includes the average numbers of installed programs -- patched and unpatched -- on private PCs in each of the different countries.
You can see Secunia's reports on the US and other countries on the company's website.
Image Credit: viviamo / Shutterstock
Earlier this week we reported on the Stagefright vulnerability that could affect 95 percent of Android devices. It has arisen as a result of code vulnerabilities which could have been detected and resolved earlier.
Application security company Checkmarx has been looking more deeply into Stagefright and what it means for users and developers.
Stagefright can infect a device by simply downloading an MMS message -- which happens automatically in most cases. Once infected, the hacker has full control over the phone's data. The scary thing is that the Android device just needs to receive an MMS message. The user doesn't have to open it in order to get infected.
First of all there's a temporary workaround to avoid infection. Open the Hangouts app, go to Settings from the hamburger menu, select SMS, choose Hangouts as your default SMS app and uncheck Auto-retrieve MMS. There's usually an option to turn off auto retrieval of MMS in other messaging apps too, so check your settings.
Google was notified about the vulnerability and the numerous bugs quite a while ago and after a couple of days introduced a fix to the software. That, however, doesn’t mean everyone is safe. It means that all the different mobile-phone makers need to implement the fix in their versions of the Android OS and distribute a patch to their users. This may take some time, however most mobile phone companies have already stated that they are working on it while others have announced availability of a patch or have already addressed the issue when it was reported to Google.
Amit Ashbel of Checkmarx writing on the company's blog says, "It is clear by now that the Stagefright vulnerability was a result of one or more code vulnerabilities. It is also clear that these could have been detected at an earlier stage of the development and resolved at that stage. What is not yet clear is what the exact vulnerability is however that should become clear within the coming days after the full information about the CVEs reported are disclosed".
Checkmarx's CxSAST for Mobile delivers code security analysis for Android, iOS and Windows applications. This helps eliminate code vulnerabilities during the coding process rather than waiting for them to appear at a later stage.
Image Credit: Christos Georghiou / Shutterstock
Since news and entertainment websites are amongst the most popular on the net, it's not surprising that they're more likely to play host malicious adverts.
A new report by Bromium Labs reveals that more than half of malvertising is unknowingly hosted on news and entertainment websites. 58 percent of online adverts with hidden malware were delivered through news websites (32 percent) and entertainment websites (26 percent). Major websites unknowingly hosting malvertising included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com.
Other findings from the report include that Flash exploits have increased 60 percent in the past six months. This is due to the rapid growth in availability of active exploit kits many of which now target Flash.
The growth of ransomware families has doubled each year since 2013, with nine new ransomware families emerging in the first six months of this year. Ransomware continues to grow, as cybercriminals realize it is a lucrative form of attack.
Malware is also getting better at evading detection. Bromium Labs analyzed malware evasion technology and found it is rapidly evolving to bypass even the latest detection techniques deployed by organizations, including antivirus, host intrusion prevention systems (HIPS), honeypots, behavioral analysis, network filters and network intrusion detection systems (NIDS).
"For the last couple years, Internet Explorer was the source of the most exploits, but before that it was Java, and now it is Flash; what we are witnessing is that security risk is a constant, but it is only the name that changes," says Rahul Kashyap, SVP and chief security architect, Bromium. "Hackers continue to innovate new exploits, new evasion techniques and even new forms of malware -- recently ransomware -- preying on the most popular websites and commonly used software".
The full report, Endpoint Exploitation Trends 1H 2015, is available from the Bromium Labs site.
Image Credit: Sam72 / Shutterstock
Many of the latest cyber attacks focus on mobile platforms as they're often seen as inherently less secure, particularly when handling account logins and important transactions.
Mobile identity solutions company TeleSign is today launching its TeleSign Auto Verify, a new lightweight software development kit (SDK) for mobile app developers that streamlines the account verification process while providing a more reliable and cost-effective method than SMS-based verification alone.
Auto Verify seamlessly integrates with new or existing mobile apps and verification processes and employs a proprietary network signaling method to ensure greater completion rates without the need for one-time passcodes (OTPs) to be sent to the consumer's mobile phone and manually entered, the way verification is most commonly experienced today.
"With the mobile platform serving as fertile ground for today’s cyber attacks, app developers know it’s essential to take a security-first approach to development," says Steve Jillings, CEO of TeleSign. "TeleSign Auto Verify delivers a frictionless registration experience by authenticating users 'behind the scenes' -- no passcodes required. Now customers can protect account registrations and important transactions easier than ever".
TeleSign Auto Verify integrates user registration into a mobile app to streamline the verification of a user’s mobile phone number during account creation. It can therefore increase assurance for high value transactions, such as money transfers, payment transactions, and password changes, by requesting and then verifying, in real time, a user's phone number within their mobile app. It can also ensure an existing end user has a legitimate phone number attached to each account by seamlessly verifying the number in the background, while users interact with the mobile app as usual.
TeleSign Auto Verify is available from today as a 34Kb SDK for Android versions 4.1.x and higher, and is easily embedded into new or existing mobile apps and verification processes, while giving developers complete control over the branding and user experience. You can find more details on the TeleSign website.
Image Credit: Oleksiy Mark / Shutterstock
We reported recently on a new system that reduces the risk for merchants in accepting bitcoin payments.
Now there's more evidence that the digital currency is going mainstream with the announcement of a partnership between enterprise bitcoin payments processor, Bitnet and payments platform provider Zooz that will enable merchants to accept bitcoin as a payment method on the Zooz payment platform.
"We have seen the growing interest in digital currencies among our customer base and are excited to partner with Bitnet to add bitcoin to our service offering," says Nathan Jackson, VP Europe at Zooz. "We selected Bitnet as a partner due to their advanced platform, integrity of its team, in addition to demand from some of our key customers for bitcoin payments".
Zooz customers will be able to add bitcoin as an option to their checkout pages quickly and easily. Bitnet will enable Zooz's customers to accept payments in bitcoin without being exposed to the risk of fraudulent transactions or any volatility in the price of bitcoin.
"Our partnership with Zooz enables us to work with one of the most innovative payments platforms in the market," says Akif Khan, Chief Commercial Officer, Bitnet. "We are excited to partner with this rapidly growing company and help its merchants drive profitability across all channels".
You can find out more on the Bitnet website.
Photo credit: Lightboxx / Shutterstock
As more and more of our data gets stored in digital format, keeping it secure becomes a bigger challenge. One possible solution is User Managed Access (UMA) which gives a web user a unified control point for authorizing who and what can get access to their online personal data.
The UMA standard has already received support from major organizations such as Philips and the New Zealand government. Access management company ForgeRock along with a number of open-source technology companies and experts, is announcing a new digital consent and privacy initiative to help accelerate developer adoption of UMA.
Using UMA, individuals are able to grant access to digital records on a need-to-know basis and for only an appropriate length of time. For example, instead of making copies of a child's healthcare records at the beginning of the school year and walking it into the school office, a parent could give temporary access to the online record then revoke it later. This would eliminate the need to duplicate personal records while maintaining privacy. In a similar fashion, financial records can be shared with authorized tax accountants and loan officers, and healthcare records can be shared with medical specialists.
Eve Maler, ForgeRock's vice president of innovation and emerging technology, says, "As organizations collect more and more user information in order to deliver more personalized experiences to consumers, failing to offer those consumers a way to actually manage that personal information themselves is a privacy time-bomb. As a leader in the adoption of open identity standards, ForgeRock believes UMA is the right solution to apply before the problem explodes".
You can find out more about UMA and the OpenUMA community dedicated to improving it on the ForgeRock website.
Photo credit: Ivelin Radkov / Shutterstock
When Microsoft turned off default execution of macros in Office their popularity as a means of delivering malware declined. But thanks to the use of social engineering techniques to get people to turn them on, macro attacks are making a comeback.
This is one of the findings of the latest mid-year security report from networking specialist Cisco. In two recent campaigns Dridex Trojans were delivered as attachments to emails -- each sent to specific recipients -- purporting to deliver invoices or other important documents.
Other findings in the report are the continued popularity of the Angler exploit kit thanks to its authors' recent concentration on, and quick work to take advantage of, vulnerabilities in Adobe Flash. Cisco reports that, on average, 40 percent of users who encounter an Angler exploit kit landing page on the web are compromised.
Ransomware continues to be a problem too. Cryptocurrencies like bitcoin and anonymization networks such as Tor are making it even easier for miscreants to enter the malware market and quickly begin generating revenue. To become even more profitable while continuing to avoid detection, operators of crimeware, like ransomware, are even hiring and funding their own professional development teams to create new variants and tactics.
"Ransomware exists on its reputation," says Craig Williams, Security Outreach Manager at Cisco. "Users pay up to get their data back, so they finance new generations of the malware".
Typically a ransom of between $300 and $500 is demanded, not so high that a user won't pay it or, worse, that it will motivate the user to contact law enforcement. Instead, the ransom is more of a nuisance fee. And users are paying up. Cisco reports that nearly all ransomware-related transactions are carried out through the anonymous web network Tor. This allows adversaries to keep the risk of detection low and profitability high.
The report notes that so far 2015 has seen unprecedented speed in the innovation, resiliency, and evasiveness of attacks. "Attackers have no barriers to rolling out new technology," says Williams. "While users are not as agile in moving to new versions to stop attacks".
The full Cisco 2015 Midyear Security Report is available to download from the Cisco website.
Photo Credit: Balefire / Shutterstock
Although you may not have heard of it, Stagefright is at the heart of the Android operating system. It's a media library that processes several popular media formats. Since media processing is often time-sensitive, the library is implemented using native code (C++) that is more prone to memory corruption than memory-safe languages like Java.
Researchers at mobile security company Zimperium have uncovered an issue in the Stagefright code that they believe to be one of the worst Android vulnerabilities to date.
Zimperium zLabs VP of Platform Research and Exploitation, Joshua J Drake, carried out the research which will be presented at Black Hat USA on August 5. The study found multiple remote code execution vulnerabilities in Stagefright that can be exploited using various methods, the worst of which requires no user-interaction. These issues could critically expose 95 percent of Android devices, an estimated 950 million units worldwide.
"Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS." says Drake. "A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual -- with a trojaned phone".
Android versions after and including version 2.2 Froyo are vulnerable. Devices running Android versions prior to Jelly Bean (roughly 11 percent of the total) are at the worst risk due to inadequate exploit fixes.
Zimperium reported its discovery to Google and also submitted patches. Google has acted promptly and applied these patches to internal code branches within 48 hours, but that's only the start of what will be a very lengthy process of update deployment.
Fixes for these issues require an OTA firmware update for all affected devices. Such updates for Android devices have historically taken a long time to reach users. Devices more than 18 months old are unlikely to receive an update at all.
Drake says, "We hope that members of the Android ecosystem will recognize the severity of these issues and take immediate action. In addition to fixing these individual issues, we hope they will also fix any business processes that prevent or slow the uptake of such fixes".
Two groups are already protected against the reported issues. Users of SilentCircle's Blackphone have been protected as of the release of PrivatOS version 1.1.7. Mozilla's Firefox, which is also affected, has included fixes for these issues since version 38.
Zimperium advises users and enterprises to contact their device manufacturer and/or carrier to find out whether or not their device has been updated with the necessary patches.
Image Credit: Vepar5 / Shutterstock
We reported last week that a number of Fiat Chrysler vehicles were being recalled due to the potential for them to be hacked.
Experts at IoT security specialist INSIDE Secure have been looking at the risks and how vehicles can be made more secure in future.
Previously access to a car's systems was only via a diagnostic port either under the hood or on the dash. But in any modern car there is a series of increasingly powerful computers on several networks. The problem is that there are now connections between information systems (SatNav, Radio head unit, etc) and control systems (ECU, Transmission) and safety systems (ABS brakes, 4WD, tyre pressure sensors, lights) which are increasingly interwoven with each other. Add in Cellular, Wi-Fi, BlueTooth NFC and other inputs and you have a car that can potentially be hacked from anywhere.
The car has pretty much become a data center on wheels but lacks the perimeter defenses that protect traditional data centers. This means that security is often down to individual components, sometimes relying on basic hardware authentication. However, rarely has anyone thought about the interaction of thousands of lines of software code in these components.
INSIDE Secure suggests that the way to address this is via a more holistic approach. Manufacturers need to ensure that the executables for each individual component are secure. They can do this by adding cryptography to ensure that communications and authentication between software inside a device and between devices are authenticated and that the software is only allowed to run in the manner designed by the coder.
Manufacturers should also add in remote security monitoring to alert if there is a software or network breach. This means they don’t have to rely on spotting known attacks. INSIDE Secure's VP of Business Development, Douglas Kinloch concludes, "In other words, the car network has to be treated in the way that the mobile payment folks are treating mobile phones, a potentially hostile environment, and act accordingly".
More information on INSIDE Secure’s solutions to secure chips and other system elements is available on the company's website.
Image Credit: cybrain / Shutterstock
We're always being told that we need to use stronger passwords, but most of us tend to trade off security for real world convenience.
Minneapolis-based Password Boss is hoping to convert people with the launch of its free password manager and digital wallet aimed at consumers.
According to a Harris Interactive survey of 2,030 US adults conducted for Password Boss, 92 percent of consumers don’t use a password manager to store their passwords for online accounts. Instead 63 percent say they memorize them, while 43 percent say they write them down on paper. The survey also found that more than half of consumers (54 percent) agree that they need to change their online password habits.
"Most people aren't motivated to change their poor password habits," says Password Boss founder and CEO Steve Wise. "Despite the fact that four of ten companies were hacked in 2014, most of us continue to use and reuse crackable passwords that are easy to remember, store passwords in unsafe places and rely too much on clicking 'forget password' links. As consumers, we want things to be easy. That’s why we created Password Boss. By securely storing personal information and synchronizing it across all devices, Password Boss is the easiest way for people to safely login to websites, access their accounts and shop online".
Password Boss is the only free password manager that allows people to store an unlimited number of passwords, choose where their data is securely stored and share any item in their account with anyone they choose.
It uses 256-bit AES encryption to protect data and synchronizes consumers’ accounts across all of their devices instantaneously for easy access to their passwords and personal data at any time and from anywhere. It also provides a personal security score with recommendations on how consumers can increase their level of online security.
Password Boss is available free for download on Windows PCs and tablets, as well as iOS and Android mobile devices. There’s also a premium, paid version with extra features including features like online backups, 2-step verification and unlimited, secure password sharing. For more details visit the Password Boss website.
The market for enterprise technology products is booming with 72 percent of high-technology providers reporting growth in sales quote volumes according to a new report.
According to the SAAS Purchases Report from sales quoting software specialist SteelBrick this market is growing much faster than the overall US economy.
The report looks at how enterprise companies are selling to customers and also examines B2B selling trends compared to the same time last year. SteelBrick ran the survey online during May 2015, based on a poll of over 130 SteelBrick customers, 80 percent of which work in the high-tech economy, including SaaS, storage, cloud infrastructure, telecommunications, networking, and big data leaders.
The report also shows that sales are up, closing times are down and overall quote volumes are up, indicating a growth in demand as enterprise technology shifts to the cloud and seeks to make sense of the big data being generated by accelerating mobile and cloud adoption.
Other findings are that in the first quarter of this year sales teams have seen a 12 percent year-over-year increase in the number of quotes being processed. Sales cycles are shorter too, high-tech companies report sales cycles of 100 days compared to up to a year across the board. On average tech companies are successfully closing 38 percent of the quotes they issue, again indicating robust demand.
SteelBrick says that its Configure, Price, Quote (CPQ) software helps companies improve turn around times and eliminate errors in quotes.
"Our new barometer for the high-tech economy shows that sales of enterprise technology are growing at a robust clip as cloud and mobile adoption accelerate. Furthermore, many tech companies are becoming more sophisticated around the process of selling software services and are now implementing CPQ tools in conjunction with their CRM platforms, helping them sell even faster and more efficiently than their high-tech peers," says Godard Abel, CEO of SteelBrick. "By polling our customers, we are able to provide benchmarks for sales process efficiency and growth, as well as validate how our solution is helping them grow their business to become Silicon Valley’s next big unicorns".
You can see more findings from the report on the SteelBrick website.
Photo Credit: Andy Dean Photography/Shutterstock
In February 2005 a small team of developers set out to create an open, free, community-built online resource for all Web developers.
A few months later, on 23 July, 2005 the original Mozilla Developer Network wiki site launched. Since then it has evolved steadily for the convenience and the benefit of its users.
Ten years on and MDN hosts more than 34,500 documents and its global volunteer community is bigger than ever.
Currently, MDN has more than 4 million users with over 1,000 volunteer editors per month creating and translating documentation, sample code, tutorials and other learning resources for all open Web technologies. These include CSS, HTML, JavaScript and everything else that makes the open Web as rich and versatile as it is.
Milestones along the way include the development of its own Kuma wiki platform in 2012, and a complete redesign of the front end in 2013.
To celebrate the birthday it's produced an infographic showing some facts and figures on how the network is used. Visitors to the network are spread across the world with 26 percent coming from the USA.
The most viewed documents relate to JavaScript, CSS and Firefox. MDN isn't just for experienced developers though, there are 90 articles for complete beginners and people learning the Web. There's more information on the Mozilla blog or in the facts and figures infographic below.
Photo Credit: Elena Schweitzer/Shutterstock
Business intelligence is only of use if it can be delivered quickly to decision makers. That's why there's increasing demand for self-service solutions that make it easy for managers to extract information.
Enterprise BI specialist Pyramid Analytics is announcing a strategic collaboration with Microsoft to deliver development collaboration and technology integration.
The partnership will bring new features to the Microsoft Power BI Desktop. Among these will be an option to publish a Power BI Desktop file to Pyramid Analytics Server making integration between the two easier.
"Organizations are getting hooked to self-served data discovery, but want to expand the benefits beyond departmental or individual usage," says Omri Kohl, co-founder and CEO of Pyramid Analytics. "Our clients come to us to scale BI adoption and share analytics content across the enterprise. Our work with Microsoft will give Power BI Desktop users the ability to publish files to an on-premises or private cloud server for broad collaboration on BI content".
Pyramid Analytics offers a turnkey enterprise analytics solution that makes it easy to self-serve and share trusted BI content. Its approach not only ensures data integrity and privacy, but also drives meaningful, contextual, and collaborative analytics that can work for both IT and business goals. This allows organizations to expand and scale their BI adoption via governed sharing of analytics content, reports, data models, business logic, and more across the whole enterprise.
"Pyramid Analytics brings technology that complements Microsoft SQL Server Analysis Services and uses all of the features of the Microsoft BI stack," says Amir Netz, Technical Fellow at Microsoft. "Pyramid Analytics has a proven record of partnering with Microsoft to deliver analytics solutions to meet the needs of our joint customers".
More information on the collaboration can be found on the Pyramid Analytics website.
Image Credit: leedsn/Shutterstock
APIs provide a convenient way of giving developers the building blocks needed to extract data from and gain insights into digital systems.
But it's important for organizations to know how APIs are performing, how they are being used and whether they're providing business value. To help with this API and cloud integration specialist Akana is launching Envision, an enhanced API analytics platform that helps enterprises to find critical insights across their systems.
"In today's digital economy, data-driven insights are proving to be a key differentiator for businesses. Understanding the data that is being tunneled through their APIs and how it can be used to optimize their business and operations is of paramount importance," says Alistair Farquharson, CTO of Akana. "We have delivered Akana Envision to extend the Akana API Management platform with powerful analytics capabilities so that digital businesses can increase agility and adapt based on intelligent insights gleaned from their API programs".
The Envision platform can be used to perform complex custom analytics or integrate with an existing analytics platform to reduce infrastructure redundancy. It targets enterprises that require advanced analytics and insights around their APIs and the data that is exchanged through them.
The platform can also help identify new opportunities and provide insights to improve business models. Envision API Analytics can identify top APIs by usage, monetization, app type, platform or channel. API owners can analyze licenses and usage as a means to fine-tune developer and partner integration. Operationally, IT professionals can use Envision to analyze how their infrastructure responds to requests from different devices, locations and request types. Enterprises gain the ability to manage the quality-of-service of their APIs, oversee quota usage and troubleshoot and react to problems before they impact on the business.
Features include policy-based data collection for regulatory and security compliance, pre-configured reports and dashboards, data import from external sources, and the ability to export to external analytics tools for further analysis.
Envision is available from today and you can find more details on the Akana website.
Image Credit: Profit_Image / Shutterstock
Not so long ago most Mac users would have told you that their systems didn't need any form of protection as they were inherently safe. But the world has become a more dangerous place and last year the iWorm malware is thought to have recruited some 18,000 Macs into a botnet.
Whilst experienced users who are careful about what they install and where they go online may still be justified in feeling safe using a Mac without additional protection, there's no doubt that non-experts need extra security. Particularly as cyber criminals have started to target Macs because they know more of them are unprotected.
Independent testing company AV-Comparatives has been testing 10 Mac security products to assess their usability and malware protection abilities.
The products tested are a mixture of free and paid programs: Avast Free Mac Security, AVG AntiVirus for Mac, AVIRA Free Antivirus for Mac, Bitdefender Antivirus for Mac, ESET Cyber Security Pro, F-Secure SAFE for Mac, Intego Mac Premium Bundle X8, Kaspersky Internet Security for Mac, Kromtech MacKeeper, and Sophos Anti-Virus for Mac.
All were tested on OS X 10.10.3 Yosemite, against 105 samples of recent Mac malware. Compared to its Windows equivalent a Mac security product only has to identify a relatively small number of samples, but it needs to to protect the system against all threats that have not yet been blocked by OS X itself. Of those tested seven achieved 100 percent detection, two (Avira and BitDefender) 99 percent and one (Kromtech) 98 percent.
All were assessed as having good interface usability though Kromtech comes in for criticism that its initial analysis can prove misleading and delivers different results depending on whether it's run from an administrator or standard account.
For a more detailed analysis of each product you can download the full report from the AV-Comparatives website.
Photo Credit: Jirsak/Shutterstock
With financial services companies more at risk from the consequences of a data breach than other businesses, they're on the look out for the safest, most secure communication channels to interact with customers and employees.
New research from IDC and mobile engagement specialist OpenMarket reveals that mobile messaging is the top tool many are utilizing to accomplish this task with 80 percent of global financial services organizations using Global SMS/mobile messaging to communicate and share sensitive info.
This is seen as having a big effect on customer experience with 80 percent of these businesses believing SMS has a considerable or major impact on customer service and 73 percent considering it to be very effective for employee-focused emergency alerts.
Other findings from the study are that more than half of organizations use mobile messaging to differentiate or improve the customer experience, while 35 percent use the technology to attract and retain new customers.
More than 25 percent use it to improve their risk mitigation and more than 20 percent use it to ensure business continuity and to enhance multichannel delivery capacity. However, only 15 percent use mobile messaging to improve their organization’s security.
Because it's secure and scalable, and with critical capabilities such as two-factor authentication for fraud detection, secure SMS technology is being rapidly adopted industry-wide. According to the research, the top customer-facing uses for SMS include timely offers and notifications regarding high-risk, high-dollar transactions. Secure SMS messaging is used to gain deeper customer insights and to meet industry compliance requirements by 30 percent of companies.
Internally, financial services organizations use mobile messaging as a key component for employee communication and contingency planning to improve their internal security and enable secure employee notifications. Business leaders are also driving new investments in mobile messaging and are closely involved in solution, specification, selection, and deployment to ensure that technologies are meeting the standards the industry.
"These findings show that financial services organizations are incorporating secure, effective mobile messaging into many aspects of their customer service and employee communications, as well as their internal business operations," says Jay Emmet, General Manager of OpenMarket. "A well-designed, company-wide mobile messaging strategy that meets the industry’s high-compliance and regulated standards will allow businesses to enhance the customer experience, gain additional customer insights, improve employee relations, and drive operational efficiencies".
More detail is available in the full report which can be downloaded from the OpenMarket website.
Image Credit: 3Dstock / Shutterstock
It's easy to think of data breaches as being someone else's problem, until you're affected by one yourself. Because breaches can involve large volumes of data, dealing with one can be a lot of work.
Can new techniques in capturing and storing data help to ease the burden on IT teams and even help prevent breaches in the first place? We spoke to Perry Dickau, director of product management from data-aware storage provider DataGravity to find out.
BN: How can better data storage techniques help with visibility into security issues?
PD: Most companies don't even know what’s in their data, so they can't ensure adequate protection is in place -- it's that simple. Files containing sensitive information -- such as intellectual property, customer identification numbers, tax audit or financial data, or Social Security or credit card numbers -- are often mistakenly saved to public servers, rendering them vulnerable to an external threat or internal management issue. For example, if you left diamond jewelry sitting in plain view of a window and then left home for the weekend, you'd be making a thief's job easy. Just having your internal storage 'house' in order can go a long way toward mitigating potential breaches and the subsequent fallout. And, while the threat of a data breach is always looming, regulatory compliance violations can spark fines and industry-specific security issues.
BN: What is 'data-aware' technology?
PD: Traditionally, storage is seen and treated as a stagnant box in your data center where information would rest and usually fade into long periods of inactivity. It didn't matter if stored data contained information that could improve your business or compliance violations that could wreak havoc during a tax audit.
Storage of that type doesn’t have a place in today’s data-driven IT landscape. You need to ask critical questions of your data to adequately manage sensitive information. For example, "Where is our sensitive data?" "What happened to our misplaced files?" "Can we detect a breach based on suspicious user activity?" "Are we wasting our storage budget by saving and protecting the wrong files?" Data-aware technology can answer, even raise, those questions for you. If your storage is data-aware, it's collecting insights and giving you unprecedented risk awareness, allowing your team to collaborate and become more productive. It also illuminates how your IT budget should shift.
BN: Is data-awareness limited to storage?
PD: Not at all. Data awareness manifests differently throughout the IT stack. Storage has come a long way, but new breakthroughs are also taking place in networking, applications, data migration and endpoint security. Palo Alto Networks, Informatica and similar companies are pioneering the data-aware charge, as well. It will take time and collaboration between vendors, analysts, investors, partners and end users before the entire enterprise ecosystem can become fully data-aware, but given today's headlines about high-profile hacks and data leaks, the need couldn't be more dire.
BN: Isn't there an increased cost and complexity involved in keeping all the data needed to understand and fix security issues?
PD: Not when those data insights are being gathered, identified and recovered on a near-instant basis. If you can streamline your processes for storing, managing and securing sensitive data, and you can enhance employee productivity and collaboration in a holistic process, you're actually cutting costs. When you're data-aware, fixing security issues is more a matter of letting go of complexity than introducing new layers.
BN: Many businesses now have a mix of on-site, cloud and hybrid systems. How can they ensure data is protected at all levels?
PD: A popular myth is that security breaches usually result from third-party attacks, but your internal users actually pose the biggest security risk in any part of your system. The Ponemon Institute reports that 78 percent of breaches begin within an organization. The actions causing these issues aren’t always malicious – an employee might save a spreadsheet to a consumer-facing file share, or use a public Wi-Fi network without realizing the document contains customers' personally identifiable information (PII). You can combat these risks by employing security guidelines among your team members, conducting frequent audits to check the security status of your core on-premise data and setting up security alerts. Then, extend this protection to your hybrid and cloud networks by working with a channel partner who's an expert on the platform in question and understands the nuances of your industry.
BN: Is it possible to stay ahead of the hackers and stop a breach before it occurs?
PD: The best strategy to combat attacks by hackers is two-fold: first, confirm that sensitive data is in the appropriate location and is not exposed. Second, monitor your infrastructure for suspicious user activity and limit access rights to your sensitive data. In other words, ensure information is available to the people who should have it and protected from the people who should not. There's a reason Cisco Systems reported last year, "all organizations should assume they've been hacked." Cyber criminals' strategies are rapidly evolving, and sooner or later, your network will be compromised -- if it hasn't been already. You just need to take steps to ensure they won't reach your company's crown jewels once they've broken in.
BN: Does this help to guard against internal threats too?
PD: Yes. For example, if an employee is planning to leave the organization, she might begin transferring client information and intellectual property to personal data stores to take with her. Or, an employee might become frustrated at the company and attempt to delete critical files in an act of malice. Data-aware technology helps storage and security administrators pick up on these issues by quickly identifying anomalous activities, so teams can react and mitigate the risks and damage.
Image Credit: Sergey Nivens / Shutterstock
The Internet of Things is growing fast, according to Gartner around 4.9 billion devices will be in use this year, up 30 percent on 2014, and there could be 25 billion IoT devices by 2020.
But with all of these devices being rushed to market security can be left behind. According to managed security specialist Trustwave's 2015 Security Pressures Report, 77 percent of respondents said they had been pressured to unveil IT projects that were not security ready.
To combat this issue, Trustwave is announcing a new set of managed security services -- Trustwave Managed IoT Security. These services are designed to help manufacturers and developers of Internet of Things technologies identify and fix security vulnerabilities within their products before they hit the market, as well as helping business end users using IoT technologies prevent IoT-related cyber-attacks.
"As everyday objects connect to the network, IT teams struggle to manage assets and attack vectors previously outside their purview," says Steve Kelley, Senior Vice President of Product and Corporate Marketing at Trustwave. "Manufacturers of those products also struggle with getting them out to market on time while ensuring security. Trustwave’s Managed IoT Security helps both parties overcome those challenges by identifying and remediating security weaknesses within the products and ecosystem surrounding them in addition to round the clock monitoring to detect and deflect a breach".
Trustwave Managed IoT Security works on two levels. Developers and providers of IoT products and services can use it to find weaknesses in embedded devices, back-end services and the connections in between. Trustwave's elite team of ‘SpiderLabs’ ethical hackers attempt to compromise devices by exploiting vulnerabilities in the hardware, software and the manufacturers’ servers that provide the link between IoT devices and applications.
In addition it monitors the security of the IoT ecosystem. This helps protect organisations from the security challenge brought about by a raft of new and unusual, devices. Businesses can access Trustwave's Managed IoT Security services through the company’s cloud-based portal, Trustwave TrustKeeper.
Managed IoT Security will launch on Wednesday (22 July) and more information will be available on the Trustwave website.
Image Credit: PlusONE / Shutterstock
With the launch of Apple Music and a number of high-profile artists withdrawing their music from streaming services, piracy has been in the headlines of late.
But a new infographic from application security company Arxan reveals that piracy of music is only a small part of the overall problem.
Between 2012 and 2014 the average number of pirated assets 1.6 million per year, that’s expected to increase to 1.96 million this year. However, only 12 percent of pirated material is music. Television on 24 percent and adult material on 23 percent make up the bulk of pirated assets, movies account for 14 percent and even ebooks and magazines (also on 14 percent) account for more than music.
In monetary terms, out of $109 billion worth of pirated assets in 2014 the vast majority ($73 billion) was accounted for by movies, $18 billion by TV and $12 billion by music. Adult content, despite its high percentage of total content, was worth only $6 billion dollars -- sex, it seems, is cheap.
More detail including the distribution model for pirated material and the amount of bandwidth it takes up is in the infographic below.
Image Credit: Marcos Mesa Sam Wordley / Shutterstock
Enterprises may have eleven or more commercial tools in place for application performance management (APM), yet they're not using them effectively according to a new survey.
Application intelligence company AppDynamics has released the results of a survey, conducted by Enterprise Management Associates (EMA), of IT professionals from companies of all sizes across both North America and Europe, looking at the APM solutions they have in place, monitoring gaps, and the time and resources required to resolve application-based issues.
Findings include that 65 percent of the companies surveyed own more than 10 different commercial monitoring products. But nearly half also indicated that 50 percent or fewer of their purchased tools are actively being used.
Calls from users are the second most frequent way that IT organizations find out about application-related problems (27 percent cited detection by monitoring centers; 25 percent cited user calls). For problems escalated beyond level one support, mean time to repair (MTTR) is most often between five and seven hours. It can also take between three and four people to solve a given problem.
"Based on our findings, the majority of companies are still trying to manage complex applications with a combination of siloed tools, 'all hands on deck' interactive marathons, and tribal knowledge," says Julie Craig, research director, application management at EMA. "The ability to automatically discover and manage the business transaction topology as the application itself changes is a significant challenge encountered by virtually every IT organization".
When asked what they wanted from APM tools, 75 percent identified flexible deployment options as a critical factor, while 70 percent want the ability to monitor infrastructure as a service (IaaS) public cloud systems.
In terms of feature preference the top three 'must-haves' are: an integrated monitoring platform, cloud readiness, and support for trending and reporting.
More details about the survey and its findings are available on the AppDynamics blog.
Photo Credit: Sergii Korolko/Shutterstock
Businesses turn to the cloud in search of efficiency and cost savings, so being able to measure how successful a strategy is at these aims is important.
A survey by hybrid financial management provider Cloud Cruiser shows that 72 percent of respondents indicated that tracking cloud usage and costs is extremely or very important to their IT function.
The study by Dimensional Research surveyed 279 IT professionals who attended the recent Microsoft Ignite 2015 event and reveals that 92 percent of those surveyed say they are pursuing a cloud adoption strategy with the primary goals of improving IT efficiencies and reducing costs.
"This latest survey is representative of what we are seeing in the market with our partners and enterprise customers," says Deirdre Mahon, Chief Marketing Officer, Cloud Cruiser. "Once an organization gets serious about cloud, they quickly hit a wall in terms of tracking usage and gaining full control on forecasts -- essentially delivering services with efficiency and agility. Cloud Cruiser addresses that pain across the broadest range of cloud services today".
Other findings show what respondents would like to do if they had access to consumption or cloud usage information across their entire enterprise. Of those surveyed 57 percent would improve IT forecasting, 39 percent compare costs across different cloud service platforms, 37 percent implement showback and/or chargeback policies, 34 percent would expand their on-demand and self-service options access to the cloud and 30 percent would better match allocation to utilization.
The full survey results are available to download from the Cloud Cruiser website.
Photo credit: Tom Wang/Shutterstock
For the first time in more than a decade the amount of spam has fallen to less than 50 percent of the total volume of email.
According to the latest Symantec Intelligence Report, the overall spam rate has dropped to 49.7 percent, the first time a figure this low has been recorded since September 2003.
Phishing rates and email-based malware were also down this month. It's not all good news though as there were 57.6 million new malware variants created in June, up from 44.5 million pieces of malware created in May and 29.2 million in April. This increase in activity suggests that, with the continued drops in email-based malicious activity, attackers are simply moving to other areas of the threat landscape.
Ransomware attacks were up in June too, with over 477,000 detected during the month. While still below the levels seen at the end of 2014, this is the second month in a row that ransomware attacks have increased since they reached a 12-month low in April.
Targeted attacks on the manufacturing sector fell from 41 percent in May to 22 percent. Manufacturing still comes out on top in terms of sectors being subjected to targeted attacks, but the activity is now in line with what is being seen in the Finance, Insurance, and Real Estate sector and the Services -- Professional sector, which come in at second and third place. It's interesting too that 38.1 percent of attacks were directed against companies with fewer than 250 employees.
On social media 83 percent of threats relied on users to spread them by sharing videos, offers and other messages. 11 percent tried to get users to join fake groups in order to expose their details to hackers, five percent used 'likejacking' to get users to click fake website buttons that install malware and may post updates on a user's newsfeed.
More detail is available in the full report which is available to download from the Symantec website.
Photo Credit: Balefire/Shutterstock
The text message has become such a key part of our modern lives that it's hard to believe that the concept behind it dates back 31 years. Email to SMS gateway service Neon SMS has produced an infographic tracking how SMS has evolved.
The first text message was sent in 1992, although it had to be from a PC because it was the following year before Nokia introduced the first SMS-enabled phone. In 1997 the Finnish company produced the 9000i Communicator, the first mobile phone to feature a full keyboard.
However, it wasn’t until 1999 that it became possible to exchange SMS messages across networks. In the same year short codes were introduced, allowing businesses to provide an easier way of contacting them.
The 2000s saw SMS put to new uses with American Idol pioneering 'text to vote' in 2003, and the first 'text to donate' campaign launching in 2008. Bulk texting was used by Barack Obama in 2008 to announce his presidential running mate. In 2010 the verb 'texting' made it into the dictionary for the first time.
For a look at these and other milestones, plus why SMS is still popular as a business tool, take a look at the infographic below.
Photo Credit: Potstock / Shutterstock
One of the things that inhibits merchants from accepting bitcoin payments is that there’s a time lag in receiving cleared funds. A bitcoin payment can take around 10 minutes to be verified and confirmed on the blockchain.
Even then most payment processors will wait for 2-6 confirmations (taking 20-60 mins) before guaranteeing to the merchant that the transaction in complete and the merchant will receive the funds. For merchants used to accepting card payments which are verified in seconds this is a problem.
But now payments processor Bitnet is introducing a new 'Instant Approval' system that looks at a bitcoin transaction and, in less than 10 seconds, assesses the probability that the transaction will be confirmed on the blockchain and sends the merchant a notification. Bitnet guarantees the payments this service approves, simplifying the acceptance of bitcoin for merchants.
Bitnet has partnered with BlockCypher, a blockchain web services company, as a key data provider for the new service. The Instant Approval process relies on a number of data points, crucial to which are BlockCypher's double-spend detection and transaction propagation metrics.
"One of the biggest challenges for merchants wanting to accept bitcoin is how to accommodate the delayed confirmation times into their 'real-time' checkout flows and still be assured of being funded," says Seamus Cushley, VP Product at Bitnet. "We partnered with BlockCypher to provide key data for our 'Instant Approval' service due to their best-in-class metrics and enterprise service".
You can find out more about how merchants can reduce the risk in handling bitcoin payments on the Bitnet website.
Photo credit: ppart/Shutterstock
Information from social media is becoming more and more important to many companies. But extracting data and getting something useful from it can prove difficult.
Business intelligence specialist DataSift is launching a new technology called VEDO Intent, which aims to take social analysis further, gaining more nuanced insights into markets and customers using machine learning.
Previously this sort of analysis would have always relied on human input, but by using an approach known as Active Learning, VEDO Intent learns as posts are manually classified into categories such as rant, rave, purchase intent or churn. VEDO Intent then dynamically builds a machine learning-based model to at first suggest, and then fully automate, the real-time classification of millions of posts to uncover insights that previously would have been hidden. By having a system carry out the data analysis it also helps protect individuals' privacy.
"Organizations have long recognized the huge potential of social data -- it's the voice of the market and the voice of your customer. Companies are now hungry to go beyond sentiment analysis into more advanced insights," says Tim Barker, Chief Product Officer at DataSift. "Social data has evolved. Everyone from financial institutions through to the United Nations refers to it and we recognized that people need actionable, nuanced insights from social data to better understand their audience’s mood and intent".
The company is also launching a forum to help developers and data scientists share statistical models that form the building blocks of advanced analysis. Helping guide researches to the keywords and hashtags they should be using in their analysis for example.
More information about VEDO Intent and the forum can be found on the DataSift website.
Image Credit: Oleksiy Mark / Shutterstock
For smaller businesses cyber security isn't always their highest priority which means they can be left vulnerable to attacks.
In an effort to beef up protection for small and medium businesses, the UK government is launching a voucher scheme as part of a package of measures designed to increase the resilience of UK businesses to cyber-attacks.
The package also includes a new online learning and careers hub to help ensure the UK has the cyber skills talent pool to protect both the public and private sectors as it faces the reality of increasing cyber threats.
"We want to help protect UK businesses against cyber attack and make the UK safest place in world to do business online," says Digital Economy Minister Ed Vaizey. "The new voucher scheme will offer increased protection for small businesses, and the new online hub will help ensure we have the skilled workforce in place to manage the increased pressures of the digital age".
The voucher scheme, which launches later this month, will offer micro, small and medium sized businesses up to £5,000 for specialist advice to boost their cyber security and protect new business ideas and intellectual property. The scheme will be overseen by the Government’s innovation experts at Innovate UK.
The new Inspired Careers online skills and career hub is being launched today and has been developed by industry body CREST along with the Government to tackle the skills shortage in cyber security.
The hub features careers information and advice, internship and apprenticeship opportunities, academic and professional training courses, work experience and senior level vacancies, and will be a powerful tool to promote the cyber security profession and encourage the next generation of cyber specialists to help protect the UK.
As part of a National Cyber Security Programme the Government is investing £860m between 2011 and 2016 to protect the UK in cyber space. More details of information security policy are available on the Government's site.
Image Credit: fredex / Shutterstock
Business collaboration specialist Huddle is launching a new desktop app for Windows and Mac aimed at improved productivity and greater integration with other products.
Huddle Desktop comes with plug-ins for Microsoft Word, Excel, PowerPoint and Outlook to deliver deeper integration into the user's existing desktop applications. Documents stored within Huddle can be opened, edited, and saved natively from within Office programs. Users can also view team members' comments and sync their own comments back to Huddle.
"Our goal is to make document collaboration as simple and intuitive as possible," says Stuart Cochran, CTO of Huddle. "Huddle Desktop is all about personal productivity: the app provides instant access to recent work, allows users to manage offline availability, controls and prevents version conflicts, and enables you to search all of your Huddle content. Huddle's cross-platform recent files mean you can pick up on a document you were just reading on your iPhone or iPad, and start editing on your Windows PC or Mac immediately".
Features of the new product include Full integration with Microsoft Office with the ability to read and make Huddle comments directly from Office applications and archive any Outlook email and its attachments to a Huddle project workspace or attach Huddle files to email.
Huddle Desktop provides quick, direct access to relevant files, along with instant search from the desktop to give users access to the files they need most, across all their projects and teams.
Users have the ability to lock a document, preventing any overlapping edits and providing full transparency into the status of any document at any time. Up to 50 files can be made available offline for when users don’t have a connection.
"Huddle Desktop is the perfect bridge to connect the desktop experience to the industry’s most powerful cloud-collaboration platform," adds Cochran. "For example, if I know I'm going to be without Internet connectivity, I can quickly make a file available offline through the Desktop App, then edit it, review team comments and save from within Microsoft Word. When I reconnect, Huddle Desktop will automatically manage the synchronization of the file -- and my comments -- back into the cloud for the rest of my team".
Huddle Desktop is available now for all new and existing Huddle users and you can find out more on the company's website.
Photo Credit: Pressmaster/Shutterstock
As businesses move towards cloud and hybrid environments, providing real-time access to digital assets from anywhere and on any device becomes more of a challenge.
Integration solutions company Jitterbit is launching a new Harmony Live! cloud platform that lets companies quickly design, orchestrate and manage real-time APIs. This allows the connection of thousands of B2B, consumer and mobile apps, as well as smart devices and the Internet of Things.
Harmony Live! goes a stage beyond management and offers API 'orchestration'. This means that APIs are connected to the business, tied to real-time digital processes, and shared securely for plug-and-play connectivity with any system.
Harmony Live! lets non-technical users connect any on-premise system, cloud app or device and expose it instantly as an orchestrated API in minutes. Using the Jitterbit Studio, users can connect, orchestrate and manage their APIs without having to write a single line of code. In addition they can use the Workflow Designer to visually map out business processes.
Live! 'Anywhere' APIs can run in any environment while connected to the Harmony API Gateway, which exposes APIs securely, reliably and with fast response times.
These Live! Anywhere APIs can also be linked to popular apps through pre-built connectors, available for systems including SAP, Oracle, Microsoft, Salesforce, Autodesk, and NetSuite. These systems can then be securely exposed as a service connected to a specific business process that tie together employees, partners and customers. If a data source, app or device doesn't have an API, Live! can provide it with an Anywhere API, and even combine multiple sources into a composite API to offer services that tie together users, systems and processes.
Live! security controls can limit and block access to APIs and comply with industry standards. These combine with View Live! analytics to reveal how APIs are being used and allow admins to manage them proactively.
You can find out more and sign up for a 30-day trial of Harmony on the Jitterbit website.
Image Credit: rzoze19 / Shutterstock
We use Wi-Fi almost without thinking about it, but a new survey of users in the US and Europe reveals just how big an impact it has on our daily lives and what we're willing to do to stay connected.
Network company Xirrus polled hundreds of people about their Wi-Fi habits and expectations. The results reveal the far-reaching impact Wi-Fi has on users' lives, as well as its importance to the future.
Rapid expansion of the IoT and BYOD means that businesses need to re-evaluate how they design their Wi-Fi networks to meet users' expectations to connect anywhere, on any device, at any time. The survey finds a majority of consumers (76 percent) connect to Wi-Fi outside of their home on a regular basis. It also reveals a growing expectation of being able to get connected everywhere.
Although 79 percent of respondents don't feel that public Wi-Fi is secure, 62 percent are still willing to connect to it. More than half (66 percent) of travelers would change hotels for a better Wi-Fi experience, and 49 percent would change their preferred airline provider.
84 percent of respondents say that bad Wi-Fi has kept them from doing their job. Almost all consumers (90 percent) now own at least one connected device -- such as a laptop, smartphone or tablet -- and a surprisingly high one in three of those polled own a wearable device of some kind, such as a smartwatch or fitness band.
"We are now more than ever a mobile, wireless-reliant society," says Shane Buckley, Xirrus CEO. "The proliferation of Wi-Fi connected devices combined with the expectation of steadfast connectivity has put increased demand on Wi-Fi networks everywhere. Nowhere is this more apparent than in the enterprise. Our study highlights the need for organizations to reinforce their networks to ensure a seamless connected experience for users at all times, no matter the location".
The Xirrus Where the Wires End Survey is available to download from the company's website and there’s a summary in infographic form below.
Photo credit: Shutter_M / Shutterstock
On the whole speakers tend to be quite dull-looking pieces of kit. There's no way you can level that criticism at the Exclaim Connect though, a pair of speakers which have rather unique style.
They feel nicely weighty, the upright parts are metal and the bottom ball-like segments have a smooth rubbery finish. They look like a piece of modern sculpture or something out of a 1950s science fiction comic.
Leaving aside the looks, these PC speakers also offer Bluetooth connectivity, making them a versatile choice for home or small office use. There are three-inch subwoofers in the base of each unit and two 1.5-inch mid-range speakers in the upright parts. The power output is 2 x 8W and 2 x 10W.
They come supplied with a mains power adaptor, a cable to link the two speakers together and a 3.5mm audio cable. The right-hand speaker is the master unit and has controls for power and volume on its side. There's a red LED behind the grille to indicate that the power is on which turns blue to show that a Bluetooth connection is active.
The speakers incorporate some clever technologies. Digital Signal Processing (DSP) claims to deliver active crossover frequencies and good tonal balance, even at high volumes. While Dynamic Range Compensation (DRC) technology is aimed at keeping distortion to a minimum.
A good thing about the design is that if you're using them on a desk they sit neatly either side of a monitor and the height of the units means that the mid-range speakers are in line with your ears. However, you do need to be a little further back than normal desktop distance to get the best effect. That said, the listening experience is good with a rich tone and decent bass, though there are no bass and treble controls so you’ll need to fine tune the listening experience at source. You do get a bit of distortion if you crank up the volume too high but it's fine at normal everyday levels.
It would be nice to have a built-in microphone to allow for making hands-free calls via Bluetooth, and some bass and treble controls would have been good too, but otherwise there’s not much to fault here. You can pay a lot more for speakers without getting significantly better sound quality and you’re getting that added touch of sci-fi style with the Edifier Connect.
The Exclaim Connect e10BT currently costs £78 on Amazon in the UK ($131.77 in the US) more detail is available on the Edifier website.
Customer relationship management is on target to be a $36 billion market by 2017, overtaking enterprise resource planning as the most significant enterprise tool.
Business software selection specialist Capterra has surveyed over 500 users of CRM in the US to determine the ways they find, buy and use their software.
Key findings are that more than half of users adopted CRM within their company’s first five years in business, and two-thirds of companies had at least 100 customers when they first purchased a CRM system.
A third of CRM users surveyed use Salesforce, while other software industry giants Microsoft, Oracle, and SAP combine with Salesforce to dominate 75 percent of the CRM market. On average, businesses spend $150 per user per month on their CRM, with 61 percent spending over $50.
Despite recent growth of social CRM capabilities, people still want more. The most desired CRM features were social media monitoring capabilities (25 percent) and the ability to pull in prospect information from social media (24 percent).
"This report shows that, despite four CRM industry main-stays continuing to dominate the market, businesses continue to invest heavily in CRM technology early in their life cycle," says Katie Hollar, Director of Marketing at Capterra. "This trend indicates that there's tremendous opportunity for newer, small-business CRM solutions to cater to the unique needs of startups -- especially as we see the economy rebound and more startups investing in software. And as those startups mature into larger companies, there's opportunity -- both for CRM users and for sellers of CRM software -- to continue to expand into related software categories and product offerings, such as marketing automation, help desk software, social media marketing, and other areas of the sales and marketing stack. Already, the report showed that 44 percent of CRM users had integrated their system with a marketing automation solution, and we expect that number to continue to grow in the coming years".
The research shows that businesses are using their CRM software to better measure their company's performance, boost their sales and marketing efforts, and maintain loyalty among customers. They're also using CRM data to branch into new types of business software, such as marketing automation and social media monitoring.
For the future as more businesses continue to adopt CRM, vendors will introduce add-ons and plug-ins to make better use of CRM databases, such as help desk software for customer service teams or marketing automation systems.
More information is available on the Capterra website.
Photo Credit: Mikko Lemola / Shutterstock
Most home or small business users never even think about upgrading the router that was supplied by their internet service provider. But by simply sticking with the default box you may well be missing out on the extra features and performance of a more sophisticated router.
The Archer D9 from TP-Link offers a smart design and decent performance but at a price that undercuts much of the competition. So, is this a good choice or a budget manufacturer trying to punch above its weight?
Design
The first thing to note is that it’s quite large and it’s designed to stand upright. The stand is fixed so there’s no option to lay it down flat or mount it on a wall. The router itself stands around six-inches tall and you can almost double that when you’ve attached the three antennas to the top.
A row of LEDs along the top of the shiny, white front panel allow you to monitor its status, though there’s only one Ethernet light so you can’t check on individual ports. On the back you have three LAN ports and a LAN/WAN port, a power switch and buttons for WPS and for turning Wi-Fi on and off -- a handy touch that many routers don’t offer.
There are also two USB ports, a 3.0 on the back and a 2.0 on the side, for attaching storage or other devices.
Setting Up
Plug it in and you can access a Quick Setup mode via the browser interface that will auto detect your ISP settings so all you have to provide is a username and password. There’s also a mini CD with an Easy Setup Assistant which is good for less experienced users who aren’t confident with the web interface.
That interface is not hard to navigate but it has a vast array of options and feels like it’s very much for techies. If you know what you’re doing you’ll have no problem forwarding ports or configuring VPNs and the like.
This is a dual-band router so it provides 2.4GHz and 5GHz connections and there’s support for a guest network on both. You get limited parental control via a MAC defined whitelist. It has a bandwidth control feature too that lets you limit the amount a particular port or IP address can use. The USB ports provide access to storage, media streaming and printer support -- though you’ll need to download and install TP-Link’s own printer controller software.
In Use
Signal strength is more than adequate to cope with most domestic or small office situations. The 5GHz band offers good performance with fast data transfers (up to 1,300Mbps) and smooth streaming.
The lower speed 2.4GHz band comes into its own at longer ranges though allowing you to connect where the faster one struggles. Beamforming technology concentrates the signal towards connected devices to give more reliable operation.
Conclusion
At just over £120 currently on Amazon, the Archer D9 has a lot to offer. It performs well, has plenty of features and it feels solidly built.
There are some minor niggles, like the lack of individual status LEDs for the Ethernet ports, but if you’re looking for a good value router with lots of configuration options it’s well worth considering.
Pros
Cons
Company | Release Price |
ITProPortal Review |
Company Site |
---|---|---|---|
TP-LINK | £120.00 | 7/10 |
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
There's always a trade off between access and security. Identity management specialist Gigya has released its latest State of Consumer Privacy & Personalization report looking at consumer attitudes surrounding data privacy.
A key finding is a growing willingness to accept next-generation authentication methods known as 'Identity 3.0'. Biometric technologies are emerging as a popular option for signing in. The study shows 41 percent of consumers have a high level of comfort logging in to a site or mobile app using a thumbprint or face/eye scan.
The study also shows heightened demand for data privacy and more relevant marketing communications, which consumers believe can be achieved through business transparency and personalization. More than 90 percent of consumers are at least somewhat concerned about data privacy and how companies are using customer data.
This contributes to a willingness to use existing logins, 59 percent of consumers say they are willing to register or log in to a website or mobile application with an existing identity from a payment provider such as PayPal or Amazon. 57 percent say they would be prepared to use their Apple ID.
Also 88 percent of US consumers have logged in to a website or mobile application using an existing social network identity, an 11 percent increase over last year’s findings. This is happening across demographic groups, 75 percent of consumers aged 55 and over have used a social identity to authenticate on a site or mobile app.
An aversion to filling out online registration forms (56 percent) and not wanting to remember yet another user name and password (43 percent) top the list of reasons why consumers choose to use social authentication. Being able to use the same identity on all devices and websites to get a more personalized experience is the third most cited reason at 25 percent.
"Although data privacy concerns are seemingly at an all-time high, it's evident that consumers are prepared to share their personal information with businesses if presented with a clear value exchange and a high level of transparency," says Patrick Salyer, CEO of Gigya. "In addition, as consumers continue to embrace advanced authentication methods, brands must equip themselves to handle an increasing volume and variety of rich identity data in order provide truly relevant 1:1 experiences".
The full report is available to download from the Gigya website or there's a summary of the findings in infographic form below.
Image Credit: Gunnar Pippel/Shutterstock
Whilst it's the hacks and the data breaches and the information thefts that grab the headlines, no one ever mentions the technology that lies behind them.
Where do the bad guys host their malware and where do they keep their stolen information? Like any legitimate online businesses, cybercriminals need a reliable, high availability hosting infrastructure.
A new report from TrendLabs -- the research arm of security company Trend Micro -- uncovers the existence of what it calls 'Bulletproof Hosting Services' (BPHSs) which provide the discreet infrastructure needed for cybercriminals to operate their business, store stolen data and hide out from anyone trying to shut them down. This often overlooked, component of cybercrime is more significant than it might seem. Without BPHSs, many cybercriminal groups would cease to operate.
Unlike regular hosts, bulletproof servers primarily host malicious content like phishing sites, pornography, fake shopping and carding sites, and command-and-control (C&C) infrastructure. They need to offer the service reliability of any ordinary host, but also need to appear as legitimate as possible so that authorities don't shut them down. Bulletproof host owners rent hardware colocation facilities in various countries to ensure the continuity of their operations. They normally rely on nations with lax information security laws to minimize the risk of them being blacklisted or shut down.
Like legitimate hosts, BPHSs offer different specialisms including torrent download sites, blackhat SEO to drive traffic to malicious sites, C&C components and spam tools. TrendLabs identifies three main delivery methods, dedicated BPH servers, compromised legitimate servers and abused cloud hosting services.
BPHSs also parallel the legitimate world in their pricing models. Low risk content can be hosted from as little as $2 a month with dedicated high-risk content servers -- based in China, Bolivia, Iran, or the Ukraine -- costing $300 or more.
The best BPHSs have support teams who communicate with clients via ICQ, Jabber, or their own JavaScript-based messaging services. Like legitimate providers they use a ticketing system to prioritize and process queries.
Robert McArdle, Trend Micro's FTR Senior Manager says, "The very nature of BPHSs is that they protect malicious activity against law enforcement, giving cybercriminals the much-needed loophole to wriggle out of and escape from the clutches of both law enforcement and the security industry. That loophole unfortunately largely remains open today".
Photo Credit: Bartlomiej K. Kwieciszewski/Shutterstock
Organizations are increasingly bombarded with malware reports and that can lead to wasted time dealing with false alarms or minor issues.
A new report from The Ponemon Institute, commissioned by breach defense specialist Damballa, reveals that two-thirds of the time spent by security staff responding to malware alerts is wasted because of faulty intelligence.
The survey of 551 IT and IT security practitioners across EMEA (Europe, Middle east and Africa) finds that teams spend, on average, 272 hours each week responding to 'false positive' cyber alerts -- due to erroneous or inaccurate malware information. This equates to an average cost of £515,964 (around $800,000) annually, for each organization, in lost time.
The findings show that organizations are dealing with nearly 10,000 malware alerts per week, however, only 22 percent of these are considered reliable. More worryingly, only a small fraction -- 3.5 percent -- of all alerts are deemed to be worthy of further investigation. IT teams could therefore be struggling with the resources, or expertise, to block or detect serious malware.
"These findings are significant as they highlight the real impact of false malware intelligence. Not only are teams devoting valuable time and resources to hunting down the false positives but they’re also in danger of missing the real infections, which could have a devastating impact," says Stephen Newman, CTO of Damballa. "The severity and frequency of attacks is increasing, so the focus really needs to be on building better intelligence, which means that organizations will have the confidence of knowing exactly where the real threats are. This means that teams can direct their efforts where it is most needed; on finding and quickly remediating the active infections".
Among other findings of the report are that fifty-seven percent of respondents say the severity of malware infections have significantly increased or increased in the past year. Yet whilst the severity of infections is rising, nearly a quarter of respondents (23 percent) say that they have an 'ad hoc' approach to containment, with 38 percent having no one person accountable for the containment of malware.
Only 37 percent of respondents reported that their organization has automated tools to capture intelligence and evaluate the true threat of malware. Organizations that do have automated tools report that an average of 44 percent of malware containment does not require human input or intervention and can be handled automatically.
The full report is available to download from the Damballa website.
Photo Credit: Sergey Nivens/Shutterstock
For large companies keeping on top of IT assets and software licenses can be a complex and time consuming process.
IT management company LANDESK is releasing a new version of its IT Asset Management (ITAM) Suite which provides a simplified view of assets in one central place via a LANDESK Workspace, putting decision-making data at the fingertips of managers.
Features of the software include improved asset visibility. IT managers get a comprehensive look at managed assets, making it easy to identify owned assets, optimize software, reclaim unused licenses and regain negotiating power with vendors.
ITAM delivers detailed, reliable licensing information, helping monitor the current state of compliance and respond faster to software audits. For hardware it can automate tracking of warranty data and lease information.
LANDESK Workspaces is compatible with Mac, Windows, iOS and Android operating systems, and it provides the same experience regardless of device, so it can be used centrally or during on site audits.
"Many asset management tools, whether they are discovery, license optimization or asset repositories, tout the total number of reports available in the product," says Patricia Adams, ITAM evangelist at LANDESK. "While this is useful information, knowing how to act on the data is more meaningful. Having the data displayed in a format that allows for rapid business decision-making enables the asset manager to be more efficient. LANDESK Workspaces provides a customizable dashboard and the visibility needed to understand the health of the IT assets and make actionable decisions".
More information on the IT Asset Management Suite is available on the LANDESK website.
Photo Credit: .shock/Shutterstock
With a mix of on-site, virtual and hybrid environments, today's IT systems are increasingly complex and time consuming to manage. Yet traditional monitoring tools can result in information overload.
For businesses using VMware environments, SIOS Technology Corp is launching a new solution that applies machine learning techniques to IT analytics.
SIOS iQ applies advanced machine learning analytics to broad data sets, including application and infrastructure data from third party tools and frameworks. This allows it to understand and explain complex behaviors and predict the impact of changes in dynamic virtual environments.
"This extensible analytics platform delivers simple, intelligent solutions to the most pressing problems in today's complex VMware environments," says Jerry Melnick, COO of SIOS Technology Corp. "SIOS iQ brings extraordinary ease of use and time savings to tasks that have typically required multiple experts from various IT disciplines. The solution improves IT and infrastructure efficiencies, reducing costs while helping IT meet critical quality of service goals for applications operating in VMware environments".
Traditional approaches focus on recording and reporting discrete events, such as a CPU utilization exceeding a threshold, to identify problems in a VMware environment. This means that complex or subtle issues can go unnoticed while IT staff are inundated with alerts without any guidance for prioritizing, interpreting or correcting them. SIOS iQ learns the relationships of objects and their normal patterns of behavior in a VMware infrastructure. It's then able to recognize abnormal patterns and identify the root causes of issues.
It can also analyze interactions between SQL and infrastructure resources in the VMware environment to identify the root cause of performance issues. SIOS iQ recommends the best solutions via its SIOS PERC Dashboard, filtering out the noise and large numbers of alerts that go with traditional approaches. This reduces staff time spent manually compiling and analyzing data from various sources to identify causes of issues and assign ownership of solutions.
You can find out more about SIOS iQ on the company's website and there's currently a limited feature, free edition available to allow you to try it out.
Image Credit: art4all / Shutterstock
The username and password combination has been with us for a long time, but we're increasingly seeing its shortcomings for protecting sensitive data.
A new survey of 24,000 consumers across six continents by technology services and consulting company Accenture reveals that 60 percent of consumers find passwords cumbersome and more than three-quarters worldwide would be open to using alternatives.
"The widespread practice of typing usernames and passwords to log on to the Internet might soon become obsolete," says Robin Murdoch, managing director of Accenture's Internet and Social business segment. "Consumers are increasingly frustrated with these traditional methods because they are becoming less reliable for protecting their personal data such as email addresses, mobile phone numbers and purchasing history".
Users in China and India are most likely to be open to alternatives, at 92 percent and 84 percent, respectively. More than three-quarters (78 percent) of consumers in each of Brazil, Mexico and Sweden, and 74 percent in the United States, are also willing to consider security methods other than usernames and passwords.
The survey also shows a general lack of faith in the security of personal data. Fewer than half (46 percent) of consumers globally are confident in the security of their information. Those in emerging countries are slightly more confident in the security of their personal data than were those in developed nations, at 50 percent and 42 percent, respectively.
"As hackers use more-sophisticated and less-obvious methods, passwords are no longer seen as the definitive answers to the security question," Murdoch adds. "Traditional one-step passwords are now being matched with alternative methods using biometric technologies such as fingerprint recognition and two-step device verification. Within the next few years we are likely to see many more consumers embracing these and other alternative methods".
You can read more in the full report Digital Trust in the IoT Era which is available to download from the Accenture website.
Photo Credit: Dr. Cloud/Shutterstock
Although the majority of consumers are well aware of potential malware attacks on the Android platform, and they overwhelmingly understand the importance of mobile security, they're still not taking the steps needed to safeguard their devices and they’re reluctant to pay for protection.
This is among the findings of a new survey of more than 100 Android users from Chinese company 360 Security. It shows that Android mobile users worry most about untrustworthy apps (27 percent), online payments (20 percent), and hackers (13 percent).
Additional concerns are single sign-ons, Wi-Fi connections and personal data leakage. More than 90 percent of respondents say they think mobile security is important and two thirds are aware of weaknesses on the Android platform.
Yet despite these concerns almost half of the respondents currently aren't -- or are unsure if they are -- using a security app on their personal smartphone. Plus around one-out-of two people didn't know they needed a security app. They're also reluctant to pay much for protection, more than 80 percent of respondents want to spend less than $4.99 on a security app and 44 percent don't want to pay anything at all.
"The survey results are a good reminder that while today’s consumers are aware of threats to the Android platform, most are not leveraging the tools and apps needed to protect themselves," Yan Huang, COO of 360 Security says. "The 360 Security app is free for download in the Google Play store and will keep consumers -- around the globe -- safe from any suspicious activity, while boosting overall device performance".
Photo credit: Kirill__M / Shutterstock
Since the advent of personal computing, games and malware have developed more or less side by side. Today the world of gaming has become intertwined with malware as cyber criminals have turned game theft into something much more lucrative.
The digital world, as we know it today, can be a dangerous place, to bring these issues to light anti-malware company Webroot has teamed up with the new movie PIXELS, released on July 24, to issue an infographic on the history of malware and gaming.
The global cost of cybercrime is estimated at $445 billion, but in the 1980s viruses merely had nuisance value, they might stop you playing Donkey Kong but they wouldn’t be after your bank details.
It wasn't until the turn of the century that malware stared to get really serious, the estimated cost of cleaning up the ILOVEYOU virus was put at around $6 billion. Meanwhile in the gaming world hundreds of thousands are turning to online worlds like Everquest.
In 2015 ransomware is encrypting gamers' save files and extracting money from virtual wallets, and even console gamers are no longer safe from attack.
You can see the infographic below. Webroot is also giving US-based gamers a chance to win a trip to one of the cities featured in PIXELS, PIXELS swag, and free gamer cybersecurity for PC, Mac, smartphone or tablet devices. Visit www.gamersvspixelsmovie.com and complete the quiz to enter.
Image Credit: Ernesto Orchoa / Shutterstock
A new survey reveals that shoppers are not forgiving of their favorite retailers or brands when their mobile apps aren't working as they should. According to the results 70 percent of consumers say the performance of a mobile app impacts their perception of the retailer.
The survey by application intelligence specialist AppDynamics spoke to 4,000 smartphone and tablet owners in the UK, US, France and Germany. It shows that 20 percent admit to making purchases on their phone while at work in front of their computer.
Also 67 percent would be put off shopping with a retailer if they had a negative experience with its app -- putting the onus on brands to deliver flawless application performance. However, 75 percent felt that a prompt and personal apology would persuade them to revisit the retailer.
When asked what they want from retail apps, 43 percent of consumers want mobile apps that allow them to purchase products while in the store, instead of queuing for a sales assistant. 57 percent would like retail apps to provide store assistants with details of past purchases to give a tailored in-store experience. Also 56 percent would be encouraged to visit bricks-and-mortar stores if apps provided them with personalised offers when they were nearby.
"As the lines between work and personal, digital and physical, continue to blur, retailers must ensure their apps function at all times across multiple platforms in order to retain and nurture always-on consumers", says Jyoti Bansal, founder and CEO of AppDynamics. "Technology has transformed the retail landscape significantly over the past decade, and now more than ever, software defines business success -- with revenue and reputation often hinging on customer interactions with apps".
The full report is available to download from the AppDynamics website.
Image Credit: 3Dmask / Shutterstock
Moore's Law, the rule describing the steady growth of computing power, seems to have been under threat of late. But work by an alliance led by IBM research could see it safe for a few years yet.
Researchers have produced the first 7nm (nanometre -- one billionth of a meter) test chips. What does this mean? Current chips have components with a width of 14 or 20nm so a 7nm chip will allow many more components to be included.
The breakthrough could result in the ability to place more than 20 billion transistors -- effectively tiny switches -- on a fingernail-sized chip. Industry experts believe that 7nm technology will be crucial to meeting the anticipated demands of future cloud computing and big data systems, cognitive computing, mobile products and other emerging technologies.
"For business and society to get the most out of tomorrow's computers and devices, scaling to 7nm and beyond is essential," says Arvind Krishna, senior vice president and director of IBM Research. "That's why IBM has remained committed to an aggressive basic research agenda that continually pushes the limits of semiconductor technology. Working with our partners, this milestone builds on decades of research that has set the pace for the microelectronics industry, and positions us to advance our leadership for years to come".
To achieve the higher performance, lower power and scaling benefits promised by 7nm technology, researchers have had to bypass conventional semiconductor manufacturing approaches. Among the novel processes and techniques pioneered by the IBM Research alliance are a number of industry-first innovations. These include Silicon Germanium (SiGe) channel transistors and Extreme Ultraviolet (EUV) lithography integration at multiple levels.
If translated to production these techniques and scaling could result in at least a 50 percent power/performance improvement for the next generation of mainframe and POWER systems that will power the big data, cloud and mobile era.
Image Credit: Darryl Bautista/Feature Photo Service for IBM
We're all familiar with the idea of BYOD and allowing employees to use their own devices for work. But how much impact is it having out in the real world workplace?
Workspace as a service provider Workspot has produced an infographic based on a survey of 500 US workers sheds some interesting light on things. High numbers of Americans are using their own devices for work, with 64 percent admitting that they sometimes do so. Those that do use their own devices do so for between 10 and 30 percent of the work day.
The breakdown of devices is interesting since it doesn't reflect system popularity in the wider world. 40.4 percent are using iPhones for work compared with only 17.2 percent using Android phones, 28.3 percent use their own laptops.
When asked where they use their devices for work, most (74 percent) do so in the car, 52 percent in the kitchen and 41 percent in bed -- which seems to confirm all of those working from home stereotypes. As to what they do, 56 percent access their work email and 33 percent make work related phone calls. However, only 4.2 percent access work applications and 5.6 percent access calendar appointments which suggests that the BYOD revolution still has some way to go.
You can see the full infographic below.
Photo credit: Alessandro Colle/Shutterstock
Selecting software is one of the most crucial decisions that many enterprises have to make. The right choice can make all of the difference between success and failure.
However, finding impartial advice on the pros and cons of various business packages can be difficult. Could crowd sourcing of opinions provide an answer? The people behind software review platform G2 Crowd definitely think so. We spoke to company president Tim Handorf to find out more.
BN: What types of software does G2 Crowd cover?
TH: We have more than 33,000 reviews across more than 475 categories, from marketing technology such as CRM and marketing automation, to to IT infrastructure tools and development tools. We've also recently added a number of industry-specific software categories.
BN: Tell us about how the Grid rating methodology works.
TH: Every product within a given category that has 10 or more reviews is plotted on two axes. The Satisfaction (horizontal) axis is based on G2 Crowd review data and includes, overall satisfaction, feature satisfaction, customer service and more. The Market Presence (vertical) axis is based on social indicators, age of the company, the number of employees it has, earnings -- if the vendor's stock is publicly traded -- and more.
Grids update and normalize in real time, based on new review and social data that come in each day. You can see an example in our backup software category. Also, you can read more details on our methodology here.
BN: Where do you source your reviews from?
TH: Reviews are primarily sourced in three ways, and the distribution is fairly evenly split between the methods. Firstly users find our site (via a search engine or other referral) and write a review after visiting.
Second, our team finds users of specific products through social networks and asks them to write a review of the product. Third, software providers encourage their users to write reviews for several reasons: product feedback, public-facing testimonials and more. We provide all software developers with a landing page to which they can direct customers to write a review. However, if software providers are going to ask customers to write reviews, we do ask they follow the guidelines we provide.
BN: How can you prevent developers 'gaming' the system with positive reviews?
TH: We take pride in having a rigorous vetting process for reviews. We also require all reviewers to authenticate with LinkedIn before they post so we know they are a real person and who their employer is. Our QA team vets every review that comes in to ensure the authors aren't affiliated with the software provider or one of their competitors.
In addition, we ask users to upload a screenshot of the software that displays user credentials which match their LinkedIn credentials. This serves as an additional method for readers to know that this review came from a real user.
BN: Do you have any plans to expand into other areas, consumer software for example?
TH: Although we are currently focused on business software, we also have categories on G2 Crowd for related support areas, such as IT consulting. Beyond software-related services, we haven't determined if or when we will expand into other areas.
Photo Credit: nopporn/Shutterstock
Google and Microsoft are the two big players in the cloud office suite market. But what do the customers of each look like and how are they implementing and using the software?
Cloud management specialist BetterCloud has released the results of a survey of 1,500 IT professionals looking at customers of both systems, the age and size of their companies, cost-savings for each, and when companies will achieve 100 percent cloud use.
Among the findings are that Google Apps organizations are experiencing savings of 41 percent while organizations using Office 365 see savings of 27 percent. However, Office 365 organizations are more than four times larger than their Google Apps counterparts. Because of their size, Office 365 IT teams are also more than six times larger than those that use Google Apps, yet, surprisingly, they service the same average number of employees per IT admin.
Office 365 organizations tend to have been in business longer, having been founded seven years earlier on average than Google Apps organizations. This may account for differences in deployment strategy. Sixty eight percent of Google Apps organizations surveyed roll out Google Apps all at once while 62 percent of Office 365 organizations choose to implement a hybrid deployment strategy.
Both systems are good for promoting collaboration with 84 percent of enterprises using Google Apps experiencing increased collaboration compared to 72 percent of Office 365 enterprise organizations.
Google Apps usage rates far surpass the online equivalents for Office 365, suggesting many Office 365 organizations’ employees are still using local versions of the Office suite. No Google Apps or Office 365 enterprise organizations currently run 100 percent of their IT in the cloud, projected to 2026 that number jumps to 74 percent and 57 percent respectively.
"Google and Microsoft have taken different approaches to the market. Google has built a cloud-only suite that’s focused on business transformation. They've been revolutionary in their approach since the beginning", the report concludes. "Microsoft has owned the enterprise software and messaging market for 20 years, and now, under new leadership, they are taking their customer base and an established product set on an evolutionary path to the cloud. Microsoft has finally put the weight of their name behind the cloud by offering their customers a safe and comfortable upgrade path".
You can read more about the survey's results on the BetterCloud blog.
Just over a week on from Microsoft's announcement that it was getting out of the display advertising business with the loss of 1,200 jobs, the company's CEO is wielding his ax again.
This time up to 7,800 jobs are set to go in the company's phone hardware business as it says that the future prospects for the segment are, "...below original expectations".
The company will record an impairment charge of approximately $7.6 billion related to assets associated with the acquisition of the Nokia Devices and Services (NDS) business, in addition to a restructuring charge of approximately $750 million to $850 million as a result of the change.
"We are moving from a strategy to grow a standalone phone business to a strategy to grow and create a vibrant Windows ecosystem including our first-party device family," says Microsoft CEO Satya Nadella in an email to staff. "In the near-term, we'll run a more effective and focused phone portfolio while retaining capability for long-term reinvention in mobility".
This marks the latest step in Nadella's strategy to refocus the company on personal computing, cloud platforms, productivity and business processes. Since taking over as CEO last year he has been busily acquiring cloud and mobile software businesses and shedding parts of the company that don't fit with this overall plan.
The latest changes are expected to be complete by the end of the calendar year.
Photo Credit: turtix/Shutterstock
Enterprises face evolving security challenges and solutions due to the introduction of cloud infrastructures. Growing cloud adoption has been identified as one of the key reasons why a majority of IT and security professionals find securing their networks more difficult today than two years ago.
Network security company Tufin has produced an infographic, based on a recent research report with ESG, looking at why 56 percent of professionals believe network security is getting harder.
This is partly down to increasing complexity as well as cloud adoption. The top five drivers of network security strategies are listed as: supporting cloud initiatives (38 percent), increasing network security efficiency (33 percent), implementing better monitoring and reporting of network topology and controls (30 percent), improving troubleshooting and problem solving (29 percent), and improving workflow between the security team and other IT groups (26 percent).
The full report is available to download from the Tufin website and you can see the infographic below.
Image Credit: watcharakun/Shutterstock
With the increased threat of data loss from security breaches or system failures, many enterprises are turning to cloud solutions to look after their information.
Backup specialist Acronis is keen to take a slice of this market with the launch of its Acronis Data Protection Platform. This is a cloud platform that seeks to transform the way data protection is delivered to end-user customers by service providers, resellers and distributors.
"For companies everywhere, suffering from data loss and disasters is not a matter of if, but when -- it will happen", says Serguei Beloussov, co-founder and CEO at Acronis. "With the introduction of the Acronis Data Protection Platform, we make complete data protection easy, complete and affordable for businesses of all sizes and empower service providers and resellers to capitalize on this massive market opportunity".
The company is also is releasing a new version of Acronis Backup Cloud, its leading cloud backup solution, and introducing Acronis Files Cloud, a new file sync and share product. Acronis is also announcing the global availability of Acronis Disaster Recovery Service, its all-in-one solution for backup and disaster recovery.
Based on an advanced cloud architecture, the Acronis Data Protection Platform delivers software-as-a-service solutions, including backup, disaster recovery and file sync and share. The platform is powered by the Acronis AnyData Engine -- a set of powerful data protection technologies that can capture, store, recover, control, and access any data from any location.
Improvements to Backup Cloud include expanded support for Microsoft SQL, Microsoft Exchange, and Mac OS X environments, plus initial seeding capabilities to easily move large volumes of data to the cloud.
File Cloud offers workers a secure alternative to consumer file sharing services, with safe file access, sync, and share in an easy-to-use cloud service. The solution helps service providers and partners quickly address the growing need for businesses to securely support BYOD and mobile workforces.
More information about Acronis business products is available on the company's website.
Image Credit: Maksim Kabakou/Shutterstock
Adobe Experience Manager (AEM) is used by many businesses to control content and ensure that it's consistent across channels. But what it doesn't help with is localizing sites into different languages.
Into this gap is stepping translation specialist Smartling with Translation Connector, which brings its cloud-based translation management platform to users of AEM 6.1.
It allows AEM users to seamlessly connect to the Smartling platform from within the AEM 6.1 system where they can then submit content for translation and localization to be fulfilled by their preferred language service providers.
"When we released our first Connector for Adobe CQ 5.4 in early 2014, it gave CQ users translation functionality never before possible," says Andrew Saxe, senior director of product at Smartling. "We are thrilled to be among the first partners to support AEM 6.1, and we look forward to bringing the most advanced translation functionality to Adobe's fast-growing base of AEM 6.1 customers, many of whom already use the Smartling platform".
Smartling can translate and manage content from almost any data source, including business documents, resource file types, AEM third-party plug-in content, and dynamic content built into AEM sites even though they not have data stored in AEM. Changes to content are detected automatically, and translations are automatically returned to AEM when they are complete.
Smartling's centralized translation memory integration makes use of previous translations to boost quality, consistency and speed, while reducing translation costs by up to 40 percent. The company's "in-context" translation interface provides translation resources with full visibility into site design and layout during the entire process, resulting in greater accuracy from the outset. Translation progress updates are available directly within the AEM interface, eliminating the need to switch between multiple systems to monitor project activity.
More information on Smartling's Translation Connector for AEM is available on the company's website.
Photo Credit: marekuliasz/Shutterstock
Mobile Internet doesn't just liberate us from the constraints of a wired connection, it offers hundreds of millions around the world their only, or primary, means of getting online.
The latest Global Internet report from the Internet Society focuses on mobile usage and how it has changed, and is changing, the way we use the Web.
In addition the mobile Internet doesn't only extend the reach of the Internet as used on fixed connections, but it offers a range of new functionality in combination with the latest portable smart devices.
Already 94 percent of the global population is covered by a mobile network, 48 percent are covered by mobile broadband, and 28 percent have subscribed to mobile Internet services. Mobile Internet penetration is forecast to reach 71 percent by 2019 and usage per device is forecast to more than triple over the same timescale. 192 countries now have active 3G mobile networks, which cover almost half of the global population. Smartphone sales now account for the majority of mobile handsets sold worldwide and tablet sales will soon exceed total PC sales.
The report points out that mobile Internet will play a key role in bringing the next billion Internet users online. Mobile has already leap-frogged fixed-line access in many countries because of limitations in the coverage of the network, and the availability of mobile Internet access significantly outpaces adoption today.
This combined with new services, often accessed via apps, are key to enabling social inclusion, interaction with government and commerce, and other applications. According to the report’s authors, these innovations are already driving a further evolution of the Internet and helping to
realize the Internet Society’s vision that 'The Internet is for everyone'.
Mobile Internet access has the potential to improve many areas of people's lives from education and healthcare to productivity and leisure. It does, however, raise concerns particularly surrounding privacy and tracking. The report also notes that the 'app economy' may also limit our choice of device as new players find it hard to break into the market.
"Today we associate the mobile Internet with a smart device that runs on a specific platform and provides access to the apps that we use," says Michael Kende, Internet Society Chief Economist and author of the report. "While this has created amazing benefits for users and an entire app economy for developers, it locks users into a chosen platform and ultimately limits choices in a way that is new to the Internet".
The full report is available on the Internet Society website.
Image Credit: Ilin Sergey / Shutterstock
You might think that by moving applications to the cloud your data is automatically protected and worrying about backups is a thing of the past.
But just storing and processing data in Office 365 or Salesforce doesn't guard against user errors like accidentally deleting files. To offer extra peace of mind, backup specialist KeepItSafe is launching a new Cloud2Cloud service to protect data in SaaS applications.
With Cloud2Cloud, users can back up data held in cloud-based SaaS applications such as Microsoft Office 365, Salesforce.com and Google Apps, as well as platforms like Windows Azure and Amazon Web Services.
"More and more mission-critical data is being stored online, but many businesses are unaware that the responsibility for backing up this data rests entirely with them; not the service providers", says Eoin Blacklock, Managing Director of KeepItSafe. "Yes, well known cloud service providers do back up customer data, but research evidence suggests that's only because it's of benefit to them, rather than a requirement of the agreement they have with their clients. Often, backup and disaster recovery from the service providers themselves is charged out at an excessively high rate, and the data isn’t very easily accessible".
Businesses can select the frequency and granularity of their backups, and have the ability to opt for different parameters for each data source, based on their business continuity and compliance needs. Minimal configuration is required, users can also deploy en-mass backup rules to hundreds of Office 365 and Google Apps users, ensuring consistent protection across all parts of an organization.
"Problems around user error don’t necessarily go away when an organization moves its infrastructure into the cloud", Blacklock adds. "Nor does it eliminate the chances of data getting hacked by an outsider, or deleted by a disgruntled employee. Cloud-to-cloud backup has become a business imperative, and KeepItSafe Cloud2Cloud addresses the growing demand we have experienced for this kind of solution from our customers".
You can find out about Cloud2Cloud and sign up for a webinar on July 23 to learn more on the KeepItSafe website.
Image credit: Alexander Kirch/Shutterstock
Although there has been heavy media coverage of information security issues in the past year, more than half of Britain's small businesses say that they aren't taking any preventative measures to protect themselves against cybercrime.
According to a survey by identity protection specialist CSID 52 percent of UK small businesses aren't guarding against cybercrime and a large majority (85.3 percent) don't have any plans to increase their budgets for security implementation, and less than 13 percent are working with a third party vendor to protect themselves. When asked about their concerns in the event of a data breach, 53 percent of respondents were worried their reputation would be damaged. Yet despite these fears only 47 percent of respondents are monitoring what is written about their brands online, and less than 15 percent have a social media policy in place. Only nine percent were worried about the negative impact on employees.
"While monitoring what is written about your business online is a good practice, we’re surprised by the lack of employee education and social media policies in place," says Andy Thomas, managing director of CSID in Europe. "It seems that time and again businesses misjudge the element of staff related security breaches which appear to be increasing every year. Yes, there will always be threats from malware, phishing and DOS, but never underestimate the human factor".
When asked about their concerns, most respondents cited the threat of undetected malware, 33 percent stated phishing attacks, and the least concerning threat was BYOD with only 2 percent of answers.
In the event of a breach, the CSID survey finds that 63 percent of small businesses would most likely turn to their insurer, bank, lawyer or IT supplier for assistance; the police being the least likely first point of call. Yet despite this 68 percent of respondents say that their IT service provider hasn't provided them with any information regarding data breaches and 68.6 percent confess to not having a disaster recovery or business continuity plan in place.
More information about how small businesses can protect themselves is available on the CSID website.
Image Credit: Manczurov / Shutterstock
Thanks to the wide availability of fast connections, online video is no longer confined to the likes of YouTube but crops up on all kinds of websites.
This presents a challenge for the developers who need to maintain those sites but a new solution from online image management specialist Cloudinary is set to make life easier.
"Our customers frequently asked us for a video solution that offered the same capabilities as our image solution, a 'Cloudinary for Videos' if you may," says Itai Lahan, CEO and Founder of Cloudinary. "We are excited to unveil our brand new video support, a complete video service that complements our image-management solution perfectly. We hope that with this, we'll manage to save our customers additional valuable R&D, IT and DevOps time that could be re-focused on their core product instead, save IT costs, and greatly improve their users’ online experience".
Cloudinary's new video support provides a technical solution to all aspects of handling videos online, allowing developers to focus on their core product instead of spending time building and supporting in-house video solutions.
Videos can be uploaded at any scale using rich APIs, from a back-end application or directly from a browser or mobile application. They can be managed via an interactive online interface, and automatic transcoding makes it possible to generate HTML5 and mobile friendly videos for optimized viewing on all web browsers and mobile devices.
Videos can be manipulated on-the-fly, in real-time, to fit with graphic design and product requirements. Cloudinary also makes it easy to brand videos, embed ads and captions inside, generate thumbnails and convert to animated GIFs if required. End-user experience is improved too by optimizing videos and streaming them from a global content delivery network.
You can find out more about how Cloudinary can streamline image and video management for developers on the company's website.
Not so very long ago each new mobile phone that launched would be smaller than its predecessor whilst packing in more features. In recent years though we’ve come full circle and phones have started to get bigger again, offering more screen real estate for apps and improved image quality for multimedia use.
Bigger doesn’t necessarily mean more expensive though and the Smart ultra 6 from Vodafone appears to offer a lot of phone -- both physically and technically -- for just £125 on pay-as-you-go. Let’s see how well it delivers.
What You Get
What you receive is a nicely non-flashy package, the box is eco-friendly recycled cardboard and the phone comes with a USB charger cable and mains adaptor and a set of iPod-white earphones. This stripped back approach applies to software too and the phone isn’t overloaded with pre-installed bloatware apps.
Although it carries the Vodafone brand name the Smart ultra is made by Chinese manufacturer ZTE. The first thing that strikes you when you open the box is the size: it’s 154mm long and 77mm wide (about six inches by three), but slim though at under 9mm thick. Even so if you like things snug in the trouser department your friends will notice you’ve upgraded your handset before you take it out of your pocket. In the interest of gender equality, if you favor a smaller handbag you may have to leave some other essentials behind to accommodate the Smart Ultra.
The back cover is plastic but it has a nice semi-matt grey finish and doesn’t really feel cheap, though at the same time doesn’t really have a wow factor. Under the skin it has an eight-core Qualcomm Snapdragon processor (four running at 1.5GHz and four at 1GHz), 2GB of RAM, plus a generous 16GB of storage that can be expanded with a microSD card. It runs the latest Android 5.0 Lollipop and it’s 4G capable. There’s a 13-megapixel rear camera and 5-megapixel front, with 4x digital zoom and an LED flash.
It’s the screen that’s the star of the show here though: it’s a 5.5 inch with a 1,920 x 1,080 pixel resolution, and it is impressive. It’s bright with strong colors and there’s no hint of fuzziness in icons and text; video playback is smooth too. The built-in speaker sounds a bit tinny though so you’ll want to use headphones.
In Use
In fact performance is smooth generally with no noticeable lag when loading apps or making entries via the keyboard. The camera is pretty good too, it defaults to Auto mode but there’s a high dynamic range (HDR) option available along with some artistic filters. Exposures aren’t always perfect, tending to look a little washed out in bright conditions but it’s fine for everyday use.
Although there aren’t many apps pre-installed, apart from the standard Android stuff like Gmail and YouTube, you do get Vodafone’s own Smart Tips software. This leads you though some of the phone’s features, useful if you’re an Android virgin. There are a few other Vodafone apps too but not enough to get annoyed about.
The phone charges up from flat in a couple of hours -- it does get quite warm when it’s charging though -- and a full battery will give you around 240 hours of standby and 15 hours of talk on 3G. There’s no user access to the battery so if it ever needs replacing you’ll be sending the phone back.
Conclusion
Priced at £125, or from around £17 a month on contract, you do get a lot of phone for your money here. Yes there are some minor niggles, but if you want a big screen, 4G connectivity and decent performance there’s not currently much else in UK to match the Smart ultra 6 in this price range.
Pros
Cons
Company | Release Price |
ITProPortal Review |
Company Site |
---|---|---|---|
Vodafone | £125 | 7/10 |
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
One of the main complaints that people express about security software is that it harms the performance of their PC. But how much of an effect does it really have?
Independent testing organization AV-Comparatives has conducted a test of 20 leading security products for Windows to assess their impact. Tests were performed on a 64-bit Intel Core i5 machine with Windows 8.1.
Performance was assessed on a number of tasks; file copying, archiving and unarchiving, installing and uninstalling applications, launching applications, and downloading files. These results were used to provide an AV-C score for each product. Researchers also ran the industry standard PC Mark 8 benchmark test and combined this with the AV-C results to come up with an overall impact score.
Based on these scores, the top five with least effect on system performance were; Avast with an impact score of 4.1, Emsisoft on 4.2, Avira on 7.6, Kaspersky Lab on 9.3 and AVG on 12.5. The poorest performers were Quick Heal and ThreatTrack both on a score of 25.7.
The researchers point out that other factors such as the age of the hardware, how up to date the software is, and the content and fragmentation state of the hard disk can have an impact on real-world performance.
The test doesn't cover how effective the protection provided is either so you'd have to compare the results with AV-Comparatives Real World Protection and File Detection tests to find the best balance of performance and protection. Some of the best performers here don't do as well in the other tests.
You can download the full report with details of the results for all 20 products along with the methodology used from the AV-Comparatives site.
Photo Credit: m00osfoto/Shutterstock
We hear a lot about the potential benefits of big data, but a new study reveals that those benefits are won at a cost of considerable time spent in cleaning up and preparing raw information.
The study by data integration company Xplenty surveyed over 200 business intelligence professionals and finds that a third of them spend 50-90 percent of their time just cleaning raw data.
Looking at the 'extract, transform and load' (ETL) process, including preferences for on-premise or cloud-based solutions, perceived challenges, and the amount of time spent on ETL, the results show that 97 percent of those surveyed say that ETL is critical for their business intelligence efforts.
More than half (51 percent) of those polled say that they currently use on-premise ETL solutions. However, 51 percent of these say that they are 'strongly considering' moving all ETL processes to the cloud.
"While many organizations still rely heavily on existing on-premise IT for ETL, the desire to shift to a more cloud-based model has never been stronger," says Yaniv Mor, CEO & Co-Founder of Xplenty. "Cloud ETL offers a host of benefits over on-premise, from increased agility in resource deployment to reduced costs. As such, the cloud is an increasingly attractive option from both a performance and operational perspective".
When asked what the biggest challenges were in making data ready for analysis, 55 percent say integrating data from different platforms, followed by transforming, cleansing and formatting incoming data (39 percent), integrating relational and non-relational data (32 percent), and the sheer volume of data that needs to be managed (21 percent) at any given time.
"BI professionals should be spending the majority of their time evaluating data and deciphering patterns gleaned through the analytics process -- not readying data for analytics," adds Mor. "The more time they spend making raw data analytics usable, the less time they have to generate real value from it. We have to accelerate Big Data's 'time-to-insight,' boosting efficiency and bringing more immediate answers to an organization so that they can more quickly take advantage of them".
More about how analysts are spending time as 'data janitors' is available on Xplenty's blog.
Photo Credit: Amy Walters /Shutterstock
Organizations face increasing numbers of threats today and a high percentage of security professionals now no longer trust traditional protection solutions.
A survey by enterprise security specialist Bromium reveals that 92 percent of respondents have lost confidence in the ability of traditional endpoint protection solutions, such as antivirus and white listing, to detect unknown threats like zero-day attacks. In addition 78 percent believe antivirus software is not effective even against general cyber attacks.
End users are seen as the greatest security risk by 62 percent of respondents. In addition more than one-quarter cited emerging cloud and mobile technologies that reduce IT control, 29 percent cited cloud services and 29 percent said mobile devices are among the top sources of risk.
When asked what they thought was most effective at preventing cyber threats 58 percent of information security professionals named endpoint threat isolation. Nearly one-third said network-based solutions are effective; 28 percent have faith in intrusion detection/intrusion prevention (IDS/IPS), and 27 percent think network sandboxes are effective.
"The frequency and magnitude of high-profile data breaches is causing organizations to lose faith in detection-based solutions, such as antivirus," says Clinton Karr, senior security strategist at Bromium. "Information security professionals are turning instead to technologies that provide proactive protection, such as threat isolation, as the foundation of their security architecture".
The loss of confidence in traditional solutions means security professional are turning to other measures. Prevention, such as hardening and isolating systems, is at the root of security architecture according to 58 percent of respondents, compared to 23 percent who believe it's detection, 16 percent response, and 34 percent predictive analytics.
You can find out more about the study on Bromium's blog.
Image Credit: Sergey Nivens / Shutterstock
When you can find a phone number with the swipe of a finger or resolve an argument with a quick trip to Google, why would you need to remember anything?
A new report from Kaspersky Lab calls this phenomenon 'digital amnesia'. It surveyed over 1,000 consumers across the US and finds that 91 percent of them say they use the Internet as an online extension of their brain.
Almost half (44 percent) say that their smartphone holds almost everything they need to know or recall. There's a downside to this though as the study also shows that losing personal data -- such as pictures of your children, vacation videos or someone's phone number -- causes immense distress, particularly among women and people under 35.
Odd then that many Americans are failing to adequately protect the devices they’re so reliant on. Just one in three installs extra IT security, such as anti-virus software on their smartphone, and only one in five adds any security to their tablet.
"Connected devices enrich our lives every day, but they have also caused the prevalence of Digital Amnesia in our country. As consumers, it is important for all of us to understand the long term implications of this effect, and why it reinforces the need for us to diligently protect our valuable information and precious memories," says Chris Doggett, managing director of Kaspersky Lab North America. "By conducting this study, Kaspersky Lab is able to shed further light on how consumers are using and depending on their devices, and armed with this information, we will continue our mission to raise public awareness about the importance of using technology to protect our digital lives".
Despite the fact that we depend heavily on our devices it seems we can remember some things. When asked, most participants could phone the house they lived in aged 15 (67.4 percent) as well as their partners (69.7 percent), children (34.5 percent), and place of work (45.4 percent). However, they'd be unable to call their siblings (44.2 percent), friends (51.4 percent), or neighbors (70.0 percent) without first looking up the number.
It seems that digital amnesia is a growing trend among people of all ages, not just younger 'digital natives'. The long term implication of storing less in our heads is that we need to take steps to protect the stuff we no longer bother to remember.
The full report is available on the Kaspersky Lab site and there's a summary of the findings in infographic form below.
Image Credit: PathDoc / Shutterstock
Despite attempts to combat it, illegal distribution of copyright material via the internet is a continuing problem.
Protection solutions specialist Arxan Technologies has released the results of a new report produced in collaboration with the iThreat Cyber Group which shows that illegal reproduction and distribution of copyrighted material on the Web is booming as a result of security breaches in both mobile and desktop software applications.
The report is based on analysis of data collected over the past three years that examined the distribution of unauthorised digital assets on the Dark Web, and indexed sites that are focused on distributing pirated material. Thousands of sites were analysed, including over 50 that are in the sole business of distributing pirate releases.
Among the findings are that 1.6 million releases were pirated in 2014 and that the extent of digital media piracy is far more extensive than commonly realised. In 2015, videos (TV, Movies, etc., excluding Adult Content) accounted for about 50 percent of pirated content, and adult content accounted for roughly 25 percent of releases found.
The cost of all this copyright infringing releases in 2014 is estimated to be more than $800 billion and continuing to grow. 1.96 million pirated assets are expected by the end of 2015 -- an increase of 22 percent over the last three years. If distribution of pirated games continues at the current rate, over 31,000 unauthorised releases will be active in 2015 -- double the number of pirated releases three years ago.
There's a further cost arising from Malware linked to pirated software. Enterprises will spend $491 billion, due to malware associated with pirated software.
"The findings in Arxan's State of Application Security prove that piracy is one of the greatest threats to intellectual property and creative content, highlighting the enabling role pirated releases play in spreading extremely harmful malware across a range of industries -- where the challenges of defending against it -- are complex, but not insurmountable," says Patrick Kehoe, Chief Marketing Officer of Arxan.
The full report is available from the Arxan website and there's an overview of the findings in infographic format below.
Image Credit: Feng Yu / Shutterstock
Choosing the right host to use for a website can be a critical decision for businesses, but information on how various hosts measure up can be hard to come by.
Online comparison service Host Advice has released the results of a survey that looks at which Web hosting services are faring best so far this year by looking at each company’s total number of hosted sites and dividing it by the total host sites of the industry over the same period of time.
The results show that GoDaddy ranks the highest in the industry with 5.82 percent of market share amongst worldwide web hosting sites, beating industry giants such as Amazon Web Services and Rackspace. Out of Host Advice's top ten hosting sites, seven are American companies, one is French, and two are German. Host Advice's data also indicates that just over 50 percent of the world's websites are hosted by a US-based provider.
Among other interesting findings are that the top ten hosting companies account for only 20.7 percent of the market. Despite the fact that many non-US companies actually choose American hosting services, the web hosting market is largely local in nature. For example, in France, eight out of the top ten hosting websites are French, and similarly with Germany and German companies. In Italy, nine out of the top ten hosting sites are Italian and in smaller markets like the Czech Republic, ten out of the top ten hosting companies are local.
Generally the hosting market is quite fragmented. In most countries the top global companies occupy less than 20 percent of the market. France is the only exception with OVH dominating 64 percent locally.
"Web hosting comparison is a competitive market," says Eliran Ouzan, the Founder of Host Advice. "Many web hosting comparison sites are not really showing the top companies, but rather the ones that pay a fee. We are honest in how we rank the most popular web hosting sites as well as how we survey their customers for quality. Our goal is to give our customers all of the relevant information so they can choose the site that meets all of their web hosting needs".
You can see an overview of the findings in infographic format below.
Photo Credit: Yuriy Boyko/Shutterstock
[BetaNews Recommended Reading] Companies today have access to more information about their customers than ever before. This gives them the opportunity to effectively personalize their marketing messages, but are they failing to take advantage of the opportunities this offers? And with large volumes of often unstructured data available how difficult is it to find and use the right information?
We spoke to Sara Vera, data scientist at CRM specialist Insightly to find out more about the challenges enterprises face in adapting to a personalized world.
BN: Is personalized communication really a more effective way of reaching customers?
SV: Consumers today are savvy shoppers and expect companies to understand them and their needs. If you can predict customers' needs or wants based on previous purchases, they are more likely to make a purchase in the future, while also increasing their overall spend. Personalization evokes a more emotional response, driving customers to take action. For example, an email that comes from a real person rather than a mass email blast, complete with a personal tone, will see much higher open rates. A personal touch can make all the difference.
BN: Does personalization only work for existing customers or can it help recruit new ones too?
SV: Both. Even if you don't know a potential customer's purchase history, you can leverage other details, such as location, age or gender to create individualized messages. Your communication with customers might be based on broad information, but it's a better starting point than not adding personalized information at all. If something in your communications resonates with your potential customer, he or she is more likely to engage with your brand.
BN: Is there a danger that companies can simply be overwhelmed by the amount of data they’re now able to collect?
SV: This is a tricky question because there are a couple of things to consider. There is no danger of being overwhelmed by the amount of data a company collects if the leaders of the company hire the right data architects, scientists and analysts to figure out what information is most important to their customers, how to use the data and how to act on those insights. However, if a company hasn't hired the right staff, it can be easy to think it is collecting and analyzing the right data when that is not the case. This is why it takes solid statistical education to get good insights when you have a lot of data with which to work. The main takeaway is to hire competent employees that you can trust.
BN: How can businesses make use of unstructured information, such as that collected from social media?
SV: Considering that 80 percent of a company's data is unstructured in the form of emails, social media posts and phone calls, it's easy to overlook valuable insights, which can lead to a lot of missed opportunities. It can seem like a daunting task, but capturing and analyzing this data is valuable for identifying patterns and trends that can give you an idea of your customers' thoughts and feelings. Once you've decided on a toolset, you can do several types of analyses with unstructured data, such as:
* Signal detection and trend analysis to identify recurring themes and patterns.
* Information extraction, categorization and mapping to pull information out of text and map it to something. For example, pulling a location name in text and putting it on a map.
* Content-based clustering to segment information, or even customers, based on similarities in preferences, feelings and thoughts.
BN: How long, and how much data, does it take before a consumer profile is accurate enough to be useful?
SV: The more you know about your customers, the easier it is to figure out why they buy from you and where there are opportunities to sell more. It doesn't take much more than age and gender to assume quite a bit about your customers. Add location, income and/or spending habits and you have a lot of information with which to work. Once your customers build a purchase history, you should have a pretty good idea of who they are as consumers. If you want to dive deeper into the 'why' and 'how' of customer behavior, consider surveys and interviews with various customer segments to gain a comprehensive view of who your customers are and where opportunities lie.
However, proceed with caution when using third-party data to fill out customer profiles; it is sometimes treated as static information when it's really not. For example, if you email a customer offering him a romantic getaway promotion, but he is recently divorced, he is much more likely to be annoyed and unsubscribe from your email list than if he had received a generic email.
BN: Is it likely that consumers will become resistant to increasing levels of personalized communication? How can they remain in control?
SV: Customers could become resistant to increasing levels of personalized communication after a point, however, they do appreciate some level of targeted marketing. Privacy versus targeted, personalized marketing will be a difficult thing to balance over the next few years. There is so much data out there and companies are continuously experimenting to determine where the line should be drawn. Customers don't want to be reminded of the NSA or Big Brother, but they do like to see ads that are interesting to them. Businesses need to be smart about data collection and only aggregate information relevant for basic targeted marketing and remember to keep that data updated and accurate.
Image Credit: iQoncept / Shutterstock
US consumers are most concerned about the ability of retailers and government departments to protect their data according to a new survey.
The Security Insights survey from Unisys shows that 44 percent of American respondents are worried that their personal data held by retailers is likely to be breached in the next year, as many consumers seem to be losing trust in retail data security owing to recent high profile breaches.
Concerns about unauthorized access to personal data held by US government agencies is also quite high at 39 percent, again possibly due to recent high profile breaches. Healthcare and banking organizations fare better in terms of retaining consumers' confidence that their personal data won't be breached in the next year, with only 28 percent worried about healthcare breaches and 24 percent about banking.
"Organizations that hold consumers' personal data have a major challenge maintaining public confidence that they safely protect private information," says Dave Frymier, vice president and chief information security officer at Unisys. "While hackers will always find their way into an organization's network, enterprises can protect high-value data through basic precautions like patching and sharing threat intelligence as well as using advanced security technologies like micro-segmentation".
Americans are less worried about data breaches than those in other countries, however. US respondents had the lowest overall level of concern about likely security breaches among the 12 countries surveyed. For example, nearly twice the percentage of respondents in the Netherlands and Germany thought a breach of their personal data was likely than their counterparts in the US.
Results from the survey also show mixed feelings about the use of biometrics to protect smartphone data, with only 38 believing that it strengthens security. It also shows that men are more likely to use biometrics to protect their devices than women.
The full US report can be downloaded from the Unisys website. Details for other countries will be available soon.
Image Credit: Lightspring / Shutterstock
The IT services industry revolves around service level agreements (SLAs) but they don't often provide adequate compensation for damage caused to business by an outage of providers' systems.
Operations and performance management specialist PagerDuty is so confident of its product that it's putting its money where its reliability is and introducing Downtime Insurance, the IT operations industry's first reliability service-level agreement to be backed by a multi-million dollar insurance policy.
Under the insurance agreement terms, PagerDuty will reimburse customers for profit losses should there come a time when PagerDuty is not available to them during a downtime incident.
"We've spent over six years bulletproofing the PagerDuty platform to ensure high availability for our customers," says PagerDuty CTO and Co-Founder, Andrew Miklas. "Today, 37 of Fortune 100 companies trust PagerDuty to help them deliver highly reliable services. We want our customers to know that we're truly committed to PagerDuty's availability with a Downtime Insurance guarantee that reimburses customers for profit losses if they occur".
PagerDuty helps customers manage incidents, minimize downtime and resolve issues more quickly. High availability is maintained via multiple data centers across multiple hosting providers geographically, redundant telephony providers across each notification channel, proprietary technology for tracking alert delivery through all providers and for automatically re-routing if delivery is slow and rapid scaling capabilities to support any size business. PagerDuty also has weekly 'Failure Friday' testing during which it proactively looks for weaknesses in its infrastructure and fixes them.
Downtime Insurance is available to customers on PagerDuty's Enterprise Plan, more information is available on the company's website.
Image Credit: donskarpo / Shutterstock
Big data can provide many benefits for businesses, but the complexities of dealing with systems like Hadoop can make it expensive and time consuming to roll out projects.
California-based Kyvos Insights is launching a new product specifically designed for big data that enables business users to easily and quickly derive powerful insights from their data for more informed decision-making, with no programming required.
Kyvos helps enterprises remove the complexities of Hadoop and deal with data at any scale with fast response times and an interactive experience. Its 'cubes on Hadoop' technology allows business users to visualize, explore and analyze big data interactively, working directly on Hadoop.
"Companies are collecting unprecedented amounts of data, but it's very difficult for a business user to directly access and interact with this data in a meaningful way," says Ajay Anand, vice president of products at Kyvos Insights. "Kyvos addresses this need by enabling interactive analytics on big data using Hadoop at any scale, with instant response times. Business users can now visually analyze their data and get insights instantly, without having to wait, so they can make smarter, more informed decisions".
The product has been developed with the help of industry leaders most affected by the benefits and challenges presented by big data analytics. It's being used in industries including telecommunications, media and entertainment, financial services, technology and travel.
Kyvos allows business users to develop insights from all data, both structured and unstructured, regardless of size and granularity with a simple, drag and drop interface. Users can do self-service analytics and work visually, with no programming required. They can drill down and examine all aspects of data and interact with it without waiting for reports and get query results in seconds.
For developers it brings the ability to build cubes directly on Hadoop at any scale for multi-dimensional analytics. They can also deal with rapid data ingestion with incremental cube builds, avoid having to move data for analysis, and transform data visually with no programming required.
For more information and to schedule a demo pay a visit to the Kyvos Insights website.
Image Credit: Maksim Kabakou/Shutterstock
Thanks to the Internet of Things and the growth in the use of mobile devices, network traffic is growing faster than ever. But the tools used to manage and monitor that traffic haven’t kept pace.
Network visibility specialist Kentik (previously known as CloudHelix) is launching a SaaS platform to enable full visibility into networks of any size giving real-time, actionable insights into network traffic activity, DDoS attacks and peering efficiency.
Based on a big data engine Kentik Detect is quick and easy to deploy and equips service providers, web enterprises and network operations teams with the insights they need to keep their networks up and running smoothly. Kentik Detect has the capacity to store raw data for 90 days or longer and so can provide better detection, clearer understanding, and real-time response to all network conditions.
With high levels of raw data retention and fast query responses combined with proactive real-time alerting, Kentik Detect allows operators to understand how their networks are behaving, reveal the root causes of issues, and plan for growth based on reality rather than guesswork.
"My peers and I have been struggling with poor tools for network visibility and analytics for decades. As the volume and complexity of networks has grown, the data handling and analytics required have become so complex that traditional network management tools have been unable to scale and innovate," says Avi Freedman, Co-founder and CEO of Kentik. "We intend to make Kentik the single, unified source of intelligence for all infrastructure data. By bringing the SaaS model and unparalleled analytics to network and infrastructure management, we are redefining what it means to have true operations visibility, and providing the insights needed to drive real-time, data-driven operations".
Available now as either public SaaS or on-site SaaS, you can find out more about Kentik Detect on the company's website.
Photo credit: asharkyu / Shutterstock
Businesses need their employees to be able to collaborate on projects but the increasingly mobile nature of the workforce and the pressures of BYOD use can make that hard to achieve.
Collaboration software specialist Huddle is updating its iOS apps to provide iPhone and iPad users with a simple and secure way to collaborate on content and manage projects while on the move, as well as delivering a more social experience by focusing on team activity around content.
"Surfacing relevant content is vital for mobile users, and our iOS apps are designed to help them get to the work that matters most by placing particular focus on discoverability of content and tasks," says Stuart Cochran, CTO of Huddle. "No one wants to have to drill down into folders to find files while they're rushing between meetings, so notifications and a live activity stream keep them up to date with team progress, upcoming tasks and approvals. It's a far more effective way to get to the content that matters, as well as being a more enjoyable experience".
The latest updates improve the cross-platform functionality of Huddle, allowing users to pick up where they left off as they switch between their PC, smartphone and tablet. Features of the latest iOS version include, version control which lets users rdit files using compatible iOS apps, lock files to protect them from further editing and maintain version control through cross-platform synchronization.
Documents can be approved, or approval can be requested and approval status tracked. Users can quickly find assigned tasks, comment on files and respond to team questions as the app makes items needing attention more discoverable. The search function will now immediately present users with a list of recent files, before a search term is even entered. Documents can be made available offline across all devices, then automatically synchronize when reconnected.
"If I'm working on a document at my desk on my laptop, my recent files will automatically be waiting for me on my iOS devices," adds Cochran. "Huddle will even suggest files that it thinks will be of interest to me and sync them down to my mobile devices ready for my commute home. It makes hopping between devices seamless, it reduces the time spent searching for documents and it keeps users on top of their workload, wherever they are".
The iOS apps are available now for anyone with a Huddle account and you can find out more on the company's website.
Image Credit: Tischenko Irina / Shutterstock
It's not uncommon for businesses to have multiple access points, whether on a single site or in multiple locations. This can lead to challenges when it comes to managing access and ensuring software and security are up to date.
To make life simpler NETGEAR is launching a software as a service platform called Business Central designed to provide small to mid-sized organizations with an affordable way to establish and manage key IT networking services and network devices.
The first service to be introduced under Business Central is a Wireless Manager which makes it easy for businesses with multiple sites like retail chains, coffee shops and those with several branch offices to roll out the same settings to every location and manage it all centrally.
"Having multiple standalone access points is no longer feasible as configuration changes become routine rather than occasional. However, for some organizations, the jump to a managed wireless LAN network can become demanding and overly complex for both IT budgets and IT resources," says Peter Newton, senior director of product management for the NETGEAR Commercial Business Unit.
"What's needed is a bridge solution between standalone APs and a controller, where flexibility, scalability and ease-of-use are standard and -- more importantly -- affordable," adds Newton. "For small to large enterprises and organizations with single to multiple branch locations, our Business Central Wireless Manager maximizes ROI and is the optimum tool for easy and cost-effective centralized WiFi management. It's an effective solution for both customer-deployed scenarios as well as a VAR-managed service. VARs and their customers can benefit from a free 90-day introductory trial".
With Business Central Wireless Manager, all management is performed remotely through a standard web browser. Admins can manage wireless SSIDs, configure wireless security settings, control free or fee-paying guest and private Wi-Fi access on the network, and run bandwidth usage reports. It allows clear, comprehensive and real-time visibility into the network for total control of evolving service needs.
Pricing is per access point per year on 12 or 36 month contracts but is arranged so that even if new devices are added mid-contract everything expires together to make licensing easier. You can find out more about Business Central Wireless Manager on the NETGEAR website.
In an audit of 1,000 websites, including those of leading retailers, banks, social media, news and government bodies, 46 percent were found vulnerable to known online security threats.
According to the non-profit Online Trust Alliance, which conducted the study, sites belonging to Internet of Things companies are most at risk. The audit included the websites of 50 leading Internet of Things device makers, focused on wearable technologies and connected home products. 76 percent of these sites failed the assessment, while only 20 percent scored highly enough to qualify for the OTA's Online Trust Honor Roll.
Craig Spiezle, Executive Director and President of OTA says, "The results of this audit serve as a wake-up call to Internet of Things companies who are handling highly sensitive, dynamic and personal data. In rushing their products to market without first addressing critical data management and privacy practices, they are putting consumers at risk and inviting regulatory oversight".
The OTA evaluates websites based on dozens of criteria in three categories: consumer protection, privacy and security. While 46 percent of audited websites failed outright, another 10 percent didn't perform strongly enough to earn the OTA's Honor Roll status. This is an improvement, however, with 44 percent qualifying for Honor Roll status compared to only 30 percent in 2014.
Among sites that scored well, Twitter topped the overall ratings for the third year running. Top banking site was the USAA Federal Savings Bank and top government site the Federal Deposit Insurance Corporation (FDIC). The retail sector saw the largest increase in Honor Roll qualification, up from just 24 percent of evaluated websites in 2014 to 42 percent in 2015.
"Our audit and Honor Roll program rewards companies for a commitment to data stewardship, security and privacy policies that protect against cybercrime’s escalating threats," says Spiezle. "OTA commends the companies whose dedication to responsible data practices earned them a place on our list. At the same time, it is concerning to see others remain complacent, failing to embrace responsible practices year after year".
The full report listing all Honor Roll sites is available as a PDF on the OTA's website.
Image credit: Jimmi/Shutterstock
Just as drug dealers try to get people hooked on progressively more addictive substances, it seems that the hijacking of a device to perform simple click fraud can quickly lead to the distribution of nastier malware.
According to the latest State of Infections report from threat protection specialists Damballa, a compromised device, originally exploited for the relatively low-level purpose of committing of click fraud -- a scam to defraud pay-per-click advertisers -- became part of a chain of infections, which led within two hours to the introduction of the toxic ransomware CryptoWall.
The findings are based on analysis of the RuthlessTreeMafia click fraud malware introduced by the botnet Asprox. Once the device was under the command of the botnet, the RuthlessTreeMafia operators were able to sell access to the compromised device to others who used downloaders to deliver the Rerdom and Rovnix Trojans, generating additional revenue for the criminals.
As the click-fraud infection chain continued, the device became infected with the CryptoWall ransomware. The click fraud activity was able to continue though as the device remained under criminal control and the attacker continued to make money. Within two hours, the initial click fraud infection had escalated to subject the compromised device to three further click fraud infections as well as CryptoWall itself.
"As this report highlights, advanced malware can quickly mutate and it's not just the initial infection vector that matters, it's about understanding the chain of activity over time. The intricacies of advanced infections mean that a seemingly low risk threat -- in this case click fraud -- can serve as the entry point for far more serious threats," says Stephen Newman, CTO of Damballa. "The changing nature of these attacks, underscores the importance of being armed with advanced detection, to combat these more stealthy threats. As infections can spread quickly through the network, security teams should take proactive measures to avoid becoming a cautionary click-fraud tale".
More information can be be found in the full report which is available to download from the Damballa website.
Image Credit: djmilic / Shutterstock
Marketing departments today operate across multiple channels from traditional routes to digital campaigns and social media. That means they're dealing with more data than ever before.
But being data rich isn't an answer in itself as the information can be fragmented and difficult to analyze. Big data insights specialist Datameer is launching its Multi-Channel Marketing Analytics App which offers an end-to-end view of the marketing process from lead-to-customer.
It combines and analyzes data from websites, digital ads, social media, Salesforce and Marketo into one unified view of the customer journey, giving marketers a comprehensive understanding of the behavior of leads.
The software provides four key insights, letting marketers see where high quality leads come from, what combination of campaigns converts leads to customers, what assets are the most effective in influencing those conversions, and what the conversion speed and effectiveness is of both campaigns and assets.
"Marketing executives have to become data-driven in order to be key drivers of customer acquisition for their companies", says Azita Martin, CMO of Datameer. "We want to remove the barriers that are commonly encountered when using traditional marketing platforms and make it incredibly easy to understand the lead to customer journey. Now, businesses can decipher and drill down into customer decisions to deliver higher levels of conversion and greater marketing and sales success".
Datameer's application also delivers an on-demand dashboard that allows users to view the performance of channels, campaigns and assets in a single view by deals, opportunities and leads. This gives executives a critical view of how they can fine tune customer campaigns while they’re under way. It simplifies a process that's usually manual, can take several hours a week and is usually prepared using spreadsheets.
You can find more information on how Datameer can speed up the analysis of marketing data on the company's website.
Photo Credit: Sergey Nivens / Shutterstock
With mobile devices becoming increasingly popular there's ever increasing demand for apps, but that can prove a bottleneck for businesses.
With the launch of a new version of its RhoMobile developer platform, Illinois-based Zebra Technologies Corporation is aiming to make multi-platform development easier.
RhoMobile 5.1 focuses on supporting more industrial and consumer-facing mobile devices, along with an expanded set of common APIs. New live update and app simulator capabilities enable developers to immediately push code changes out to devices to enable more efficient testing. New common API updates are added for inputting and controlling cameras, barcodes, event timers, and USB printing functionalities.
"With RhoMobile 5.1, we're excited to deliver an improved developer experience that simply makes feature-rich enterprise, consumer mobile apps easier to develop," says Mark Kirstein, senior director, Enterprise Software at Zebra Technologies. "With this launch, we've added support for new devices critical to use in industrial and retail scenarios. The addition of new common APIs means that developers looking to leverage functionality on a specific mobile platform no longer need to consider which API is used for which, because we've added a single, all-capable option. With live updates, developers who previously may have waited 15 minutes each time code was updated to a device for testing can now push those changes automatically and see the impact of those code changes immediately. We're glad to provide these new capabilities, and eager to see developers put them to work to create game-changing apps".
You can find out more and sign up for a free trial of the suite on the RhoMobile website.
Image Credit: Alex Mit / Shutterstock
More and more businesses are publishing their own apps, and that involves the use of APIs. Yet many existing API tools focus only on publishing and ignore the user and partner side of things.
Platform as a Service (PaaS) company WaveMaker is releasing its new WaveMaker Gateway, to make it easier for enterprises to open up their APIs to partners and external developers.
WaveMaker Gateway brings together API publishers and API consumers to form an ecosystem that benefits all of them. It helps in the simplification, management and securing of APIs, as well as making them operationally ready and analyzing external rollouts.
"Custom apps are key to innovating and fostering ecosystems, and this cannot be done without APIs", says Samir Ghosh, CEO of WaveMaker. "WaveMaker Gateway completes our suite of API tools for the enterprise, and is the next step for enterprises looking to selectively and securely share apps outside of their organization with partners as well as third-party developers. We believe we are unique in that we provide enterprise developers with tools to create, manage, and consume APIs and applications -- within and outside the enterprise -- on a single unified platform".
For publishers WaveMaker offers API owners the ability to upload, document and make APIs visible. Product managers can easily publish APIs and apply business relevant policies to manage their external consumption. Operational administrators can monitor the consumption of APIs in real time, providing useful business insights.
For consumers it means that partners as well as third-party developers can choose various API subscription plans based on their needs. They can easily bring onboard applications and generate the required keys to use APIs within their apps. App developers can browse, list, test and understand published API behavior. Developers can also use the visual drag-and-drop Rapid Application Development methodology of WaveMaker Studio to simplify the consumption of APIs and reduce the effort of developing custom apps.
More information on WaveMaker Gateway is available on the company's website.
Image Credit: Profit_Image / Shutterstock
Security of the endpoint is often the weakest link in enterprise security as users may not be aware of the risks from malicious content that can slip past traditional protection.
Endpoint security company BUFFERZONE is announcing today that it's joining the Intel Security Innovation Alliance (SIA) program as a Sales Teaming Partner and that it's been certified as McAfee Compatible with the McAfee ePolicy Orchestrator (ePO) platform.
BUFFERZONE is a containment solution that defends endpoints against advanced malware and zero-day attacks without harming end user and IT productivity. By isolating potentially malicious content from web browsers, email and removable media, it complements McAfee Endpoint Security products and helps defend the organization from advanced threats that can evade detection.
"Organizations are looking for smarter ways to reduce their attack surface and combat advanced threats without investing scarce resources on false alarms and restrictive policy enforcement", says Israel Levy, BUFFERZONE's CEO. "By integrating BUFFERZONE with McAfee ePolicy Orchestrator, IT can leverage existing investments in McAfee ePO and employees can browse the web, open email attachments and access their mobile phones more safely".
It includes a configurable bridge for transferring content and data safely between the container and secure network zones, and provides critical intelligence for enterprise-wide security analytics. BUFFERZONE is a lightweight solution that provides cost-effective containment for thousands of endpoints and is easy to deploy and configure with McAfee ePO.
"We are happy to welcome BUFFERZONE to the Intel Security Innovation Alliance," says Tom Fountain, senior vice president of Strategy and Corporate Development at Intel Security. "Our joint customers can now easily help protect their endpoints using BUFFERZONE solutions and manage those devices through a common, scalable platform".
You can learn more about BUFFERZONE's endpoint protection by visiting the company's website.
Image Credit: Sergey Nivens / Shutterstock
Monitoring applications and their infrastructure can involve the use of multiple different products. According to recent research by Enterprise Management Associates, some 65 percent of enterprises report owning 11 or more commercial monitoring/management tools.
Application intelligence specialist AppDynamics is launching an update to its Application Intelligence Platform that introduces Unified Monitoring to trace and monitor transactions from the end user through the entire application and infrastructure environment to help solve performance issues and improve user experience.
AppDynamics Unified Monitoring is built on a single platform, and monitors and manages end-user experience in the context of business transactions. It traces the entire business transaction path from the end-user device, through the application code, databases, third-party API calls, servers, and other infrastructure, and unifies the monitoring of the application through the business transaction. Using a common data platform makes it easy to install and manage, and provides consistent and shareable interfaces for all users. It can therefore replace a mix of non-integrated, and infrastructure-specific tools that make up the monitoring solution for many enterprises.
"What really sets Unified Monitoring apart is its focus on business transactions and the end user," says Jyoti Bansal, AppDynamics founder and CEO. "You can’t understand what the experience is like for the end user by looking at this silo or that silo. You need to have the big picture to see how a transaction is performing from start to finish. If the shopping cart checkout process is slow, what’s making it slow? With Unified Monitoring, we can pinpoint the issues and quickly get to root causes and resolve them. It's a radically different approach from the old way of looking at infrastructure and trying to piece together the picture. In this new world -- where businesses are defined by software -- it's clear that unified, fully integrated, application-centric monitoring is an absolute must-have".
AppDynamics Unified Monitoring offers a single unified platform, with one consistent user interface, one data platform for everything, one easy install, and easy ongoing management. There are flexible deployment options including on-premise, SaaS, or hybrid.
Role-relevant views support DevOps collaboration and give teams awareness of their areas of responsibility. It offers comprehensive application and infrastructure support for end-user client applications/browsers, application code and more, plus the platform can be extended to support a broad range of components and infrastructure through a library of community-contributed extensions.
"We've been working toward this for a long time," Bansal adds. "Everything in Unified Monitoring works together because it’s been designed to work together and is architected on a single platform. It's not stitched together as an afterthought. And now with the addition of Browser Synthetic Monitoring and Server Monitoring, we have a true end-to-end solution, all unified into a single view, a single fully integrated platform".
Fore more information and to sign up for a free trial you can visit the AppDynamics website.
Photo Credit: Sergii Korolko/Shutterstock
For smaller businesses organizing backups can be a chore which is why they often choose to buy a service solution from their systems provider rather than do it in house.
Backup and data protection specialist Intronis is one of the leaders in backup platforms for IT providers and is launching a new release of its ECHOplatform designed to deliver simplified operations and improved value.
Enhancements in the latest version include a new and intuitive dashboard that's easy to read and manage. It enables channel partners to streamline administrative tasks and accelerate problem resolution by capturing the health of the entire Intronis ECHOplatform portfolio in a single interface.
New filtering options deliver critical data at a glance and save those options for future reference each time the portal is used. There's also an automated executive summary report generator. The reporting tool complements the ECHOplatform dashboard and makes it easier for channel partners to demonstrate the value of their services and discuss opportunities to improve the overall effectiveness of their client's data protection strategy.
"Making it easier and more profitable for our channel partners to deliver a comprehensive data protection strategy to small and midsize businesses is what Intronis does best," says Chris Crellin, vice president, product management, Intronis. "We're specialists, and by keeping our focus on technology and partner enablement we are able to optimize, refine, and refresh our cloud-based data protection solution to meet and anticipate the needs of our partners and their customers".
The Intronis ECHOplatform Summer Release '15 is now available to channel partners and is being rolled out in phases to existing Intronis partners over the next 45 days. The data protection service portfolio is sold exclusively through IT channel partners to small and mid-size businesses as a managed service.
More information on the latest ECHOplatform is available on the Intronis website.
Image Credit: Oleksiy Mark / Shutterstock
Bluetooth speakers usually need some sort of distinctive feature to help them to stand out from the crowd. In the case of the LuguLake that distinctiveness is in the way it looks.
The first thing that strikes you is the funky design, it's about the size of a tennis ball, or an apple if you prefer, with a shiny black finish and a sort of suspended saucer over the speaker cone itself. On the top of this is a touch pad that acts as a volume control as well as allowing you to pause and skip tracks, and answer calls so you can use it as a speakerphone.
There's a USB socket on the back -- this is the only connection, it lacks an aux-in for an alternative audio source -- and a power switch on the base. An LED next to the USB port lets you know it's charging, though this is in a recess so it's hard to see if you're looking from above.
The unit feels nicely weighty and it comes with a short USB cable and small instruction pamphlet. The glossy piano black finish looks good but quickly picks up more fingerprints than a police database. Once it's charged and you switch it on you'll find that there are voice prompts to help you with the Bluetooth pairing process. You can use NFC if your phone supports it just by touching it against the front of the speaker.
After you've paired it and begin to play some music you’ll find that the speaker has a neat party trick. The underside of the flying saucer bit lights up and pulses a dull red though this isn't in time with the music. This is called a "Breathing Light" in the instructions. It's amusing the first few times you use it though ultimately a bit pointless.
The listening experience is acceptable without being in any way outstanding. Probably what you’d expect from a 2-inch speaker with a power output of only 2W and a frequency range of 60Hz to 20KHz. It has the sort of the sound quality you might get from a portable radio, there isn't quite enough bass and even at maximum volume you never really get a room filling sound. Don’t worry about distortion, you can't turn it up high enough to get any.
As a piece of quirky design that will look good on a shelf and amuse your visitors with its pulsing red light the LuguLake-24 is hard to fault. As an audio experience though you can do a lot better at this price.
The speaker costs $39.99 from Amazon in the US or £32.99 on Amazon UK. BetaNews readers can get a 20 percent discount. For US orders enter code 53B3RTFT at the checkout, customers in the UK should use code IORQIC5G -- codes expire on June 30.
USB hubs are commonplace and, let's be honest, not especially exciting pieces of kit. Inateck’s HB4009 is a three-port USB 3.0 hub, but it also has an extra trick up its sleeve. It has a Magic Port, allowing you to link two systems together for file transfers or establish a client/host link using the USB On-The-Go (OTG) standard.
This makes it a versatile little device as you can link Windows, Mac OS and Android devices to their own kind or to each other. You can also attach another USB device like a flash drive or camera to a system, such as a tablet, that might not otherwise have a suitable port.
Some Android devices support a mouse and keyboard swap via OTG so you can control the device from your PC. Links for the software needed to connect your systems are stored on the HB4009 and you're prompted to install it when a connection is made, so getting hooked up is a simple plug and go process. For Android devices you need to scan a QR code to install the Windroid Linker app.
It feels well made and is nicely weighty, the contacts of the USB ports and the OTG cable are gold-plated. A mini USB adaptor is included for OTG connection to smartphones and other devices without a full-sized USB socket.
If you've bought a new PC and want to transfer data from your old one, or regularly need to transfer files between computers, smartphones and other devices, then the HB4009 is well worth having.
The device costs $24.99 on Amazon (£22.99 in the UK) and you can find more details on the Inateck website.
We reported on Wednesday that a flaw in the pre-installed SwiftKey keyboard software could put millions of Galaxy devices at risk.
Samsung has moved fast to reassure users and has announced that it's preparing a fix which will be pushed out to devices in the next few days. In addition to the update the company says it will continue to work with third-parties like SwiftKey to address risks in future.
In its official statement the company is at pains to point out that the likelihood of an attack successfully exploiting the vulnerability is low. It says, "This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to be able to exploit a device this way. This includes the user and the hacker physically being on the same unprotected network while downloading a language update. Also, on a KNOX-protected device there are additional capabilities in place such as real-time kernel protection to prevent a malicious attack from being effective".
The update will be rolled out via the KNOX security platform which is installed on all models since the Galaxy S4. To make sure you can receive the update you need to go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure that the Automatic Updates option is activated. On the same screen, you can also click Check for updates to manually retrieve any new security policy updates.
For devices that don't have KNOX by default Samsung says it's working on expediting a firmware update that will be available once testing and approval is complete.
If you have a Samsung smartphone make sure that it's properly configured to receive the update.
Organizations are increasingly under pressure to respond to security incidents quickly in order to minimise damage and losses. Yet conventional security approaches don't always provide enough information, or make it accessible enough, for this to happen.
Is it time for businesses to take a more forensic approach to securing their networks? And won’t this involve time-consuming trawls through masses of raw packet data? We spoke to Uriel Cohen, head of marketing at network forensics specialist WireX Systems to find out.
BN: Network visibility is nothing new, so why has it become more relevant recently?
UC: The ability to truly understand what is going on in the network was and always remains critical to every organization with an IT team. And yet, 2014 has proved that no one is immune to cyber-attacks, from large finance firms who spend millions of dollars on security, to small retailers who mistakenly believe they are not a target. The paradigm of enterprise security today is shifting from prevention towards detection and forensics and security budgets are changing accordingly. It all comes down to better visibility as a first and crucial step to mitigate business loses from the inevitable security beaches.
BN: Why isn't the normal approach of collecting logs and other metadata sufficient any more?
UC: Network solutions record high-level event details to logs and discard the actual content. This is barely enough and sometimes even irrelevant when trying to understand network activities across the many applications running your business. It wasn't surprising when Verizon found that less than one percent of successful attacks were spotted by SIEM. For over a decade we were trying to achieve contextual awareness around incidents by aggregating and correlating endless logs and failed. Today we have the technology to keep it all -- the actual content of our entire network history.
BN: So how come most organizations today are still left behind with limited visibility into their network activity?
UC: To date, there have been no tools available to the enterprise that could bring true value. Adopters of forensics technologies report challenges in investigating network and security incidents without a team of dedicated experts working around the clock. Every week we are meeting more frustrated analysts, telling us that instead of devoting their time to conducting investigations, they are sorting through massive amounts of unrecognized sessions, gluing together the bits and bytes. Another important factor is the required storage. Existing solutions are based on full packet recording, meaning that you need 11TB to store a single day of 1Gbps network traffic. Obviously, this cannot scale considering today's growing infrastructures.
BN: How does WireX approach the problem?
UC: Think of it as a Google-like interface that enables even entry-level personnel to understand every action and piece of data that traversed the network. Instead of choosing between limited visibility with metadata only or an army of experts digging in mountains of packets, WireX approaches this with deeper, more powerful analysis capabilities. The WireX Platform automatically analyses all parts of the enterprise network to reduce to zero the time wasted on collecting relevant intelligence.
BN: What makes WireX special? Tell us a bit more about your analysis capabilities.
UC: Our core technology is WireX Layer-8 Contextual Analysis which provides real-time network analysis. WireX picks up where traditional DPI has failed, creating intelligence that is human-readable. The analysis engines understand the activities within each application and therefore reveal the precise actions performed and extract its content. This includes the data center, perimeter, organization's LAN and the cloud, with the ability to easily add new decoders also for homegrown applications. Moreover, by performing real-time extraction and compression of textual content, the WireX platform provides significantly longer history than traditional solutions that rely on full-packet capture.
BN: Does this do away with the need for specialist analysts?
UC: Once the network traffic is fully analyzed, stored and indexed, security and IT teams can finally perform their tasks effectively. Whenever an alert is triggered by any existing solution (such as next-generation firewall, IPS or SIEM), the solution will provide the complete network story related to the incident in question, including the actual content. The important part to understand here is that the intelligence delivered can be understood immediately, without any additional post-processing needed.
BN: What's the next step for the company?
US: WireX was founded in 2010 to empower defence forces and intelligence agencies with tools to combat cyber-terrorism. Today, we are expanding our reach to the enterprise market, tailoring WireX's field-proven technology to revolutionize security operations. We are currently preparing for launch in the US by the end of the year.
Image credit: d3images/Shutterstock
It's reckoned that 90 percent of the world's data has been created in the last two years and that every two years the amount of data will continue to double.
Existing data management solutions aren’t designed to cope with this rapid explosion of data. However, San Franciso-based startup company Komprise is building a platform uses analytics-driven adaptive automation to manage massive data growth transparently across all storage.
Businesses are currently spending around 25 percent of their IT budgets on storage, and 80 percent of this cost is in the management of the data -- storing, migrating, protecting, and finding information. Komprise aims to eliminate 70 percent of these costs by breaking the cycle of buying and managing more storage. It intelligently automates the data management processes transparently across data silos.
"The reality is most businesses today are struggling simply to keep up with the growth of their data," says Krishna Subramanian COO and co-founder at Komprise. "Not only are storage needs growing rapidly, but most of the data ends up collecting dust in a storage bin since it can be costly and complex for a company to find and interpret. Our solution helps businesses to organize, discover and unlock the value of unstructured data while streamlining costs".
The founding team has successfully built two prior start ups aimed at simplifying complex IT infrastructure and Komprise has raised $6 million in venture capital funding to expand and develop its new platform.
You can find out more and sign up for the early access program on the company's website.
Photo Credit: wavebreakmedia/Shutterstock
SAP HANA is the ERP specialist's recent key product. Based on in-memory technology, it provides a considerable increase in the speed of data processing, helping large enterprises process their data in real time. It's implemented in more than 500 companies.
But at a "Black Hat Sessions" conference today in the Netherlands, Dmitry Chastuhin, Director of professional services at SAP security company ERPScan, has presented a report on the latest trends in SAP Security. It uncovers multiple problems related to encryption algorithms and static keys used by SAP in their products.
The SAP HANA database holds the bulk of its data in memory for maximum performance, but it still uses persistent disk storage to provide a fallback in case of failure. Data is automatically saved from memory to disk at regular savepoints. The data belonging to a savepoint represents a consistent state of the data on disk and remains in place until the next savepoint operation has completed -- according to the SAP Security Guide. This means that some data is stored on the file system, and an attacker can get access to it.
"People think that SAP HANA is in-memory database and doesn’t store any sensitive data on hard drive. The reality is not that nice as you might think. Some data is actually stored on the disc," says Chastuhin. "For example, some technical user accounts and passwords along with keys for decrypting savepoints are stored in storage named hdbuserstore. This storage is a simple file on the disc. It is encrypted using 3DES algorithm with a static master key. Once you have access to this file and decrypt it with static master key, which is the same on every installation, you get system user passwords and keys for disk encryption. After that, you can get access to all data. According to our consulting services, 100 percent of customers we analyzed still use default master key to encrypt hdbuserstore".
SAP's mobile platform has a similar issue with passwords stored in encrypted form but with a static key. The report also reveals that the XS JavaScript language for working with the HANA database can be vulnerable to SQL injection attacks. It points out that if these issues are present in SAP's code they're also likely to be found on custom applications developed by third-party or in-house developers.
More information on the vulnerabilities uncovered in SAP can be found on the ERPScan website.
Image Credit: Pavel Ignatov / Shutterstock
According to a report published by security specialist NowSecure, a vulnerability in the Swift keyboard software, pre-installed on Samsung devices, can allow a remote attacker to execute code on the user's phone as well as access functions like the microphone and camera.
Worse still there's no way to uninstall Swift and the flaw can be exploited even if you don't use the app. It affects leading Samsung smartphone models from the Galaxy S4 to the S6.
Samsung and the Google security team were notified in December 2014. Samsung began providing a patch to mobile network operators in early 2015, but it's not known if the carriers have rolled out the patch to devices on their networks. It's also difficult to determine how many mobile device users remain vulnerable, given the device models affected and the number of network operators globally.
It isn't easy for users to tell if their device has been patched either. NowSecure recommends avoiding connection to insecure Wi-Fi networks, contacting their service provider for patch details or even temporarily switching to a different mobile device.
Standalone SwiftKey apps on the Google Play and Apple App Stores are not affected by this flaw. A SwiftKey statement says, "We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue".
It goes on to say that the vulnerability is not easy to exploit and that users would need to be connected to a compromised network where hackers had the right tools available to attack their device.
More information including a list of affected Samsung models is available on the NowSecure website.
Solving problems successfully is all about having the correct information for accurate diagnosis and then assembling the appropriate people to put things right. The problem is that the necessary knowledge is often spread across several areas of IT.
Operations performance management company PagerDuty is launching an extension to its platform called Rich Incidents aimed at reducing incident resolution times using real-time data.
Rich Incidents brings rich information from multiple sources together inside the notification, empowering operations teams to make the most of critical time. It has direct access to collaboration tools -- such as Slack, HipChat and Google Hangouts -- so teams are also able to connect with the right people faster.
"Rich Incidents delivers an important extension to PagerDuty’s incident lifecycle capabilities by providing our customers the right information they need to solve problems quickly," says PagerDuty CTO and Co-Founder, Andrew Miklas. "We are committed to delivering operations, IT and engineering professionals with the resources they need to protect uptime, and we’re hearing from customers that Rich Incidents help reduce resolution time to do just that".
The software provides more contextually relevant information about each incident along with relevant historical detail and graphs that increase incident understanding. It also offers links to help IT staff find relevant information that connects all the important resolution elements, has direct connection to conference bridges, chat rooms or runbooks, along with the ability to display custom graphs based on specific needs.
Rich Incidents is available now for all existing PagerDuty customers. More details are available on the company's blog.
Image Credit: lucadp / Shutterstock
Modern businesses invariably have access to lots of data, but deriving simple straightforward insights from that can be difficult, especially if it's stored across multiple applications or extracted from the web.
SaaS analytics provider FirstRain is unveiling a new analytics platform that lets enterprise customers deliver business-critical and actionable insights to departments, teams and individuals.
FirstRain Orion adds new families of business analytics and the ability to integrate and analyze internal company data with information from the web and social media. It integrates into any enterprise or commercial platform and gives FirstRain's customers access to disruptive analytics that drive smart business decisions.
"We are delighted to bring the new FirstRain Orion architecture to our Fortune 1000 enterprise customers," says Penny Herscher, FirstRain president and CEO. "The seamless integration of critical and personalized customer and market insights into their enterprise-wide solutions and mobile-first initiatives will help them grow revenue by dramatically improving the speed and quality of the employee’s daily business decisions".
Among Orion's features are the ability to add new families of business analytics, such as marketing campaign enrichment, diverse fact extraction, opportunity and business risk triggers and financial risk analyses to create concise real-time business insights, and enable executives, sales, marketing and finance professionals to make higher quality decisions. Information is presented in a clear, graphical style.
It can build high precision business data analytics from a broad range of content and deliver it together into one user experience. Insights can be automatically personalized and configured for each user, team or for enterprise-wide initiatives.
Integrating into the client's business workflows and existing platforms is straightforward and Orion can incorporate both external unstructured data -- from the web for example -- and internally created unstructured business data. It's designed to work on smartphones and tablets and can be rapidly deployed through web service APIs.
For more information and to request a demo you can pay a visit to the FirstRain website.
Photo Credit: Sergey Nivens / Shutterstock
You might think that today's scammers spend most of their effort on the Internet, but a new report by call center authentication specialist Pindrop Security reveals that phone fraud is still big business.
More than 86.2 million calls per month to US consumers are down to scammers, and 36 million of those calls can be traced to one of the 25 most common phone scams. It also finds a 30 percent rise in enterprise attacks.
Financial and retail institutions have seen an increase in phone fraud of more than 30 percent since 2013, with one in every 2,200 calls being fraudulent. This rate increases for retailers that sell popular, expensive products with a high resell rate. The report also indicates that credit card issuers are getting the highest rate of fraud attempts, with one in every 900 calls being fraudulent. The report attributes this to cards being one of the most common ways for the public to complete transactions, and thus card numbers being at greater risk of theft.
Attackers have also been quick to embrace technology, using VoIP lines for 53 percent of their calls, compared to 7.8 percent of the general public using VoIP as a means for phone communication. Robot dialers are common too with 1 in 6 numbers calling consumers using auto-dialers. Fraudsters are also using spoofing to manipulate their caller IDs to mimic legitimate organizations.
"These attackers are sophisticated, using a variety of tactics, including automation, working in criminal rings and using both the phone and cyber channel to make tracking their actions more difficult," says Matt Garland, vice president of research and head of Pindrop Security’s newly formed Pindrop Labs team, which analyzed the data behind the report. "As major data breaches such as Anthem and Target have occurred, attackers have found the phone channel to be the vulnerable underbelly for corporations and consumers, allowing them to monetize the breaches through social engineering and account takeovers".
This isn't just a US problem, however, rates of phone fraud are similar across all economically developed countries, regardless of security regulations and legislation in place. Fraudsters rely on casting a wide net and catching people who aren't informed about the latest scams. Phone fraud rates are lower in developing countries and when it does occur it tends to be local in origin.
Pindrop expects the shift to chip and pin cards in the US to make attackers shift more attention to the phone as it's traditionally the least protected of the card-not-present channels. It advises call centers to begin preparing now for an increase in attacks.
The full report is available to download from the Pindrop Security website.
Photo Credit: Ana de Sousa/Shutterstock
Enterprise IT specialist LANDESK has released the results of a poll into end users' experiences with their IT departments.
The study polled more than 2,500 employees at organizations of various sizes worldwide, when asked to rate satisfaction with their IT department on a letter scale, 80 percent gave an A or B rating.
It also finds that 81 percent of respondents attempt to solve their own IT issues before asking for help. This follows the trend of increased self-sufficiency and autonomy in end users and indicates that users are becoming more resourceful.
"The results of this survey validate exactly what we already believed at LANDESK -- IT departments are doing increasingly better work and end users are more empowered to solve issues on their own," says Steve Daly, CEO of LANDESK. "This shift gives IT teams more time to focus on solving the more vexing IT issues they’re faced with each day".
Other findings are that IT departments are generally quick to respond to requests for help, with 88 percent of respondents reporting that IT generally resolved their issues in less than 24 hours and 28 percent seeing results within the first hour.
However, users now expect answers in real-time and are increasingly taking matters into their own hands. With proactive super users and responsive IT departments, it's perhaps no surprise that most IT issues don't significantly cut into productivity. In fact, 46 percent of respondents reported losing less than an hour of work per month and 80 percent reported losing less than three hours work per month.
When asked about subjects related to personally-owned devices in the workplace, the survey showed that most end users (75 percent) use at least one personally-owned device for work purposes, but only 23 percent of respondents reported their businesses have a bring-your-own-device (BYOD) policy.
"We are pleased with the results of this survey and what it means for IT departments around the world," says Daly. "For example, the findings from this study support our belief that with all the mobile devices employees are using to get their work done, organizations may need to implement or improve BYOD policies and mobile security practices within their companies".
The full report is available to download from the LANDESK website.
Image Credit: wavebreakmedia / Shutterstock
With distributed networks, virtual servers and the cloud, corporate data is increasingly stored in lots of different places, making backup and business continuity more of a challenge.
Following its acquisition of Backupify in December last year, backup and recovery specialist Datto is launching a range of new products and enhancements designed to protect data no matter where it resides -- across on-premise physical or virtual servers or in the cloud via SaaS applications.
Announced at Datto's partner conference in New Orleans, the new products and features are part of Datto's Total Data Protection platform, which includes physical and virtual appliances, software and Datto's more than 140-petabyte private cloud.
The new announcements include a Datto DNA Router, offering remote configuration and 4G failover designed to meet the specific needs of MSPs and to protect data in transit. While traditional routers are susceptible to downtime and can be challenging to manage remotely, the Datto DNA router can be easily configured from the cloud -- reducing the need for onsite visits, decreasing downtime and providing a better experience for end users.
Datto Backupify for Office 365 brings automated, secure backup for data stored in Office 365. Datto partners supporting Microsoft Office 365 will be able to offer superior cloud-to-cloud backup protection for their users, ensuring that customers experience zero data loss from human errors, malicious deletions, hackers or viruses. It joins existing Backupify products for Google Apps, Salesforce and other SaaS applications.
Datto has recently partnered with ownCloud to offer secure file sync and share capabilities on all new and existing Datto SIRIS 1 and Datto SIRIS 2 devices. There's also a new Datto Linux Agent to deliver business continuity to Linux-based environments. MSPs working with Datto can use their existing Datto devices to extend protection to Linux.
An updated Datto Partner Portal will give MSPs a single place to manage their entire collection of Datto devices and services, it's expected to be available this fall.
"We're making the technology investments today to help our partners deliver end-to-end data protection that makes them even more successful tomorrow," says Austin McChord, Datto founder and CEO. "The DNA Router, Datto Backupify for Office 365 and other new product features and functionality provide more value than ever before for our partners, so they can guarantee protection for their customers’ data whether it is on-premise, in a SaaS application or in the cloud".
More information on all of these products is available via the Datto website.
Photo Credit: Andy Harbin/Shutterstock
According to Gartner 85 percent of enterprises expect to have policies for allowing employee-owned devices in the workplace by 2020. This gives administrators a growing challenge in securing, supporting and managing them.
High-performance wireless specialist Xirrus is launching a new service suite called EasyPass, designed to manage mobile device connections to Wi-Fi networks in the simplest way and with minimal IT involvement.
"Users expect to connect anywhere, anytime without waiting. It's no longer enough to simply provide Wi-Fi -- today, connecting must be fast, easy and secure," says Bruce Miller, vice president of product marketing at Xirrus. "EasyPass addresses the pain points IT departments face due to the growing number of disparate devices on their Wi-Fi networks. Xirrus is the only Wi-Fi vendor to provide secure, device-independent Wi-Fi access with the simplest way to connect".
The EasyPass suite is made up of three modules. EasyPass Onboarding provides device-independent secure access for known users such as employees or students and ensures each user's connection is individually secured, eliminating the shared keys used on many Wi-Fi networks that expose them to compromise.
EasyPass Guest allows users to self-register without any IT assistance, and delivers fast and easy Wi-Fi access for anyone that wants to connect from anywhere, on any device. Finally EasyPass Voucher allows guest access using pre-created voucher codes to give greater control over who receives Wi-Fi access and for what duration.
"In higher education, students are accessing the Internet on more and more devices," says Tim Carlyle, director of network computing of Northwest Missouri State University. "Not only does this create a strain on our networks, it is also incredibly difficult and time consuming to manage. Xirrus; XMS-Cloud paired with EasyPass provides us with the easiest solution for controlling devices on our Wi-Fi network while simultaneously allowing our administrators and students to connect their devices easily and securely".
EasyPass is available from today and you can find out more and sign up for a free trial on the Xirrus website.
Photo credit: baranq/Shutterstock
As data volumes grow managing them and being able to extract meaningful insights in a timely manner becomes more and more difficult, especially for small and medium businesses.
Latvian database-as-a-service (DBaaS) company Clusterpoint is looking to expand its innovative technology to developers and small to medium sized businesses in North America by opening a new server cluster in Dallas.
"Our mission is to accelerate computing and the database plays a very central role in computing infrastructure today," says Zigmars Raascevskis, CEO of Clusterpoint. "Developers who are maintaining their own databases today face two major obstacles because of hardware: fixed capacity and speed limitations. This is why we have built a cloud-based database service. In the cloud, the developer's database request can be distributed among hundreds of servers in parallel, significantly reducing clock time to get a result".
Clusterpoint 3.0 is a cloud-based NoSQL database that allows developers to scale instantly regardless of data volume. They also have access to massive distributed computing power in the form of a cloud-based database, and benefit from a unique pricing model that is appealing to individual developers and those at SMBs. Clusterpoint 3.0 offers a true pay-per-use model rather than the tiered pricing model of today’s traditional DBAAS offerings.
Clusterpoint's cloud-based DBaaS model allocates resources based on need and these are accounted per request on the millisecond level. This results in cost benefits that can be three or even 10 times better than traditional pricing models, and with no hardware provisioning required.
With a server cluster already operating in Europe, Clusterpoint's first major investment in the US demonstrates its commitment to the marketplace. More information is available on the company's website.
Photo credit: LilKar/Shutterstock
Traditionally benchmarking organizations or parts of an enterprise against each other has been a complex process involving a team of specialist analysts. But the amount of data available to modern businesses means that they're increasingly looking for ways to automate gaining insights information.
Pittsburgh-based OnlyBoth is launching a new commercial benchmarking engine based on artificial intelligence principles. It enables business-services providers to offer comprehensive, automated benchmarking services to their end customers.
It's designed to answer fundamental business questions like, how are we doing? Where could we improve? And which similar peers do best? The clever bit is that it delivers results in English rather than just as numbers.
"Benchmarking is laudable, worthwhile, and widespread, but it has been handicapped by a lack of software automation and easily-available data," says Raul Valdes-Perez, CEO of OnlyBoth. "We envision a new world of universal business betterment made possible by automated benchmarking engines. Combining novel and unique technologies, OnlyBoth takes benchmarking to new playing fields where it delivers actionable paragraphs that drive real business value".
The artificial intelligence technology used was first developed in the late 1990s at Carnegie Mellon University through a National Science Foundation research grant to Valdes-Perez, but then set aside for 12 years while the founders grew a previous startup, eventually acquired by IBM and incorporated into the Watson platform. OnlyBoth combines machine discovery -- algorithms that discover humanly-digestible knowledge -- with natural language generation, which makes the resulting knowledge easy to read and share.
More information and the opportunity to try out the benchmarking for yourself using public hospital data is available on the OnlyBoth website.
Photo Credit: amasterphotographer/Shutterstock
With technologies like cloud systems and big data increasingly in demand the role of the chief information officer (CIO) is evolving and throwing up new problems all the time.
Enterprise search company Lucidworks has produced an infographic looking at the changes most affecting CIOs and what can be done to embrace them.
Big data is the major challenge with 67 percent of Fortune 1,000 companies already having initiatives in production and only four percent with no big data projects planned at all. 91 percent of CIOs feel that the move to big data has made their role more important whilst 85 percent say they've become more important to the business as a result.
Investment in big data is up too with 74 percent of companies expecting to spend more than $10 million by 2017. The growth of big data has also led to many more companies appointing chief data officers. Only 19 percent of Fortune 1,000 companies had a CDO in 2012, this is up to 43 percent in 2014.
The top challenges for CIOs are identified as security, downtime and staffing. Skills shortages are affecting many of the key areas including big data, business intelligence and security.
More information including recommendations to help CIOs adapt to the challenges they face is in the full graphic below.
Image Credit: leedsn/Shutterstock
Most of today's gadgets seem to use USB for charging their batteries so you inevitably end up with a whole stack of cables and the mains power adapters to go with them.
If you're looking to simplify things the Smart Charger 8000 from Swiss company ARCTIC may be the solution. It's a little box with five USB ports that allows you to charge a number of devices at the same time. It intelligently detects the devices connected to it in order to provide the best charging speed for each one.
The unit is compact with edges in a gray soft-touch rubber material, the top is hard black plastic with a subtle gray pattern, and rubber feet on the bottom stop it from sliding around. It comes with a one metre long mains lead so you can comfortably stand it on a desk or a bedside table.
Switch it on and a yellow LED on the top tells you it's active. This same LED will flash to tell you if you've reached the 10 amp current protection limit. The makers say it's up to 86 percent efficient so minimal energy is wasted generating heat.
On test it coped with an Android smartphone, a Kindle and an MP3 player all taking different times to charge. It does make a very slight whining noise when it's working but unless you put your ear next to it you won't notice it other than in a very quiet environment.
The Smart Charger 8000 is a handy gadget for organising all of your charging in one place. It's a neat, unobtrusive design and coped well with all of the USB devices we tried on it. It costs $23.99 on Amazon or £18.99 on Amazon.co.uk. More information is available on the ARCTIC website.
Most marketers are focused on providing a personalized experience for the customer. However, many still rely on email communication. Whilst this is still an effective delivery method there’s an inevitable time lag in the message arriving by which time it could be out of date.
That delay may be a thing of the past as eCommerce specialist Reflektion is launching Right Time Messaging. This has the ability to hyper personalize emails to individual recipients right up to the moment the message is opened.
Reflektion's 1 to 1 search and product merchandising products have already enabled retailers and brands to convert large numbers of website visitors into customers. The Right Time Messaging solution is focused on reactivating customers by injecting real-time, 1 to 1 content into triggered and promotional emails, selecting the most relevant products and promotions for each individual.
"Email can be the most powerful and efficient reactivation tool for marketers. But the batch and blast technique still in use is often not effective with today’s digital consumer," says Sean Moran, CEO of Reflektion. "With the ability to deliver relevant products and promotional messages to individuals based on their shopping behavior up to the time they open the email, marketers can breathe new life into their brand’s email strategy by dramatically improving results".
It can offer products targeted to each individual recipient's preferences. Reflektion clients generate emails that feature a direct link to products, which cuts the number of clicks needed to get to the sales page across all devices and reduces shopper frustration and abandonment.
More information on Right Time Messaging is available on the Reflektion website.
Photo credit: Pavel Ignatov/ Shutterstock
Cloud management specialist BetterCloud has released the results of its latest survey into the pace of cloud adoption in businesses.
The survey of 1,500 IT professionals from 53 countries also looks at the differences in cloud office systems and their customers, the current and expected usage rates for cloud applications, and the effects of cloud office systems on productivity, collaboration, cost savings and more.
The key finding is that by 2020, 62 percent of all organizations surveyed expect to be running 100 percent of their IT in the cloud. Currently, 12 percent of organizations surveyed run all of their IT in the cloud. By 2017, more than a quarter expect to be doing so. However, 27 percent of respondents believe that their organizations will never go 100 percent cloud.
As businesses look to replace legacy applications they increasingly turn to the cloud. In 2015, enterprise organizations are running an average of 18 cloud applications, by 2017, that number is expected to nearly triple to 52.
Google shops are going all-in on the cloud at a much faster pace than Microsoft-based companies. 66 percent of Google Apps customers who took the survey expect to run all their IT in the cloud by 2020, against only 49 percent of Office 365 customers.
One of the strongest indicators of cloud adoption is the age of the organization itself. The majority (66 percent) of organizations five years old or younger expect to run 100 percent of IT operations through the cloud by 2017. Only nine percent of organizations 21 years or older expect to be running fully in the cloud by then. It's clear that the cloud offers an advantage to businesses that aren't tied to legacy systems. The age of the workforce is an important factor too. Younger workforces tend to consist entirely of digital natives who have grown up working in the cloud.
"We are at the beginning of the biggest shift in IT in more than 20 years. The growing use of cloud office systems and the increasing reliance on cloud applications is driving us to a tipping point -- an entirely new way of working," says BetterCloud CEO David Politis. "Cloud office systems are the foundation of the transition to the cloud, serving as the gateway to overall cloud adoption. Running 100 percent of IT in the cloud was unthinkable only a few years ago, but as our data shows, in less than 10 years it will be the norm".
You can find out more about the results on the BetterCloud blog.
Photo Credit: RPeshkova/Shutterstock
According to a new survey from Microsoft System Center specialist Adaptiva, 71 percent of IT leaders plan on waiting six months or more before deploying Windows 10.
In the survey, conducted at Microsoft Ignite 2015, 49 percent said they planned to wait a year or more before updating. Of larger companies 80 percent of those with over 100,000 nodes said they are planning to adopt in a year or more.
Only 11 percent of all respondents' organizations are still running Windows XP. This is down from 53 percent last year in a similar survey Adaptiva conducted at TechEd 2014, indicating that XP is well on the way out in the corporate world.
The biggest barriers to upgrading to Windows 10 were given as application compatibility and time investment (98 percent), followed by user training (35 percent), and product maturity (23 percent). A majority (54 percent) say the cloud has no impact on their ability to upgrade and patch applications or migrate operating systems. However, 40 percent claim the cloud is actually making it harder for them to perform these basic systems management tasks, up from just seven percent who felt that way in 2014.
Other findings are that the vast majority of respondents were running Windows 7 (89 percent) and/or Windows 8 (57 percent). Of those at organizations with more than 10,000 nodes, 99 percent are running Configuration Manager in their enterprise and 62 percent plan to use it to deploy Windows 10.
To move to the new OS, nearly three-quarters (73 percent) of large organizations plan to use side-by-side replacements -- deploying new computers with Windows 10. This compares to 36 percent who plan to perform in-place upgrades to existing hardware.
More information on the survey and on how Adaptiva's OneSite 5.0 can make migration to Windows 10 easier is available on the company's blog.
Image Credit: iQconcept / Shutterstock
According to new research 15 to 30 percent of eCommerce site visitors are infected with Client Side Injected Malware (CSIM) that causes them to view injected ads, malicious links and fraudulent spyware on otherwise legitimate sites.
These findings are from a study by online security company Namogoo which shows that CSIM has grown rapidly in the past two years and is able to operate completely undetected by site publishers because it lives locally on consumers' systems.
Consumers may unknowingly download CSIM via bundled apps or extensions and most commonly experience injected ads -- fake advertisements that look native to an authentic site, but actually lead consumers away from the website to make their final purchases elsewhere.
Namogoo has already identified over 25,000 ad injector signatures, with an average of 200 new signatures appearing daily. It says that injected ads made up an estimated $7 billion market in 2014, and the culprits behind the industry can range from lone developers in emerging markets to large public companies operating in the gray area of the law while siphoning off millions in eCommerce traffic and revenue from unsuspecting brands.
"We even see anti-virus companies using their software to secretly infect consumers with CSIM. It's a startling but unfortunate truth," says Namogoo co-founder and CEO Chemi Katz. "Because it's an easy way to make a buck, struggling anti-virus companies have given in to the dubious practice in order to stay alive, although we think it's quickly becoming evident in the eyes of the public".
In the past six months Namogoo has seen client-side attacks increase by 20 percent, a sign that the CSIM industry is becoming more aggressive. In some markets, including travel and luxury goods, it has found an especially concerted effort by malware developers as consumers are not only more likely to click on an injected ad, but ultimately make larger purchases.
The company has developed a new technology that allows eCommerce sites to combat CSIM by suppressing all active CSIM on a consumer's computer or browser when that consumer visits a Namogoo-protected site. Its servers scan millions of pages creating malware injection blocking rule sets in real-time and delivering them to the website via a single line of code, so site publishers can control the user experience, down to the individual computer.
A white paper looking in more detail at CSIM and at how Namogoo can combat it is available as a PDF from the company's website.
Photo Credit Konstantinos Kokkinis/Shutterstock
The promise of surface computing for businesses seems to have been around for ages, remember all those cool videos of interactive coffee tables and screens from around three years ago? Yet so far there hasn't been a great deal of practical application.
That could be about to change as Microsoft makes its Surface Hub available for businesses to order in 24 markets -- including Australia, North America, Japan, the Netherlands, Singapore, and the UK -- from July 1.
Surface hub will be available in two sizes, a 55-inch model for $6,999 and an 84-inch model for an eye-watering $19,999. The larger model has a 4k touch-screen display that refreshes faster than the human eye can detect -- every 8.33 milliseconds. On both sizes, Surface Hub supports 100 points of multitouch and up to three simultaneous pen inputs, has dual 1080p front-facing video cameras and a four-microphone array help ensure that those remotely joining Skype for Business meetings can see and hear the entire room.
Microsoft says it will offer the power and versatility of a complete, cloud-connected Windows 10 device along with the simplicity and consistency of a custom interface that's built for shared spaces. Surface Hub has built-in Wi-Fi, Bluetooth 4.0, NFC and a variety of ports for easy wired and wireless connectivity options
"While there are a number of devices designed to improve our productivity as individuals, there has yet to be a device that is truly optimized for a group of people to use together -- designed not just for what we need to do, but how we want to work. Until now," says Mike Angiulo, corporate vice president, Microsoft Devices. "Just as the PC revolutionized productivity for individuals, Surface Hub will transform the way groups of people work together".
Microsoft is working closely with a number of strategic partners to make it easy for businesses to deploy Surface Hub into their organizations in a way that naturally integrates into their existing rooms and IT environments.
The price means this is going to be the preserve of big corporations, but hopefully if it takes off it will become more accessible. To find out more you can pay a visit to the Surface Hub website or the Microsoft Surface Blog.
One of the problems with business software is that it tends to exist in compartments when it would make life much easier for users if it all worked together.
Sales document creation specialist PandaDoc is launching a new add-on to integrate its software with the Zendesk customer service platform.
"PandaDoc's heritage in enabling stronger, more results-driven document collaboration between sales and marketing teams makes us a natural partner for Zendesk. Through this integration, we’re now empowering customer service agents to do their jobs better by making traditionally mundane paperwork processes, like securing e-signatures, much simpler and faster," says Mikita Mikado, Co-Founder and CEO of PandaDoc.
Administering customer support documentation -- particularly securing electronic signatures -- from within Zendesk can be a challenge. Service agents may find themselves spending too much time switching between applications to send various document types, plus document-related details aren't connected back to Zendesk.
Using PandaDoc enables form fields to be automatically filled using previously supplied information, saving time and effort when Zendesk users are creating things like NDAs or contract renewals.
In addition, the PandaDoc integration means that documents and document-related information will now be part of the comprehensive information available to service agents. End-customers will also have the option to access these documents themselves, an important capability for outsourcing organizations offering branded self-service communities through Zendesk.
"PandaDoc greatly simplifies the paperwork tasks involved in customer service. This not only increases the efficiency of service agents, but also helps organizations maximize their Zendesk benefits including delivering greater customer convenience, building stronger relationships and generating more revenues," adds Mikado.
You can find out more about PandaDoc and sign up for a 14-day trial on the company's website.
Image Credit: HABRDA / Shutterstock
We reported last month that new security standards for the payment card industry, known as PCI DSS, were coming into force by the end of June.
Security company Rapid7 has produced an infographic looking at PCI compliance, cybersecurity and new related requirements for penetration testing. Based on data from the Verizon 2015 PCI Compliance Report it sets out four things enterprises should know about going into PCI compliance.
It shows that enterprises are getting better at PCI compliance, however, only one in five organizations were fully compliant at interim assessment. Vulnerability scanning remains a major challenge, PCI DSS Requirement 11 (regularly test security systems and processes) was the only area where compliance levels have fallen year-on-year.
It also points out that tracking and monitoring is critical, with every company that suffered a data breach being found non-compliant with PCI DSS Requirement 10 (track and monitor all access to networks and cardholder data). Finally starting on July 1, companies must comply with new, more stringent pen-testing requirements.
You can see the full infographic below.
Image Credit: Sedlacek / Shutterstock
The first quarter of this year saw a 165 percent increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt, and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor.
This is the main finding of the latest McAfee Labs Threats Report released today by Intel Security. Among other highlights are a 317 percent increase in Adobe Flash malware samples and the emergence of new efforts to exploit hard drive and SSD firmware.
Part of the CTB-Locker ransomware's success is down to clever techniques for evading security software, higher-quality phishing emails, and an 'affiliate' program that offers accomplices a percentage of any ransom payments in return for flooding cyberspace with CTB-Locker phishing messages.
McAfee Labs suggests that organizations and individuals need to learn how to recognize phishing emails and has launched an online quiz to help develop your skills.
The rise of Flash malware is put down to the popularity of Adobe Flash as a technology, user delay in applying available patches, new methods to exploit product vulnerabilities, a steep increase in the number of mobile devices that can play Adobe Flash files (.swf) and the difficulty of detecting some Flash exploits. In the first quarter 42 new Adobe Flash vulnerabilities were submitted to the National Vulnerability Database though initial fixes were made available for all 42 on the same day they were posted.
"With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users," says Vincent Weafer, senior vice president, McAfee Labs. "This research nicely illustrates how the tech industry works together constructively to gain an advantage in the realm of cybersecurity -- industry partners sharing threat intelligence, and technology providers acting on information quickly to help prevent potential issues".
The HDD and SSD firmware issues were uncovered in February 2015 when the cybersecurity community became aware of efforts by a secretive outfit called Equation Group. McAfee Labs has analyzed modules that could be used to reprogram the firmware in SSDs in addition to previously-reported HDD reprogramming capability. Once reprogrammed, the firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating system is reinstalled. Once infected, security software can't detect the associated malware which is stored in a hidden area of the drive.
Other findings are a slight decline in PC malware growth but a jump in mobile malware samples of 49 percent. SSL attacks have continued too although they're down on the levels reported in the last quarter of 2014.
There's more detailed information in the full report which is available as a PDF on the McAfee Labs website.
Image Credit: Robynrg/Shutterstock
Networking specialist Cisco is announcing new products to provide embedded enterprise security from the data center out to endpoints, branch offices and the cloud.
The company used this week's Cisco Live conference to announce that it's adding more sensors to increase visibility; more control points to strengthen enforcement; and pervasive, advanced threat protection to reduce time-to-detection and time-to-response, limiting the impact of attacks.
Cisco expects the Internet of Everything (IoE) to be worth $19 trillion over the next decade while the cybercrime sector could be worth up to $1 trillion.
Cisco's solutions include endpoint protection using its AnyConnect 4.1 VPN client which allows customers to easily deploy and significantly expand their threat protection to VPN-enabled endpoints to continuously and retrospectively guard against advanced malware.
Branch office protection is provided by FirePOWER Services solutions for Cisco Integrated Services Routers (ISR), offering centrally managed Next-Generation Intrusion Prevention System (NGIPS) and Advanced Malware Protection (AMP) where a dedicated security appliance may not be feasible.
Cisco will also add embedded multiple security technologies into the network infrastructure to provide broad threat visibility, to identify users and devices associated with anomalies, threats and misuse of networks and applications.
It's integrated StealthWatch with its Identity Services Engine to spot and block suspicious network devices and added NetFlow monitoring to offer greater insights into network traffic.
"To protect against today's threats and increase agility for organizations to seize new growth opportunities and implement new technologies, security must be pervasively embedded across the entire network infrastructure," says David Goeckeler, Senior Vice President and General Manager of Cisco's Security Business Group. "By integrating 'Security Everywhere' throughout the extended network and through cloud-delivered services, Cisco is protecting a wider array of attack vectors. This also provides enterprises and service providers with the confidence that they have the continuous and retrospective visibility and control to support new technologies and business opportunities in the Internet of Everything and the Digital Economy".
You can find out more about Cisco's ability to secure extended networks on the company's blog.
Image Credit: Katherine Welles / Shutterstock
In 89 percent of mid-sized companies IT management focuses on day-to-day tasks that are often time-consuming and manual which means that business isn't getting the most from its IT investment.
This is one of the main findings of a survey by cloud-based IT management provider Kaseya which looked at 500 mid-sized enterprises globally and compares the practices of IT departments in faster growth companies with those in slower growth companies, and the practices of more mature IT organizations with those of less mature ones.
The 11 percent of companies that have achieved higher levels of maturity are reaping benefits in important ways for their businesses. The survey findings suggest IT groups can do more to drive the effectiveness of both IT and the business by better utilizing the limited resources they have. Results indicate that by using automation more for both routine tasks and problem avoidance, and by fully embracing cloud technologies, IT groups can spend more of their time on strategic projects that contribute to end-user productivity and drive the success of the business overall.
"Most IT groups in mid-sized companies find that they don't have enough time to invest in strategic projects," says Loren Jarrett, chief marketing officer for Kaseya. "Our survey results suggest that by adopting the practices of mature IT organizations, including automating IT management activities, standardizing and streamlining processes, and leveraging cloud services, IT groups at companies of all sizes can free up more time and resources to focus on projects that will drive results for the business".
Other findings include that there's no correlation between the size of a company and its IT management maturity level, indicating that companies of all sizes can benefit from investments in maturing their IT operations. For companies who grew their revenue at greater than 10 percent between 2013 and 2014, 36 percent were considered to have reached the highest maturity levels, against 11 percent for all companies in the study.
Two-thirds of companies at the highest IT management maturity levels have formal service level agreements (SLAs). For more than half of these meeting their SLAs is mandatory. IT organizations at the highest levels of maturity are also almost twice as likely to report that they drive IT decisions, instead of their CEO or CFO.
The full report is available to download from the Kaseya website.
Image Credit: alphaspirit / Shutterstock
According to Gartner, businesses spent more than $70 billion on cyber security tools in 2014, and collectively lost nearly $400 billion as a result of cyber crime. This suggests that existing security technologies are struggling to cope with the growing number of cyber threats.
Californian company Menlo Security is launching an new approach which it calls Isolation Platform, a technology that claims to eliminates the threat of malware from key attack vectors, including web and email.
Built by a team of industry experts in security, cloud and virtualization, alongside academics from the University of California, Berkeley, the Menlo Security Isolation Platform requires no endpoint software and can be deployed to eliminate the threat of malware from web traffic, web-based documents and email.
"Organizations and individuals should be able to interact online without the fear of being compromised," says Amir Ben-Efraim, co-founder and CEO of Menlo Security. "By focusing on ease of deployment and a seamless user experience, the team at Menlo Security has reinvented isolation as a highly usable and scalable front line of defense against malware".
Instead of trying to distinguish legitimate content from malware, what the Menlo Security Isolation Platform does is to isolate and execute all web content in the cloud and away from the endpoint. The solution uses patent-pending, clientless rendering technology called Adaptive Clientless Rendering (ACR), to deliver a non-executable, malware-free copy of the user's session to their native browser, creating a transparent user experience that is 100 percent safe.
Menlo Security Isolation Platform is available now as a public cloud-based service or as a virtual appliance for on-premise deployment. The Platform needs no software on the endpoint and is compatible with any hardware, any OS and any browser. More information can be found on the company's website.
Image Credit: Aleks vF / Shutterstock
Remember LYCOS? Before Google came along it was one of the leaders in the search engine market. It's since tried to reinvent itself as a digital portal in the style of Yahoo or MSN but, be honest, when was the last time you visited its site?
The company is now making a renewed bid for attention with its entry into the wearables market. On June 8 the company is launching a range of devices that will, it says, "serve as a single point of entry into users' digital lives".
There will be two products initially, a wristband called Life Band that includes a fitness monitor and personal security manager, and more intriguing a Life Ring that puts a security manager and Tap to Transfer feature on your finger.
"The most valuable commodity in life is time and this technology helps LYCOS Life users maximize their time by making smarter and more informed decisions using the data they receive from LYCOS Life," says Brad Cohen, president and chief strategy officer of LYCOS.
LYCOS Life will intelligently sense individuals' everyday patterns and transfer this information securely and wirelessly to a smartphone via Bluetooth and its Tap to Transfer (T2T) communication protocol. The wearable devices will allow users to automatically monitor their activity, sleep, heart rate, incoming calls, and important notifications from their phone completely hands-free.
The company says that LYCOS Life will soon be able to uniquely identify its wearer by using onboard sensors to recognize its user simply by the way they move. It has developed software that can learn who you are, what you prefer, and what you do based on your own patterns and behaviors.
Features of the Life range include a Personal Security Manager that securely and seamlessly logs in to favorite apps and websites on a phone, unlocking them without the use of passwords. T2T capability lets users securely give a new friend their number, clients a business card, or instantly share an address to launch directions to a restaurant. The LYCOS Life activity tracker allows users to monitor steps, calories burned, speed and heart rate.
There doesn't seem to be anything especially innovative in any of these functions, though the ring idea looks attractive from a convenience point of view.
The wristband will cost $124.99 and the ring $59.99 more information will be available on the LYCOS Life website from Monday.
The US government has been hit by a massive data breach at the department which handles government employee records, the Office of Personnel Management (OPM). According to officials this has the potential to affect every federal agency.
The Reuters news agency says that it's been told by a US law enforcement source that a "foreign entity or government" was believed to be behind the attack. Suspicion has fallen on China although Chinese foreign ministry spokesman Hong Lei said the accusations were, "irresponsible and unscientific".
The OPM acts as the human resource department for the federal government. The agency is responsible for issuing security clearances, conducting 90 percent of background checks, and for holding records of federal employees. Information held on OPM databases covers employee job assignments, performance reviews and training.
"The FBI is conducting an investigation to identify how and why this occurred," the department of homeland security said in a statement on Thursday. "DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion".
According to the OPM's official announcement it first became aware of the incident in April of this year.
The OPM says that as a result of the incident it will begin sending out notifications to around four million individuals starting on Monday. In order to guard against the risk of fraud and ID theft it says it will be, "...offering affected individuals credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution". This protection will be free for 18 months.
Photo credit: solomonjee / Shutterstock
When we regularly hear stories of personal details being stolen through data breaches and hacks, it's not surprising that people are losing faith in the ability of passwords to protect them.
A new report from mobile ID provider TeleSign reveals that 70 percent of consumers lack confidence that their passwords can adequately protect their online accounts. In addition, about the same amount (72 percent) are in search of additional means to secure accounts.
Commissioned by TeleSign and conducted by Lawless Research, the survey polled 2,000 consumers in the US and the UK and reveals that while concerns around online security and password strength persist, 'password fatigue' among consumers is widespread.
Not changing passwords is common, 21 percent of consumers use passwords that are over 10 years old, pre-dating the launch of Twitter, YouTube and many online banking services. Almost half (47 percent) rely on a password that hasn't been changed for five years. Password reuse is widespread too with 73 percent of online accounts using duplicated passwords and an average of just six unique passwords being used to protect 24 online accounts. This trend leaves people vulnerable to the 'domino effect' where a hacker compromises a user's password for one service and can then access all of their accounts.
On a positive note the findings show that consumers are eager to learn about online security. In fact, 72 percent would welcome advice on how they can better protect their online accounts. The majority (68 percent) would like companies to provide an extra layer of security to keep their online accounts safe. Yet in spite of this desire to learn and improve their online security, six out of 10 are still not making use of the stronger security that two-factor authentication can offer. The top reasons consumers give for not enabling 2FA are that they don't know how to set it up, don't know what it is or that companies simply don't offer it.
"The number one tip most experts give for increasing account security and stopping the fallout from data breaches is to turn on two-factor authentication," says Steve Jillings, CEO of TeleSign. "Yet our research shows that the majority of consumers (61 percent) do not know what two-factor authentication is, even though it's available on almost every account, free to the consumer and just waiting to be turned on".
In order to help with this confusion TeleSign is launching a Turn It On campaign offering guide to 2FA and providing step-by-step instructions for turning it on for popular social networking and other sites.
The full report is available to download on the TeleSign website and there's a summary of the findings in infographic format below.
Photo Credit: JMiks/Shutterstock
Big data infrastructure specialist BlueData has announced that it's introducing support for Docker containers in its BlueData EPIC platform.
It will allow organizations to quickly and easily deploy Apache Hadoop or Apache Spark in a lightweight container environment making it simpler to deploy big data infrastructure.
"Container technology is disrupting the IT market, and Docker is seeing rapid enterprise adoption," says Kumar Sreekanti, co-founder and CEO of BlueData. "There are now thousands of applications running on Docker, but until today there were only a few applications supporting containers for Big Data analytics. Together with Docker, we're disrupting the Big Data market and leveraging the power of containers for enterprises deploying Hadoop and Spark on-premises".
Docker containers create new possibilities to streamline infrastructure deployment for big data analytics. By integrating the EPIC software platform with Docker, BlueData is providing the benefits of virtualization for big data applications, while delivering the simplicity of containers and the performance of bare-metal servers.
The BlueData EPIC software platform works with all major Hadoop distributions as well as Spark. It integrates with the leading analytical applications, so data scientists can use the tools they prefer. It runs with any shared storage environment too, eliminating the need to move data. It also delivers the agility of Hadoop-as-a-Service in an on-premises deployment model, whilst providing the enterprise-grade security and governance that IT teams require.
BlueData EPIC Lite is available today as a free edition With EPIC Lite, data scientists and developers can easily create multi-node Hadoop clusters or standalone Spark clusters running in Docker containers. The enterprise edition of BlueData EPIC will be available in the fall of this year.
Image Credit: Marynchenko Oleksandr / Shutterstock
IT departments face increasing demands for self-service applications to enable users to manipulate data themselves, but this often conflicts with the needs of the enterprise.
Enterprise software provider MicroStrategy is addressing this with the launch of its latest software which combines self-service analytics and data visualization with enterprise-grade infrastructure.
MicroStrategy 10 contains a number of new and improved features including data discovery offering enhanced exploration and visualization capabilities on both Mac OS and Windows. Users can quickly prepare data for analysis without using other tools.
New governed data discovery makes it simple to make dashboards from the desktop available to the enterprise, providing a path from self-service analytics to enterprise BI. Native Hadoop access makes analyzing large volumes of multi-structured data easy. Better in-memory performance lets users put more data on parallel-partitioned in-memory cubes, so organizations can run faster queries across larger volumes of data.
A redesigned HTML5 interface makes self-service analytics faster, more intuitive, and easier to use, so users can quickly connect to any data and drag-and-drop their way to business insights. Admins can save time too with a new Operations Manager that enables them to manage and monitor all of their environments from a single interface.
MicroStrategy's security uses biometric and multi-factor authentication to lock down every method of analytics delivery, conveniently and seamlessly. It uses Usher Mobile to instantly deploy security badges that replace passwords and ID’s with a mobile app distributed to all employees, partners and customers.
"We currently rely on the MicroStrategy Analytics Platform to track programming investments, analyze ad and affiliate sales trends, and review sales team performance," says Madhur Sawhney, Sr. Director Data & Analytics Technology at Discovery Communications. "After testing MicroStrategy 10 as an early adopter, our team really likes the new functionality, in particular, the ability to easily wrangle and parse data as well as save/import wrangling scripts functionality. The enhanced data blending features and on-the-fly data manipulations made possible with version 10 and Visual Insight provide incredible speed-of-interactivity and ease of use".
You can find more about MicroStrategy 10 on the company's website and it will be presented in a symposium series over the coming months.
Image Credit: alphaspirit / Shutterstock
Enterprise security teams are under increasing pressure to respond to threats from breaches as well as more traditional security threats.
To ease their workload threat isolation specialist Bromium is launching a new platform designed to speed deployment time and give security teams better management capabilities.
Bromium Enterprise Controller (BEC) is a scalable security management platform that delivers one-click deployment, policy control, monitoring and threat management for enterprise endpoint infrastructure.
"Endpoint threat isolation should be a core component of security prevention programs because of the challenge companies face due to increased threat volume," says Roland Cloutier, Chief Security Officer of Automatic Data Processing. "With hardware-enforced isolation and micro-virtualization technology in Bromium's solution, we have an ability to gain increased visibility into threats and act on those attempts in real-time to mitigate their disruption to our business and clients".
BEC automates the deployment and configuration of Bromium's existing vSentry and LAVA products allowing even large enterprises to efficiently control their enterprise security. Key features include fully autonomous installation and updates, simplified policy management, centralized monitoring and analysis, and integration with threat intelligence systems to streamline collaboration in the fight against cyber attacks.
Bromium's isolation and micro-virtualization technologies don't allow malware and malicious threats to access the network in the first place. Unknown tasks and malware are shifted into hardware-isolated micro-virtual machines before they can attack the endpoint.
Bromium Endpoint Controller is available from today and more information can be found on the company's website.
Photo Credit: Alexander Kirch/Shutterstock
The popularity of big data has boosted demand for Hadoop systems. Yet data handling and analytic capabilities are often seen as the key features while governance and security get relegated to a support role.
In corporate environments though the governance side of things is important which is why big data specialist Datameer is launching new tools for maintaining data validity and manageability in the Hadoop ecosystem.
The enhanced offerings allow businesses to have complete transparency into their data by making it easier to navigate data pipelines while keeping information secure and encrypted. Features include access control and auditing to determine and track who has access to which data, who granted access to it and what changes have been made. Datameer access control also integrates with Apache Sentry 1.4.
In addition an impact analysis feature shows users who or what will be affected if a change is made at a particular stage in the data pipeline. Data lineage allows users to understand where analytics results originated and how they were used, modified or published to a downstream system, via either the UI or a REST (Representational State Transfer) API.
Datameer's open governance APIs and pluggable architecture enable other capabilities too including, metadata synchronization with external data management tools, as well as standards that are filtering into the broader Hadoop ecosystem like Cloudera Navigator and Hortonworks' Data Governance Initiative (DGI).
Version control and change management for data and metadata is available via API-based synchronization with both commercial and open source versioning systems. This allows for automated deployment of new changes and/or rolling back the Datameer environment to its previous state if required.
"Hadoop has been seen as the Wild West in which vendors have been developing different products for the ecosystem without really thinking about data governance and sophisticated security protocols," says Stefan Groschupf, CEO of Datameer. "Data security is imperative to providing an enterprise-grade product for our customers and to driving Hadoop adoption and success overall. With these new features we're driving home the point that we're serious about helping enterprises transform their business into data-driven organizations".
More information is available on the Datameer website where you can also register for a Data Governance Webinar to be held on June 23.
Image Credit: Tashatuvango / Shutterstock
Having a website is one thing, but getting it seen is another matter. Ensuring visibility of a site involves lots of factors which in the past may have been beyond the expertise and budget of smaller organizations.
Leading European web host 1&1 Internet is launching its latest MyWebsite 8 tool which includes an Online Success Centre making it easier for businesses to be found online.
Accessed via a central, easy to use dashboard the 1&1 Online Success Centre platform analyzes and displays the elements needed for online visibility while guiding business owners via a step-by-step process to improve their Internet presence.
By centrally managing basic information like name, address and phone number as well as opening hours and directions, businesses can enhance their local search ranking. With this information and the semantic appeal of the website, a Google preview is automatically generated allowing users to check how their data is displayed to their customers in the most popular search engine.
In addition it provides an instant appraisal of how a website appears on the most relevant online directories like Google Maps or Yelp, which are becoming more and more important for local searches. Users can also automate the management of their listings by applying 1&1 ListLocal to their online strategy.
A Content Optimisation interface guides users by an easy to use, speed-dial graphic that illustrates their level of search engine optimization. Content can be optimized to a high degree by applying an SEO tool which is integrated in selected packages.
"Since 2008, 1&1 has been committed to being a strong partner for small businesses by continually enhancing our website builder year after year," says Robert Hoffmann, CEO of 1&1 Internet Ltd. "With 1&1 MyWebsite 8 we introduce an industry first approach for small businesses to increase their online visibility. The new 1&1 Online Success Centre allows small businesses to get found easily on search engines and to be listed on the most influential online directories in a matter of just a view clicks".
Prices for MyWebsite 8 start from £6.99 per month in the UK, a 30-day free trial is available via the company's website.
Most current user interfaces rely on some form of two-step interaction, point and click, or tap and lift, or press and hold for example.
The latest development from Quantum Interface promises to deliver a more seamless experience by using predictive navigation to infer user choices before they're made.
When a user moves towards a menu selection with a finger on a touchpad or screen, moves their hands in the air or moves their eyes in a car's head up display or under a VR hood, the app infers the choice, and moves the selection towards the user. This not only offers a more immersive experience it presents more information to the user faster than conventional interfaces.
This approach is now being made available to users with the beta unveiling of an Android smartwatch launcher, QiLaunch Wear. As a user puts a finger on the watch face and starts moving it towards a selection, the app launches with no lift and tap or point and click required. This streamlines the interface, speeds up engagement with apps, and allows the user to see more content and choices on a smaller screen.
It works by analyzing motion to predict the user's intent. The Qi interface reacts to changes of speed and direction as a user moves so it has the potential to work with any kind of interface from touchscreens and track pads to gesture or retina tracking and even old-fashioned mice. The only requirement to control any device is continuous motion, there's no special sign language or gestures to learn nor any special remotes or other hardware necessary. Designed to be universal it can be added to any application or operating system. The interface also consumes less power than current touchscreens, gestures or other ways of communicating with devices.
"User interfaces today are really frustrating and surprisingly old-fashioned. The Qi predictive navigation approach delivers the most advanced and intuitive interface, and with it, an entirely different user experience," says founder and CTO Jonathan Josephson. "With any device, notice how you drill down through multiple options, or long rows of choices, rather than moving smoothly exactly where you want to go. Qi has created a 'human' interface that seamlessly and intuitively connects people to their technology".
If this sounds like something you'd like to try for yourself you can apply to become a beta tester on the Qi website. There's a short video of the interface in action below.
Image Credit: alphaspirit / Shutterstock
New research by cloud storage specialist CTERA Networks highlights the challenges that enterprises face in providing cloud storage and file sharing services, while reducing IT costs and maintaining security and data control.
It shows that security of data remains a major issue with 35 percent of organizations experiencing corporate data leakage in 2014 as a result of employees sharing files via often-unsanctioned file sync and share (FSS) services, a four percent increase over 2013.
Companies are taking this threat seriously and 83 percent of organizations have established corporate policies that either sanction the use of specific SaaS-based file sharing solutions or forbid their use in the organization entirely.
Nearly three-quarters of companies (73 percent) have implemented or are considering an alternative to public FSS, and two thirds of those favor private or "virtual private" cloud storage solutions. In addition, 59 percent of those organizations indicated that they favor a private cloud FSS solution run either on hosted (virtual private) infrastructure or in their own data center.
Cloud storage gateways are replacing and augmenting traditional file servers and tape storage, particularly in remote or branch offices (ROBO). One third of all organizations with more than 50 ROBOs have implemented on-premise cloud storage gateways that support both the private cloud and public cloud, and 27 percent of all companies have implemented them.
Enterprises are coming under pressure to establish contemporary cloud storage solutions that provide the visibility and control required to meet enterprise needs and industry regulations. In the more heavily regulated financial services, government and life sciences industries 42 percent prefer a completely private cloud that does not rely on external hosted infrastructure, as do 40 percent of organizations with 10,000 employees or more.
"Cloud storage is simplifying and accelerating data services across the enterprise. However, an increasing number of data leakage events, and a desire to exercise more control over file sharing and data protection are forcing organizations to investigate and deploy alternatives to public cloud storage services," says Rani Osnat, VP of Strategic Marketing at CTERA. "In our second year of research, the trend continues, demonstrating that organizations are leveraging cloud storage for efficiency gains and cost savings, while combating security, control and governance requirements with virtual-private or fully-private topologies".
The full report is available from the CTERA website and there's a summary of the findings in a Star Trek themed -- it's about enterprises, get it? -- infographic below.
Image Credit: Maksim Kabakou/Shutterstock
Consumers love getting personal, timely and relevant offers from retailers but they don't like having to share the data that makes them possible.
This is one of the main findings of new research by predictive marketing and consumer intelligence specialist Boxever. Of 507 consumers surveyed more than 60 percent indicated they prefer offers that are targeted to where they are and what they are doing, but 62 percent said that they don't want retailers tracking their location.
"Retailers are losing consumer trust for failing to effectively leverage personal data; it's negatively affecting the customer experience and retailers' ability to market and sell effectively," says Dave O'Flanagan, co-founder and CEO of Boxever. "While today's consumers crave a personalized, value-added shopping experience, they're unlikely to continue sharing personal data because they aren't seeing enough value from the data that retailers already collect".
The survey also finds that for more than half of consumers, three out of four sales offers received are irrelevant to their needs and preferences. This means that millions of consumers are being spammed daily, an ineffective communication strategy that can have a negative impact on future sales and customer loyalty.
When consumers experience this type of marketing 40 percent say they're less likely to buy from that company in future, 50 percent are less likely to open the next offer that comes from that company, 59 percent said they would unsubscribe from the company's content, and 31 percent would delete the company's app.
The three most-preferred channels for receiving offers and communications are email, in-store, and direct mail, with email being far-and-away the most popular platform. A mere two percent of survey respondents identified mobile as their preferred channel for receiving offers and communications, and only four percent prefer social media. Those preferences change slightly for millennials, who prefer mobile twice as much as the general population, and who are nearly three times as likely to prefer offers on social media.
When asked what factors influence them to buy or act on an offer, 70 percent say when the offer adds value to something they are already doing or plan to do, 42 percent when the offer revisits a product or event that they've expressed interest in before, and 21 percent when the offer is targeted to what they are doing at that moment.
"The days of personalizing offers based on high-level demographics are long gone, and continuing along this path will actually hurt, not help brands," says O'Flanagan. "Brands need complete visibility into the preferences of every customer, and the ability to integrate contextual customer intelligence and value into each marketing offer sent".
The full report The Data-Sharing Disconnect: The Impact of Consumer Trust and Relevance in Retail Marketing is available to download from Boxever's website and there’s a summary of the findings in infographic form below.
Image Credit: Tashatuvango / Shutterstock
A new study from threat prediction and remediation specialist NopSec reveals key security vulnerability issues and highlights the length of time it takes for enterprises to fix problems.
NopSec analyzed more than 65,000 vulnerabilities contained in the National Vulnerability Database over a 20-year period, as well as a subset of more than 21,000 of those vulnerabilities identified across customers in all industries.
Key findings include that Microsoft and Apple dominate the vulnerability chart, based on the two-decade analysis, with Linux operating systems trailing behind. In addition, Adobe, Apple, Microsoft, Mozilla and Oracle face the most severe vulnerabilities.
While rapid vulnerability detection is at an all-time high, it still takes the typical organization too long to address known security issues. The average time it takes to fix a security vulnerability is 103 days. However, this varies by industry, while cloud providers respond fastest (50 days), followed closely by healthcare organizations (97 days), financial services companies and education organizations take a worrying 176 days to take corrective action. That means they're potentially exposing themselves to data breaches for almost six months. Even worse, nearly a third (32 percent) of security vulnerabilities take more than a year to fix in the financial industry.
Cloud providers are more exposed to attack with an average 18 vulnerabilities per asset. This contrasts with the six vulnerabilities per asset in financial services, three in healthcare and two in education. The type of vulnerability matters too, whilst application vulnerabilities are fixed within three weeks on average (20 days), network vulnerabilities are left unaddressed for a scary 182 days.
Interestingly although threats may be going unfixed within organizations, they're often well known on social media. The typical security vulnerability averages 115 social media mentions when there is a known malware exploit. However, that number increases when an exploit earns a "critical" risk severity rating based on the NopSec technical risk score. Critical vulnerabilities average 748 social media mentions, whereas high risk vulnerabilities rate only 89 mentions.
"Organizations are still very vulnerable to exploitation. Although businesses have been alerted of the potential risks, system vulnerabilities and misconfigurations continue to be the root causes for costly security breaches," says Michelangelo Sidagni, NopSec Chief Technology Officer and Head of NopSec Labs. "Detection is simply not enough in today’s threat landscape of sophisticated attacks; organizations need to focus on improving threat prioritization. Vulnerability remediation efforts need to move much faster than they are right now in order to close the window of opportunity for exploitation and win the race against hackers".
More information on the study is available on the NopSec website.
Image Credit: razihusin / Shutterstock
Cyber attacks are becoming more covert which helps them to consistently evade detection and means they can take weeks to uncover.
Cyber security startup Niara is unveiling its Security Intelligence Solution, combining advanced security analytics and forensics to help security teams quickly find sophisticated cyber threats within their organization.
Based on big data architecture, the Niara Security Intelligence Solution analyzes security data from disparate sources to ensure that security teams can identify and respond to sophisticated, multistage attacks that can be missed by existing monitoring and response solutions.
"The threat landscape is continuously evolving and enterprises need a way to discover and investigate advanced threats inside their network faster and more efficiently," says Sriram Ramachandran, CEO of Niara. "Niara's Security Intelligence Solution is designed from the ground up to leverage analytics and forensics from disparate data sources, providing unprecedented views into an organization’s network. This fundamentally elevates their threat discovery, incident investigation and breach response capabilities, reducing risk and helping them stay out of the headlines".
It can operate on a mix of data sources including logs, flows, packets, alerts and threat feeds to flag up threats and risky behaviors that remain undetected by log-based analytics alone. It builds an overview of an organization's threats by monitoring not only users, but also devices and applications to collect and discover threat information. Combined with Niara's ability to profile entity behaviors by linking together disparate events to uncover them as a multistage attack, it means teams have a complete view of an organization's risk posture.
Security Intelligence Solution provides one-click access to a comprehensive forensic trail and analytics in the same solution to simplify and accelerate threat discovery and incident investigation. It can make use of existing data stores too without the need to recreate or duplicate data.
The Niara Intelligence Security Solution is available now and can be delivered for cloud, on-premise and hybrid deployment. More information is available on the Niara website.
Photo Credit: ra2studio / Shutterstock
Developing mobile and web-based continues to present a major challenge for enterprises, especially with regard to the costs associated with infrastructure and DevOps.
A new survey of 200 technology decision makers by mobile backend-as-a-service (MBaaS) company moBack shows that 80 percent of respondents, including both large and small businesses, consider mobile app development very important and essential for their business.
Of the respondents 65 percent say they're currently using cloud-based platforms such as BaaS or MBaaS to develop mobile apps. However, some of the challenges they face include sourcing the right technical skills, speed of delivery and flexibility for rapid app development.
Scalability is cited as important by 80 percent, cost reduction capabilities by 80 percent and customization for business specific functions by 81 percent. 75 percent of the respondents indicated ease of use as being very important and essential in a MBaaS platform. Two-thirds want or highly value the ability of a MBaaS platform to customize, include their organization’s business specific functions and reduce cost. Cost and security are cited as the deciding characteristic of 70 percent of all technology decision-makers.
"From our experience in building apps for enterprises across various industry segments, we find that the need for adopting mobile technologies is becoming a top priority in order to stay ahead of competition," says Dev Gandhi, CEO of moBack. "The challenge most IT executives face is to achieve this in a cost-effective manner, while also maintaining control over business-critical information. moBack's MBaaS platform aims to provide enterprise IT the control and flexibility it needs to deploy mobile services, while saving considerable costs".
More information on the results is available on the moBack website and there's a summary of the findings in infographic form below.
Image Credit: Alex Mit / Shutterstock
Business intelligence tools are usually thought of in terms of marketing and strategic decision making. Using them for other tasks like recruitment has usually meant links to other products and significant manual input.
Now though recruitment software specialist Gild is launching a BI solution specifically for hiring, applying predictive analytics and insight to every stage of the process, delivering 360-degree information and customized reports to help every make better decisions.
"There's a sea change coming to talent acquisition that's similar to the transformation marketing automation tools created in how companies go to market", says Sheeroy Desai, CEO of Gild. "By arming each person involved in the hiring process with the real-time information to become more effective, Business Intelligence for Hiring eliminates the need for a dedicated business analyst or costly, separate BI application. As an integral part of The Gild Platform, our new BI solution lets everyone see the data that matters most as well as data they never had access to before -- whether it's understanding which sources produce the best candidates, where recruiting campaigns are most successful, how employees are performing or where resources are being spent. And because we offer data in a form that's both meaningful and easy to understand, companies can now get a truly accurate overview of their entire business ecosystem".
Delivered as part of the Gild smart recruitment platform, BI for Hiring is made up of persona-specific dashboards that can be customized for each hiring role from CEOs to recruiters.
For example CEOs can assess the return on investment of each hiring expense, benchmark performance against that of similar businesses and make educated decisions about where to focus resources and what strategies to pursue over time. Finance officers can understand the fiscal impact of hiring on budgets and the bottom line, identify expensive errors and optimize the hiring process for the most cost-effective return.
Departmental managers are able to access data about how hiring and firing rates impact each team, which factors affect productivity the most and which areas need improvement and optimization. Over time recruiters can boost their personal productivity and make better hiring decisions by understanding the impact of their role on the business.
Gild Business Intelligence for Hiring is available from today to existing users of the Gild platform. You can find out more on the company's website.
Photo Credit: Adam Gregor/Shutterstock
What do you do with the SATA hard drive you took out of that old machine you threw away a couple of years ago? One answer is that you get hold of an external enclosure and use it as an archive or for making backups.
Inateck's latest external enclosures allow you to do just that for both 3.5- and 2.5-inch drives. Let's take the larger one first, the FE3001 is USB 3.0 for fast transfers and the case is made of sturdy aluminum with a smart, grained finish. There's an external power supply, USB cable and everything else you need -- screws, rubber pads and even a small screwdriver -- is included in the box.
It's easy to fit your drive into the case -- pull out the back panel, which carries the connections and an on/off switch, and out slides a half-length metal tray. Plug the drive into the SATA connector, attach it to the tray with a couple of screws, slide it back in and fasten the cover with a couple of longer screws and you're done. There are good printed instructions if you get stuck, these also give advice on formatting disks and safely disconnecting.
The FE2007 is for 2.5-inch drives, it's a bit larger than you'd normally expect to accommodate this size disk but that's because it incorporates a USB 3.0 hub. The case is made of plastic but it's a neat tool-free design with a sliding cover. There’s an on-off switch, which is something you don’t often get on small disk enclosures, and there’s a separate power input for systems that don't provide enough juice on the USB port. Cables for both this and the normal USB connection are supplied.
As a drive enclosure it's similar to the FE2004 that we reviewed a few months ago but the addition of a USB hub means you can leave it connected all the time without sacrificing a USB 3.0 port.
You can buy hard drive enclosures cheaper, however, the Inateck products have an air of quality and are thoughtfully designed with some nice touches you don’t get in budget-priced alternatives. If you have an old hard drive that you want to rehouse they’re well worth considering.
The FE2007 costs $29.99 on Amazon (£25.99 in the UK). The FE3001 is on Amazon for $22.99 (£23.99 in the UK).
A total of 23,095 DDoS attacks were carried out on web resources located in 76 countries in the first quarter of 2015, up 15 percent from the 66 countries affected in the final quarter of last year.
This is one of the findings of a new study by cyber security firm Kaspersky Lab into the botnet-assisted DDoS attack landscape. But although the geography is expanding the overall number of botnet-assisted attacks is down by 11 percent and the number of unique victims down by eight percent.
Servers in the US, Canada and China are targeted most frequently. The study also finds that the greatest number of attacks on a single web resource in Q1 2015 was 21, compared to 16 in Q4 2014, and the most prolonged botnet attack occurred for almost six days.
"A DDoS attack is often a cross-border effort; the customer is located in one country, the executor in another, the C&C servers are hosted in a third country, and the bots involved in the DDoS attack are scattered across the world," says Evgeny Vigovsky, Head of DDoS Protection at Kaspersky Lab. "This often makes it more complicated to investigate attacks, take down botnets and catch those responsible. Although cybercriminals do not limit their DDoS toolkits to botnets alone, this is still a widespread and dangerous tool, and it demands preventive protection measures from potential targets, i.e. web resources".
The fact that China and the US for most frequently attacked countries and highest numbers of victims is, says Kaspersky Lab, down to low hosting prices that encourage many companies to have their sites located in those countries.
The most attacks on a single resource were against a Russian language website belonging to an investment group. A Vietnamese wedding services site was second most attacked, and a US hosting provider third.
Only three sites suffered attacks of more than 100 hours, down significantly from 13 in the final quarter of 2014. However, as the report points out even a short, one-off attack can make a site inoperable and cost the victim both financially and in damage to reputation.
The full report with much more detail is available from the Kaspersky Lab site. There's also an infographic showing the geographical breakdown of attacks below.
Image Credit: Jozsef Bagota/Shutterstock
Hot on the heels of news that OS X topped the vulnerabilities charts in April comes Dr. Web's virus activity review for May which shows increasing quantities of adware and unwanted applications targeting the Apple operating system.
The company reports several programs aimed at OS X that either install adware, install other applications or inject JavaScript code into webpages.
Adware.Mac.InstallCore.1 cannot only install unwanted programs on the user's computer but also change the browser home page and the search engine used by default. The program incorporates debugging functions too -- once launched, it scans the system for the presence of virtual machines, anti-virus tools, and some other applications. If the scan returns positive results, the malware will not prompt the user to install additional programs.
Adware.Mac.WebHelper can be launched automatically with the help of PLIST (Property List) files. The application can modify the home page in Chrome, Firefox, and Safari. It can also change the default search engine to my-search-start.com. It contains a binary file that executes two AppleScripts (for Chrome and Safari) in an infinite loop. These scripts inject JavaScript code into webpages browsed by the user. Running of this code, in turn, results in downloading other JavaScripts that display adverts in the browser window.
There's similar functionality in Mac.Trojan.Crossrider which is distributed in the guise of an installation package (Safari Helper). Crossrider trojans may be familiar to Windows users but this variant specifically targets Apple systems. Running it triggers a stealthy installation of the FlashMall extension for Safari, Chrome, and Firefox. It also adds two applications to the system startup list: "WebSocketServerApp" and "Safari Security". The first is responsible for communication with the command and control server and the second one installs browser extensions. In addition the malware modifies the startup scripts for the browser extensions to be updated in the future.
Apple users may like to know they're not the only ones that are coming under attack. Linux.Kluh.1, developed by a Chinese hacker group, infects routers with the purpose of launching DDoS attacks. Linux.Iframe.4 is a malicious plug-in for the Apache web server that injects code into web pages browsed by users redirecting the victim to the web page run by cybercriminals.
Trojans continue to be the big threat to Windows systems with an overall increase of 14.9 percent in the amount of malware and riskware detected in May. Android users aren't safe either with an increase in numbers of banking and SMS trojans as well as the emergence of new ransomware.
There's been a big increase in malicious websites too with 221,346 URLs being added to Dr. Web's database in May. Many of these use social engineering techniques like sending bulk SMS messages informing the recipient that they have won a car. The message contains a link to a wesbite which tries to get visitors to part with their financial details.
More information on these and other threats is available on the Dr. Web site.
Photo Credit: Stephen Finn/Shutterstock
Whilst cyber attacks continue to make the news, a new report published by Capital News Desk suggests that around 70 percent of organizations choose to keep their security incidents quiet.
It also reveals that around 73 percent of large organizations have been infiltrated by attacks. It's newer technologies like BYOD and the cloud that are seen as the biggest threats along with cyber crime.
In an effort to combat these attacks worldwide information security spending is expected to reach $94.8 billion by the end of this year. By 2019 the cyber security sector is forecast to be worth $155 billion.
The US government has budgeted $14 billion for cyber security in 2016 with the Pentagon alone requesting $5.5 billion for cyber defense. This boom in security is good for investors though and has led to venture capitalists seeking out companies in the sector.
More detail is available in an infographic reproduced below.
Photo Credit: Sergey Nivens/Shutterstock
It's becoming almost essential for businesses to have an online presence today, but for smaller companies or one-man operations employing a professional designer may be prohibitively expensive and basic template-based design tools don't always produce quality results.
Russian website specialist uCoz is about to make life easier for small businesses with the launch of the open beta of its new website creation platform, uKit.
uKit is designed with even the least tech-savvy user in mind. It's a browser-based drag-and-drop website builder that lets micro and small sized businesses create personalized websites in an easy yet effective way.
"Micro, small businesses and freelancers account for over 95 percent of the world's enterprises, and with increasing competition, an online presence has become even more vital. In the United States alone, around 50 percent of the businesses don't have a website. We want to help business owners save on initial start-up costs with a do-it-yourself solution that is highly flexible and professional, yet affordable," says Evgeny Kurt, uKit's CEO and Co-Founder of uCoz.
uKit offers a number of templates to get you started which you can then customise to meet your needs. It's easy to add various kinds of content, social links, online stores, blogs, etc. A toolbar to the left of the screen adapts to offer options for whichever page element you click on.
A clever feature of uKit is that the software limits user customizations based on recommendations by skilled design professionals. This helps users avoid scenarios like mismatched fonts, awkward color combinations, unprofessional headers and other design mishaps. The sites it creates are designed to adapt seamlessly to display across all devices including tablets and smartphones.
Further additions to the service to be rolled out later this year include a landing page generator. There will also be an automatic AI-assisted conversion from FB pages and outdated websites to a new, redesigned and adapted to current marketing standards, business website.
The beta is available now and you can try it out for yourself by visiting the uKit site.
Businesses around the world are relying more on big data than ever before. But it’s crucial that they know the right way to store and protect their data as well as knowing how to use it effectively.
Communications and managed infrastructure specialist XO Communications has produced an infographic looking at how intelligent networking can be used to manage the rise in unstructured data use.
It shows that the average enterprise will need to manage 50 times more information by 2020, but with only a 1.5 percent increase in IT staffing. Also that more than 90 percent of the data in today’s enterprises is unstructured.
Of 1,800 IT professionals surveyed 48 percent expect network loads to double over the next two years and 23 percent expect them to triple. 81 percent say that cloud computing will be needed to handle their big data projects.
You can see more in the full infographic reproduced below.
Image Credit: alphaspirit / Shutterstock
Figures released today from two major research organizations show that the worldwide server market has made a strong start to 2015.
According to Gartner shipments grew 13 percent year on year, while revenue increased 17.9 percent from the first quarter of 2014. IDC's Quarterly Server Tracker shows server revenue up 17.2 percent to $12.8 billion in the first quarter of 2015.
"The first quarter of 2015 was a particularly strong start to the year, with the strongest shipment growth since the third quarter of 2010, when the market was recovering from the downturn. It was also the second-largest-volume quarter ever," says Adrian O'Connell, research director at Gartner. "The market was driven by particularly strong demand from the hyperscale area, which benefited North America, in particular. This comes at a time when other regions are struggling, due to price pressure driven by the appreciation of the U.S. dollar. The strength in North America was strong enough to offset declines in Latin America and Japan. EMEA was barely positive, with 1 percent volume growth".
Both sets of figures show that HP still holds the top slot in the server market with around 24 percent market share, followed by Dell and IBM on around 18 and 14 percent respectively. Lenovo and Cisco are neck and neck for fourth, each on around seven percent. Lenovo showed the strongest growth in shipments according to Gartner though, up almost 240 percent in the first quarter.
iCharts
Most of the market growth is down to demand for x86 systems, whilst RISC/Itanium Unix server shipments declined. Demand for high-end systems showed revenue growth though driven partly by IBM's refresh of its z13 mainframe range.
"Even as high-end systems are increasingly being deployed on x86 platforms, opportunities for long-term non-x86 growth still exist with OpenPower and ARM, as customers are looking for non-x86 alternatives to hyperscale problems," says Kuba Stolarski, Research Manager, Enterprise Servers at IDC. "Some of that transformation is likely to occur in the greenfield opportunities related to Internet of Things (IoT) solutions, while optimizing hardware and software for hyperscale datacenter workloads continues to be a driver of design innovation and supply chain diversification."
More information on server market performance is available from Gartner and from IDC.
Photo Credit: dotshock/Shutterstock
Modern computing environments generate vast quantities of log entries. Analyzing this data in the event of a problem can be a mammoth task often involving different tools for different systems.
Boston-based Logentries is announcing a new Analytics Language that offers an easy-to-use alternative to traditional search languages with no need for technical skills.
Logentries Query Language (LEQL) bridges the gap between management and analysis by enabling users to not only collect and search log data in real-time, but now use logs to visualize high-level trends, perform sophisticated correlation across log data streams, and drill down as needed into the data.
"Our new LEQL language has been designed to be powerful, yet easy to use," said Trevor Parsons, Chief Scientist, Logentries. "It enables our users to easily ask questions of their log data and get immediate visibility across their software stack, without requiring them to learn a new, complex query language".
LEQL helps users to slice-and-dice their data using search functions such as Count, Sum, Average, Min, Max, Group By, Sort and more. It delivers the ability to see both high level trend reports and a fine-grained view of system and application performance using one single tool.
Logentries cloud-based service collects and pre-processes log events in real-time for on-demand analysis, alerting and visualization. With custom tagging and filtering, users can draw data from across their infrastructure to better understand application usage and performance, as well as security and performance issues, and user behavior.
You can find out more about Logentries and sign up for a 30-day trial on the company's website.
Security is always in the news so it hardly comes as a surprise that the market for security products is growing. According to research specialist Gartner the worldwide security software market was up 5.3 percent in 2014.
In terms of value the market is worth $21.4 billion, however, the make up of that market is shifting. Low growth in endpoint protection platforms and a decline in consumer security software -- possibly because of improved built-in security in the latest versions of Windows -- are balanced by high-growth areas, such as security information and event management (SIEM), secure Web gateway (SWG), identity governance and administration (IGA) and enterprise content-aware data loss prevention (DLP).
"Overall market growth was up slightly in 2014 to 5.3 percent from 4.9 percent in 2013," says Sid Deshpande, principal research analyst at Gartner. "Even though the SWG segment experienced single-digit growth in 2014, cloud-based and hybrid SWG deployments are becoming increasingly popular. As organizations' corporate data traffic becomes more exposed to the Internet and moves out of the control of traditional network security boundaries, SWG technologies continue to be an important piece of the overall security technology strategy of most enterprises".
Symantec remains the biggest player in the security market with $3.69 billion of revenue, but it suffered its second consecutive year of revenue decline in 2014. This is in part due to its heavy reliance on consumer security software which accounts for 53 percent of its business.
Intel -- which owns McAfee -- is in second place with $1.8 billion, up 4.6 percent, followed by IBM which saw its security software revenue up 17 percent in 2014 to reach $1.48 billion.
The DLP market grew 15.8 percent year on year to reach $643 million in revenue in 2014. This was mainly due to a strong showing from Symantec in this sector, accounting for nearly half of the total market. SIEM was up 11 percent to $1.6 billion thanks to a strong focus on threat detection and response from security buyers.
The full report is available to Gartner subscribers via the Gartner - security software report.
Image Credit: Norebbo/Shutterstock
Security company Secunia has released its latest quarterly Vulnerability Update covering the period from February to April 2015.
It looks at the top 20 products with the most vulnerabilities each month and finds that there have been a total of 1,691 new vulnerabilities appearing in the top 20 over the three month period.
The vendor with most vulnerable products in the quarter was IBM, but the top spot for highest number of vulnerabilities in a single product goes to Avant Browser in February and Apple Mac OS X in April, each with 84. March's chart is topped by Google Chrome with 51 vulnerabilities.
Cisco IOS put in an appearance in March with 23 vulnerabilities. Whilst that's not a huge number it does emphasize the need to be aware of problems coming from unexpected directions. Cisco IOS is the operating system used on the many of the routers that operate the Internet, and also on the Cisco network switches found in many company networks.
Windows 8 has made the list every month, with 25 vulnerabilities in February, 31 in March and 24 in April. As did Windows Server 2012 with 25, 32 and 24. Windows 7 just sneaked into the bottom of March's top 20 with 20 vulnerabilities.
There have been seven publicly disclosed zero-day vulnerabilities in the first four months of 2015, all of them in Adobe Flash Player and Microsoft Windows. Cause for concern as these are two of the most widespread programs globally, on both private PCs and corporate networks.
What's interesting is how varied the monthly lists are. Although there are some products that appear regularly there are also a variety of others making 'guest appearances' underlining the need to stay vigilant and ensure that all of your software -- not just the operating system -- has the latest patches installed.
The full report is available to download from the Secunia website.
Image Credit: Sergey Nivens / Shutterstock
Web developers are under pressure to deliver sites and applications faster and at the same time offer greater flexibility and a more personalized end-user experience.
Cloud application delivery provider Instart Logic is using the O'Reilly Velocity Conference to launch its latest Software-Defined Application Delivery (SDAD) platform.
The new release offers performance features including JavaScript interception that accelerates third-party code, the development of Browser Cache Purge to extend cache control to the browser, and opening up SDAD to developers with new APIs.
There's also a new management portal for improved agility and end-to-end control, a big data platform that enables consolidated real-time reporting and analytics, and embedded machine learning to automatically improve performance.
Enhanced performance and security are on offer with Nanovisor 2.0, an upgrade to Instart Logic's patented client technology. This includes an industry first client-side redirection system which enables runtime redirection of client-side asset requests. This allows it to redirect third party JavaScript requests through Instart Logic's service, improving performance, availability and reliability. It also removes the overhead involved in domain name lookup and connection establishment.
With Browser Cache Purge, publishers will be able to push changes to the browser via an API and clear browser cache instantaneously whenever necessary. This new capability seeks to boost performance by eliminating unnecessary network requests to check for current content and is set to fundamentally change how applications are designed. There's an Early Experience Program to recruit application publishers and get their input into how this capability impacts application design.
Third-party JavaScript interception is available from today and the APIs will come on stream over the summer. Developers can sign up for the Browser Cache Early Experience Program by visiting the Instart Logic Developer Central site.
Photo Credit: nmedia/Shutterstock
Though Linux is often seen as being immune to malware it's still important to have protection, partly because Linux malware does exist, even if it’s rare, and partly to prevent the passing on of viruses to more vulnerable operating systems like Windows and Android.
Independent testing organization AV-Comparatives has been looking at the leading Linux anti-malware offerings to gauge their ease of installation, features and more.
Linux has only around a 1.5 percent share of the desktop market so there are relatively few antivirus programs aimed at home users. Also Linux software is usually installed via community-maintained repositories that make it harder to distribute malware.
The report doesn't rank the tested programs but does deliver an individual verdict on each. Singled out for praise are BitDefender Antivirus Scanner for Unices, which offers an easy to use graphical interface and good help facilities, ESET has a clear status display and good malware alerts, and eScan too is praised for ease of use though it provides only on-demand scanning and not real-time protection.
Kaspersky too is easy to manage and configure as is McAfee, both of which use a web console approach as does TrendMicro's Server Protect for Linux.
Others including Comodo Antivirus for Linux, and Dr. Web Anti-virus for Linux come in for criticism for needing use of the terminal for configuration, making them unsuitable for Linux novices. AVG Free Edition for Linux is criticized for being unable to run real-time protection without making the system inoperative.
As well as installing antivirus software, AV-Comparatives recommends that Linux users implement some basic security procedures including keeping installed software up to date, only installing from trusted sources, disabling services you don’t use and not logging in as root.
The full report with verdicts on all 18 programs tested is available to download from the AV-Comparatives site.
Image Credit: maimu / Shutterstock
The adoption of big data often sees developers struggling to balance multiple data models, hybrid architectures, distributed workloads and more.
Seattle-based Basho Technologies is looking to simplify the operation and integration challenges of deploying and managing big data, IoT and hybrid cloud applications with the launch of its Basho Data Platform.
It integrates Riak KV (formerly Riak), a distributed NoSQL database and Riak S2 (formerly Riak CS), with Apache Spark for in-memory analytics, Redis caching for increased performance and Apache Solr for enhanced query capabilities, offering improved productivity for development and operations teams.
"This is a true turning point for the database industry, consolidating a variety of critical but previously disparate services to greatly simplify the operational requirements for IT teams working to scale applications with active workloads," says Adam Wray, CEO and president of Basho. "The impact it will have on our users, and on the use of integrated data services more broadly, will be significant. We look forward to working closely with our community and the broader industry to further develop the Data Platform".
The Basho Data Platform is purpose-built to simplify operations for organizations needing database scalability, multi-model support and seamless integration with complementary technologies. Features include real-time, in-memory analytics with Apache Spark, enhanced read performance with integrated Redis caching, and Riak Search with Apache Solr allowing for transparent indexing and querying of Riak data values.
In addition it makes for simplified operations with download and deployment of instances of Riak KV, Apache Spark and Redis. It can auto-detect and auto-restart failed instances to ensure optimized operations and high availability, plus it eliminates the need to use Zookeeper with Spark to maintain configuration information.
Replicating and synchronizing data and indexes ensures seamless data access and data accuracy with no data loss should an instance of Redis or Spark become unavailable due to network, system or other connectivity failures.
Basho Data Platform is available from today and you can find out more on the company's website.
Photo Credit: T.L. Furrer / Shutterstock
One of the problems for smaller businesses when specifying servers is that it's easy to be caught out by a sudden surge in traffic or need for extra capacity.
It can take time to ramp up capacity to cope during which you could be losing business. Hosting company 1&1 Internet has launched its new Cloud Server solution aimed at smaller businesses which offers flexibility and control along with a transparent pricing model.
It uses SSD storage through a Storage Area Network (SAN), to provide greater reliability and better performance than the company's old Dynamic Cloud Server product. The whole thing is controlled from a browser-based interface to a VMware virtual machine, from which you can monitor what's happening, install software and add extra hardware resources as required. There's a virtual DVD drive which makes it easy to install one of a selection of operating systems without the need to upload anything, options include RedHat and Ubuntu Linux as well as Windows Server.
If ever an action will result in an extra charge -- for example if you want to add extra storage or memory -- you get a pop up window making this clear and showing you how much it will cost, so it's easy to keep track of what you're paying for. Adding resources uses simple slider controls so you don't need to be a technical wizard, this also means you can play around with the options and compare the costs before committing yourself.
You can specify applications like SQL Server too and it's possible to have a server up and running in just a few minutes. Firewall settings can be tweaked and you can assign IP addresses and passwords giving you a lot of flexibility. Once you have a server active a graphical control panel lets you keep an eye on the resources it's using. You can add extras like load balancing and private networks as well as being able to mount shared disk volumes of up to 2TB capacity.
"Many small and medium businesses are considering moving to the Cloud but until now there has not been a Cloud service available that met their expectations in terms of security and flexibility while still being easy to manage," says Robert Hoffmann, CEO of 1&1 Internet Ltd. "Now, whether they need one server or several servers, professionals can trust in 1&1 as the leading web host in Europe to support them on their migration to the Cloud, where they will discover a new category of Cloud solution that has been specifically designed to address their needs with the best quality-price ratio on the market".
What makes 1&1 Cloud Server particularly attractive is that it's effectively a pay-as-you-go service. There's no hardware to buy and you don't have to sign up to a long-term contract. It's also easy to manage making it a good option for businesses with limited in-house support.
Basic configurations start from $19.99 (£15.84) per month, you can find out more on the 1&1 website.
In a world increasingly dominated by mobile devices it's easy to forget that many people, particularly in business environments, are still using desktop PCs.
Desktops of course tend not to come with built-in Wi-Fi which means adding a PCIe card or a USB wireless adaptor. With the KT9001, what Inateck has produced is a PCIe card that's a clever mash up of wireless adaptor and three port USB 3.0 hub.
The three USB ports offer transfer rates of up to 5 Gbps and have three-layer power management so you shouldn't need an extra port to provide power for devices like external hard drives. This part of the card uses a Fresco Logic chip.
The other side of its capability is an 802.11 AC protocol, dual-band wireless network card, using a Realtek chip supporting both 2.4GHz and 5GHz networks. It comes with two antennas allowing it to select the most suitable wireless network automatically should you have a dual-band router or access point. Speeds of up to 300Mbps and 867Mbps are available provided your network supports it.
Everything you need is in the box, Inateck even provides a screw to fix the card into its slot. The supplied driver CD supports versions of Windows from XP up to 8.1 -- but more on that in a second. You need to run two separate driver installs, one for the Wi-Fi and one for the USB ports. A Realtek Wireless LAN Utility program is provided too although this wouldn't install on my Windows 8.1 64-bit system. That's not a huge issue as the card works with the in-built Windows network management tools. The drivers were more of a problem and I had to download a newer Realtek driver than the one provided in order to get reliable operation.
The one slight drawback is that you end up with the USB 3.0 ports on the back of the PC where they're not exactly convenient for plugging in things like external drives that will benefit most from the extra speed. It's worth investing in an extension cable or two to make them easier to use.
That and software issues aside the card works well, if you want to update a desktop machine to give it wireless and USB 3.0 capability then there's nothing else on the market that will do both jobs with just one card.
The KT9001 costs $39.99 on Amazon, or £41.99 in the UK. You can find the full technical spec on the Inateck website.
It often takes time for data breaches to be uncovered and that can present problems when it comes to analysing them and tracing their cause.
Denver-based startup ProtectWise has an answer in the form of its new technology that can record all network activity and store it in the cloud for analysis and playback at a later date.
Called Cloud Network DVR, it provides unlimited retention of full-fidelity network data with the ability to automatically go back into weeks, months and even years of historical data to uncover threats that were previously unknown using the latest intelligence. It also uses threat detection from proprietary research, machine learning and flow-based traffic algorithms as well as multiple commercial intelligence feeds across ProtectWise's customer base.
Cloud Network DVR is delivered as a service allowing for rapid deployment, evaluation and time to value, and eliminates the costs associated with appliance-based solutions.
In addition it allows users to visualize its data via an interface designed by special effects professional Jake Sergeant. It includes a head-up display which provides an at-a-glance view of an organization's network security posture. It includes a Kill Box feature that prioritizes threats, a SitRep tool to provide threat context and reporting as well as easy, intuitive threat search functionality.
"Enterprises today are grappling with Defense in Doubt," says Scott Chasin co-founder and CEO of ProtectWise. "The traditional defense in depth approach has left security professionals with a costly daisy chain of endpoint solutions that provide only a point-in-time view of threats and emit a tidal wave of security alarms with no context or correlation across solutions. By shifting network security to the cloud, we make it possible to leave this outdated, ineffective model of enterprise network security behind".
ProtectWise is built on a scalable, secure and efficient cloud-based infrastructure that collects and analyzes data from a number of small, lightweight software sensors which can be deployed anywhere on the corporate network. The sensors use-patent pending technology to optimize and compress network traffic and replay it to the company's cloud platform to provide a single, source of threat intelligence. More information is available on the ProtectWise website.
Image Credit: sommthink/Shutterstock
Anybody can develop a mobile app, but making money out of it is another matter. Accepting adversing is a popular route but it involves linking the app to a specific network and that means making code changes if you decide to switch at a later date.
Estonian company MoneyTap is aiming to change that and put the developer in control. We spoke to the company's business development manager Pavel Goryakin to find out how.
BN: Why do traditional ad networks fail to deliver?
PG: Ad networks have limited coverage. More often than not, their demand is tied to a certain territory and a fixed group of local advertisers. Networks are committed to deliver the best traffic out there to these specific advertisers, albeit there may be a higher bidder on the market. That's how game developers potentially miss out on better demand and lose money.
Besides, a single ad network cannot guarantee optimal fill rate. Any malfunction or failure to render an ad at a given point results in revenue losses all the same. Whereas other, albeit lower paying, networks could pick up the request and fill the channel. One soldier does not make a battle in this business.
Now, let's take a look at it from the user prospective. One network means the same advertisers and, not surprisingly, same ads all along. However loyal, any gamer grows weary of seeing identical content, which results in a diminishing click-through rate and jeopardized user experience. A slippery slope, isn't it?
BN: What makes MoneyTap different?
PG: MoneyTap is not an ad network, it's a developer-made tool for optimizing developer revenues. Its goal as a supply side platform is to get the utmost out of 250+ ad networks, and we employ quite a few smart techniques to achieve that.
We don't deal with direct advertisers and have no commitments to the brands whatsoever, so we just sell the developer’s inventory at the best CPM rate in every given region, no matter what. Unlike the competing mediating solutions or separate ad networks, we always backfill with the next highest bidder if the top pick network fails to deliver an ad.
MoneyTap is a turnkey monetization solution that lifts the burden off the publishers so they can focus on R&D. The only thing developers have to do is integrate a single comprehensive SDK, and they are all set.
Here's what we do for the app publisher:
BN: So there's no recoding required in order to switch ad networks?
PG: Once MoneyTap SDK is integrated, we take charge of all network management issues. All third-party network integrations are performed on the MoneyTap sever side, so the developer doesn’t have to waste time and bloat the app code to add yet another network. It's already there. A single SDK delivers multiple networks.
BN: Which platforms does it support?
PG: MoneyTap supports iOS, Android and Unity platforms.
BN: How are payments handled?
PG: MoneyTap goes the extra mile to facilitate developers' accounting. We collect payouts from 250+ networks and deliver the net payment to the developer.
BN: Is it easy for developers to see how well they're performing?
PG: The system displays transparent revenue reports easily filtered by app and region, so developers have a clear insight into their finances.
Image Credit: nopporn / Shutterstock
According to new figures released by the UK's Office for National Statistics (ONS), in the first quarter of this year 86 percent of adults had used the Internet in the last three months, up one percent from the same period in 2014.
That means that 11 percent (5.9 million people) have never used the Internet. But this percentage is much higher for the disabled, a group where 27 percent of adults (3.3 million) had never been online. There were also 0.5 million disabled adults who had last used the internet more than three months ago, making up 48 percent of the total 1.1 million lapsed internet users.
Looked at geographically, the South East has the highest proportion of recent Internet users (90 percent) and Northern Ireland is the area with the lowest proportion (80 percent). The South East also has the fewest lapsed users.
Age plays a big part in whether or not Brits use the Net according to the figures, almost all adults aged 16 to 24 years are recent Internet users, in contrast with just 33 percent of adults aged 75 years and over. Although the proportion of adults aged 75 years and over who have never used the Internet, has decreased from 76 percent in quarter two (Apr to June) of 2011 to 61 percent in quarter one 2015.
Adults aged 75 years and over also have the highest rate of lapsed internet users at six percent, compared with 0.3 percent of those aged 16 to 24. The ONS report says, "This suggests that, although more adults aged 75 years and over are becoming internet users, they are not necessarily continuing to use the internet". Just over half of the 5.9 million adults who had never used the Internet were aged 75 years and over.
The full report is available to download from the ONS website.
Image Credit: PathDoc/Shutterstock
Data breaches are an all too common part of our landscape today, but are we learning the lessons from them to make our systems more secure?
The 2015 Verizon Data Breach Investigations Report found that there were nearly 80,000 security incidents -- including more than 2,100 confirmed breaches spanning 61 countries in the past year. Security solutions company Rapid7 has produced an infographic of expert takeaways from the report.
It reveals that credentials are still the number one attack method and that it still takes too long to detect a breach with an average of 205 days. Also vulnerabilities are not being patched soon enough, with over 99 percent exploited more than a year after publication.
Phishing is an effective means of attack too, 23 percent of users admit to opening phishing emails and 11 percent click on attachments. Almost 50 percent open emails and click on phishing links within the first hour.
Trey Ford, Global Security Strategist at Rapid7 says, "The maturation of cybersecurity has halted – and right now, that’s largely the result of a self-fulfilling prophecy. When breaches occur, there’s a general lack of root-cause analysis being performed. But even when we do have root-cause findings, the common points of failure are generally not shared, essentially sealing the fate of other organizations to repeat the same mistakes. This year's DBIR shines a very bright light on the lack of information sharing across the industry. In the coming year, I hope to see a focus on the effectiveness on controls – what failed, what was missing, what was defeated".
There's more information in the full infographic which you can see below.
Image Credit: Sergey Nivens / Shutterstock
Industrial control systems like those used to run the electricity distribution grid are vital to the economic well being of any country. But protecting those systems needs a different approach from normal enterprise security.
In the US the North American Electric Reliability Corporation (NERC) is the body charged with ensuring grid reliability. But the NERC's critical infrastructure protection (CIP) standards call for only standard firewall use. Is this putting the grid at risk from hackers or terrorists? We spoke to Andrew Ginter, vice president of industrial security at Waterfall Security Solutions to find out more.
BN: How worried should we be about attacks on industrial control systems (ICS) and national infrastructure?
AG: I'm very much worried. Modern attacks have demonstrated repeatedly that they can punch through corporate-style cyber defenses, more or less, at will, and it is corporate-style defenses that are deployed at the majority of critical industrial infrastructure sites. This is a mistake. IT can restore damaged systems from backup. There is no way to restore a damaged turbine or a boiler from backup. There are industrial sites that understand all this and have taken appropriate steps to defend themselves, but the vast majority of sites are not protected thoroughly enough.
BN: Should enterprise IT and ICS be kept completely separate? Why connect ICS to the Internet at all?
AG: There are too many ways to profit from ICS data to keep it locked up and inaccessible. For example, if business systems can determine how often and how long each piece of costly equipment has been used, we can delay maintenance until it is really needed rather than maintain the equipment every few months whether it needs it or not. This predictive maintenance application of ICS data alone, integrated with HR personnel scheduling, spare parts ordering and other business applications, is estimated to save the average industrial facility between three and seven percent of total operating costs. In some industries, this is the plant's entire operating profit. There are many other uses for industrial data.
BN: What's wrong with using a conventional firewall?
AG: Firewalls are IT technology and porous by design. Firewalls let both good and bad communications through. Firewalls are designed to let Web requests, responses, email and remote control sessions through. Remote control is the number one modern attack method. When a firewall is hacked, misconfigured or its credentials stolen, the "protected" network is finished. I could go on. Firewalls simply aren't strong enough to protect industrial sites.
BN: What is unidirectional security?
AG: Unidirectional security gateways give business systems access to industrial data while protecting industrial networks in ways that firewalls simply can't. The gateways let nothing at all back into protected networks -- it doesn't matter how smart the attackers are. If some attacker across the Internet, or some corporate insider, gains access to each and every password on both corporate and industrial networks, there is physically no way to send any sort of attack back through the gateways. No mistake in gateway software protections can put the operation of the industrial network at risk. Remote control attacks simply can't work.
IT-style security is fine for IT networks, but, for computers controlling costly, powerful industrial processes, we need at least unidirectional protections.
BN: Surely technology is only part of the picture, isn't part of the solution always going to lie with training and awareness?
AG: Yes, of course. Unidirectional security gateways eliminate one very dangerous threat vector, namely network attacks from corporate networks and through corporate networks from the Internet, but there are no silver bullets when it comes to security.
That said, what good is training people not to pick up USB sticks in the parking lot if any hacker who wants to sabotage the plant can simply weave a connection straight through porous firewalls? Unidirectional gateways make investments in training and awareness more effective. With the industrial firewall "barn door" well and truly wiped out, investments in "barring the windows" with training and awareness programs suddenly pay much bigger dividends.
BN: Does government need to act to enforce stricter controls on ICS?
AG: That's a tough one. Security is doing whatever we need to do to address safety and reliability risks to complex, powerful industrial processes. Compliance is doing whatever somebody else tells us to, whether it's useful or not. When governments specify detailed regulations, such as the NERC CIP rules for the electric grid, many businesses respond by hiring lawyers to run their security programs. These programs quickly transform into minimal compliance programs -- do as little as possible to meet the letter of the law.
I would rather see government agencies publish clear guidance identifying threats and explaining how best to address those threats with strong security programs and technologies, such as unidirectional security gateways. Governments should use their influence and expertise to encourage strong security programs, not mandate minimal compliance programs.
Image Credit: Meryll / Shutterstock
SMS messages have been a part of our personal lives pretty much since mobile phones first became available. But what impact does texting have on our working lives?
Cloud communications provider RingCentral has released the results of a survey looking at how SMS is being used in the workplace.
Of the 500+ people surveyed 78 percent have between one and four messaging apps on their phone. Over half use two or three apps on a daily basis so it’s perhaps not surprising that 43 percent have sometimes felt a communication overload with too many apps to check for messages.
SMS is widely favored over other apps like Facebook Messenger with 72 percent preferring to text rather than message. 74 percent find texting easier while 56 percent find it faster.
47 percent of all respondents receive between one and 20 texts per day while 31 percent receive 21-40 texts, however, for business users this figure rises to 37 percent. Ten percent of all users and 12 percent of business users receive 60 or more text messages per day.
Business users seem to send fewer texts though, over half of all users (52 percent) send 1-20 texts a day (only 47 percent for business users). 47 percent of all users send 21-60+ texts a day but only 42 percent of business users send this number.
Texts are mostly used for quick responses (71 percent), though 29 percent use them to conduct full conversations. 38 percent are willing to put themselves at risk by texting while driving. Emojis are creeping into business communications too, with 57 percent admitting to sometimes using them.
The overall picture then is that texting has made it into the workplace and workers feel they need to stick to the same protocol and norms they would in personal conversations -- making quick responses, using emoji and so on. This is leading to communication overload and a general lack of protocol surrounding texting at work.
You can see a summary of the findings in infographic form below.
Image Credit: Bloomua / Shutterstock
The growth in use of big data is putting increased pressure on databases to aggregate and report on information in real time.
In response real-time database specialist MemSQL is launching a new release -- MemSQL 4 -- which further extends the company's mission of providing enterprises with a real-time database solution that reacts fast, improving business performance in areas such as the Internet of Things, financial services and mobile applications.
In addition a new Community Edition makes the world's most sophisticated in-memory database freely available to global users. MemSQL Community Edition provides unlimited capacity and scale and full transactional and analytical features. This means that anyone can access MemSQL to achieve the speed and scalability needed to process and analyze real-time data.
"In our interactive and connected business environment, companies must capture and analyze both real-time and historical data faster and more efficiently than ever," says Eric Frenkiel, co-founder and CEO of MemSQL. "Two years ago, we introduced the general availability of MemSQL. Today, we have not only made our software more powerful for enterprises to derive new insights in big data, we have extended it freely to companies seeking in-memory database analytics".
MemSQL 4 features updates in core engine innovation, management and monitoring functionality as well as ecosystem integrations. Highlights include geospatial capabilities, wider support for advanced analytics with an enhanced optimizer and expanded SQL functionality, and easier integration with Apache Spark, Hadoop file system and Amazon S3.
Application and solution sets are available for digital advertising, financial services, retail, public sector, high technology, media, communications and data-driven industries. In addition MemSQL applications including real-time analytics, risk management, personalization, position tracking and monitoring help companies make fast, intelligent decisions based on their data.
The latest release is available from today, for more information visit the MemSQL website.
Image Credit: Jirsak / Shutterstock
Earlier this year we reported on the launch of the Bizzabo platform designed to make life easier for people who manage events.
Now Bizzabo is extending its offering to include a website builder aimed specifically at event planners, giving them the ability to build a custom event website within minutes, with no prior coding or design experience required.
Bizzabo's Event Website Builder provides organizers with the ability to build a professional website that is fully integrated with the wider event management software in order to streamline planning and help support event organizers' need to keep event information across platforms up to date.
The event websites allow event managers full control over their web presence while at the same time providing attendees with a seamless registration experience. The overall result is an improved event experience with event planners free to focus more on success than maintenance.
"Developing a website builder was a crucial component of our event success platform," says Bizzabo CMO and Co-founder, Alon Alroy. "Event organizers deserve a toolkit that allows for the ultimate event planning experience from beginning to end, smoothly and without interruptions. Until now, many organizers are tasked with comparing seven to ten different tools throughout the lifetime of their event. By utilizing Bizzabo's Event Success Platform, including our new Website Builder, every stage of the planning process can be easily tracked and implemented, right down to each event’s social footprint. The integration of the platform is smooth, and any agenda or schedule change is synced across the event website and event app immediately, along with all attendee touch points with a simple click".
Features of the website builder include the ability to host the site at any URL, ticket sales directly from the website without redirecting to a third party, and control over look and feel by selecting from a wide range of templates, fonts, colors, and elements. Features such as a sponsors section and countdown clock can be added quickly using drag-and-drop. Sites can be live within minutes without the need for developers or web designers and are fully responsive for smartphones and tablets. Changes can be made in real time and custom HTML sections added if required.
For customers already using Bizzabo's event platform the website builder is available free of charge. More information is available on the company's website.
More and more companies are turning to apps to improve business mobility, but 67 percent cite security as the top challenge to achieving their goals.
This is among the findings of the 2015 Enterprise Mobility Report from app management specialist Apperian. Although security is the major challenge others include determining return on investment, lack of budget and reaching BYOD or unmanaged devices.
The most common reason for moving to mobile is improved business processes, given by 64 percent of respondents. Increased user satisfaction and competitive advantage were both selected by 60 percent of respondents.
Productivity apps are believed to have the greatest impact on return on investment, followed by field service apps, selling tools and HR apps. Custom-built apps specific to a particular industry may have a greater impact, but not all companies have such apps yet.
The survey also shows that many respondents don't believe they have enough visibility into how their apps are being used. Just over half of respondents can tell which apps are being used, while 48 percent can see who is using them and 42 percent can see how frequently apps are used.
Developing their own apps seems to be the key to successful mobile deployment. 65 percent of those who were most satisfied with their mobility strategy had developed internally. Overall, 60 percent of organizations have internally developed apps in place, compared with 42 percent in the 2014 survey.
The report concludes that to take advantage of enterprise mobility companies need to: focus on their core business when developing apps, support business processes with internal development, invest in technology to manage their apps, develop an internal marketing program to drive app adoption, think of their users as customers and invest in analytics.
The full report is available to download from the Apperian website.
Photo Credit: lucadp/Shutterstock
According to research by IDC the number of enterprise applications optimized for mobile is set to quadruple by next year as businesses seek to improve workflow across the organization.
Adaptive enterprise file services specialist Egnyte is unveiling its new enterprise mobile suite that's optimized for business users. It allows them to seamlessly access, manage and share online and offline data from both cloud and on-premises storage.
Available for Android, iOS and windows as well as being optimized for the Apple watch, Egnyte enables users to seamlessly manage online and offline content, rename files, view high-res thumbnails and previews, and receive notifications when large files or folders are being uploaded and downloaded.
For administrators it’s easy to add new users and manage permissions for users and groups, all from mobile devices. Apple Watch users can manage offline files, monitor the status of uploads and downloads, and will soon be able to get notifications when files are edited or commented on by other team members.
"As we reinforce our mobile-first enterprise file services approach, it will be vital for organizations to provide employees with a full suite of enterprise-grade applications for secure access to any content in the cloud and on premises," says Rajesh Ram, chief customer officer and co-founder of Egnyte. "Our enhanced mobile applications, with the addition of functionality for wearables including the Apple Watch, are able to combine a user-friendly experience for employees and contractors with enhanced security features IT can trust in today's always-on business environment".
Egnyte is available now from the Google Play store, from iTunes and from the Windows Phone app store.
Enterprises currently have a greater volume and variety of data available to them than ever before, but this leads to increased pressure to exploit that data effectively to make timely business decisions.
Apache Cassandra database specialist DataStax is today launching DataStax Enterprise 4.7 which offers integrated enterprise search, analytics, security, in-memory computing, and database management and monitoring, making it ideal for mixed workload environments.
"As the amount of data collected by enterprise web and mobile applications continues to grow at an immense rate, it's critical to have database systems in place that are capable of providing instant insight into that data," says Robin Schumacher, Vice President of Products at DataStax. "With DataStax Enterprise 4.7 and OpsCenter 5.2, users can search, analyze, secure and manage all their online data in one platform and ensure it's immediately available for real-time decision making".
DSE 4.7 includes a new certified version of Apache Solr and DSE's 'Live Indexing' capability that makes new data immediately available for search. It also uses Cassandra's native ability to run across multiple data centers and cloud availability zones, which provides constant uptime for search operations and allows results to be sent back to users in the fastest possible time.
Search and analytics tasks can run simultaneously on the same machine, thus delivering the potential for lower hardware expenditure and improved cost of ownership. Intelligent query routing allows search queries to be transparently routed to the best performing machines in a cluster. It also has the ability to customize how failed queries are handled, delivering either partial results or a full retry automatically.
DSE 4.7 delivers upgraded data at rest protection by providing an option to store encryption keys, needed to unlock the data for use, on servers outside the DSE cluster. Plus OpsCenter now supports the use of LDAP and Active Directory to manage administration security, making it easy to control what administrators and operations personnel can do on database clusters.
New visual features in OpsCenter 5.2 make it easier for admins to provision, administer, and monitor multi-site databases, while new visual performance dashboards deliver expert recommendations help simplify performance tuning.
DSE 4.7 can be downloaded now from the DataStax website and OpsCenter 5.2 will be available in late June.
Image Credit: Ermek/Shutterstock
It's always the way with technology that it starts out expensive then tumbles in price as more manufacturers enter the field. With smartwatches that fall in price has come pretty quickly as Chinese manufacturers have jumped on the bandwagon.
The last budget smartwatch we looked at proved pretty impressive for the price. The GV18 Aplus is cheaper still and yet packs in even more features. So, is it cheap and cheerful or cheap and nasty? Let's find out.
The watch comes in a sturdy cardboard box along with a USB cable, a battery and a Chinese/English instruction leaflet. It's compatible with Android phones and comes with a whole host of features including NFC, a camera, sleep monitoring, anti-theft feature and more.
You need to insert the battery before you do anything else. You're on your own with this as it's not mentioned in the instructions at all. There's a screw on the back presumably to hold on the cover but on our review sample it just went round and round without biting on anything. Even with the screw loose -- stop making up your own jokes! -- you need to lever the back off and there's a nagging worry that you might damage something.
Battery installed you need to plug it into a USB port for a couple of hours to charge it up. The socket is covered by the obligatory rubber flap. Once plugged in it's recognized by a PC as a storage device making it easy to download any pictures you've taken. While it's charging you can download the sync software to your phone by scanning the QR code in the instructions. This is a bit disconcerting as the initial setup screens are in Chinese, it’s also not on the Play Store so you'll need to compromise your security settings to install it.
The watch is a chunky design and quite weighty, but whilst the front is stainless steel the back is plastic, the strap is a soft rubbery material that's comfortable to wear. However, that screw is a bit annoying as it stands slightly proud of the surface.
Okay time to switch on, you're greeted with an animation and a slightly too loud jingle. The screen is nicely responsive though and bright enough for most use, although it can be hard to see in bright sunlight and there are only a limited range of color options. As with most smartwatches you need accurate fingers as it's easy to press the wrong button especially on things like the settings screens and calculator.
The watch has some useful standard features including a pedometer -- "your private health butler" as the website rather charmingly describes it -- and a sedentary warning which tells you if you've been sat still for too long. All of these are easy to set up and work reasonably well. It's also possible to install a SIM card in the watch itself and use it independently of your phone.
The built in camera is only 0.3 megapixels and the resulting images aren't brilliant quality with washed out colors and limited depth of field as you'll see from the full-size example below. There's also a long delay after taking a picture before the watch will let you do anything else. If you don't want to use the built-in camera there's also the option to control your phone's camera remotely.
At just under $35 the GV18 is undoubtedly cheap, and with that plastic back, dodgy battery cover and low-res camera it feels it. On the other hand all of the day-to-day functions like reading messages or accepting calls from your phone work well enough. If you have an Android phone and want to try out a smartwatch without straining your budget it might be worth a look but don't expect premium quality.
The GV18 Aplus is currently on sale for $34.79 and our review sample was provided by GearBest.com.
According to 62 percent of IT professionals traditional security approaches produce too many alerts and false positives for them to handle.
This is among the findings of a new study from research firm Enterprise Management Associates (EMA), sponsored by machine learning and automation specialist Prelert, which shows that 25 percent of organizations know they experienced a breach or significant cyber attack that incurred loss last year.
When asked how they felt about security analytics, 70 percent of respondents indicated that they either have an investment in the technology or would have an investment if it weren't for insufficient resources. Of those IT professionals already using security analytics, 95 percent were confident of their ability to detect a security issue before it had a significant impact.
"Security analytics, though a relatively new field of technology, are the next step in detection and response technology. Machine-learning algorithms and analysis techniques have advanced far beyond the capabilities of what was available in the commercial markets only 2-3 years ago," says David Monahan, Research Director at EMA.
More than half of respondents (57 percent) say that security analytics provides unique or specialized data for context -- data that's needed to identify today's stealthier security threats. Better data flexibility and the adaptability to address a wide range of requirements was cited by 36 percent the top reason for using analytics. Other reasons named were better data correlation and fidelity for creating responses (36 percent), and lowering false positives (29 percent). A further 29 percent see security analytics as a way to reduce incident response time.
'Alert blindness' on traditional systems continues to be a major issue, with 62 percent seeing too many false positives or having too many alerts to handle, with the result that they don't feel confident in the security protections they have in place. Another 38 percent say they aren't confident because there's too much uncorroborated data and a lack of context about that data.
"Lack of knowledge about what is really a security threat and what needs your immediate attention is hurting the ability of IT security teams to understand and respond quickly and effectively," says Mike Paquette, VP of Security Products for Prelert. "Organizations need machine learning-based tools to cut through the clutter and detect threat activity before it becomes a problem for customers".
The full report Data Driven Security Reloaded is available to download from the Prelert website.
Photo Credit: Sergey Nivens/Shutterstock
Businesses are using analytic tools to gather information online, through digital and social channels, as well as call center data, to get to know and build a closer relationship with their customers. However, a survey by customer experience specialist TimeTrade reveals that mobile channels in particular are mostly used for research rather than buying.
The survey looks at consumer buying habits and how retailers need to adapt and provide a better customer experience in order to succeed. It shows that retailers are realizing that a highly personalized in-store experience leads to a lasting impression and creates brand loyalty.
This has led to traditionally online only retailers like Amazon seeking to open up brick-and-mortar stores in the hope of providing a more personalized experience. At the same time consumers are admitting that in terms of their shopping habits, they prefer the in-store experience so they can feel and touch items and most importantly, make final purchase decisions.
Key findings are that many people still prefer the in-store experience with 65 percent saying that if an item they want is available online or in a nearby store they prefer to shop in the store. The main reason cited for this is that they like to 'touch and feel' products.
The survey also finds that despite all its hype purchasing on mobile is slow to take off. When looking to buy something only 13 percent will buy from their mobile device and 42 percent have never purchased from a mobile device at all. However, mobile is an important part of the shopping process with 50 percent using it to research products, 50 percent to compare prices and 46 percent to find the nearest store.
Among 18-34 year-olds, 92 percent will walk into a store either knowing exactly what they want or having narrowed it down to 2-3 products via online research. Important for retailers though is that 87 percent of this age group will buy more than they intended to when shopping in a store. In-store expertise is still important though with 90 percent of all respondents saying they're more likely to buy when helped by a knowledgeable associate.
The report concludes, "In order for retailers to survive and retain market share, they must be progressive in how they create the in-store experience, using modern-day technology while providing prompt service, all the while knowing a customer’s needs before they even enter the store".
The full survey is available to download from the TimeTrade website.
Image Credit: Slavoljub Pantelic / Shutterstock
Companies that accept credit card payments and process cardholder data are facing some significant changes that they will need to comply with by June 30th.
This is a result of new Data Security Standard requirements from the Payment Card Industry Security Standards Council, known as PCI DSS 3.0. This will see many of the things that were previously only seen as best practice become mandatory.
Key changes include a requirement for businesses to verify that broken authentication and session management are addressed. This will help prevent unauthorized individuals from compromising legitimate account credentials, keys or session tokens that would otherwise enable the intruder to assume the identity of an authorized user.
In addition any third-party service providers with remote access to customer premises must use a unique authentication credential for each customer. Providers must also go through additional testing to examine authentication policies and procedures and interview personnel to verify that different authentication is used for access to each customer. Third-party service providers must acknowledge in writing to customers that they are responsible for the security of any cardholder data they process or store.
Businesses must add protection for in-store point-of-sale devices too. This includes the need to train employees on how to be aware of suspicious behavior and to report tampering or substitution of the devices.
Finally, businesses need to implement a new penetration testing methodology based on industry-accepted approaches. Penetration testing must cover the entire card data environment and critical systems as well as validate any segmentation and scope-reduction controls.
There will be further tightening for online transactions thanks to the National Institute of Standards and Technology (NIST) guidance that SSL is no longer considered adequate for transport layer security and recommending migration to TLS 1.2 instead.
PCI DSS 3.1 will require organizations accepting payments online to use TLS. This should have minimal impact on consumers provided they're using a recent browser version.
Michael Aminzade, VP Global Compliance & Risk Services at Trustwave says, "Organizations had 18 months to comply with PCI 3.0 because of the need to replace kit and update software on retail sites. We expect a tighter timeline for TLS implementation as it's easier for merchants to turn off earlier software versions and update security certificates".
More information about PCI DSS standards and what they mean for businesses is available on the Trustwave website.
Image Credit: Sedlacek / Shutterstock
Given all of the hype surrounding the Internet of Things and intelligent devices you might think that consumers would be keen to make use of all the latest options.
However, a new study by UK online retailer Appliances Direct suggests that for many people even mastering their washing machine is too much.
The survey of 1,000 British homeowners shows that only 1 in 10 users surveyed made 'regular' use of all of the settings available to them, while only 21 percent understood when to use every setting.
Despite the average British family running on average 250 wash cycles each year and over 2.6 million washing machines being sold annually, 20 percent of homeowners surveyed claimed to use only one of the settings available to them most of the time. 70 percent regularly use between just two and four settings. 1 in 3 respondents confessed to 'rarely' using the 30 degree setting meaning they could be unwittingly wasting money and energy by using a higher temperature setting than is required.
A startling 60 percent admitted to making use of professional laundry services for some prized, delicate items, when they could utilize one of the features of their machine to do it themselves.
"With household bills on the rise, it’s important that families are making the most of their washing machines and other household appliances to keep costs to a minimum. The numerous settings are there to make life easier for users, and to ensure items are being washed in the best way possible, such as the often featured 'Heavy Duty' setting -- a welcome option for those looking to deep clean towels, bed sheets and perhaps gym-wear," says Mark Kelly, marketing manager at Appliances Direct. "Although the settings available on the latest models are there to suit the needs of the modern day family, they must be fully understood in order for the product to reach its full potential -- and those who take the brief time required to acquaint themselves with these options will find they reap numerous benefits, whether it’s longer lasting garments, lower bills or more effective washes".
When you inhabit a high tech world it's easy to assume that offering more features is always better, but it seems that approach may currently be lost on consumers. Does the answer lie in better education and clearer instructions? Or perhaps an even smarter machine that can read garment care labels? The answer might be to make a much simper machine with just the settings people actually use -- the first manufacturer to do that could clean up.
Image Credit: Ljupco Smokovski / Shutterstock
Spending on Platform-as-a-Service (Paas), Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) is forecast to reach $118 billion this year, and it's clear the cloud is now big business. Companies are fighting to enter the space with new industry- and marketing-specific offerings. But what effect will this have and will it worry the big players like Amazon Web Services?
We spoke to Scott Swartz, CTO of BUSS at Ericsson and founder of MetraTech, an enterprise billing specialist recently acquired by Ericsson, to find out more about the state of the IaaS space.
BN: Can we expect to see current big players, such as AWS, losing share to more specific offerings?
SS: The cloud market is still evolving, and there is plenty of opportunity for nimble players to take market share from leaders. For example, the new battleground for enterprise customers will be value-added IaaS and not simple vanilla offerings. Winners will be determined based on their abilities to provide a platform for partners to build, run and integrate their products and services into the ecosystem. It is a race to develop a network of partners that deliver the desired third-party apps integrated with an IaaS service. The enterprise cloud also creates opportunities for new companies and new alliances targeted at specific verticals. The original players will see competition from marketplaces that deliver industry-specific services. To date, even with the hype, the cloud has been about tackling low-hanging fruit in the test and development areas, but we are now actively seeing the movement of production workloads to the cloud. Also, the ongoing convergence of the cloud and Internet of Things will create opportunities for platforms to support smart cities, energy and utilities, transportation, security, financial services, retail services and many more fields.
BN: Is there a danger that an increasing number of companies targeting specific sectors will lead to a fragmentation of the cloud market?
SS: The market will still be dominated by big players, since they will have the reach and pull to deliver an easily consumable and serviceable application marketplace on top of IaaS cloud. There will be opportunity for targeting offerings to specific industry sectors as specialist clouds (financial services and healthcare are obvious ones given their unique requirements). However, I believe the fragmentation will likely be how partner offerings are managed as part of IaaS. How integrated the partner services will be and how easily accessible and serviceable these are will have a big impact on traction with enterprises. In addition, partnerships need to include services targeted at developers building applications on a provider’s cloud. We are still at the infancy stage when it comes to cloud maturity; the doors will open based on the richness of the partner marketplace.
BN: If solutions become very specific, isn't there a danger of losing some of the advantages of moving to the cloud in the first place?
SS: Once you move past commodity cloud services and start consuming provider-specific services or content you run the risk of not being able to run the load on another cloud. That lock-in may or may not be worth it and that equation will likely change over time. If a cloud provider has added so much value that it’s worth being locked in for certain loads, then they’ve done their job. The beautiful thing about competition is that it drives innovation and, within the cloud, you have the ability to try valued-added offerings quickly and inexpensively.
However, locking yourself to a specific cloud can be a slippery slope. It's critical that you have strong architectural governance to identify and manage lock in proactively. Specifically, you need to abstract and isolate areas of lock in. There are a multitude of frameworks that facilitate this, but, if the one you pick doesn’t provide the correct level of abstraction, you need to look at what other clouds are offering to ensure that your implementation is as generic as possible. It’s also very important to partition the automated tests for the locked in functionality so that you can test on other clouds to ensure the lock in hasn't crept into areas that you didn't except -- that happens with slippery slopes.
If properly managed, specific solutions can provide you with a strategic advantage and a manageable downside.
BN: Will new targeted clouds kill off traditional data centers?
SS: Commodity clouds have already started putting a dent in traditional data centers. The benefit of just paying for utilization with minimal or no infrastructure or software licenses while also gaining elasticity is easily understood. With industry-specific cloud providers, the ability to meter out independent software vendor (ISV) application workloads and the requisite licensing of applications and content makes the cost/benefit equation even more compelling.
It is unlikely to be all or nothing. Hybrid cloud scenarios will continue to be dominant. Depending on the enterprise, there may be regulatory or data sovereignty issues that prevent you from moving databases to the cloud, but you may use a point-to-point VPN from your data center to the cloud provider to connect to your on-premise database cluster.
BN: What are the pitfalls enterprises should be aware of when planning a shift to a cloud-based solution?
SS: Security, regulatory and data sovereignty issues, and cloud sprawl are well documented pitfalls. As more production workloads are moved to the cloud, uptime and service-level agreements (SLAs) will become increasingly important. In addition, the proliferation of value-added and industry-specific clouds creates opportunities, as well as the potential for inappropriate lock in. Picking the right cloud will become more complex because there will be business in addition to the existing technology and operational implications.
BN: What effect will new technologies like the Internet of Things have on the provision of business services?
SS: The convergence of cloud, IoT and big data will have a massive impact on the technology and business services landscape as we know it. Things are moving from simple monitoring to providing critical and time sensitive information that can be utilized for analytics and corrective, proactive automated action. The vast amounts of data generated means that the cloud is playing the critical role of enabler for smart things to operate more effectively, and for data to be used by machines themselves to self-diagnose and self-repair. Analytics platforms for managing data produced by intelligent machines and sensors will convert data from machines and turn it into new offerings for consumer and enterprise customers.
An industry-specific cloud provides an opportunity for competitors to pool appropriately cleansed data to gain better insights. This data and the associated analytics can be sold to third parties.
We will see entire industries including aviation, health care, energy production and distribution, transportation and manufacturing have the ability to manage and operate machines in the cloud. We're already seeing a movement from buying to leasing applications on the cloud, as well as the bundling of pooled industry-specific data and analytics, in these industries.
Photo Credit: everything possible / Shutterstock
According to a new survey from cloud security provider Distil Networks humans accounted for only 40.9 percent of web traffic in 2014 with the remainder accounted for by bots.
This compares with 50.8 percent human traffic in 2013, however the good news is that 'bad bot' traffic is down from 24.22 percent to 22.78. The rise in good bot traffic that makes up the difference is thought to be from more aggressive indexing by Bing and new search engines in 2014.
But although the percentage of bad bot traffic is down, Distil still saw 23 billion threats in 2014. The bad bots are also increasingly mimicking human behavior to evade detection, only 59 percent now behave like bots. Small sites suffer most from bad bots as they account for 32.04 percent of their traffic. Large sites see more good bots (43.65 percent), though as Distil points out this can still be undesirable due to the amount of traffic involved. Digital publishing and travel websites suffer the most bad bot traffic whilst the good bots account for more traffic on directory and real estate sites.
The rise of mobile has had an influence on the bot landscape too. There are more bots masking themselves as mobile users. The same characteristics that make mobile sites easier for humans to navigate also benefit the bots.
In 2013 Verizon Business accounted for almost 11 percent of all bad bot traffic, but the company has cleaned up its act with only 2.83 percent last year. Amazon Technologies is now top of the list originating 15.07 percent of all bad bot traffic thanks to its presence in the cheap hosting market.
The US with thousands of cheap hosts, dominates the rankings in bad bot origination. However, taken in isolation bad bot volume data can be somewhat misleading. Distil measures bad bots per online user to calculate a country's 'Bad Bot GDP'. On that measure Singapore tops the chart with 152.87 bad bots per user while the US slips to sixth with only 6.34.
The report concludes, "The bad bot landscape continues to evolve rapidly, particularly with the dramatic increase in mobile bot traffic, and an ever wider range of geographic and ISP points of origin. With the advent of cheap or free cloud computing resources, anyone with basic computer skills can download open source software and get into the game". But it notes that most companies still don't have visibility into or control over malicious traffic.
The full study is available to download from the Distil Networks site.
Image credit: Gunnar Assmy/Shutterstock
Last month IBM launched its X-Force Exchange opening up access to threat intelligence data to help in the fight against cybercrime.
With 80 percent of cyber attacks now coming from organized gangs it's important that the good guys get organized too. IBM has announced today that more than 1,000 organizations across 16 industries are participating in the new threat intelligence community.
"Cybercrime has become the equivalent of a pandemic -- no company or country can battle it alone," says Brendan Hannigan, general manager at IBM Security. "We have to take a collective and collaborative approach across the public and private sectors to defend against cybercrime. Sharing and innovating around threat data is central to battling highly organized cyber criminals; the industry can no longer afford to keep this critical resource locked up in proprietary databases. With X-Force Exchange, IBM has opened access to our extensive threat data to advance collaboration and help public and private enterprises safeguard themselves".
X-Force Exchange has a 700 terabyte threat database -- a volume equivalent to all data that flows across the internet in two days. It includes two decades worth of malicious cyberattack data from IBM as well as anonymous threat data from more than 4,000 other organizations for which IBM manages security operations. Participants have created over 300 new collections of threat data in the last month alone.
In the month since X-Force Exchange’s launch there have been more than 1,000 data queries per day from organizations around the world. These include six of the world's top ten retailers and five of the top 10 banks, as well as top 10 companies across the automotive, education and high-tech sectors. By freely consuming, sharing and acting on real-time threat intelligence from their networks and IBM’s own repository of threat intelligence, users can help identify and help stop threats.
There's a look at the profitability of organized cybercrime in infographic form below and you can find out more about X-Force Exchange on IBM's website.
As the pace of cloud adoption accelerates, businesses often come across unforeseen issues that add to costs and may derail projects completely.
Enterprise data protection and information management specialist Commvault is aiming to streamline moving to the cloud with additions to its product suite to enable organizations to get the most from existing investments and accelerate enterprise wide cloud adoption.
Commvault's Cloud Disaster Recovery makes large scale recovery a reality in the cloud, Cloud Development and Test reduces development time and management overhead to improve R&D efficiency, and Commvault Cloud Gateway and Cloud Replication ease cloud data migration and give customers improved choice, flexibility and speed.
"Our customers are moving to operationalize the cloud usage for applications and accelerate the time to value," says Sabrinath Rao, Head of Virtualization, Cloud Business Unit at Commvault. "Our Cloud Backup and Recovery solutions make it much easier for customers to derive value off their cloud investments by deeply integrating the on-premises and in-cloud workflows, starting with the data and then extending out to controlling access and optimizing utilization in the same manner as they do on premise".
Cloud Disaster Recovery enables recovery in the cloud, regardless of platform -- supporting VMware, HyperV, AWS and Azure -- or location whether public, private or hybrid. It also Extends virtual machine provisioning and workflows from on premise into the public/hybrid cloud for consistent, policy-based management. And it enables full data restores to virtual machines in IaaS, making full disaster recovery possible across all workload types.
Cloud Development and Test ties VM provisioning and workflows together and applies them to the management and utilization of development environments in the cloud. In addition to reducing administrative time spent on managing the cloud resources, it provides managers with insurance against runaway bills.
The Cloud Gateway improves overall backup agility, flexibility and performance, extending the protection tier from on premise to cloud. Cloud Replication allows copying directly to cloud storage targets natively making for easier migrations.
More information on Commvault's portfolio of cloud products is available on the company's website.
Photo Credit: Roland IJdema/Shutterstock
Around half of the workforce will be millennials by 2020, but according to a new survey by endpoint security specialists Absolute Software they're likely to present a bigger risk to data security.
The survey questioned more than 750 Americans over the age of 18 who work for a company with 50 or more employees and use an employer-owned mobile device.
Whilst 79 percent of those surveyed prefer separate devices for work and personal use, 52 percent do use their work devices for personal purposes and 14 percent believe their behavior puts their organization's security at risk.
Security isn't their responsibility according to 50 percent of respondents and 30 percent believe there should be no penalty for losing company data. It's when you start breaking down the responses into groups that they become really interesting though.
Whilst only five percent of baby boomers compromise IT security the figure jumps to 25 percent for millennials. 64 percent use their work machine for personal use compared to only 37 percent of boomers, and 27 percent have not safe for work content on their device compared to only five percent.
Position in the organization makes a difference too, with those higher up the command chain more likely to be putting data at risk. Of those at a senior level 76 percent admit to personal use, 33 percent to NSFW content and 26 percent have lost a device in the last five years. At the bottom of the executive food chain whilst 51 percent admit to personal use just nine percent have NSFW content and only five percent have lost a device.
"We conducted this survey with the intention of helping enterprises better understand the current attitudes that employees have towards data security and privacy," says Stephen Midgley, vice president, Global Marketing at Absolute Software. "Armed with this information, our customers can consider user behavior as an additional data point in their endpoint security and data risk management strategies".
The report recommends that to stay safe businesses need to implement a security solution on their devices, train employees on best practices and build policies to address risky behaviors. Midgley adds, "Ultimately, everyone is responsible for protecting sensitive business information. Knowing there is ambiguity between how different users may approach this requirement, IT leaders need to provide meaningful guidance and training that reinforces this collective accountability".
The full report is available from the Absolute Software website.
Image Credit: Syda Productions / Shutterstock
New channels, new markets and changes in device usage make today's marketing environment more complex than ever, and that means delivering the right message to the consumer is increasingly vital.
But according to an IBM/eConsultancy study in April, only 35 percent of consumers say the communications they receive from their favorite brands are relevant and four out of five consumers believe that brands fail to understand them as individuals.
Last week IBM announced it was partnering with Facebook to offer more tailored marketing, now it's adding further design and analytics capabilities as part of its Marketing Cloud to offer businesses an integrated solution.
The new features include IBM Journey Designer, a virtual whiteboard where staff on multiple teams within an organization can collaborate with a single overview of a customer's interactions to make more informed decisions.
IBM Journey Analytics allows marketers to sift through valuable insights about the customer, making it easier for marketers to visualize the journey of the customer then map and design a campaign to help deliver more relevant experiences with greater precision.
IBM Customer Experience Analytics offers a single platform that unifies IBM's Journey Analytics, Digital Analytics, and customer behavior analytics capabilities to give brands a complete overview. Finally, IBM Commerce Insights provides business executives a view into the performance, operation and growth of their digital business.
"Marketers are the gatekeepers to the customer and have the opportunity to understand each individual and guide them on the path through a mix of campaigns designed to nurture brand loyalists. To succeed, however, marketers must embrace technologies that offer them the opportunity to build two way engagements with each customer and deliver a meaningful and relevant experience," says Deepak Advani, General Manager, IBM Commerce. "IBM is providing innovations such as journey analytics to allow marketers to gain insights into customers at depths they could never have imagined just a few years ago. Teams can then turn these insights into campaigns to deliver powerful experiences that engage customers in-context and ultimately build advocacy".
More information on IBM eCommerce solutions is available on the company's website.
With more and more companies storing apps in the cloud and others remaining in-house, security can become something of a headache. On-site security tools are ineffective against web attacks leaving organizations with multiple protection solutions in place.
The launch of hybrid cloud solutions such as Radware's WAF (Web Application Firewall) means it’s possible to protect all systems with just one application but what implications does this have for the enterprise? We spoke to Carl Herberger, VP of Security Solutions at application delivery and security specialist Radware to find out more about the benefits of hybrid WAF solutions and how they can be implemented.
BN: With the rapid rise of cloud use is it fair to say that many companies have taken the leap to the cloud first and only thought about security later?
CH: It sometimes seems that security has become almost an afterthought. IT managers have left a secure, premise-based operating environment in search of agile and cheaper alternatives, but leave with hopes that security would somehow also improve. The overall responsibility of network security for today’s cloud delivered services is still left to those who write the checks for the services and hold those delivering the services accountable. Unfortunately, those security practitioners often fall behind the evolving threat landscape.
BN: Why don't the security practices applied to in-house solutions work for the cloud?
CH: There are three basic principles which help illustrate why an enterprise-security solution will not work easily or at all in the cloud. First, enterprises don’t often concern themselves with tenants. Cloud and managed service environments must isolate an operating environment from other customers, and in-house environments drive feature sets, which are not available in most security tools, such as tenanted reporting, self-service provisioning and various configurations per tenant. Second, Enterprises benefit by having predictable routing and an ability to see 'state' and 'symmetry' on traffic patterns. This provides enterprises with knowledge of their networks, and thus, security. Many Cloud companies don't always have these luxuries, and in as such are at a disadvantage with their ability to learn baselines and take actions. Lastly, enterprises know how to distinguish their legitimate traffic and block the rest. Cloud companies need to be much more tolerant on the types of traffic they allow into their environments, as they have to take into account network traffic patterns of their entire customer base.
BN: Do public and private clouds need a different approach?
CH: It is generally accepted that private and public clouds are different and the intimacy of a private cloud affords the opportunity for better security. It is also generally agreed that as time marches on, the lines between these two environments will blur as new technologies are adopted and the rise of automation and orchestration between various cloud providers becomes paramount.
BN: What are the main challenges of introducing a WAF in hybrid environments?
CH: Generally speaking, there have been two main problems with WAF introductions to environments: introducing network and application disruption (e.g. breaking something which wasn't broken) and the introduction of latency (e.g. slowing the application down). This has been a perennial problem which is now being solved by many powerful out-of-path solutions, however the basic WAFs are still wrought with these 'security' problems. Managing and maintaining the solution has also been a problem. Typically the best WAFs required heavy 'hand-holding' and expert knowledge and don't integrate with solutions in the cloud.
BN: How can companies ensure their systems remain protected during the transition to the cloud?
CH: When transitioning to the cloud, a hybrid approach is the way to go to remain protected. Most businesses simply aren’t positioned to move all legacy applications to the cloud, and starting a hybrid cloud approach does not require a complete migration of traditional IT infrastructure to a public or private cloud. Most companies will retain some internal application delivery infrastructure. Dedicated infrastructures are a luxury and will make most companies uncompetitive vis-à-vis hybrid competitors. The verdict is in about the merits of virtualization and cloud. It unleashes hidden efficiencies that have been elusive to the traditional datacenters of the past. At its core, cloud was designed to take the complexity of virtualization away from the end user and fully enable self-provisioning and speed to service delivery.
BN: What additional challenges do the rise of mobile devices and BYOD present?
CH: Mobile devices, BYOD and the Internet-of-Things will forever extend the attack landscape and operating environments. Soon enough, these devices will soon become centers of processing themselves and they will be conscripted (often without knowledge) to be part of future 'botted' armies. This movement to 'things' which process IT and are connected/interconnected will increase the threat level of the attack landscape and require an immeasurable amount of new security controls.
Photo credit: allepu / Shutterstock
There are lots of Bluetooth speakers on the market, so which one you choose really comes down to the features you value most. Is sound quality your top priority or is portability and long battery life a bigger attraction?
The EasyAcc DP100 certainly qualifies on the portability front. It's a compact design, about the size of a Coke can, feels nicely weighty and has a rubber base so it won't slip around. The design is quite stylish in matt black with a shiny highlight around the top. There's an on/off switch and sockets for charging and aux-in at the back. Playback controls are operated by a grey, rubbery button on the top, this works well enough but doesn’t have a particularly nice feel.
As well as playing music the DP100 has a built-in microphone so you can use it to make hands-free phone calls. It comes with a little cloth drawstring pouch to protect it when you're carrying it around, cables for USB and audio and a decent printed instruction leaflet.
Charging from USB takes just over three hours which gives between 15 and 20 hours of playback or 8 to 10 hours of talk time. It will therefore get you through a full day at work, say, without needing a recharge. Switch on and it sounds a tone to let you know it's ready to pair, from then on it will automatically connect to the last paired device each time it gets switched on.
Maximum power output of the speaker is 4W, which doesn't sound like a lot but the noise it produces is enough to fill a modest sized room and has a tone that's rich and full with decent bass for a compact unit.
Overall then the DP100 is a good compromise between portability and performance. It's small enough to pop into a bag or pocket and whilst it doesn't offer concert hall sound quality it's perfectly acceptable for day-to-day use.
It's reasonably priced too at $35.99 on Amazon or £18.99 on the UK site. More information and the full technical spec can be found on the EasyAcc website.
Most security researchers now acknowledge that it is only a matter of time before a business suffers some form of compromise as the bad guys follow the money and conventional security tools struggle to keep pace. A recent report from Gartner stresses the need for apps to become self protecting rather than rely on security tools.
But how easy is it to produce a self-protecting app and how effective are they against malware? We spoke to Gordon Young, UK Sales Director of security specialist Promon to find out more.
BN: How vulnerable are apps in general to the threat of being compromised?
GY: When talking about mobile bank apps, payment apps, authentication apps etc. we can say that all are vulnerable to compromise by malware or hackers. For an attacker, being inside the app allows them trusted access to all the app's internal interfaces - screen, keyboard and file system.
BN: Does this mean that the traditional security approach of protecting the device is broken?
GY: Indeed they are, traditional security solutions are based on first identifying, and then neutralizing threats. With this approach the attackers are almost always in the front seat. Alternatively, Promon's technology works from inside the app by closely monitoring the app's runtime process and taking action against any unknown code that tries to enter the app.
BN: Tell us a bit about how Promon Shield can supplement existing security measures?
GY: An application protected by Promon Shield runs securely even if the device itself is infected, jail-broken or rooted with no noticeable overhead and is totally transparent for end users. Being able to proactively block known and unknown threats, Promon's in-app security technology is unique in being able to co-exist with any existing security approaches.
BN: Will this work across all platforms and all kinds of app?
GY: Yes it will. We have deployments on WinPC, MacOS, iOS and Android protecting banking apps, authentication apps etc. Promon has desktop deployments, mobile deployments and deployments where Promon protects employee remote access in a virtual desktop environment using Citrix, for example.
BN: Does it require any action on the part if the end user?
GY: The end user has no visibility or knowledge of Promon security, and the user process is not changed or impacted in any way.
BN: Will an app secured with Promon Shield be effective even if the device is already infected with, say, a keylogger or if it's been jailbroken?
GY: That is correct, Promon Shield protects the App even if the device is already compromised, thus a bank can allow the user transaction to safely execute even when Promon has flagged that the device is compromised.
BN: Are we about to see a major shift in the way banks and other companies address security concerns?
GY: We are seeing a gradual recognition that existing security mechanisms based upon simple detection of malware is not an effective security mechanism whereas the Promon approach of creating the "Self-Defending" app is a fundamentally superior approach that is better suited to the current and future threat environment.
Image Credit: Anan Chincho / Shutterstock
The move towards containerized technologies such as Docker for creating and scaling applications is great for development times but presents challenges for enterprises when it comes too keeping apps secure.
Unveiling a security suite designed to give enterprises the visibility and control they need over their container-based applications and data, Twistlock aims to maintain security and maximize efficiency and portability.
"Enterprises are in the midst of a data center revolution," says Ben Bernstein, CEO and co-founder of Twistlock. "Twistlock’s container security suite provides the fuel enterprises need to accelerate their ability to use containers to develop, share and scale the applications that drive their business forward. With our solution, security operation teams finally have the visibility and granular controls they need over their 'Dockerized' workloads".
Containers represent a problem for enterprises, as security operations teams only see a virtual machine (or group of machines) running unknown processes being accessed by large numbers of remote systems. Twistlock understands what's really going on within a container or cluster of containers. It knows who is accessing what and which processes relate to which workloads. By plugging into the control channel that manages containers it enables intelligent inspection of containers at rest, as well as at run-time.
The Twistlock suite addresses risks on the host and within the application of the container, enabling enterprises to consistently enforce security policies, monitor and audit activity and identify and isolate threats in a single container or cluster of containers.
Key features include the ability to monitor both static container images and runtime container applications to identify risks, and to specify security baselines to ensure the host has been hardened and the application meets quality and security standards. It can protect containers deployed both in the cloud and on-premises in a virtual data center, and keep up with dynamic security concerns.
To find out more and sign up for the beta program you can visit the Twistlock website.
Image Credit: Spartak/Shutterstock
Do you feel more stressed at work? If your job is in IT then the answer is probably yes, according to a new survey from security and email specialist GFI Software.
The study of over 200 IT administrators in the US finds that 78 percent of those surveyed experience workplace stress, while almost 82 percent of respondents are actively considering leaving their current IT job due to workplace stress and dissatisfaction with working conditions, up from 78.5 percent in 2014.
Key findings include that 45 percent of respondents have missed social functions due to overrunning issues and tight deadlines at work, up from 38 percent in 2014. A further 40 percent also report missing time with their children due to work demands eating into their personal time.
Losing sleep due to work pressure is reported by 38 percent of IT staff and the number of respondents experiencing stress related illnesses increased slightly, to 27 percent from 25 percent in 2014. A further 19 percent continue to report feeling in poor physical condition due to work demands, up two percent from last year.
More than 25 percent report that a relationship or friendship has failed or been severely damaged due to work commitments intruding on personal life.
"Even in an industry like IT that's well-known for being extremely stressful and highly demanding of its workforce, the findings of this year's IT Stress Survey makes for worrying reading. The 2015 survey results clearly show a substantial deterioration of the work/life balance and job satisfaction among the US IT workforce -- quite concerning at a time when the IT sector is playing such a pivotal role in the growth of our economy," says Sergio Galindo, general manager of GFI Software.
The biggest driver of stress is cited by 28 percent as unreasonable demands and pressure from management, though this is down from 36 percent last year. Stress caused by end users is increasing, however, rising from 16 percent last year to 23 percent.
Galindo adds, "Smart employers understand that an over-stressed and unhappy workforce means less productivity, and the higher levels of illness, mistakes and staff turnover directly related to stress can have a very significant and direct cost to the bottom line. Investing in worker happiness and in systems to simplify the job of the IT department is often far cheaper than replacing over-stressed or unhappy staff".
More information along with the full report is available from the GFI website and there's a summary of the results in infographic form below.
Photo Credit: sunabesyou/Shutterstock
All advertisers are keen to use the power of the Internet to deliver the right message at the right time. From today IBM and Facebook will be collaborating on the delivery of tailored marketing to help with that process.
IBM's marketing cloud clients will be able to utilize Facebook's powerful ad capabilities such as Custom Audiences, along with IBM's deep analytics and design features, to target their customers across applications, devices and time.
Using IBM's new Journey Designer, brands will be able to create personalized customer experiences and then use Journey Analytics to gain an understanding of how customers responded.
By combining Facebook's ad technologies with IBM's Journey Analytics, brands can more accurately determine which groups of customers are among the 1.44 billion people active on Facebook and establish links between their interests and interactions across multiple channels. IBM's Journey Designer solution will then help brands to deliver more compelling messages on Facebook and other mediums.
IBM has also announced that Facebook will be the first company to join its new IBM Commerce THINKLab, a research and collaboration environment in which companies will work directly with brands to accelerate development of new technologies designed to personalize customer experiences.
"Our partnership with IBM will help top brands achieve personalization at scale by using IBM’s marketing cloud to find and engage their target audiences on Facebook, as well as solve their vexing challenges by consulting with IBM Commerce THINKLab," says Blake Chandlee, VP of Partnerships for Facebook. "We will also be working closely with IBM Commerce THINKLab to help deliver people-based marketing that’s optimized to achieve each brand’s business goals".
IBM will use deep analytics, on top of Facebook's anonymized and aggregate audience insights along with additional information from IBM’s marketing cloud to give marketers a clearer picture of their target audiences. They'll also be able to replicate proven campaigns beyond Facebook to other brand channels including their own stores, websites and mobile apps. All of which means better targeted ads.
"Brands understand the increasing need to provide customers with powerful and personalized experiences to nurture loyalty", says Deepak Advani, General Manager, IBM Commerce. "Through this collaboration, consumer product companies and retailers will be able to quickly and easily gain deeper insight into what their customers expect and provide them with compelling experiences that bridge the physical and virtual divide".
You can get more information about IBM cloud marketing solutions on the company's website.
Image Credit: IBM UK
As apps and commerce increasingly move online they provide a tempting target for hackers. It's important that websites are properly tested for vulnerabilities but this can be a time consuming process and many smaller organizations lack the resources and expertise to do it themselves.
High-Tech Bridge's ImmuniWeb offers a fresh approach to website vulnerability assessment. It uses a hybrid approach combining automated testing with the skills of security professionals.
ImmuniWeb is an on-demand web penetration testing assessment service, that enables any organization, regardless of its size, location, or in-house technical skills, to order online an automated website security assessment combined with manual penetration testing by experienced security professionals.
The test is run over a four day period and looks for known vulnerabilities and weaknesses like outdated server software, exposed email addresses, untrustworthy third-party content, whether HTTPS access is available and more. The testing is non-invasive and requires nothing more than standard browser access to the site to be examined.
At the end of the process the results are delivered in an easy-to-understand multi-page PDF report which highlights any vulnerabilities found and offers tips for fixing them.
The fact that it combines automated testing combined with human expertise means ImmuniWeb can accurately detect complex security flaws missed by scanners and other automated solutions. ImmuniWeb auditors can also step in and provide assistance when firewalls and other defenses block the scanning tools employed.
ImmuniWeb won bronze awards in the Best Security Service, and Vulnerability Assessment, Remediation and Management categories at the 2015 Global Excellence Awards. More information about the service is available on the High-Tech bridge website.
Image Credit: ksenvitaln / Shutterstock
Data is in many ways the lifeblood of business, yet there are many different ways to present and use the results of analysis.
Business intelligence specialist Birst is launching its Birst 5X Adaptive User Experience which allows users to work with data in the way they want without suppressing their curiosity and creativity.
The new release includes updates to Birst Dashboards and Visual Discovery Capabilities, and an enhanced Birst Mobile experience. In addition it introduces an Open Client Interface that enables users to continue with their preferred front-end tool, such as Tableau, Microsoft Excel or R, to analyze a trusted source of data in the form of Birst's User Data Tier.
Allowing people to use their tool of choice on top of a complete and trusted source of data delivers a two-tier analytics model that combines agility with governance. The BI solution adapts to a person's mobile work style too so that key business insights are available anywhere and anytime.
"Birst is continuing to pioneer a two-tier approach to BI and analytics. With Birst 5X we are rethinking the user experience by focusing on how people interact with data instead of putting them in a rigid user role", says Junaid Saiyed, VP Product Management and Engineering, Birst. "Birst 5X gives people an agile experience that adapts to their work style, whether they need operational dashboards or visual discovery, in the office or on the road, and all against a trusted source of truth".
Birst 5X allows users to seamlessly switch between modes so they can use both dashboards and visual discovery. It supports disconnected analysis on mobile devices so that users can access critical information wherever they are. A responsive design also adjusts how the data is displayed based on the form factor of the device.
You can find out more about Birst's two-tier analytics technology on the company's website.
Image Credit: Rawpixel / Shutterstock
Developers are under ever increasing pressure to roll out applications quickly, and that means performance testing is more important than ever to ensure they work as they should.
To address this HP is using Microsoft Ignite to announce updates to its performance testing tools and that it’s making them available on the Azure marketplace.
Both HP StormRunner Load and HP LoadRunner are now pre-configured for Microsoft Azure environments, providing organizations with access to cloud-based tools on demand for faster and easier application performance and load testing.
"The mobile application development market is evolving rapidly, and developers today require fast, flexible, and easy-to-use tools to help them accelerate mobile app delivery," says Robert Youngjohns, EVP and GM at HP Software. "By delivering HP StormRunner Load and HP LoadRunner in the Microsoft Azure environment, we are providing developers with a fast-path to a proven, cloud-based platform that they can use to build and test scalable, high-performing applications".
HP StormRunner Load is a SaaS solution for agile development teams. It allows them to test, analyze, and tune applications and gain confidence in application scalability up to millions of geographically distributed web and mobile users. Features include an integrated WebPageTest to show client side single user response time when a back-end application is under load. It also links in with HP Network Visualization and HP SiteScope so that impact on network behavior and application health is included in testing.
HP LoadRunner is designed to provide developers with an accurate picture of end-to-end system performance and help identify and resolve issues before application changes go-live. It allows organizations to reduce the cost of application downtime related to performance issues in production and supports continuous testing of web, mobile, and legacy technologies.
HP LoadRunner Community Edition is available now on the Microsoft Azure Marketplace and HP StormRunner Load Community Edition will be available next month.
Image Credit: alphaspirit / Shutterstock
The Internet of Things is set to change many aspects of the way we live, but for companies and developers it represents a whole range of challenges when it comes to integration with existing systems and analyzing the extra data it generates.
Now analytics specialist Glassbeam and development platform supplier ThingWorx have announced a collaboration to allow their solutions to work together.
The ThingWorx rapid application development IoT platform is designed to build and run applications for the connected world, allowing customers to reduce the time, cost, and risk required to build innovative applications for smart, connected products. Glassbeam's proven IoT analytics as a service offering provides advanced machine learning and real-time analytics, taking in and analyzing data collected and stored inside the ThingWorx platform.
"Customers need the ability to derive new intelligence from data, and we're building out our certified partner marketplace to meet that need," says Chris Kuntz, Vice President of Ecosystem Programs at ThingWorx. "The addition of Glassbeam allows customers to analyze their data directly in the Glassbeam platform. It's a powerful and complementary offering to the ThingWorx platform".
Combining the two solutions allows customers to reduce costs, increase revenues, and accelerate the time to bring products to market as well as improving customer satisfaction and retention. The solution has already been selected by medical device company VytronUS to collect and analyze machine data from its systems.
"We believe that Glassbeam and the ThingWorx platform working in tandem as an end-to-end solution for customers to view rich analytics, based on data in their machines and from adjacent applications, is highly valuable," says Puneet Pandit, CEO and co-founder of Glassbeam. "We knew that our collaboration with ThingWorx was going to be successful. Now, with the addition of VytronUS as a customer and active prospect discussions, we're excited about the possibilities created by this collaboration".
More information and a trial of the ThingWorx platform is available on the company's website.
Image Credit: PlusONE / Shutterstock
The rise of SaaS applications like Microsoft Office 365 has brought benefits in terms of collaboration and efficiency. However, switching to a cloud-based service doesn't remove the need for backups.
For example, Office 365 doesn't protect against accidental deletion of files and a deleted mailbox is only available for 30 days after which it's not recoverable. These problems are addressed by a new product from backup specialist Spanning Cloud Apps.
Launched at Ignite, Spanning Backup for Office 365 provides IT administrators and end users with a simple way to locate lost mail, calendars and contact data from any point in time, from any device and accurately restore them to their original state.
"We have witnessed the groundswell of interest in Office 365 as more and more companies want to take advantage of the improved collaboration, higher productivity and increased mobility that comes with cloud computing," says Jeff Erramouspe, VP and General Manager of Spanning. "The tremendous interest in our beta program has exceeded our goals, and shows that IT organizations understand they need a solid data protection plan in place before moving to the cloud. As the first fully responsive cloud-to-cloud backup application for Office 365, Spanning Backup allows Microsoft customers to harness cloud-based productivity without having to worry about user-driven data loss that can significantly hinder their work".
Launched in beta at the end of last year the product minimizes risk of data loss and assures availability of Mail, Calendars and People. It also helps enterprises meet audit and compliance requirements for backup and recovery. It reduces the IT department's workload too by allowing users to easily restore lost data themselves.
Spanning Backup for Office 365 will be available form the end of June at a $48 per user, per year subscription price with unlimited back-up storage. Discounts are available for volume purchases, long tern agreements, and non-profit and education use. More information is available on the Spanning website.
Image Credit: Modella / Shutterstock
A backup and recovery solution is essential for enterprises if they're to safeguard their critical data. Yet whilst they may take care of their servers, according to a new infographic from private cloud company SingleHop they're less concerned about endpoint data.
Only 50 percent of companies have endpoint backups in place and this leads 16 percent of end users to do their own backups using a non-approved solution.
This seems short sighted given that system downtime is a major cost, loss of mission critical data costs in excess of $70,000 per hour on average and even losing non-critical data can cost $42,000 per hour.
Organizations encounter unplanned downtime 13 times a year on average and targeted attacks are a major threat with 50 percent aimed at larger enterprises and 31 percent at those with fewer than 250 employees.
No surprise then that data loss is a major concern for management and that they're increasingly turning to the cloud as a solution. 64 percent already store data in the cloud and 78 percent plan on changing their protection product in the next two years.
There are more interesting statistics on the effects of downtime in the full infographic below.
Photo credit: LilKar/Shutterstock
Adobe Reader 10 has 39 vulnerabilities and is unpatched on 65 percent of private PCs in the US, whilst Adobe Reader 11 with a 55 percent market share has 40 vulnerabilities and remains unpatched on 18 percent of machines.
This is one of the findings of the latest Secunia country report. Additional findings show that 14 percent of PC users in the US (up from 12.9 percent last quarter) have an unpatched operating system, and that Oracle Java once again tops the list of applications exposing PCs to security risks.
Other applications in the vulnerability top 10 include Apple QuickTime, Microsoft Internet Explorer and uTorrent for Windows. Also one in 20 programs on the average US PC have reached end-of-life, meaning they are no longer supported by the vendor and don't receive security updates. Adobe Flash Player, one of the end-of-life applications, is still installed on no less than 78 percent of the PCs surveyed.
"It is worrying that, with such a high market share, one in five US users fail to patch their Adobe PDF reader," says Kasper Lindgaard, Director of Research and Security at Secunia. "Considering the fact that PDF documents is a prominent attack vector used by hackers to gain entry into IT systems, users put themselves and any system they are connected to at risk, by neglecting the security risk the popular reader represents when not maintained. It is paramount that users remember to patch their PDF readers, and that corporate IT teams have procedures in place to update all PDF readers on devices that are in any way connected to the company infrastructure".
More interesting findings are that the average PC user in the US has 76 programs installed from 27 different vendors. 42 percent of these programs are from Microsoft while the rest come from other companies. Whilst there's a single update mechanism for the Microsoft programs this means that users may have to master up to 26 other, different update processes to keep their machine secure. Little wonder that a popular social engineering trick for malware is to pose as an update for a video player or similar.
Secunia's country reports for the US and elsewhere are available to download from the company's website.
Image Credit: alexskopje / Shutterstock
Businesses often use different applications to create, store and share content. Whilst most enterprise collaboration tools allow for some sort of file sharing it can involve additional time and effort importing data.
The Incentive platform is now making sharing information easier by adding one-click integration with Dropbox cloud storage.
The integration provides secure access to Dropbox folders from within Incentive, enabling users of the file sharing application to search for, discuss, comment, share and collaborate on files across both internal and external groups.
"Companies around the globe use Dropbox and other platforms to store and share files, but none of them are inherently collaborative," says Rickard Hansson, CEO and founder of Incentive. "Incentive's integration with Dropbox gives users the ability to add any Dropbox folder into Incentive so teams can do more than just view and share files. This is just one of many integrations to come that will make it easier for organizations to be more collaborative, efficient and productive".
Incentive's integration with Dropbox lets users add any folder within a Dropbox account to Incentive for easy and quick access from one central location. Users can discuss, share, comment, like and collaborate on Dropbox files natively within Incentive and make Dropbox content instantly discoverable with Incentive’s search. Updates can be added to the app's news feed whenever Dropbox content is edited or changed, for improved team collaboration and productivity.
You can get more information and try out Incentive for free on the company's website.
Image Credit: Chiran Vlad / Shutterstock
According to a new survey of 2,000 people in the UK, one in seven say they've contemplated divorce because of their partner's activity on social media.
Nearly a quarter also say they have at least one row a week with their partner because of social media use and 17 percent say they argue every day because of it.
Just under half of all Brits surveyed admit they have secretly checked their other half's Facebook account and one in five go on to row about what they discover. The most common reason cited for checking a partner's social media account was to find out who they were talking to, to keep tabs on them, to check who they were out with, and to find out if they were telling the truth about their social life. 14 percent say they specifically look for evidence of infidelity.
The research was commissioned by family law specialists Slater and Gordon who have seen an increase in the number of people citing social media use as a cause of divorce year on year.
"Social media can be a wonderful way of keeping in touch with family and friends, but it can also put added strain on a relationship," says Andrew Newbury, head of family law at Slater and Gordon. "Five years ago Facebook was rarely mentioned in the context of a marriage ending, but now it has become common place for clients to cite social media use, or something they discovered on social media, as a reason for divorce".
One in 20 say they were upset that their partner didn't post any pictures of them together. But it isn't just what partners are doing on social media that causes problems, couples argue over how much use they make of sites too.
Social media is considered dangerous to their marriage by 15 percent of respondents, with Facebook seen as being most hazardous, followed by WhatsApp, Twitter and Instagram. Yet one in ten admit they hide images and posts from their partner, while eight percent admit to having secret social media accounts.
Whilst a third said they keep their social media log-in details a secret from their partners, 58 percent admit to knowing their partner’s log-in details, even if their spouse wasn't aware they knew them.
Newbury concludes, "We are now actively advising our clients to be cautious when it comes to using Facebook and all forms of social media because of its potential to damage relationships".
In the interests of marital harmony therefore, if you're planning on sharing this story on social media please keep your partner informed.
Image Credit: Feel Photo Art / Shutterstock
As the workforce becomes increasingly mobile, setting up meetings and making sure time spent in them is used effectively becomes more and more difficult.
Israeli company Meeter is launching a 'smart meeting' solution that doesn't only automate the scheduling of meetings, but also provides a standardized framework for managing what happens during them and collects documentation on what happened.
Meeter is powered by an algorithm that searches for optimal meeting availability, learns behaviors, and adapts to the meeting preferences of participants. As an alternative to passive calendar systems, Meeter adds value to its users through the full 'meeting lifecycle' -- before, during and after.
It's SaaS-based and allows for meetings to be scheduled instantly for up to 100 participants at a time. The Meeter app can be downloaded through the app stores for iOS and Android systems, as well as from the web and can work with participants who may not have the app via email. It creates a unique landing page for each scheduled meeting to allow participants to easily share agendas, presentation materials and so on.
Meeter tracks and analyzes the user's time, providing insights about past meeting history and reporting on who a user met with, for how long and when. Over time this allows it to suggest useful future meetings and help significantly increase productivity.
"Meetings today are a major drain on the workforce productivity. Our mission is to optimize meetings and automatically organize data so a significant portion of your day that is currently spent on setting them up, can be made productive. With Meeter people will be able to easily collaborate about meetings; creating one place that immediately serves as an archive for meetings," says Niv Kagan, CEO and founder of Meeter. "Setting up meetings instantly is a crucial first step and we’re delivering that with an intelligent app that is easy to use, has universal application, and is non-intrusive".
For more information and to download the app you can visit the Meeter website.
Photo Credit: nmedia/Shutterstock
Enterprises are always looking for ways to better understand and connect with their customers. The Adobe Summit in London this week is being used to launch a partnership with Microsoft that will integrate Adobe's Marketing Cloud Solutions with Microsoft's Dynamics CRM.
The partnership will offer businesses an integrated CRM-marketing solution across a range of industry segments including financial services, travel and leisure. It's aimed at helping eliminate the frustrating customer experiences that result when efforts are fragmented.
Key features include the ability to align sales and marketing activities by tightly integrating audiences and their behaviors to help guide sales or service calls, identify sales opportunities or inform lead scoring.
It will also allow users to find high-value audience segments and provide them with real-time offers on a website or enable targeted display ads. It offers the ability to combine Web behavior data with order history, return history, loyalty status and call center history to not only identify where in the sales lifecycle stage a customer is, but then also deliver the right content at the right time.
"Helping our customers reinvent productivity and business processes is one of our top priorities. Partnering with Adobe enables us to deliver a comprehensive set of customer engagement processes to enterprise customers to help them be more productive and better engage with their customers," says Kirill Tatarinov, executive vice president, Microsoft Business Solutions, Microsoft. "The integration of our industry-leading Microsoft Dynamics CRM solution with the Adobe Marketing Cloud will enable business professionals to maximize their investment in technology and deliver breakthroughs in marketing, sales and customer care".
Both companies are committed to expanding other areas of collaboration and product integration too, these include Adobe Marketing Cloud Solutions running on the Microsoft Azure cloud platform. Adobe Campaign and Adobe Experience Manager are also now certified on Microsoft Azure. Adobe is already partnering with Microsoft Azure to deliver streaming of major sporting events including the Olympics and Super Bowl through Adobe Primetime. The two companies are also working on a connector that will enable data and insights from Adobe Analytics to appear in Power BI, Microsoft's business analytics service that enables users to see all of their data in one place, providing a consolidated view across a business.
More information on Marketing Cloud is available on the Adobe website, and on Dynamics CRM from the Microsoft site.
Image Credit: Zurijeta/Shutterstock
Security issues affect smaller businesses just as much as big ones, but they're often less equipped to deal with them due to limited resources.
Today Kaspersky Lab is releasing the latest version of its Kaspersky Small Office Security, built specifically for businesses with fewer than 25 employees. It's aimed at providing world-class protection and easy use without the need for specialized IT skills.
Even small businesses hold valuable data relating to customers, payments and intellectual property, but they often rely on basic protection measures like free anti-malware programs. Kaspersky Small Office Security uses enterprise-grade technologies, but is designed specifically to serve the needs of smaller businesses. It brings the power of the company's award-winning anti-malware and online transaction protection, cloud management, backup and password management, but in an easy-to-use package.
"Running a small business can be very exciting and fun, but being small doesn't mean being less noticeable by cybercriminals," says Konstantin Voronkov, Head of Endpoint Product Management at Kaspersky Lab. "It's very important for businesses to pay more attention to ensuring their cybersecurity, and Kaspersky Small Office Security has made it easy. It's straightforward to install, simple to configure, and easy to maintain, so that business owners can get on with doing what they do best: making the company a success".
Features in the new version include enhanced protection from all known, unknown and advanced threats -- with multi-layered protection for Windows and Mac computers, servers and Android-based mobile devices. A new cloud-based management console lets business owners or their IT advisers easily manage security and devices from anywhere using a web browser.
Cloud-based password management stores critical company login details and enables users to have a different, unique password for every secure site, across all devices, while only needing to remember a single master-password. The package also protects online business and personal transactions from financial fraud with improvements to the award-winning Safe Money module.
Kaspersky Small Office Security protects Windows-based desktop systems from XP through to 8.1, Mac-based systems, Windows file servers, and Android smartphones and tablets. Each user gets protection for one Windows or Mac computer and one mobile device plus access to Kaspersky Password Manager.
You can find out more and get a full feature list on the Kaspersky website.
Imaged Credit: soliman design / Shutterstock
Mobile engagement specialist OpenMarket has released the results of a study, commissioned from IDC, into the business impact of mobile messaging.
The study looks at how mobile messaging is being used across a number of key industries including automotive, education, financial services, healthcare and utilities. It shows that many companies have failed to adopt holistic mobile messaging with 62 percent having at least two messaging platforms deployed, and 78.5 percent with more than one active initiative.
According to the research, the greatest benefits of mobile messaging are its ability to improve customer experience and employee relations. Because there's no 'one size' solution, organizations tailor their implementations to meet requirements within their industry segments. Results reveal that business leaders are driving new investments in mobile messaging and are closely involved in specification, selection, and deployment. Businesses are also finding that maximizing investments requires integrating mobile messaging into their business work flows, and that it's easier to do this if the IT team can use a work flow engine from a trusted vendor to quickly create services and address needs.
"Although use cases can differ in terms of how global enterprises are utilizing mobile messaging, these findings revealed that no matter what sector, businesses need to take a long-term, purpose-led approach to their mobile messaging investment," says Robert Parker, Group Vice President of IDC Insights. "Businesses must look towards vendors with a track record of support excellence that can provision company-wide use cases in order to meet the specific mobile messaging needs of the internal and external stakeholders within their sector".
There is confidence in the effectiveness of mobile messaging solutions with 72 percent of organizations surveyed believing they have a significant impact on the customer experience. Of high-tech companies 82 percent consider SMS to be effective for customer alerts. Businesses in all industries are adopting a ‘mobile first’ strategy to engage customers through promotions and offers, alerts, and surveys and increase the relevance and immediacy of their marketing message. Currently, 87 percent of travel and hospitality company respondents are piloting or in production with mobile messaging programs that include customer promotions.
"These findings show that no matter what vertical or industry a business is in, organizations are incorporating mobile messaging into many aspects of their internal operations, as well as customer and employee communications and engagement," says Jay Emmet, General Manager of OpenMarket. "A well-designed, company-wide mobile messaging strategy will give organizations a path to enhance the customer experience, gain additional customer insights, improve employee relations, and drive operational efficiencies".
You can find out more in the full report which is available to download from the OpenMarket website.
Photo Credit: bloomua/Shutterstock
With the wide choice of cloud services available it can be all too easy for business data to become fragmented with different parts of the organization using different services.
Database connectivity solutions provider Devart has announced the release of Skyvia 3.0, a free online service that can integrate cloud data from different sources and in this latest version provide cloud backup too.
The Skyvia service enables users to perform data export, import, replication and synchronization all via a simple user interface. With the addition of Skyvia Backup in this version users get automatic daily and anytime manual backup together with one-click restore functionality. New predefined templates for data mapping speed up configuring import and synchronization operations and simplify migration of information between cloud data sources.
"The goal of our team is to offer the best cloud service for wide array of data operations with no need of coding," says Alex Hyrniy, Skyvia Product Manager. "For now, as long as Skyvia is a growing service, it's free of charge, because we're aimed to hear the needs and opinions from the customers to make Skyvia a strong player on a cloud market soon".
Skyvia supports a wide range of database systems including SQL Server, MySQL and PostgreSQL; popular CRM systems, Salesforce, Dynamics CRM, Zoho CRM and SugarCRM; plus data storage services including Dropbox, FTP, Box and Google Drive.
Skyvia backup currently supports Salesforce, Dynamics CRM, SugarCRM and Zoho CRM. It offers the ability to search backed up data making it easy to restore specific records if required.
You can find out more and sign up to use Skyvia for free on the company's website.
Photo Credit: Melpomene/Shutterstock
According to a new survey by application delivery company OutSystems, 43 percent of respondents rate apps or sites that are mobile friendly as critical to their plans in 2015. The way in which Google has changed how it weights mobile-friendly sites is presumably a driving factor.
The survey conducted with content specialist TechValidate talked to 200 IT decision makers worldwide and focused on the business and technical priorities and challenges that IT organizations face in building applications in today's complex development landscape.
Other findings are that 25 percent of respondents say that between 76 and 100 percent of new apps they plan to build in 2015 will have a mobile component. An additional 26 percent say that 51-75 percent of new apps will have a mobile element.
The dominant mobile architectures for 2015 will be mobile Web (60 percent) and hybrid (65 percent), with only 26 percent of enterprises planning to use native mobile architectures. Despite the number of packaged and SaaS solutions available many enterprises are still finding it easier to develop their own apps rather than spend time customizing packaged solutions.
It's also the case that there's significant integration with existing systems. 79 percent of organizations say they need to integrate with at least 1-5 cloud-based applications and 66 percent need to integrate with at least 1-5 on-premises applications. Integration with custom developed applications is needed by 61 percent. Any given app may need to integrate with multiple different systems.
Paulo Rosado, CEO of OutSystems says, "These survey results echo the challenges we hear from customers -- that they are increasingly focused on delivery of mobile applications, that they aren't getting what they need from off-the-shelf from packaged applications, and that they desperately need the ability to integrate quickly and seamlessly with a wide variety of technologies. This confluence of challenges within enterprise application development is leading organizations to seek alternatives that dramatically simplify the delivery of applications, regardless of the underlying technology requirements".
The survey coincides with OutSystems releasing new features for its Rapid Application Delivery platform. These include simpler integration, improved change management and continued commitment to open standards.
Image Credit: violetkaipa / Shutterstock
If you live in the UK it probably won't have escaped your notice that there's an election campaign underway. But could your broadband connection affect the way you vote?
According to a survey from broadband, TV and mobile comparison site Cable.co.uk almost one in five (18 percent) of 2,500 people polled say that broadband policy could affect the way they vote.
Those surveyed also said they want a minimum broadband speed, on average, of 32Mbps -- 600 times faster than the speed broadband providers are currently legally obligated to supply.
Dan Howdle editor-in-chief of Cable.co.uk says of the results:
It's likely no coincidence that the one in five households in the UK that are yet to have superfast broadband deals made available to them matches proportionately to those who say broadband will affect the way they intend to vote.
No doubt this is, in part at least, due to the fact that no party manifesto has promised to roll out superfast broadband to 100 percent of households, and to a deadline acceptable to those whose homes, businesses and childrens' educations are respectively isolated, diminished or stunted by poor connectivity.
So if the electorate really cares enough to vote based on broadband policy what are each of the main parties offering?
The Conservative Party says it will make ultrafast broadband -- speeds of 100Mbps or more -- available to, "nearly all UK premises as soon as practicable." The party's manifesto sets out a £100bn investment in infrastructure, including broadband and mobile.
The Labour Party says it will deliver, "affordable, high speed broadband" to the whole of the UK by the end of the parliament. The party has also pledged to deliver the infrastructure needed to extend mobile coverage and reduce "not-spots."
The Liberal Democrats pledge to, "complete the rollout of high-speed broadband, to reach almost every household (99.9 percent) in the UK".
Ukip doesn't mention broadband or mobile in its manifesto at all.
The Green Party says it will give internet service providers an, "obligation to provide affordable high-speed broadband-capable infrastructure to every household and small business".
The Scottish National Party pledges to invest in superfast broadband, so that, "at least 95 percent of premises across Scotland will be able to access fibre broadband by the end of 2017".
The Welsh nationalist party, Plaid Cymru, says it will deliver 30Mbps broadband to the whole of Wales. The party also wants to ensure, "that mobile phone operators provide a better service in all parts of Wales".
So there you have it, six parties offering some form of better broadband and one not mentioning it at all -- possibly because the Internet connects us to abroad. Current Ofcom regulations set out a universal service obligation (USO) which states that communications providers need to provide, "data rates that are sufficient to permit internet access," meaning 'dial up' internet (56Kbps or less) is an acceptable minimum. However, the current government has pledged to raise the USO to 5mbps and ensure everyone has at least 2mbps by the end of 2016.
Howdle concludes, "Comparing broadband to the headline issues, it is ironic that while parties seek to connect with us on immigration, welfare and the deficit, those getting a raw deal on connection itself wield the power to swing this election".
Is broadband policy important enough to influence your vote? Do let us know.
Image Credit: Blablo101 / Shutterstock
Social media is a large part of many people's lives these days but it seems that people at the top of enterprises and large organizations are more reluctant to engage.
Management education advice site MBA Central has produced an infographic looking at how CEOs are lagging behind in their use of social media despite the benefits it can bring to their personal and professional reputation.
It shows that 68 percent of CEOs have no social media presence at all and of those that do only one in three uses more than one site. The platform of choice for single site users is LinkedIn which is used by 73 percent. Only 8.3 percent of Fortune 500 CEOs have Twitter accounts but between them they have 3.7 million followers, showing the size of the potential audience the others are missing out on.
Interestingly three out of four consumers say they feel a company is more trustworthy if its high level management participate in social media. Also 76 percent of executives say they'd rather work for a socially engaged CEO.
You can see the full infographic, which includes tips on how CEOs can use social media effectively, below.
Source: MBACentral.org
Everyone, it seems, is jumping on the Apple watch bandwagon today with new apps, but one of the more interesting developments comes from enterprise security specialist MicroStrategy.
It's launched a version of its Usher platform allowing the Apple Watch to be used as a secure digital key, enabling wearers to log into business systems, unlock devices, validate personal identity, and open physical doors with a simple gesture or tap.
"Apple Watch is the ideal platform to replace the password, plastic card, and metal key," says Michael Saylor, CEO of MicroStrategy. "By integrating Apple Watch, iPhone, and Touch ID with enterprise applications, resources, and business processes, Usher for Apple Watch brings a new level of convenience, capability, safety, and security to the marketplace".
The Usher platform allowing smartphones to be used as a security key was released earlier this year. By using a number of Apple Watch features, including Glances, Notifications, and Force Touch, this latest version of Usher seamlessly enables the new device to be used for a broad range of business security applications. The app is designed to detect a wide range of systems, hardware and physical entryways as users approach. Users also receive push notifications on their watch prompting them to unlock their workstation, log into a system, or open a doorway with a simple tap or gesture on the device.
More information about Usher for Apple Watch is available on the MicroStrategy website.
Microsoft is continuing its crusade to wean customers off earlier versions of Internet Explorer before the Support Lifecycle changes kick in in January 2016.
The company has announced changes in its April update to Enterprise Mode and Enterprise Site Discovery in IE11 to provide enhanced backwards compatibility for sites designed to run in earlier versions of the browser.
It adds a new IE7 Enterprise Mode option which enables Enterprise Mode together with Compatibility View. This is based on customer feedback that some sites work best with both Enterprise Mode and Compatibility View enabled.
Put a site in IE7 Enterprise Mode and it will automatically use Enterprise Mode with IE7 document mode if there's a DOCTYPE in the markup, or fall back to IE5 document mode if there isn't a DOCTYPE. The previous Enterprise Mode is still there but renamed IE8 Enterprise Mode. There's also a new IE11 Document Mode replacing the earlier Edge Mode to call IE11 on Windows 10 systems. All of these options are available via the Enterprise Mode Site List Manager.
Enterprise Site Discovery adds XML as an output option either on its own or in conjunction with WMI output. The option of management by group policy is added too with four policies to give control over the output of the feature in addition to the parameters for privacy.
More information on these changes is available on the MSDN IE blog.
The rise of mobile device use and of BYOD policies in the workplace is bringing about a major shift in the way people communicate at work.
Email solutions provider Newsweaver has produced an infographic looking at the rise of mobile devices for business use. It also looks at how bring your own app (BYOA) and enterprise app use have different effects.
Findings include that 41 percent of employees do not believe that the tools their company provides actually meets their needs. They therefore choose to 'go rogue' and use their own apps instead. This is acknowledged by IT teams where three out of four workers say they are delivering outdated enterprise tools which don’t meet employee needs.
The adoption of enterprise apps is a more effective approach as it boosts work productivity by over 34 percent. Over half of employees say that enterprise apps help them to do their job more effectively.
There are concerns though, 46 percent of IT departments are not confident in their own mobile security systems effectiveness to protect company data. Cost is also a major issue with the average enterprise app costing $100,000 plus to design, develop and launch.
You can see the full infographic with additional findings below.
Image Credit: Syda Productions / Shutterstock
A new study by website security specialist Incapsula and community site DevOps.com shows that DevOps is rapidly becoming one of the hottest technology career paths.
DevOps -- a hybrid of development and operations -- is a recent field, recognizing that software development, quality assurance, and IT operations all depend on each other. It aims to help organizations rapidly produce software products and services and to improve operational performance.
The survey aims to find out more about this rapidly expanding field and polled hundreds of DevOps professionals across the world on their salary, title, daily duties, and level of education required for the job.
Writing on the Incapsula blog Dori Harpaz, director of marketing says, "As this is a relatively new field, we thought it would be enlightening to see how DevOps professionals define their own roles within their organization. Taking this one step further, we decided to not only explore what DevOps professionals do, but also how much they earn and the various factors that affect salaries in this field".
Findings include that 52 percent of respondents have a bachelor's degree, while 25 percent have a master's. However, the level of education completed doesn't affect salary, the results showed professionals with high school diplomas could earn salaries comparable to those with master’s degrees.
Those salaries are also increasing. More than 76 percent of respondents reported that their salaries increased in 2014 and 85 percent expect a further increase this year. Almost half of respondents also received a bonus last year.
There's also a direct correlation between the size of the DevOps team and median salary. Perhaps not surprisingly larger teams pay higher salaries. Companies of all sizes place strong value on DevOps though. The median salary for professionals working at companies with revenues less than $1m was $87,058, and at companies with more than $1b in revenue $118,867.
Other findings include that 65 percent of respondents work for North American companies, and that the field is overwhelmingly male dominated with 96 percent of respondents being men.
The full survey report is available to download from the Incapsula website.
Image Credit: Nata-Lia / Shutterstock
Businesses and development teams are under ever more pressure to produce new apps to meet tight deadlines, this can lead to the creation of apps that fail to meet user requirements.
Platform as a service company WaveMaker is looking to streamline the development process for enterprise developers and non-programming users with the announcement of WaveMaker Desktop, a free, open source, browser-based, single-developer version of its recent WaveMaker Studio 7 release.
WaveMaker Desktop is based on open standard technologies including Java, Spring, Hibernate, AngularJS, and Bootstrap. It allows users to quickly evaluate the rapid API application development (RAAD) capabilities of WaveMaker Enterprise using live data behind the firewall and without having to involve the IT department.
WaveMaker Desktop improves on other SaaS-only solutions for app development, which prevent developers from accessing data behind the firewall. It also provides enterprises with the permanent assurances of open source software and doesn't lock them into proprietary technology.
"Speeding app creation speeds innovation. Many enterprises need their apps to access private data and work with an increasing myriad of devices. WaveMaker's Enterprise platform solves these and other related challenges for the enterprise. Before that can be done, developers first want to quickly evaluate WaveMaker's RAD capabilities on live data and WaveMaker Desktop makes that very easy," says Samir Ghosh, CEO of WaveMaker. "We also know that enterprises want a thriving ecosystem of service providers around WaveMaker. WaveMaker Desktop enables an extensive range of large and small SIs, VARs, and ISVs to thrive. Plus, we’re also seeing more SaaS ISVs, or ISVs wanting to move to SaaS looking for an open-standards-based RAD solution to not only build their apps, but to OEM as a UI customization option for their users".
WaveMaker Desktop is available to download now from the company's website. You can also sample the product's enterprise capabilities at WaveMakerOnline.
Image Credit: alphaspirit / Shutterstock
Many small business owners see accounting as a necessary evil. They know they need to stay on top of their sales, cash flow and so on but the actual process of doing so is a chore.
Now a new mobile app called ONE UP is claiming to reduce the amount of time taken to handle accounts to just a few minutes per month. It automatically synchronizes with banks and provides suggested entries that can be validated with a single click. In addition the ONE UP suite includes automatic inventory, CRM and invoicing.
"It's as if you had a CPA on your shoulder. ONE UP is the killer app for small businesses, and with the accounting solution we literally provide hands-free bookkeeping," says Francois Nadal, CEO of ONE UP. "ONE UP gives you your free time back because you get what matters to run your business -- cash flow, profit, loss -- quickly and without the hard work. After just three months, most of your data entry is eliminated as the app learns about your business".
The app is designed to make routine tasks automatic for small businesses ranging from solo business owners up to those with 20 employees. With ONE UP Inventory, the app synchronizes with the point of sale, for example, so all that is left is to validate the suggested orders to vendors and stock can be replenished with one click.
Developed from the successful myERP product which has more than 300,000 users in 50 countries, ONE UP is in three parts. Inventory generates packing lists or delivery notes from sales orders so users can deliver to customers faster and update the status of orders. All inventory movements are posted into ONE UP Accounting, the second module, which allows an accountant to log in remotely to audit books or export financial records to their location. Finally ONE UP CRM tracks chats, calls and tasks, helps organize time with leads, creates personalized quotes with a custom template, and can turn quotes instantly into an invoice or sales order.
Pricing for ONE UP starts at $9 per month for a single user, more information and a 30-day free trial is available via the company's website.
Image Credit: EM Karuna / Shutterstock
Though we're constantly being warned about the threat offered by new malware it seems that, for Windows systems at least, the old favorites continue to catch us out.
The latest threat report from security company F-Secure shows that Conficker continues to be the number one Windows threat, kept alive by the number of unpatched legacy systems still around.
Android is still the main target for mobile malware, with 61 new families discovered compared to only three for iOS. The fastest growth has been in malware that sends premium SMS messages. Ransomware is still growing too, the Koler and Slocker trojans being the largest ransomware families on Android.
Mikko Hypponen, F-Secure's Chief Research Officer says, "Criminals use ransomware to extort people by locking them out of their own devices unless they pay a ransom. Because of virtual currencies, it's becoming a lot easier for criminals to use ransomware, making it more profitable and more useful for them. For end users, ransomware is now the most prominent type of digital threat".
When it comes to spreading malware social networking sites are popular, using routes such as Kilim, a family of browser extensions that post unwanted content (messages, links, 'Likes,' etc) to the user’s Facebook account and alter browser settings. Kilim is ranked second in the top 10 threats.
Looked at geographically, most threats reported by F-Secure users in the second half of 2014 originated from Europe and Asia, but in the last six months the company saw more activity reported in South America.
The top 10 threats identified by F-Secure in the second half of 2014 are:
1 Conficker/Downadup -- a worm exploiting a vulnerability in Windows to spread via the web, network shares and removable media.
2 Kilim -- Browser extension that posts unwanted content to Facebook.
3 Sality -- A virus family that infects exe files and hides its presence to kill processes, steal data and perform other actions.
4 Ramnit -- Infects EXE, DLL and HTML files. Variants may also drop a file that tries to download more malware from a remote server.
5 Autorun -- A family of worms that spread mostly via infected removables and hard drives, and can perform harmful actions like stealing data and installing backdoors.
6 Majava -- A collection of exploits against Java vulnerabilities, a successful attack can, among other things, give the attacker total system control.
7 Rimecud -- A family of worms that spreads mostly via removable drives and instant messaging. Can install a backdoor that allows a remote attacker to access and control the system.
8 Anglerek -- A collection of exploits for multiple vulnerabilities. At worst can give the attacker total system control.
9 Wormlink -- Specifically-crafted shortcut icons used to exploit the critical CVE-2010-2568 vulnerability in Windows to gain system control.
10 Browlock -- A police-themed ransomware family that steals control of the users’ system, allegedly for possession of illegal materials then demands payment of a 'fine' to restore normal access.
Much more detail is available in the full report which can be downloaded from the F-Secure website.
Image Credit: underverse /Shutterstock
Technology makes it easier than ever for businesses to collect data but that also means they have greater responsibility for looking after it.
Data protection specialist Druva has released the results of a new study conducted by Dimensional Research which examines companies' efforts to protect sensitive data, the challenges they face ensuring data privacy and gathers respondent views on protecting data privacy in the cloud.
Among the findings are that 99 percent of respondents reported having some for of sensitive data, including personal financial, healthcare and authentication-related data, they needed to manage. 84 percent reported plans to boost their efforts to protect the privacy of sensitive data. There are problems with enforcement, however, with almost 84 percent of respondents reporting that employees don’t follow data privacy policies.
The shift towards the cloud is also having an impact, nearly 90 percent of respondents indicated that their volume of data stored in the cloud will increase through 2015 and 87 percent of companies reported being 'concerned' or 'very concerned' about data privacy in the cloud.
"Organizations are facing a real data protection crisis. Data privacy is top-of-mind for companies worldwide, and for good reason," says Jaspreet Singh, CEO, Druva. "Today's enterprise is a borderless one. The globalization of data creates a challenge that exposes each region to their specific and local privacy regulations. Protecting and managing corporate data -- especially in the cloud -- calls for a multi-faceted approach for which Druva is setting the standard".
Other statistics are that 81 percent said their business has data privacy requirements they must meet for compliance and governance regulations. Insufficient employee awareness and understanding of data privacy policies was cited by 56 percent as a major challenge to ensure privacy of sensitive data, and 67 percent reported that meeting regional requirements for data privacy is challenging.
The full report is available on the Druva website and there's a summary of the findings as an infographic below.
Photo credit: Ivelin Radkov / Shutterstock
We constantly see stories about the latest threat from malware, particularly relating to mobile devices. But is it really as bad as it's made out to be?
No, says threat detection and containment specialist Damballa which is unveiling new research based on its big data analysis of almost half of US mobile traffic.
Damballa originally did a study in the spring of 2012 to determine the extent of mobile devices contacting malicious domains. At the time it monitored approximately 33 percent of US mobile data traffic. Repeating the study in 2014 Damballa now monitors about 49 percent of traffic. During the new test period researchers saw 130 to 160 million devices per day and observed 2,762,453 unique hosts contacted by mobile devices.
In 2012 researchers identified 3,492 out of a total of 23 million mobile devices -- 0.015 percent -- contacting a domain on the mobile blacklist. In Q4 2014 only 11,699 out of a total of 151 million mobile devices contacted mobile black list domains, a mere 0.0077 percent. For contrast the US National Weather Services says the odds of being struck by lightning in a lifetime are 0.01 percent.
Also only 1.3 percent of mobile hosts were not in the set of hosts contained by historical non-cellular data. There's a big overlap between wired hosts and mobile hosts therefore and mobile applications are reusing the same hosting infrastructure as desktop applications.
"This research shows that mobile malware in the Unites States is very much like Ebola -- harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection," says Charles Lever, senior scientific researcher at Damballa. "Ask yourself, 'How many of you have been infected by mobile malware? How many of you know someone infected by mobile malware?'"
For more information on the study and a look at Damballa's threat detection and defense systems you can visit the company's website.
Image Credit: Khakimullin Aleksandr / Shutterstock
Where business intelligence is concerned it's often the case that companies don't lack data. However, they struggle to use the information they have in a way that offers meaningful insights.
San Francisco-based cloud analytics provider GoodData is releasing some new additions to its platform to break down the barriers of traditional business intelligence and improve self-service options without compromising the IT department's need for data governance and integrity.
"My goal when founding GoodData was to give everyone access to insights, creating a truly data-driven enterprise at which decisions occur quickly across every level of the business," says CEO Roman Stanek. "These new features accelerate time to insights by helping users work smarter through guided recommendations".
The additions are Data Explorer, a user-facing data exploration interface that allows business analysts to gain insights from new data sources in less time; Analytical Designer, a self-service data discovery tool that guides analysts to better insights using GoodData’s Collective Learning and recommendations; finally, Email and Group Sharing makes it easy to deliver insights to the right people across the organization.
"The new capabilities GoodData is bringing to the table make producing insights far more straightforward for our organization," says Chris Marin, senior principal, digital marketing platform and analytics at CSC. "The simple drag-and-drop Analytical Designer will support our data analysis on a daily basis".
More information about GoodData and how it can unlock the accumulation of a company’s experience, best practices, and millions of user interactions can be found on the company's website.
Image Credit: Peshkova / Shutterstock
There are 85,000 new malicious IPs launched every day and the top phishing targets are technology companies and financial institutions.
These are among the findings of a new report from threat intelligence and security company Webroot. The Webroot 2015 Threat Brief provides the latest cyber threat trends collected from tens of millions of users and over 30 security technology partners.
The report finds that the United States accounts for 31 percent of malicious IP addresses, followed by China with 23 percent and Russia with 10 percent. Overall, half of malicious IP addresses are based in Asia.
It shows a 30 percent chance of Internet users falling for a zero-day phishing attack in the course of a year, and indicate a more than 50 percent increase in phishing activity in December 2014, most likely due to the holiday season.
On average, there are nearly 900 phishing attempts detected per financial institution, but over 9,000 attempts detected per technology company. The top five technology companies impersonated by phishing sites are: Google, Apple, Yahoo, Facebook and Dropbox. Looked at by country, the US is by far the largest host of phishing sites, with over 75percent being within its borders.
Looking at mobile systems the report finds that, on average, only 28 percent of apps on the Android platform were trustworthy or benign, a drop from 52 percent in 2013. Almost half were rated were moderate or suspicious, and over 22 percent were unwanted or malicious. Trojans make up the vast majority of malicious threats, averaging 77 percent for 2014.
"Webroot has seen a continued rise in the number of malicious URLs, IP addresses, malware, and mobile applications used to enable cybercriminals to steal data, disrupt services, or cause other harm," says Hal Lonas, chief technology officer at Webroot. "With more breaches at major retailers, financial institutions and technology companies in the headlines and scores of other, smaller breaches in 2014, the trend shows no signs of slowing down. The Webroot 2015 Threat Brief highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks".
2014 has also seen more sophisticated techniques being used to attack PCs. These include the Poweliks registry exploit which doesn't require extra components to deliver infections like ransomware. Webroot also discovered five new families of potentially unwanted application, each demonstrating new social engineering techniques and complexity.
The full report is available as a PDF from the Webroot site and there's a summary of the findings in infographic form below.
Photo Credit: ra2studio / Shutterstock
Software as a Service (SaaS) is one of the biggest technology growth areas at the moment. That's reflected in the amounts of capital being pumped into the sector by investors.
A new SaaS Trends Report by Tibco Analytics and venture capital tracker CB Insights shows that funding for SaaS companies was $11.7 billion in 2014, up 70 percent over the past year. SaaS funding has tripled since 2011.
The biggest deal of the last year was Dropbox which received $350 million in extra funding. SurveyMonkey raised $250 million, with online publishing and development specialist Automattic third on $160 million. Cloud storage company Box and security provider Lookout each received $150 million.
Broken down by industry most funding between 2011 and 2014 went to SaaS businesses in the area of business intelligence and analytics (838 deals totaling $6.6 million), followed by CRM and marketing each with around 400 deals totaling over $2 million for each area. Monitoring and security comes next with fewer deals (226) but over $2 million of investment.
Also interesting are the figures for the number of companies exiting venture capital funding, either via mergers and acquisitions or IPOs. Total exits in 2014 were up 66 percent year-on-year. The last quarter of 2014 also saw the highest number of SaaS IPOs in the last four years, companies floating including New Relic and Hubspot. But whilst it's the really big deals that make the news it's important to note that 49 percent of SaaS companies exiting VC funding raised less than $10 million.
Of the companies snapping up SaaS businesses the most acquisitive is Oracle, which went on a $700 million shopping spree to snap up BlueKai and Virtue among others. Next come IBM, Google and Saleforce each of which have made five or more SaaS acquisitions between 2011 and 2014.
The full report with much more information is available to download from the CB Insights website.
Photo Credit: Rrraum/Shutterstock
Last week we reported on IBM's decision to open up its threat intelligence data in X-Force Exchange to help fend off cyber attacks.
Today the company is making its threat intelligence system QRadar available as a cloud service, giving companies the ability to quickly prioritize real threats and free up critical resources to fight cyber attacks.
It will be on offer to customers on a Software as a Service (SaaS) model, with optional IBM Security Managed Services plus integration with the cloud-based X-Force Exchange to provide deeper expertise and flexibility for security professionals.
The product comes in two parts, IBM Security Intelligence on Cloud helps organizations determine if security-related events are simple anomalies or potential threats. Built as a cloud service using IBM QRadar, enterprises can quickly match security event data with threat information from over 500 supported data sources for devices, systems, and applications. This is complemented by pre-defined reports for use cases like compliance, vulnerability management and security incident response.
It also offers Intelligent Log Management using analytics and a hosted, multi-tenant technology to deliver compliance with powerful real-time correlation and anomaly detection capabilities. It supports over 400 platforms allowing security teams to gather data from any device in their organization.
"Organizations are facing a security data tsunami that can overwhelm even the most sophisticated enterprise’s security program," says Jason Corbin, Vice President, Product Management and Strategy at IBM Security. "Security leaders are telling us they want increased visibility through the cloud and control throughout their hybrid IT environments. The option of doing predictive analytics via the cloud gives security teams the flexibility to bring in skills, innovation and information on demand across all of their security environments".
By bringing QRadar to the cloud IBM is aiming to offer its customers improved threat response times, while potentially reducing overall security costs by an average of 55 percent. Significantly improved threat detection is promised too, helping clients automatically handle up to 95 percent of their security events.
More information is available on the IBM Security website.
Recent security breaches like that at Sony Pictures highlight the difficulty of protecting unstructured information that's held in things like emails and documents.
Security company TITUS is offering a solution with a new version of its TITUS Classification Suite that uses a blend of content and context to automatically classify and protect information as it's handled by users.
Already in use by the French Ministry of Defense and others, TITUS Classification Suite 4 offers organizations a new flexible policy engine that can apply complex rules to protect information without getting in the way of business process or requiring users to remember specific security policies.
Administrators can set up policies to classify email based on recipients; protect messages based on the content or classification of attachments; classify and protect documents based on content, filename or location; or prevent printing of sensitive documents to non-secure devices. Customizable alerts warn users of special information handling conditions or possible impending security violations.
It's capable of integrating with data loss prevention (DLP) solutions, allowing enterprises to optimize security policy, focus on high-risk areas, and capture retention-related metadata for use in archiving or deletion. New integration capabilities, such as with Intel Security Data Exchange Layer (DXL), will allow organizations to enhance their behavioral analytics and reporting capabilities and help them uncover malicious insider threats.
"TITUS is proud to deliver a solution that we have worked toward with the input of hundreds of customers over the last ten years," says Tim Upton, Founder and CEO of TITUS. "From simplifying the administration for our largest enterprise customers, to helping address malicious insider threats, to supporting advanced business rules for challenging problems such as IP protection and export control -- we are delivering a unique ability for enterprises worldwide to protect their most sensitive information".
Classification Suite 4 is comprised of TITUS Message Classification for Microsoft Outlook, TITUS Classification for Microsoft Office, and TITUS Classification for Desktop. Solutions for mobile and Outlook Web App (OWA) are also available. You can find out more and request a free trial on the TITUS website.
Image Credit: ktsdesign / Shutterstock
Increased use of the cloud and hybrid systems is bringing new challenges for businesses needing to ensure their systems are secure and compliant.
A new Cloud Agent Platform (CAP) from cloud security specialist Qualys provides organizations with a flexible solution to assess the security and compliance of their IT assets in real time, whether they're on-site, cloud-based or mobile endpoints.
Qualys CAP provides a lightweight agent that can be installed on any host such as a laptop, desktop, server or virtual machine. Qualys Cloud Agents then extract and consolidate vulnerability and compliance data and update it continuously within the Qualys Cloud Platform for further analysis and correlation. This allows it to offer a continuous view of the security compliance status of a network.
The agent installer can be embedded in system images, deployed via group policy or run from the command line. It can also be embedded into images on cloud servers allowing it to work with environments like Azure. The agent is light on CPU resources, using around five percent at peak and less than two percent in normal operation. Once installed it takes a full assessment of its host while running in the background, and sends that assessment snapshot back to the Qualys Cloud Platform for evaluation. From then on a configurable profile controls how often the agent sends host changes back to the platform to incorporate with the snapshot. Initial, full snapshots are only a few megabytes, and subsequent updates just a few kilobytes. This reduces the network bandwidth consumption to far below that of traditional scanning as well as other agent-based solutions.
CAP also makes for easy inventory management as admins can interrogate all of their systems from a central location. Assets can be monitored for the latest operating system, application and certificate vulnerabilities as well as tracking missing critical patches on each device. The system can also check for compliance with standards like HIPAA.
"Traditional vulnerability scanning methods present a number of challenges for IT security teams who either don’t have the proper credentials, or are scanning assets that aren't always connected to the local network," says Philippe Courtot, Chairman and CEO of Qualys. "Qualys Cloud Agent Platform is a game changer and a new paradigm of continuously assessing IT systems. This platform provides our customers with the flexibility and choice they need to conduct real-time vulnerability and compliance management for IT assets whether it's on-premise, cloud-based or mobile endpoints".
Qualys Cloud Agent Platform is currently available on a trial basis for Windows systems and will go live on May 15. Unix and OSX versions will be available later in the year. For more information and to sign up for a trial visit the Qualys website.
Photo Credit: wavebreakmedia/Shutterstock
Cloud computing has stepped up the pace of app development, with many businesses coming under pressure to deliver new services fast.
Following on from last month's launch of the Azure IoT Suite, tech giant Microsoft is stepping into the platform as a service (PaaS) space with Azure Service Fabric.
Mark Russinovich CEO of Microsoft Azure writing on the company's Azure blog says, "Service Fabric was born from our years of experience delivering mission-critical cloud services and has been in production for more than five years. It provides the foundational technology upon which we run our Azure core infrastructure and also powers services like Skype for Business, InTune, Event Hubs, DocumentDB, Azure SQL Database (across more than 1.4 million customer databases) and Bing Cortana -- which can scale to process more than 500 million evaluations per second".
The platform is designed to understand the available infrastructure resources and needs of applications, enabling automatic updating and self-healing so that highly available and durable services can be delivered at hyper-scale. Russinovich adds, "We're now making this battle-hardened technology available for everyone use -- not a version of what we use, but the exact technology we use ourselves".
Key features of Service Fabric include support for creating both stateless and stateful microservices -- meaning that complex applications are made up of small, independent processes talking to each other using APIs -- allowing it to power complex, low-latency, data-intensive scenarios and scale them into the cloud.
This approach makes it easy to roll out changes to parts of an application and to reverse them if things go wrong without needing to rebuild the whole thing. It also allows for efficient load management as Service Fabric can, for example, launch more instances of a service that's under heavy demand.
It includes Visual Studio tooling as well as command line support, which enables developers to quickly and easily build, test, debug, deploy and update their Service Fabric applications whether in test or production environments.
Whilst it will be aimed at Windows development initially, Russinovich says Linux support will be offered in future. More information will be available at next week's Microsoft Build developer conference.
As more apps move to the cloud business infrastructures are increasingly fragmented. This can make traditional on-site security tools ineffective in fighting off cyber attacks.
The threat of attacks remains, however, and a new release from security software company Radware is aimed at protecting both on-premise and cloud-based applications, using just one solution.
Radware’s Hybrid Cloud Web Application Firewall (WAF) protects against web attacks and can also defend and mitigate a wide range of DDoS attacks through its always-on DDoS attack protection. It can provide comprehensive detection and mitigation of attacks with minimal false positives and no impact on legitimate traffic.
Radware's WAF protects both in-house and web applications using a single technology. Unlike existing WAF solutions that integrate dual technologies which results in a gap between protection coverage and quality, Radware's single technology approach makes migrating applications to the cloud safer and more secure.
"It's not uncommon for enterprises to distribute their applications both on-premise and in-the-cloud. In addition, we see enterprises employ multiple cloud vendors to host various aspects of their infrastructure. However, having a disparate network infrastructure adds a level of complexity when trying to protect your web applications," says Carl Herberger, vice president of security solutions for Radware. "We have taken actionable steps to provide enterprise with a unified hybrid solution against web-based attacks regardless if protection is needed on-premise or in the cloud and provide better security when moving applications to the cloud as well as ease of security policy orchestration and automation".
You can find more information on the Radware website and the technology will be on display at the RSA Conference this week.
Photo Credit: Andrea Danti/Shutterstock
A new study of nearly 14,000 information security professionals worldwide shows that two-thirds of respondents are concerned about the addition of multiple security technologies, often referred to as sprawl.
The Global Information Security Workforce Study (GISWS) produced by (ISC)² a not-for-profit membership body of certified information and software security professionals worldwide, is largest study of the information security profession ever conducted.
"Many of the facets discovered in this year’s workforce study demonstrate that aspects of the information security program are being carried out in IT departments and other business units -- positioning IT as a force multiplier," says David Shearer, executive director of (ISC)². "Cloud adoption rates and projected increases in spending on security tools and technologies are further increasing the need for IT and security departments to function collaboratively. Year after year, the study has shown a workforce shortage; but now, we're finding that the shortage is being compounded with issues that are becoming more prevalent, such as configuration mistakes and oversights that can be detrimental to the security posture of global businesses".
Among the findings of the study are that phishing is the top threat technique employed by hackers, cited by 54 percent of respondents, and that the estimated time to fix an attack following a system or data compromise is getting longer. An average attack takes between two and seven days to fix according to 44 percent.
It also shows that respondents think additional training and education are needed most in the areas of cloud computing (57 percent), BYOD and incidence response (both 47 percent). Respondents felt that when it comes to retaining information security professionals, support for training and professional security certifications is essential. Lack of in-house skills is cited by 49 percent as the reason for turning to outsourcing.
There's much more detail in the full report which can be downloaded from the (ISC)² website and there will be a session discussing the findings at the RSA Conference on Monday April 20.
Image credit: fotogestoeber / Shutterstock
The endpoint is the most vulnerable link in enterprise security, constantly under attack and prone to human error. Yet the security products designed to protect it are subject to high levels of false positives.
The result is that providing effective protection can be complex and stretch the resources and budget of even quite large organizations.
Denver-based Red Canary, founded by a team with a strong background in security and defense intelligence is offering a four-pronged approach to detecting threats in real time and eliminating false positives.
It uses a combination of behavioral analysis to detect malicious software or activity; anomaly detection to pick up activity such as logons from other locations; binary analysis to look at the reputation of binaries but also their potential for harm; and threat intelligence to protect across the customer base.
Crucially every suspicious event flagged by the company's Threat Detection Engine is then subject to human review. "Businesses have become over reliant on technology to protect their endpoints. This is why Red Canary uses a human analyst team to eliminate false positives," Red Canary's CEO Brian Beyer says. "Smaller companies can't afford the expertise to do this in house".
Combining best of breed technologies and adding human review Red Canary enhances response by detecting threats in hours rather than weeks, by delivering actionable detections, and by providing extensive endpoint visibility.
"Enterprises have to identify assets, know what they're defending and have the right systems in place if their perimeter is breached," adds Beyer. "This means investing in people and giving them the right tools to do the job."
You can find out more about Red Canary's approach to endpoint protection on the company's website.
Image credit: bannosuke / Shutterstock
Internet performance specialist WildPackets is changing its name to Savvius and at the same time is also launching its first security appliance.
"This name change comes at a defining moment in our history," says Tim McCreery, CEO of Savvius. "We are deepening our commitment to network performance management solutions and expanding our focus to include support for security forensics. Our team is united in providing great solutions and world-class support to our customers and partners".
The company's first security appliance the Savvius Vigil is able to intelligently store months of packet-level information in order to assist security investigations. It means packets related to a breach can be examined weeks or even months after the incident occurs, providing information that is often vital to a full understanding of the threat.
There's typically a lag between a threat entering a network and it being detected which leads to a gap in the data analysts have available to study the issue. Once a threat is spotted, Vigil responds by intelligently storing the network packets associated with that event, including packets that led up to it, those that were created immediately after, and those in related conversations. It will allow security professionals investigating a weeks- or months-old security breach to add specific network packet data to their investigation -- something that was previously unachievable.
"Security threats begin at the packet level. Unfortunately, months of long-term packet-level forensics have been a missing piece of the security puzzle for far too long," says Mandana Javaheri, Chief Technology Officer of Savvius. "Until today's announcement, organizations have not had a practical way to store long-term network packet data. With Savvius Vigil, security analysts can have greater insight into security incidents that occurred in the past".
More information about Savvius Vigil is available on the company's website.
Photo Credit: Sergey Nivens/Shutterstock
With cyber attacks often being driven by organized crime rings and the tools and expertise behind them widely shared, threat intelligence is more important than ever to fend them off.
Announcing today that it's opening up more than two decades' worth of cyber threat intelligence IBM is seeking to unite, mobilize and rally the private sector to defend itself against increasingly sophisticated and organized cyber threats.
It's set up a new cloud platform called X-Force Exchange which builds on IBM's scale in security intelligence, integrating its portfolio of deep threat research data and technologies like QRadar, thousands of global clients, along with the acumen of a worldwide network of security analysts and experts from IBM Managed Security Services.
"The IBM X-Force Exchange platform will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals," says Brendan Hannigan, General Manager of IBM Security. "We're taking the lead by opening up our own deep and global network of cyberthreat research, customers, technologies and experts. By inviting the industry to join our efforts and share their own intelligence, we're aiming to accelerate the formation of the networks and relationships we need to fight hackers".
The X-Force Exchange features over 700 terabytes of raw aggregated data supplied by IBM. This makes it one of the largest and most complete catalogs of vulnerabilities in the world. Data includes threat information based on monitoring of more than 15 billion security events per day, malware threat intelligence from a network of 270 million endpoints, threat information based on over 25 billion web pages and images, intelligence on more than 8 million spam and phishing attacks, and reputation data on nearly a million malicious IP addresses.
The data will continue to grow, be updated and shared. The platform is able to add up to a thousand malicious indicators every hour including real-time information which is critical to the battle against cybercrime.
Within the platform, IBM intends to provide future support for STIX and TAXII, the emerging standard for automated threat intelligence sharing. This will make for easy extraction and sharing of information to and from the exchange, as well as enabling seamless integration into existing security systems.
You can find more information about IBM X-Force Exchange on the company's website.
Image Credit: Tomasz Bidermann/Shutterstock
There were 783 reported data breaches in 2014, up 27.5 percent over the previous year and the most in any year of the past decade. The average cost of each of those breaches was $3.5 million, up 15 percent over 2013.
These are among the statistics highlighted in a new infographic from user behavior intelligence specialist Exabeam. Ten breaches each led to more than a million records being reported stolen, the biggest being Home Depot with 56 million records.
But whilst retail -- partly distorted by that massive Home Care figure -- accounts for the highest percentage of records stolen, it's the health care sector that accounts for the majority of breaches. Health care reported 333 breaches in 2014, accounting for 42.5 percent of the total. Retail comes second on 33 percent with government and military third on 11.7.
How breaches happen is interesting too. Whilst 29 percent were down to hacking, 15.1 percent were laid at the door of sub-contractors or third-parties, and 12.5 percent physical theft. Accidental exposure (ooops!) accounted for 11.5 percent, employee negligence 10.9 percent and insider theft 10.2 percent.
You can see the full infographic below.
Image Credit: Pavel Ignatov / Shutterstock
There are lots of options for business collaboration but security of data is always a concern, especially when implementing cloud solutions.
The answer to these worries may lie with cloud collaboration specialist HighQ which is launching Collaborate 3.4, the first hybrid version of its platform providing both cloud and on-premise secure storage of data.
In addition to hybrid storage, the new Collaborate platform offers the ability to store encryption keys onsite, giving companies a safeguard with which to secure their data against threats, whether hackers, data-center workers or NSA snoopers.
"Collaborate 3.4 opens up important new use cases for customers around the world," says HighQ's Chief Strategy Officer Stuart Barr. "Organizations can collaborate on any device with the utmost levels of data sovereignty and security -- and pass those benefits on to their own clients. Our customers require all their data to stay protected and confidential, and we listened, evolving Collaborate to meet the most stringent requirements".
Key features include hybrid storage which gives customers the option of storing files within a particular jurisdiction or their own network. A custom-build appliance can be used to select where to store files for each individual workspace -- on-premise, in another location of the user's choice, or in one of HighQ's own data centers.
In addition encryption key management lets customers store their encryption keys on-premise rather than in the cloud where they're potentially vulnerable. This adds another layer of protection and lets companies retain full oversight of their data.
Microsoft Office integration enables users to seamlessly open and edit files from Collaborate in Word, Excel and PowerPoint. Once a file is closed, Collaborate automatically uploads and publishes the latest version. A new Outlook plugin also lets users securely transfer files from within Outlook. Plus there's a personal file syncing feature which provides a secure alternative to public cloud services services by letting users sync personal files to their PC or Mac.
"Collaborate 3.4 completes the vision that we first laid out in 2012," says Barr. "It combines the best aspects of enterprise file sharing and sync with social collaboration and secure team workspaces. We’re proud to be the only provider to be built from the ground up for the world’s most sensitive industries, and to continually keep pace with the most advanced privacy, security and data-sovereignty requirements".
You can find out more about Collaborate on the HighQ website.
Image Credit: Lightspring / Shutterstock
Only two weeks ago we reported on the underlying vulnerabilities that put point-of-sale systems at risk. Now acting as part of an investigation by the US Secret Service, researchers at security services company Trustwave have identified a new family of PoS malware.
Cyber criminals are already using the malware -- which researchers have named "Punkey" in an obscure '80s sitcom reference -- to infect businesses. Payment card information and more than 75 active victim IPs were found as part of the investigation.
Trustwave doesn't know the number of businesses that have been infected but its researchers have seen multiple command and control servers and multiple campaigns related to Punkey and it appears that a number of malware authors have been at work on the source code used in the campaigns.
The software hides inside Windows Explorer and scans other processes for card holder data, sending any details found to a server. It periodically checks in with the server to see if there are any updates such as new programs to run or if an update to the malware is needed. The Punkey malware also performs keylogging, capturing 200 keystrokes at a time and sending them back to the server. Thus the attacker can capture usernames, passwords and other important information. All of these functions run continuously and will start up again if the computer is rebooted.
Trustwave notes that, "The injection and hiding process with Punkey is more advanced than most of the point-of-sale malware that we currently see. In particular, command and control server interaction with the malware is something we don't see very often. The ability to execute arbitrary programs and update the malware is not something typically seen in point-of-sale malware".
You can read more about the discovery on the Trustwave blog.
Image Credit: Sedlacek / Shutterstock
Business intelligence systems have in the past delivered large amounts of data but in a format that wasn't necessarily easy to use as it was extracted from legacy systems.
In an effort to make BI data more accessible, cloud intelligence and analytics specialist Birst has announced a partnership with Tableau Software to combine the latter’s powerful visual analytics with Birst’s agile and scalable Cloud BI data platform through an ODBC connector.
"Tableau's mission is to help people see and understand their data. Insightful visual analytics require access to every source of data across an organization," says Dan Jewett, Vice President of Product Management at Tableau Software. "By helping Birst create a connector to Tableau, our companies are continuing this vision by elevating the analytics experience for customers".
The combination enables Birst customers to create dynamic, interactive visualizations that are based on a single source. It offers the speed and ease-of-use that people want in analytics combined with the modern, enterprise-grade data architecture needed to run today’s businesses.
"In an era where legacy BI vendors are losing ground, you have two forward-thinking technology companies like Birst and Tableau, typically seen as competitors, now working together to help more people make better decisions with data," says Jay Larson, CEO of Birst. "The reality is that Birst's and Tableau's technologies are much more complementary than competitive, and we’re thrilled about this unique opportunity to work with Tableau to deliver analytics to everyone, from developers to data analysts to business users, without forcing companies to make trade-offs between speed, ease-of-use and data governance".
More information is available on the Birst website and you can sign up for a webinar on the link up taking place on May 21.
Image Credit: leedsn/Shutterstock
Producing documents has in the past been the slowest part of the sales process. Collecting information and putting it into quotes and proposals can take up a lot of sales staff time that could be better used in other tasks.
California-based PandaDoc is announcing its software's integration with Salesforce to make sales proposal and quote generation faster and more personalized.
PandaDoc combines everything sales reps need in one place to build and deliver attractive content making the whole process fast and efficient. It allows users to connect their document templates with Salesforce CRM data to close deals faster. The integration gives full document creation functionality within Salesforce, allowing the document creation process to start at the earliest opportunity. PandaDoc's software pulls relevant data from the sales lead, including general information, contacts, product, and pricing details, putting these into preset PandaDoc templates.
"With business processes all finding their way to the cloud, it seems that sales documents are the last to make the leap. Dealing with Word and Excel results in long turnaround times that slow down our sales teams," says Mikita Mikado, Co-Founder and CEO of PandaDoc. "Your salespeople are spending more than half of their day doing mundane back-office work. We want to provide your team with all the building blocks that they need to speed up creation of sales collateral, and to ensure a consistent, seamless experience for the end clients".
Other solutions on the market often require sales teams to use separate software for document generation, pricing configuration, document analytics, and electronic signing. Since PandaDoc includes everything it cuts the time taken to create and send documents to just minutes.
For more information on PandaDoc and to sign up for a 14-day free trial you can visit the company's website.
Image Credit: EDHAR / Shutterstock
In the current information security climate it seems that falling victim to some form of cyber attack is just a matter of time. If you haven't been hit yet chances are you will be soon.
The latest Internet Security Threat Report from Symantec shows that five out of six large companies were targeted in 2014, a 40 percent increase over the previous year, and that attackers are shifting their tactics when targeting corporations.
Networks continue to be breached using highly-targeted spear-phishing attacks, which increased a total of eight percent in 2014, confirming the findings of another report today. Over the last year the precision of these attacks has increased, they've used 20 percent fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.
Symantec has also observed attackers using stolen email accounts from one corporate victim to spear-phish other victims higher up the company chain. Attacks have been taking advantage of companies' management tools and procedures to move stolen intellectual property around the corporate network before exporting it. The report reveals the building of custom attack software inside the networks of their victims to disguise attacker's activities too.
"Attackers don't need to break down the door to a company's network when the keys are readily available," says Kevin Haley, director of Symantec Security Response. "We're seeing attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them -- giving attackers unfettered access to the corporate network".
Although email remains a popular source of attack criminals are increasingly experimenting with other methods using mobile devices and social media. "Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work," adds Haley. "Last year, 70 percent of social media scams were shared manually, as attackers took advantage of people's willingness to trust content shared by their friends".
Ransomware remains lucrative too, rising 113 percent last year. More worrying still, rather than the traditional ransomware approach of pretending to be a law enforcement agency levying a fine for stolen content, Symantec has noted a rise of crypto-ransomware which holds a victim's files, photos and other digital content hostage without masking the attacker's intention. There were 45 times more victims of crypto-ransomware attacks than in 2013.
The full report is available as a PDF from the Symantec website, or you can sign up to hear Haley discuss the findings in a webcast taking place at 10am Pacific Time tomorrow (April 15).
Photo Credit: ra2studio/Shutterstock
Streaming isn't just for broadcasters any more, it's become a useful commercial tool too, allowing meetings, conferences and events to be shared with a worldwide audience. However, it can be tricky to implement.
Wowza Media Systems is launching its latest Wowza Streaming Cloud and Wowza Streaming Engine Pro, increasing the power and ease of streaming online video and extending flexible options to organizations looking to stream live content.
Wowza's pre-configured settings help inexperienced users get started in minutes, while advanced options allow power users to create tailor-made solutions with more control and flexibility. Customers can stream directly from cameras or encoders without the need for additional streaming infrastructure.
"Businesses that stream live content demand solutions that can adapt to meet their ever-changing streaming needs, while consistently delivering high-quality video," says David Stubenvoll, CEO and co-founder of Wowza Media Systems. "Now with Wowza Streaming Cloud and Wowza Streaming Engine Pro, customers can stream professional-quality content to global audiences with a personalized solution that is the perfect mix of economics, control and flexibility".
Customers benefit from adaptive bitrate technology which delivers high-quality experiences regardless of users' bandwidth and devices. Wowza Streaming Cloud includes a content delivery network (CDN), so users know their video will work no matter the size or location of their audience.
Users have complete control over their content and brand as it works without imposing ads or Wowza branding. They can also mix and match Wowza and third-party components to meet their individual needs for economics, flexibility and control. Flexible APIs for both Wowza Streaming Cloud and Wowza Streaming Engine Pro allow users to use existing systems and business processes or add customized streaming services as needed. Advanced features include access to transcoding in the cloud and customization for CDNs.
You can learn more about Streaming Cloud and Streaming Engine Pro on the Wowza website.
Image Credit: Thampapon / Shutterstock
We're all familiar with the dilemma of what to watch, what to record and what to seek out on a catch up service later. There's so much TV content available these days that tough decisions are needed.
It's especially hard for sports fans who may find themselves with several events going on at the same time. Trying to catch up with one or more of them later runs the risk of accidentally finding out the result in advance, so what's the solution?
It might be a new TV streaming device from 4SeTV which allows you to watch up to four live television shows at once on a tablet, smartphone, or TV. Alternatively, up to four people can view an individual live show of their choice on four different devices at the same time.
4SeTV uses over-the-air broadcasting and then streams the HD content you want to see to your connected devices in your home network. 4SeTV hooks up to your TV antenna and then connects to your router with an Ethernet cable allowing content to be streamed out to your devices via Wi-Fi. You can see how it works in the video below.
"Like many of us, I love relaxing and watching TV, but my busy life leaves me very little spare time to do so," says Hyung Lim, president and founder of 4SeTV. "One day I was staring at my big screen TV, and it hit me -- what if I could stream more than one feed at once and make the most of my TV time? Not only have we created the technology to make this a reality and become the only company to offer a four screen TV experience, we've done it in the form of a simple streaming device that anyone can use -- it's ready to go right out of the box".
4SeTV is available to pre-order on Kickstarter which allows early adopters to secure a unit for $99.
Open source database solutions specialist MariaDB is launching the latest version of its MariaDB Enterprise product offering high availability, scalability and security capabilities for enterprises.
It's aimed at meeting the requirements of web scale businesses for performance, scalability, disaster recovery and business continuity, along with database solutions that support flexibility including interoperability across SQL and NoSQL.
"Enterprises are facing massive volumes of data they need to process and manage effectively and securely. In the SaaS scenario in particular, databases have to be capable of responding to huge spikes in demand while ensuring high availability. E-commerce providers for example need their database to be equipped with the latest in performance, agility and security," says Patrik Sallner, CEO of MariaDB. "We recognize the tremendous value the open-source community and cutting-edge companies like Google bring in delivering that innovation. At MariaDB we see our role as curating, further evolving and hardening what the community has contributed to deliver a truly enterprise-grade product and service".
MariaDB Enterprise is offered as a subscription service and is made up of server binaries based on the leading open-source MariaDB community server. It also has a selection of tools, connectors and subscription services to address the needs of mission-critical applications. Users have the option to deploy MariaDB MaxScale, a database-aware proxy platform that provides capabilities such as load balancing and firewall protection without the need to modify existing applications.
New MaxScale features in this release include advanced security protection against SQL injection attacks, enhanced scalability, support for industry-standard monitoring with a Nagios Plugin architecture, and improved security and systems maintenance with timely alerts from MariaDB Enterprise Notification Services.
You can find out more about MariaDB Enterprise on the company's website and there's also a YouTube video explaining how it works with IBM's POWER8 processor technology.
Image Credit: wavebreakmedia / Shutterstock
Placing your data in the cloud doesn't mean that you remove the need to properly protect it. For Google Apps users, New York-based SysCloud is launching a comprehensive security and backup solution in the form of SysCloud 360.
In addition to offering Google Apps security and protection in a single interface, the system features real-time backup and compliance capabilities.
Continuous real-time backup, protects against accidental loss or malicious deletion. It's also designed to help organizations meet compliance objectives. The application masks sensitive data by regulating access control and strengthening admin oversight, as well as assisting in user education for Google App solutions.
"SysCloud 360 marks a new era in protection against data theft and loss on Google Apps," says Vijay Krishna, CEO of SysCloud. "Too often, user errors on Google Apps cause unintentional -- but preventable -- security breaches. SysCloud's new SysCloud 360 solution gives businesses the tools they need to protect sensitive information and data across their Google Apps ecosystem and comply with regulatory standards. SysCloud 360 takes care of meeting compliance objectives, from PCI to FERPA, so businesses don’t have to worry".
SysCloud 360's features include built-in SOX, PCI, FERPA, CIPA AND SOC2 policy templates to easily deploy automated enforcement. Protection for the entire Google Apps suite against loss of email, contacts, calendar, documents and sites at any time. Recovery options cover everything from a single data item to an entire account. Policies can be created to safeguard personal information and ensure data is not accidentally exposed to third parties. It also offers insight into how data is being shared within an organization or to the public, along with automatic enforcement of Google Drive security policies to protect against exposure of sensitive data.
You can visit the SysCloud website for more information and to sign up for a free trial.
Data breaches that result in the loss of large volumes of information continue to make the headlines. One of the ways companies can guard against attack is by understanding what makes them vulnerable.
Security ratings firm BitSight has performed an analysis of the risk factors that make up its BitSight Security Ratings against publicly disclosed data breaches. What emerges from its study is the important role which botnets play in attacks.
The report notes that, "Although a botnet compromise may not always equate to data loss, it invariably means that one or many protective controls have failed and that at least some data or system confidentiality, integrity, or availability is at risk".
For each area of risk BitSight assigns an overall letter grade (A-F), indicating the company's performance relative to others. The grade takes into account factors such as frequency, severity, and duration (for events) as well as record quality, evaluated based on industry-standard criteria.
The study shows that BitSight botnet grades -- which are a component of the top-level security rating -- can serve as a key metric in predicting the likelihood of a breach. Among companies with botnet grades of A, the percentage having breaches was only 1.7 percent; for those with a B or lower grade, the incidence of breaches was more than twice as high at 3.7 percent.
Looked at by industry, financial companies are most likely to have an A botnet grade (74 percent) and those in the education sector the least (23 percent, with 33 percent getting the lowest F rating). Retail, healthcare and utilities all fall somewhere in between with around 50 percent getting A scores.
The report concludes that, "The implications for organizations across industries are that botnet infections cannot be ignored. Companies with poor botnet grades have been breached far more often than those with good grades, and actions should be taken to mitigate these risks".
The full report is available to download from the BitSight website.
Image credit: Gunnar Assmy/Shutterstock
If you began your IT career in the 1980s or before you probably have fond memories of spooling up half-inch, nine-track magnetic tapes. You'd be forgiven for thinking that in the age of affordable large capacity hard disks and SSDs tape storage was now firmly confined to the past, but not so.
IBM scientists working with FUJIFILM of Japan, have demonstrated a recording density of 123 billion bits per square inch on tape, the equivalent of a palm-sized 220 TB tape cartridge.
To make that a bit more meaningful 220 TB is equivalent to 1.37 billion text messages or the text of 220 million books. It also represents a 22 fold improvement over IBM's current enterprise tape product.
Tape has of course traditionally been used as an archive or backup medium as it has a longer shelf life than disk. Even today 500 exabytes of archive data are still held on tape storage systems according to analyst company Coughlin Associates. But thanks to its low cost per gigabyte it's becoming an attractive option for big data and cloud applications.
IBM Research scientists in Zurich are exploring the integration of tape technology with current cloud object storage systems like OpenStack Swift. This would enable object storage on tape and allow users to seamlessly migrate cold data to a low-cost, highly durable cloud based storage tier perfectly suited for back-up or archive use. So far from being stuck in the past tape could be the storage medium of the future.
"With this demonstration, we prove again that tape will continue to play an important role in the storage hierarchy for years to come," added Evangelos Eleftheriou, IBM Fellow. "This milestone reaffirms IBM's continued commitment and leadership in magnetic tape technology".
The 123 million bits per square inch storage density has been achieved using a number of new technologies. These include a set of advanced servo controls that enable head positioning with an accuracy better than 6 nanometers. This allows a track density of 181,300 tracks per inch, a more than 39 fold increase over an industry standard LTO6 tape cartridge. There's also an enhanced write field head technology enabling the use of much finer barium ferrite (BaFe) particles, and innovative signal-processing algorithms for the data channel, based on noise-predictive detection principles.
IBM will be demonstrating the technology at the National Association Broadcasters Show in Las Vegas next week. There's an overview in infographic form below and you can find out more about the company's history with tape storage on IBM's website.
Image Credit: Claudio Divizia / Shutterstock
Enterprise data can be put at risk from DDoS attacks, but whilst larger businesses have the resources to guard against these attacks smaller ones sometimes struggle.
Security company Imperva is committed to protecting data for all sizes of business with the release of its latest Imperva Incapsula cloud-based application delivery service.
Additions to the product include a turnkey integration with leading security information and event management (SIEM) tools, external monitoring of network infrastructures, and multi-protocol DDoS protection for dedicated customer IP addresses. Combined, these new enhancements bring advanced security capabilities to organizations of all sizes, without the need for larger security and networking teams.
Incapsula DDoS Protection and Website Security now integrates directly with leading SIEM platforms including HP ArcSight and McAfee Enterprise Security Manager. Integration includes a connector that delivers event logs produced by Incapsula directly to the existing SIEM, as well as advanced reporting and viewing options that allow users to spot and analyze attack patterns.
It offers external monitoring of network infrastructure based on sampling of data from routers and for smaller organizations it allows individual IP addresses to be secured. This means that businesses with proprietary protocols and a small number of IP addresses -- typical of SaaS, gaming and mobile application companies -- now have access to the same advanced DDoS protection as bigger enterprises.
"Unfortunately, we believe DDoS attacks are not only becoming more prevalent, but they continue to grow in sophistication. Many smaller organizations need protection that can keep up with evolving threats yet doesn’t require hiring an entirely new security team," says Jim Davis, senior analyst at IT research specialist the 451 Group. "External monitoring and protection for smaller networks is needed for a host of businesses with proprietary protocols and demanding users, notably gaming servers and mobile applications".
More details on the new release and its features are available on the Incapsula blog.
Image Credit: rosedesigns / Shutterstock
Traditional endpoint protection is usually reliant on the use of signature-based detection systems. But of course these don't spot zero day attacks that can slip in before the antivirus software catches up.
Security solutions provider Endgame is using its extensive experience providing security intelligence and analytics solutions to the US government to offer an enterprise solution focusing on protecting critical infrastructure, enabling customers to detect and respond faster to unknown threats, and preventing damage and loss.
It uses detailed attack-chain analysis to allow enterprise security teams to accelerate detection, investigation, containment and remediation. Endgame Enterprise captures and analyzes the details of an attack, giving incident responders attack-path intelligence and insight into the consequences of cyber threats. Endgame Enterprise features military-grade adversary intelligence and state-of-the-art threat detection algorithms. These are designed to detect zero-day and advanced threats without the use of signatures -- using an inherent ability to detect suspicious behavior.
"Attacks are becoming increasingly sophisticated, but you don't need to have a PhD in computer science to stay one step ahead of them. Companies need to quickly assess the extent and potential impact of relevant incidents, which is where many traditional solutions fail," says Endgame CEO Nate Fick. "Our research on advanced threats, vulnerabilities and attack patterns, and our history protecting some of the nation’s most sensitive national security assets, allows us to understand defenses from the adversary’s perspective. Endgame Enterprise empowers existing security teams to accelerate the investigation and remediation of threats that would otherwise go undetected".
By building a profile of malicious behavior, the software provides advisories to an administrative console, without impacting performance or user experience. Security teams are presented with a comprehensive picture of the attack to support rapid containment and allow remedial action. These advanced visualizations complement forensic tools and help forensic analysts understand, in detail, how a breach occurred and help prevent future occurrences.
You can learn more on the Endgame website and the company will be at the RSA Conference.
Photo Credit: watcharakun / Shutterstock
Amazon's AWS cloud offering is hugely popular, with over a million users. But it presents a security challenge for IT teams as it uses a 'shared security model' protecting the underlying infrastructure but relying on users to secure anything they place on there.
Security startup AlienVault is aiming to make protecting AWS systems easier with the launch of its Unified Security Management for AWS, offering asset discovery, vulnerability assessment, behavior monitoring, alerting and integrated threat intelligence.
USM for AWS takes the burden off IT teams -- particularly those with limited resources -- by providing the essential security capabilities needed to quickly identify and respond to malicious behavior and secure AWS environments. It's a cloud-native product and offers full visibility into AWS environments using the AWS API, providing analysis of the use of built-in security features like CloudTrail and Security Groups to improve the environment's security from day one.
"USM for AWS is a great way to meet your shared security responsibilities on top of the reliability and protection already offered by AWS," says Russ Spitler, VP of Product Strategy at AlienVault. "USM for AWS significantly reduces complexity and deployment time so that you can go from installation to first insight in about 15 minutes".
Key features of the product include maximum visibility of potential threats or misconfigurations in the AWS environment, making it easier to use Amazon's standard features like CloudTrail and Security Groups. Built-in security capabilities offer asset discovery, vulnerability assessment, behavior monitoring, log management, alerting and event correlation. This enables IT or security practitioners to quickly update and respond to malicious behavior and insecure AWS configurations. It also includes threat intelligence to identify the most significant issues targeting an organization's network, with context-specific remediation and threat mitigation guidance, powered by AlienVault Labs and AlienVault Open Threat Exchange (OTX).
USM for AWS will be on display at the RSA Conference later this month or you can find out more on the AlienVault website.
Photo Credit: jörg röse-oberreich/Shutterstock
Companies are constantly on the lookout for new methods of interacting with their customer base but it can be hard to integrate these with existing systems.
Cloud communications firm Nexmo is launching a new API that allows a chat application to interact with a customer service platform.
The Nexmo Chat App API helps brands consolidate all chat messages into their existing communication platforms, eliminating the need to manually manage communications over individual chat applications. The Chat App API does this by automatically detecting and connecting brand messages with the appropriate chat application in real time.
It lets marketing, sales or customer support staff send one message and have it appear on all relevant chat applications at once. Nexmo also works directly with each chat application to ensure messages appear correctly on all platforms. In addition it informs brands which features are available on each chat application. Through Nexmo's carrier relations it knows the cultural restrictions in play on each network and can make them clear to brands.
"We live in an always-on world, where customers expect to be engaged anytime, anywhere and on their preferred channels," says Nexmo CEO and co-founder, Tony Jamous. "This means the bar for customer engagement has risen dramatically. At the same time, solutions that are put in place need to be scalable, near real time and cost efficient, and that’s where we see the tremendous opportunity for the Chat App API. Adding the Chat App API to our portfolio of industry-leading messaging and voice APIs transforms Nexmo from a company helping brands navigate the current landscape of mobile communications to a resource that brands can come to as customer communications dynamically changes shape".
The Nexmo Chat App API currently supports messaging on WeChat and Line. The company will be adding support for additional chat apps, service platforms and new features in the coming months. You can find out more and sign up for beta access on the Nexmo website.
Image Credit: Rawpixel / Shutterstock
Enterprise security is a constant battle between good and evil which means that businesses can't afford to be complacent when it comes to guarding against threats.
Networking specialist Cisco is unveiling a number of new capabilities and services designed to give security professionals the edge in protecting against and dealing with attacks.
These changes come from the addition of AMP Threat Grid to the Cisco Advanced Malware Protection (AMP) portfolio. This integrates innovation gained through the company's acquisition of ThreatGRID last year. It provides the latest malware threat intelligence and dynamic malware analysis capabilities, both on‐premise and in the cloud, to strengthen Cisco AMP's continuous analysis and zero‐day detection capabilities.
Plus to help bridge the gap between the availability of security practitioners and industry needs, Cisco is introducing Incident Response Services. This aims to equip organizations with teams of information security experts who can leverage threat intelligence and best practices for readiness and response.
"Every day, organizations are faced with advanced threats that infiltrate and persist in company environments for months before they are discovered," says Marty Roesch, Vice President and Chief Architect of Cisco Security Business Group. "We believe that the most effective way to address these real‐world challenges is continuous threat protection against these attacks. Further enhancements like advanced correlation of indicators of compromise, vulnerability mapping and expanded retrospective security further differentiate Cisco AMP and strengthen security teams’ responses before, during and after an attack".
As well as providing intelligence at a high level with AMP Threat Grid the company aims to protect at all levels. AMP for Endpoints provides a list of hosts that contain vulnerable software, a list of the vulnerable software on each host, and the hosts most likely to be compromised. AMP identifies vulnerable software being targeted by malware and the potential exploit, and provides customers with a prioritized list of hosts to patch. It also continuously monitors file activity allowing it to pick up suspicious behavior and track back to the origin of potential threats.
AMP Threat Grid will be demonstrated at the RSA Conference in San Francisco on April 20-24 or you can find out more on the Cisco website.
Image Credit: alphaspirit/Shutterstock
With smartphones and tablets increasingly becoming the focus of our entertainment a decent portable speaker is becoming an essential accessory if you don’t want to be tied to headphones or want to share your music with others.
Inatek's latest offering has a pair of 5W speakers mounted in a stylish, compact (around 9.5 inches long by 2.5 inches high) black and silver enclosure. It has a nice weighty feel and there's a slot in the top into which you can sit a smartphone or tablet -- a pop-out strut at the back prevents the unit from becoming top heavy and tipping over as well as keeping a comfortable viewing angle -- so you can use it to watch videos. A built-in microphone means you can make hands-free calls too. However, it isn't an actual dock so it won't charge your phone or tablet.
Of course you don't have to sit your device on the speaker, the BP2001 can also connect via Bluetooth from across the room and there's a standard 3.5mm input jack so you can attach it to just about anything with an audio out. It comes with a USB charging cable and an audio cable, though both of these are quite short.
There's a large button on the front that allows you to pause playback and accept calls. On the black ring around this are LED icons showing the state of charge and the current input source. There's no volume control on the speaker itself so you need to handle that from the playback device. The BP2001 will switch itself off after five minutes without a connection in order to preserve battery life. The battery itself is 800mAh and should give you around six to seven hours of playback.
So, what does it sound like? The answer is surprisingly good for such a small unit, it has a rich tone and decent bass and there's little distortion even if you crank the volume up.
There are a few minor niggles, the shiny black finish shows off every fingerprint and the cables are silly short, but at $29.99 on Amazon (£28.99 in the UK) the BP2001 represents good value for a speaker that is capable of producing a sound that's enough to fill a decent sized room.
More information on the BP2001 is available on the Inateck website.
Keeping systems secure is still heavily reliant on the use of passwords. But in order to be secure these need to be complex which makes them hard to remember.
An answer to the problem may lie with a product from enterprise software platform suppler MicroStrategy. Called Usher it replaces traditional passwords with biometric mobile identity and multi-factor authentication, and offers streamlined security administration.
Already available in the cloud, Usher is now available for on-premises installation to protect systems that need to live behind a corporate firewall. It uses an Usher badge which is downloaded onto a mobile device, this then allows users to log in by scanning a QR code. Because the system knows your phone it can verify your identity without the need for a password.
Usher can take advantage of the phone's other features too, GPS data for example can be used to geo-fence logins so they can only take place in a particular area. It can also be tied to a biometric identifier such as a fingerprint scan. Logins can be restricted to specific time periods too.
As well as being used to login to workstations or to enterprise cloud deployments Usher can be used for access to buildings or even vehicles. Admins have an insight into user activity allowing them to detect anomalies and abnormal usage patterns and enhance enterprise risk management.
MicroStrategy is also releasing an Usher SDK, enabling developers to build Usher security capabilities -- including any of its logical or physical access functionalities -- into their existing mobile applications, web applications, and enterprise software packages.
"We wanted a more secure and efficient method for our students and administrators to log into university websites and web apps than the traditional user name and password," says Marty Johnson, Senior Director of Identity, Collaboration, Mobile, and GOCard at Georgetown University. "We have deployed Usher, which integrates with our Shibboleth single sign-on system and allows our university population to securely sign in to any Georgetown website by simply scanning a QR code with their mobile phone, eliminating the need for passwords. This Spring semester, we are also working closely with MicroStrategy and the Usher product team to design a solution to address our costly password reset problem. Once that work is completed, we expect to see a significantly reduced number of help desk requests for locked user accounts and, as a result, to reap substantial cost savings".
To find out more and to try Usher out for yourself you can visit the product's website.
Image Credit: Nata-Lia/ Shutterstock
In 1995 a group of just 21 web masters got together to develop some server software. They became the Apache Group and today the project they started powers over 500 million websites, around half the internet.
Open source software specialist Lucidworks has produced an infographic that looks at the history of Apache and how it has succeeded by becoming a collaborative, consensus-based development process with an open and pragmatic software license.
The Apache community as we know it was formed in 1999 to provide organizational, financial and legal support for Apache server. It now has almost 600 members and in addition to Apache has been behind a number of other products including the Hadoop big data tool and OpenOffice.org.
It has succeeded by sticking to its open source approach and using a modular API which allows members to experiment in a risk-free environment and perfect functionality before incorporating it into a project.
You can see the full infographic below.
Photo Credit: sheelamohanachandran2010/Shutterstock
Last week we reported on the PoSeidon malware threatening credit card security by stealing transaction details.
Charles Henderson vice president of managed security testing at information security specialist Trustwave believes that there's a bigger underlying problem with the way retailers implement PoS systems putting them at risk.
Card transactions have always been the subject of attacks going right back to skimming details by stealing the carbons from old-style card machines. As technology has advanced they've progressed through physical mods made to electronic card readers to malware on back office systems, allowing attacks to become more virtual. While new technologies like chip and pin make it harder to create cloned cards but don't protect details at the point of sale.
Henderson warns that retailers are failing to take some basic precautions that would help protect them from attacks, for example, "One of the most popular makes of PoS terminal has a six-digit default password which has been the same since 1990 and was published on news groups back in 1994. Yet of the terminals we test 90 percent are still using that default password".
By failing to fully test their deployment retailers are leaving themselves open to attack. Yet as Henderson points out, "Averaged out of the number of PoS terminals deployed testing isn't a big investment as you only need to test one of each type". Modifications to systems can introduce vulnerabilities too and any changes need to be properly tested before deployment.
Rather than react to new pieces of malware like PoSeidon, businesses should look towards closing the loopholes that allow them to get onto their systems. "The industry hasn't learned from parallel technologies -- routers for example -- which are now mostly supplied already secured," says Henderson. Back office systems need to be kept secure too as employees can inadvertently introduce malware by actions such as playing games or opening infected email attachments.
In order to combat attacks he recommends a three pronged approach: network segmentation and security testing, user security awareness training, and anti-malware technology as a backstop.
More information on threat and vulnerability management is available on the Trustwave website.
Image Credit: scyther5 / Shutterstock
Today is World Backup Day, I'm not sure if it's significant that it comes just before April Fool's Day, but it does seem that the backup message isn't getting through to everyone.
A new survey of 1,000 UK adults by digital storage manufacturer Verbatim reveals that one in five have never backed up their home computers and more than a third never back up their mobiles.
"Having the hard drive on your PC crash can be a traumatic experience. It's not difficult to do regular backups. There’s a plethora of hardware and software solutions available for backing up, and innumerable tutorials and advice on the internet. Back up and restore is even built into the latest version of Microsoft Windows and requires just three clicks of the mouse. Apple offers similar functionality with Time Machine," says Rüdiger Theobald marketing director of Verbatim. "Computer data recovery is a tricky business. Where physical failure has occurred, and the hard drive needs to be worked on in a cleanroom, typical costs can be in excess of £500 and there’s no guarantee all the data will be recovered".
Of those who had reported losing data from their computers in the last year, 25 percent experienced data loss because of hardware failure, 17 percent due to accidental damage, 13 percent because of a virus, and a further 13 percent lost out to software corruption.
It seems that men are more likely than women to back up their home computers and phones every month, according to the research.
"One potential issue, when it comes to our apparent reticence about backing up, is that people don’t trust online storage providers in spite of the fact that they routinely commit our content to the likes of Facebook and YouTube," says Theobald, making the point that online backups should be seen as a supplement to and not a replacement for local copies.
He also warns of the need to consider media life. "What also is apparent is that people do not pay as much attention as they should to considering the likely longevity of the media they use. The average hard drive -- internal or external -- will last for five years and USB/flash memory sticks around eight years".
Verbatim has also produced an infographic highlighting some global statistics on the main causes of data loss, the types of file people are most worried about losing, and the excuses they use for not backing up. You can view it below.
Photo Credit: Brian A Jackson/shutterstock
We're all increasingly concerned about our privacy and the footprint that we leave on the internet. It's not surprising then that more of us are turning to anonymous proxies to hide our origin IP and HTTP details.
But new research from website security company Incapsula has uncovered a darker side to the use of anonymizers as a source of DDoS attacks.
According to the findingd DDoS attacks from anonymous proxies accounted for 20 percent of all application layer attacks. On average, perpetrators were directing traffic from 1,800 different IPs. This is what Incapsula calls a "Shotgun" attack.
The idea behind this type of attack is to use a large number of open proxies, turning a single-source denial of service (DoS) attack into a distributed one (DDoS), thereby making it much harder to mitigate. It's also attractive to attackers as it makes them harder to trace.
The attackers harvest a list of publicly available proxy servers, using a script or online list tools available online. They then use a modified version of a DoS toolkit or a homemade DoS script to send out a batch of malicious requests through each of the harvested proxies.
This produces a scattering effect, similar to the small pellets from a shotgun shell -- hence the name. Yet, where the real shotgun pellets would disperse, the DoS requests always zero-in on the same target; hitting it from multiple directions creating a DDoS attack.
The graphic below shows the distribution of a Shotgun DDoS compared to that of a similarly sized conventional attack. With anonymous proxies, the attack cannot only spread across multiple IPs, but also across multiple geographic locations, making geo-blacklisting techniques ineffective.
The report shows that nearly 45 percent of all shotgun DDoS attacks originated from IPs on the Tor network. Of those, 60 percent were performed using Tor's Hammer DoS tool. Anonymous proxies averaged 540,000 requests per attack.
For more about Incapsula's research into DDoS attacks and how to guard against them you can visit the company's website.
Photo Credit: Duc Dao / Shutterstock
It's easier to combat security threats if you're prepared for them so it isn't perhaps surprising that security teams are increasingly turning to threat intelligence to stay ahead of the game.
A new report commissioned by endpoint protection specialist Webroot and prepared by the Ponemon Institute shows that most companies believe threat intelligence is essential for a well-rounded cybersecurity defense and has proven effective in stopping security incidents.
It does, however, also point out that threat intelligence needs to undergo changes in order to make it more timely, accurate and actionable. The report's findings show that 40 percent of companies surveyed had suffered a material security breach in the past 24 months, and 80 percent believed if they'd had threat intelligence at the time of the breach, they could have prevented or minimized the consequences of the attack.
The report is based on a survey of 693 IT and IT security professionals in the US, with 61 percent of them working in large companies. Only 36 percent of respondents rate their own company's defenses as strong. Almost half are increasing the amount of intelligence data they receive in order to prevent or mitigate the consequences of an attack.
There's concern about speed of response though with 56 percent saying intelligence becomes stale within seconds or minutes. The more valuable features of a threat intelligence solution are the ability to implement intelligence and gauge the trustworthiness of the source in real time.
Almost half of respondents (49 percent) use paid for sources of intelligence, saying that free sources aren't adequate for comprehensive threat analysis and make it more difficult to prioritize threats. A third of respondents expect to increase their threat intelligence budget significantly in the next two years.
"Businesses are struggling to identify and stop new web threats because they must assess the risk of more unknown objects than before and the rate of change across the threat landscape is faster than their traditional security technologies can keep up with," says Patrick Kennedy, vice president of enterprise marketing at Webroot. "The study highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks".
The full report Importance of Threat Intelligence to a Strong Security Posture is available as PDF on the Webroot site.
Image Credit: underverse / Shutterstock
Most of the hype around online marketing these days seems to revolve around using social media, big data and other tools to predict what the customer wants.
It would be easy to assume that outbound marketing techniques like email campaigns have become a bit last century, but Victoria Godfrey, chief marketing officer at B2B data provider Avention thinks otherwise. We spoke to her to find out why.
BN: Does email still have a place in a social media world?
VG: Social media marketing is effective at keeping prospects and customers engaged and informed on a daily (or even much more frequent) basis. However, email campaigns are still king when it comes to conversion, especially for B2B companies. In today's marketing landscape, social media and email are both relevant and required -- they're just doing different jobs. Through email campaigns, marketers can use lead scoring and event-based triggers to target prospects that are already in their database, further along in the funnel and more likely to make a purchase. These targeting techniques increase the chances that a prospect will respond by up to 600 percent. While social can contribute to lead conversion as well, email allows marketers to track the prospect-to-customer journey more efficiently so that they continue to optimize campaigns.
BN: Isn't it true that email marketing in the past has simply been about throwing out large volumes of material and hoping some of it sticks?
VG: By now, the availability of big data should have done away with any remnants of the see-what-sticks mentality. Modern marketers know that reaching decision-makers requires far more specificity, and they also know that the information to reach that level of precision is readily available. The email campaigns delivering returns on investment today are those driven by big data analytics. Rather than mass emails, these brand messages are targeted down to the prospect’s position level, the region of his or her business activity, the market sector, the stage of the prospect’s business and any number of other factors.
BN: How can companies increase the effectiveness of their marketing emails?
VG: One of the most useful strategies for increasing effectiveness is tracking milestone events. These are the changes that indicate prospects are likely ready to buy, and marketing campaigns tied to these moments have higher success rates. For example, if a prospect company announces it has hired a chief information officer (CIO), is expanding into a new city or is laying off workers at headquarters, those events might be essential information to brands selling technology, recruitment tools or outsourcing services, respectively. Marketers can set trigger alerts inside their data to look for these moments like these when significant change is occurring inside a prospect company.
BN: How can they monitor that effectiveness?
VG: The great thing about email is that it's relatively easy to track the effectiveness of campaigns and adapt accordingly. Any campaign should include at least one clear call to action, whether it’s signing up for a webinar, visiting a landing page, following the company on social or downloading a case study. Marketers should monitor campaigns closely to see how these calls to actions are performing and how those metrics compare to previous campaigns. If you're seeing a decrease, pivot and try a new message. On a macro level, marketers should always keep an eye on whether email lead sources have helped to contribute to an overall increase in closed or won opportunities. It’s important to keep in close touch with sales to assess what’s working and what’s not.
BN: What are the most common emailing mistakes?
VG: The most common mistake in email today is a hesitation to apply big data analytics to campaigns. This data is obtainable, but because marketers don't always understand what to do with it or why they should shift their methods to embrace it, some fail to do so. This is a mistake. To get ROI from email campaigns, brands have to invest in technology that automates the process of collecting dynamic data and identifying targets based on defined ideal profiles. Once this segmentation is obtained, the messaging must be tailored to specific audience segments. You can’t send the same campaign to five different email lists and expect to see the same results.
BN: How much difference does the shift toward mobile devices make?
VG: Increasingly, prospects are reading -- and screening -- their email on mobile devices. That makes it easier than ever for recipients to swipe a screen and delete a marketer’s message before reading it. Therefore, those messages have to be as finely targeted as possible in order to reach the right prospects at the right times. On mobile, compelling subject lines and responsive design also influence how effective email campaigns will prove to be, so marketers need to be tuned into best practices in these areas, as well.
Victoria Godfrey is the chief marketing officer of Avention. Prior to joining Avention, she spent five years running her own marketing and research company, Godfrey Research. Previously, Victoria was the chief marketing officer of Zipcar. She has an international MBA from Thunderbird (The American Graduate School of International Management) and a bachelor's degree from The University of Vermont. Since 2001, Victoria has taught marketing at the Gordon Institute at Tufts University.
credit: Gina Sanders/Shutterstock
Although there's lots of talk surrounding the use of big data it seems that in many cases that's all it is and that companies aren't actually following through on deployments.
This is among the findings of a new report from Dimensional Research commissioned by data warehousing specialist Snowflake Computing which shows that whilst 91 percent of respondents have considered investments in big data, only 5 percent have actually put any investment into a deployment, and only 11 percent had a pilot in place.
Although Hadoop is cited as being the answer to big data worries it seems it may also be a roadblock. More than 70 percent of respondents say a lack of expertise is a major concern about using the open source framework. Only 12 percent of respondents say they have easy access to Hadoop expertise. These numbers are far lower at companies with 1000 or less employees, where only 5 percent say they have easy access to Hadoop expertise.
Other highlights are that 96 percent say Hadoop won't replace their existing data warehouse, 99 percent of respondents say their data warehouse is important to business operations, and 70 percent are increasing their investment in data warehousing.
Cloud-based data warehousing is seen as desirable with 93 percent seeing value in its potential benefits, particularly scalability and reduced overhead. 32 percent already have a cloud-based data warehouse and 16 percent exclusively use data warehousing in the cloud. Of those with data in the cloud 79 percent bring it into their data warehouse, although only 9 percent bring all their data in.
The report is based on a survey of 319 individuals with responsibility for data initiatives, you can find out more and download a copy on the Snowflake website.
Image Credit: bleakstar / Shutterstock
You can of course buy ready to use external hard drives, but should you have a spare 2.5 inch disk from an old machine lying around it's easy enough to pop it in a case so you can use it for backups or transferring files.
There's lots of choice when it comes to buying an external enclosure and most of them aren't very expensive, so what makes this offering from German company Inateck attractive?
Firstly it looks smart with a smooth matt black finish. It's slightly larger -- to the tune of about 1.5 centimetres in length -- than a ready-made WD Elements external drive, but it's still small enough to slip into a pocket. It's USB 3.0 so you can take advantage of the faster interface though it is of course backwards compatible with USB 2.0. You get a connecting cable and a printed instruction leaflet in the package.
A nice feature of the FE2004 is that it's tool-free so there's no fiddling around with tiny screws to install your drive. The cover simply slides off with a clip to hold it in place when it's closed. You can use any 2.5 inch SATA hard drive, including SSDs, providing it's between 7.5 and 9mm thick. Just push the disk into the connector and there are foam pads to hold it in place and prevent it from rattling. With the disk installed you simply plug in to a USB port and away you go, it's fully plug and play compatible so no need to install drivers.
The FE2004 currently costs $12.99 on Amazon (£11.49 in the UK). You can buy drive enclosures for less but the tool-free design of this one is a neat touch, especially if you work in support and you need to swap drives around on a regular basis. The smart looks are an added bonus.
You can find more information and a full spec on the Inateck website.
Moving systems to the cloud is increasingly popular, but it can seem daunting for smaller and medium businesses with the added worry that it may not prove cost effective.
In an effort to make the move easier, Irish telephony and VoIP provider Speechpath has produced an infographic setting out the benefits that smaller companies can gain from a switch to the cloud.
It seems that smaller businesses are turning to the cloud, 43 percent in 2013 compared to only five percent in 2010. But still it's estimated that four out of five could cut costs with a move to cloud technology.
The key benefits of moving to the cloud are streamlining work processes, reducing technology infrastructure spend, allowing employees to work from anywhere, reducing capital costs and gaining flexibility.
The graphic also looks at the merits of public, private and hybrid cloud models as well as identifying the cloud apps that businesses may already be using without realising it. For those that decide to take the plunge there's a five step guide to ensuring migration runs smoothly.
You can view the full infographic below.
Photo Credit: Roland IJdema/Shutterstock
Data leaks due to security flaws and hacker activity constantly make the news, but they're not the only ones that businesses have to worry about. Leaks can stem from employee or industrial espionage activity too and of course there's always government snooping.
Whilst larger businesses with sensitive data or intellectual property to protect often check for old-style surveillance they may not be as aware of the potential for PCs and other gadgets to gather intelligence as well as leak data. We spoke to Andre Ross, Director of Australian digital forensics and information security company Elvidence to find out how businesses may be at risk and what they can do to combat it.
BN: Why isn't a conventional TSCM (Technical Surveillance Counter Measures) bug sweep enough any more?
AR: Whilst an experienced TSCM specialist is capable of detecting a phone tap, radio frequency (RF) bug or candid video recording devices, he/she is helpless with Bluetooth or Wi-Fi devices or transmissions. The latest and greatest spectrum analysers can detect the source of Bluetooth or Wi-Fi transmissions, but the operator is unable to tell the difference between the legitimate or rogue transmission devices or communications.
Most commercial TSCM operators are helpless when dealing with computer devices and networks. Planting a bug requires physical access to secure premises. Infecting a computer with malware that turns any computer into a listening or video recording device can safely be done from a remote location.
BN: How easy is it to turn a PC into a bugging device?
AR: Not only PCs, but telephones, other computers, smartphones, and other network-connected devices with built in microphones. All of these can surreptitiously be turned into listening devices by compromising their operating software.
On a PC there are a number of ways to achieving this, starting from luring the unsuspecting user to a trivial clickable link, leading to installation of malicious software. Or it could be done by sending a payload hidden in Microsoft Office or Adobe Acrobat documents as an email attachment from an address appearing to be within the same company. It can also be done by infecting USB peripherals with BadUSB and dropping a few during an office visit.
Another example is when a Chrome user visits a website that uses speech recognition to offer voice control or other cool functionality, the site asks the user for permission to use his microphone. The site remembers this decision (standard behavior for HTTPS sites) so it can now turn the mic on and start listening without asking for permission again. While Chrome displays a clear notice in the browser that speech recognition is on, a malicious or compromised site may have opened another hidden pop-under browser window. The user can stop the speech recognition on the front window, but the hidden windows would keep speech recognition on and continue to listen in.
Office telephones can be bugged too. Before Cisco released a software update to its Unified IP Phones 7900 Series -- found in many corporate offices -- these phones could be exploited by gaining physical access to the device or remotely via SSH. After executing malicious code the phones could be turned into a listening devices. Many phones are still run on a vulnerable version of software even though an update fixing the issue was released on in November 2014.
Smartphone apps Shazam, Color, Shopkick and many others are capable of automatically activating the microphone in Android or iPhone devices. These apps gather contextual information such as music, ambient noise or even sounds inaudible to humans generated by other devices. Android smartphones that have lesser app quality control and jailbroken iPhones can have such modified or "dual-purpose" apps installed without the user having knowledge of its true nature. BYO devices are commonplace and having one such smartphone in a meeting room is enough for business security to be compromised.
BN: How hard is it, and is specialist knowledge required, to detect that a computer is being used in this way?
AR: It is very hard for an ordinary user or even TSCM operator to detect such devices. A typical computer forensic specialist may also struggle to identify these zombies. It requires a good knowledge of network forensics, memory forensics and malware detection as well as skills in the area of information systems security. An experienced and knowledgeable forensic professional knows where to look for tell-tale signs and can effectively detect sources of information leaks.
BN: Is there an overlap between this type of surveillance and malware that attempts to steal data from individual machines or corporate networks?
AR: These are close relatives and use the same attack vectors to achieve the same goals, that is to steal valuable information.
BN: What's the best way for businesses to protect themselves from computer eavesdropping?
AR: To follow best Information Security practices, keep the devices up-to-date and of course perform regular (TSCM) bug sweeps in conjunction with IT security audits, ideally performed by an experienced computer forensic specialist. Some TSCM operators are starting to offer joint IT security audits and bug sweeps performed simultaneously to deliver better results.
BN: Should we just accept that surveillance is now a fact of life and if something is really confidential we should maybe keep it on paper?
AR: Surveillance is a fact of life. But that doesn't mean that we should limit ourselves from using modern technology. That would be shooting ourselves in the foot. Technology is an enabler for businesses and organizations. When thinking about information security, confidentiality and privacy, we should always remember The Frog in the Milk Pail.
Image Credit: Maxx-Studio / Shutterstock
Enterprise standard data storage and recovery can be beyond the reach of smaller businesses with the result that they end up using compromise solutions often based on consumer products.
UK-based managed services provider ITS is launching two new services -- BlackCloud and BlackVault -- to offer affordable off-site data backup and disaster-recovery-as-a-service on its private cloud platform in the company's dedicated, secure data center.
BlackCloud makes enterprise-level storage and recovery affordable for small- and medium-sized businesses. The cloud solution provides secure and compliant data vaulting and recovery at a cost equivalent to an in-house backup operation.
Features include, fully automated cloud backup, rapid recovery, de-duplicated and encrypted data stored off-site, a customer access portal, and hardware and application support with guaranteed response times.
For customers that need extra protection, BlackVault is available as an on-site addition to BlackCloud. This solution is a complete disaster-recovery-as-a-service (DRaaS) package, offering on-site and off-site recovery services. It's a pre-configured, fully integrated data storage unit, provided by ITS, that offers backup and recovery within a customer's office, removing the need to purchase expensive equipment for replication and recovery. The unit can be installed at a location of the customer's choice, creating a virtual environment while providing quick and easy access to the services when needed.
Head of managed services at ITS, Matt Kingswood, says, "Small- to medium-sized businesses struggle with data replication and disaster recovery (DR) because of the price tag. The ITS BlackVault appliance makes DR feasible for SMEs, enabling efficient and reliable data recovery to help meet recovery time objectives (RTOs)".
You can find more information on both BlackCloud and Black Vault on the ITS website.
Photo Credit: Andreas Weitzmann/Shutterstock
Yes, I know, on Tuesday we reported on a study showing that DDoS attacks were down in frequency, though increasing in severity. But another report from Corero Network Security now suggests that they've actually increased in numbers.
Measuring the number of DDoS attacks is beginning to look like asking how long a piece of string is. Anyway, Corero says that attacks are up with its customers experiencing attack 3.9 attempts per day.
It also finds that they're getting more sophisticated in an effort to evade security measures. Corero’s data points to two new trends in DDoS attacks, short bursts of attack traffic instead of prolonged events, and partial link saturation attacks rather than completely flooding the network. Around 96 percent of attacks targeting Corero’s SmartWall Threat Defense System lasted for 30 minutes or less.
Also 79 percent of the DDoS attack attempts targeting the company’s customers between October 1 and December 31, 2014 were less than 5Gbps in peak bandwidth utilization. These attacks were intended to partially saturate the Internet link and distract corporate security teams, but leave enough bandwidth available for a subsequent attack to infiltrate the victim’s network.
Corero's full report is available to download from the company's website.
As to why these findings differ from those of Black Lotus we asked Corero Network Security's CTO, Dave Larson. "Corero’s findings are different from other vendor-driven analyses of the DDoS landscape, primarily due to the deployment and positioning of DDoS mitigation appliances in customers' networks," Larson says. "Corero’s SmartWall Threat Defense System (TDS) is deployed at the very edge of the customer network or at the Internet peering points as a first line of defense – inspecting and mitigating all the traffic from the Internet in real time before attacks can impact the customer environment. Cloud-based anti-DDoS solutions only have insight into the attack traffic that is re-routed to them for scrubbing, well after an attack has permeated the network, so their data only represents that traffic. While those reports offer very interesting data points about large-scale DDoS attacks, that is only a fraction of the DDoS traffic an organization faces on a daily basis. With its position on the front lines of an organization’s network, Corero has a complete view of the DDoS attacks targeting corporate networks -- whether they’re high volume attacks or sub-saturating events".
So there you have it, how bad the DDoS problem is all depends on where you're measuring from. How long was that piece of string again?
Photo Credit: Duc Dao / Shutterstock
Errors in software, whether operating systems or applications, are usually the root cause of security issues, allowing hackers and cyber criminals a way in to systems.
In 2014, 15,435 vulnerabilities across 3,870 applications were discovered according to a new report from vulnerability intelligence specialist Secunia. That represents an 18 percent increase in vulnerabilities compared to the year before, and a 22 percent increase in the number of vulnerable products.
"Every year, we see an increase in the number of vulnerabilities discovered, emphasizing the need for organizations to stay on top of their environment. IT teams need to have complete visibility of the applications that are in use, and they need firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed," says Kasper Lindgaard, Director of Research and Security at Secunia.
The list of core products with the most vulnerabilities in 2014 makes for surprising reading. Google Chrome comes top with 504, it's followed by Oracle Solaris on 483, Gentoo Linux on 350, with Microsoft Internet Explorer fourth on 289. Apple's OS X is 13th with 147 and Windows 8 20th with 105.
The report points out that open source vulnerabilities often arise from bundling. The risk lies in the fact that the applications and libraries can be bundled in a variety of products and installed in a host of different contexts.
Looking at a portfolio of the top 50 most popular applications on private PCs, 1,348 vulnerabilities were discovered in 18 products. However, what's interesting is that 77 percent of vulnerabilities in the 50 most popular applications on private PCs in 2014 affected non-Microsoft applications, by far outnumbering the two percent of vulnerabilities found in the Windows 7 operating system or the 21 percent discovered in Microsoft applications.
There is some good news, of all the 15,435 vulnerabilities, 83 percent had a security patch available on the day the vulnerability was disclosed to the public. This represents a continued improvement in time-to-patch from a low of 49.9 percent in 2009.
Lindgaard adds a note of caution though, "But numbers also show that while an impressive 83 percent of vulnerabilities have a patch available on the day of disclosure, the number is virtually unchanged when we look 30 days ahead. 30 days on, just 84.3 percent have a patch available which essentially means that if it isn't patched on the day of disclosure, chances are the vendor isn't prioritizing the issue. That means you need to move to plan B, and apply alternative fixes to mitigate the risk".
You can read more about the findings in the full report available to download from the Secunia website.
Image Credit: alphaspirit / Shutterstock
New variants of malware come and go with depressing regularity, but some have capabilities that offer more cause for concern than others.
The latest piece of scary software comes from researchers at security company Doctor Web who have uncovered a new Trojan dubbed BackDoor.Yebot that's capable of carrying out a wide range of destructive actions on an infected machine.
It's spread via another piece of malware, Trojan.Siggen6.31836. When launched on the target machine, this injects its code into the svchost.exe, csrss.exe, lsass.exe and explorer.exe processes. After sending a request to the remote server it then downloads and decrypts BackDoor.Yebot and transfers control to it. Some features of Trojan.Siggen6.31836 are encrypted (and can be decrypted only while it's being executed). It also incorporates mechanisms to verify the virtual machine in a target system and bypass User Account Control.
Once active on an infected system BackDoor.Yebot has a range of capabilities. It can run an FTP server or a SOCKS 5 proxy server on an infected computer, it can also modify the RDP protocol to provide remote access to the machine.
It has the ability to log keystrokes and can intercept surfing activity by capturing PCRE (Perl Compatible Regular Expressions) patterns. It's able to inject arbitrary content into web pages loaded in browser windows too.
As well as monitoring and interfering with your surfing it can intercept various system functions, modify the code of the running process, interact with plug-ins, take screenshots, and search in the infected system for private keys.
BackDoor.Yebot communicates with its C&C servers using standard HTTP protocol as well as native binary protocol and it has the ability to blacklist IP addresses if they're unavailable or getting too much traffic.
Doctor Web's analysts suggest that BackDoor.Yebot is being used as a banking Trojan, but its range of abilities suggests it's been designed as a piece of multi-purpose malware. It has already been added to the Dr.Web virus database and more technical detail on the infection can be found on the company's website.
Image Credit: Spectral-Design / Shutterstock
Mobile workforces present a number of challenges in terms of accessing data and keeping it secure. Mobile solutions company Workspot believes it has a new approach to enterprise mobility with its Workspace as a Service solution.
Workspot Enterprise supports Windows, Android and iOS access and allows users to get to their work desktop applications and work files from any PC or mobile device via the Workspot app.
It's a cloud-based service, users install a Workspot client on their PC and after entering their PIN, all their desktop applications and workspace files are made available through the service. Workspot's solution integrates the VPN, app, data and browsing for the end-user allowing them secure access to their work from anywhere in the world.
Companies benefit too as they can instantly beam new files and applications to users' devices through the app, allowing employees to be effective and up to date whether working in the office, on the road or from home and on any device. IT administrators can manage their entire workforce, regardless of device, and grant remote access to applications from a single pane interface.
"Workspot's goal is to make the enterprise completely mobile, and the launch of our PC application marks a major accomplishment toward this objective," says Amitabh Sinha, CEO and co-founder of Workspot. "Cloud-based Workspace as a Service solutions are essential for the modern enterprise, and over 95 percent of devices that users work from are Windows-based. The Workspot client for Windows provides a way for the vast majority of employees around the world to securely access their documents and data wherever they are, no matter whether it’s a company-managed or personal PC".
Workspot client is available for Windows 7 and Windows 8 in addition to Android and iOS. You can find out more on the Workspot website.
According to the latest quarterly threat report from network security specialist Black Lotus the frequency of DDoS attacks fell by 44 percent in the last quarter of 2014.
However, the average packet volume of attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 gigabits per second (Gbps) over the same period.
The report is based on analysis of Black Lotus' customer network logs. The largest bit volume DDoS attack observed during the report period was 41.1 Gbps on Oct 1, a rise in volume since the beginning of 2014, due to attackers' usage of blended, complex attacks to achieve outages.
Of the 143,410 attacks observed during Q4 2014 49 percent were regarded as severe and more than half (53 percent) of all those mitigated resulted from UDP flood attacks. These cause poor host performance or extreme network congestion by producing large amounts of packets and IP spoofing.
The average attack during the report period was 12.1 Gbps and 4.36 Mpps, tripling average packet volume since the previous quarter. This indicated a continued reliance on using multi-vector attacks, signaling the need for security practitioners to use intelligent DDoS mitigation rather than padding networks with extra bandwidth.
"We found DDoS attacks continued trending down in frequency quarter over quarter, but, on average, attack volumes multiplied," says Shawn Marck, co-founder and chief security officer of Black Lotus. "With networks and IT teams becoming defter at spotting and stopping volumetric attacks, cybercriminals are turning to blended approaches to confuse organizations, often using DDoS attacks as smokescreens for other underhanded activity".
Looking ahead, Black Lotus has revised its estimate of the security measures enterprises will need to protect against the majority of attacks throughout 2015. It now says they'll need to be capable of handling 15 Gbps minimum in bit volume, up from its Q3 prediction of five Gbps minimum. The research team anticipates that attackers will continue to try new DDoS recipes in an effort to confuse security teams and allow agitators to steal user credentials, customer billing information or confidential files.
The full quarterly threat report is available to download from the Black Lotus website.
Photo Credit: Fabio Berti/Shutterstock
Although the cloud is increasingly popular, few businesses run all of their systems in a cloud environment so there’s generally a need for some integration with on-premises IT.
California-based Jitterbit specializes in this type of integration and is releasing the latest version of its Harmony product offering increased speed, scale and reliability.
Harmony Spring '15 includes powerful upgrades and additions to Jitterbit's multi-tenant cloud integration platform. New and improved features include reliable messaging to ensure that data reaches its destination even if systems experience downtime or other issues. Real-time connectivity between the Salesforce1 platform and any external source, new SAP Destinations enabling real-time process integration from SAP, and a new Microsoft CRM Connector with support for MSCRM 2015.
There's also an enhanced NetSuite connector with broader search and performance improvements, and new LDAP support to connect, search and modify Internet directories.
"This new release to our leading cloud integration platform delivers a new level of speed, scale and reliability to support the most complex enterprise integration requirements we are seeing from our customers," says Jitterbit CEO George Gallegos. "While Jitterbit Harmony has evolved to support even more complicated and demanding use cases, we stay true to our mission to enable everyday business users to design and manage integration without the need to call on an army of developers".
Jitterbit Harmony is built on a single platform to allow non-developers to design, deploy, and manage app integrations without needing to write code or purchase additional products and components. Harmony Spring '15 enables business users to manage the entire integration life cycle on a single multi-tenant cloud platform. It provides ease-of-use, fast setup time and enterprise performance with what the company claims is the lowest total cost of ownership for any integration solution.
Existing Harmony customers will benefit from the new release with a seamless upgrade. New users can sign up for a 30-day free trial on the Jitterbit website.
Photo Credit: RAJ CREATIONZS/Shutterstock
As more and more transactions are carried out electronically, point of sale systems become an ever more tempting target for cyber criminals. Security researchers at networking company Cisco have identified a new strain of PoS malware that seeks to extract credit card data from memory and send it to remote servers.
Named PoSeidon it has a more sophisticated design than other PoS malware and has some resemblance to ZeuS. It's written to evade detection, can communicate directly with C&C servers, self-update to execute new code and has self-protection mechanisms to guard against reverse engineering.
The infection starts with a loader binary that, when executed, will try to gain persistence on the target machine in order to survive a system reboot. It does this by hiding itself in a process named WinHost32 and adding an entry to the registry.
The loader then contacts a command and control server, retrieving a URL containing another binary to download and execute. Once downloaded the binary, FindStr, installs a keylogger and scans the memory of the PoS device for any number sequences that could be credit card numbers. Once it's verified that the digits it's found are in fact credit card numbers, both keystrokes and card numbers are encoded and sent to a server.
Cisco's blog says that PoSeidon is evidence of the growing sophistication of PoS malware attacks. It also notes that this is likely to be part of a long-term campaign against such systems. "As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families. Network administrators will need to remain vigilant and adhere to industry best practices to ensure coverage and protection against advancing malware threats".
Image Credit: Sedlacek / Shutterstock
Microsoft's System Center Configuration Manager (SCCM) has become one of the leading products form managing large groups of computers, whether or not they're running Windows.
In order to improve its usefulness still further, add-on provider Adaptiva is launching the latest version of its flagship SCCM solution. OneSite 4.5 is focused on enhancing visibility and security while optimizing the speed at which enterprises can perform server-less software deployments.
Adaptiva's award-winning solution lets large enterprises manage clients worldwide at lower cost and with less IT staff effort, by removing the need for a global server infrastructure. Since 2011, Adaptiva has been the solution provider of choice for many Fortune 500 companies who rely on OneSite for seamless SCCM operations from a single site with zero impact to their business WAN traffic.
"It is a testament to the OneSite platform that many of the world's largest financial institutions, manufacturing leaders and healthcare providers rely on our technology to perform massive system updates and their input is deeply reflected in our new software," says Deepak Kumar, CTO and founder of Adaptiva. "The emphasis on visibility, security and global scalability in version 4.5 gives Adaptiva customers a distinct advantage, and we will continue to deliver innovations of this caliber".
New features in OneSite 4.5 include an update manager that makes it simple for customers to seamlessly update directly from the OneSite software they're currently running to a newer one through the automated generation of a single customized smart patch. There's also integrated security which gives customers the ability to use network access accounts for an extra layer of protection.
For multinational companies where computers travel around the globe, OneSite automatically senses where they are and intelligently retrieves SCCM content accordingly. For example if a user travels between London to New York, their system always gets content locally.
For admins there's a WAN Performance Visualizer to generate customizable network load in a test/proof-of-concept environment to verify that an application won't impact WAN traffic or decrease responsiveness. The latest OneSite also has enhanced predictive bandwidth harvesting to forecast usage and maintain responsiveness.
More information on OneSite 4.5 is available on the Adaptiva website.
Photo Credit: nmedia/Shutterstock
Despite the recent announcement by Google that it has introduced a vetting process on the Play store it seems that there are still rogue apps to be found.
Mobile security company Lookout has uncovered 13 apps with adware. Worse still these display malware-like characteristics that make them hard to remove. The company has alerted Google to the apps and they've already been removed from the store.
Two families of adware called HideIcon and NotFunny were hidden within the apps which between them have been downloaded thousands of times.
HideIcon, as its name suggests, hides its icon to make it harder to remove and then targets the user with aggressive ads. It came in an app pretending to be a card game, complete with playing instructions.
NotFunny was hidden in a number of downloads including wallpaper apps and a free Christmas ringtone app. It has two parts, a dropper and payload, once the dropper is installed with the app it prompts the user to download the payload. This drops an icon pretending to be Facebook on the device then hides itself once installation is complete. Like HideIcon it then pushes aggressive advertising and disrupts the user experience.
You can read more on the Lookout blog. Meanwhile the company is reminding users that apps with hidden icons can be uninstalled from Android's application manager under the Settings menu or from the Play Store app.
Photo Credit: Stephen Finn/Shutterstock
Adobe's latest offering Adobe Document Cloud will, says the company, address the waste and inefficiency associated with document processes.
It's made up of a set of integrated services that use a consistent online profile and personal document hub. Users will be able to create, review, approve, sign and track documents whether on a desktop or mobile device.
"People and businesses are stuck in document-based processes that are slow, wasteful, and fragmented. While most forms of content have successfully made the move to digital (books, movies, music), documents and the process of working with them have not, and that needs to change," says Bryan Lamkin, senior vice president of Technology and Corporate Development at Adobe. "Adobe Document Cloud will revolutionize and simplify how people get work done with critical documents".
Document Cloud uses Acrobat DC, with a touch-enabled user interface, which will be available both via a subscription model subscription and as a one-time purchase. Its Tool Center offers simplified and quick access to the tools you use most. Also, Acrobat DC uses Photoshop imaging magic to convert any paper document into a digital, editable file that can be sent for signature.
The subscription includes eSign Services that allows users to electronically send and sign any document from any device. There's also a Mobile Link feature to allow access to documents on the move and a Send & Track feature that allows documents to be shared whilst still protecting sensitive information.
None of these features is particularly innovative in itself, but Document Cloud is significant since it joins Adobe's Creative Cloud and Marketing Cloud in a move towards shifting the business to an SaaS model.
The Adobe website has a video preview of Document Cloud in action or you can read more about it on the company's blog.
Image Credit: Adobe
If you've been around the PC world for a while you’ll no doubt have encountered Diskeeper, the unattended defrag tool. With modern server storage using RAID controllers and SSDs you may think that the need for this kind of software is over, but Condusiv, the company behind Diskeeper, believes otherwise.
It's launching Diskeeper 15 Server, a fragmentation prevention solution for storage area network (SAN) systems connected to physical servers to keep both servers and storage running like new.
While modern RAID controllers do a good job of managing data at the physical disk layer, which helps in the fight against file fragmentation, it does nothing about fragmentation at the logical software layer that Windows sees. This is the primary reason why SAN storage performance degrades over time.
"Even with over 45 million Diskeeper licenses sold, Condusiv is not sitting still in regard to addressing performance-robbing fragmentation wherever it appears in the data center. Performance-robbing file fragmentation affects SAN storage equally as much as it affects server local storage or Direct-Attached Storage. As much as Condusiv offers a robust software solution to accelerate virtual environments, the fact remains that some of the most mission-critical applications still run on physical servers. That’s not a small number considering there are over five million physical servers in production across North America and EMEA," says Brian Morin, SVP, Global Marketing at Condusiv Technologies.
Diskeeper 15 Server's real-time fragmentation prevention software operates at the physical server layer where input/output operations originate. By preventing files from being fractured and broken apart into pieces before being written to disk or SSD in a non-sequential manner, fragmentation is eliminated before it becomes an issue. That means a SAN storage system never needs to be taken offline for defragmentation maintenance. Significantly it also reduces the amount of I/O needed to access the file as it doesn't have to be fetched in sections and reassembled.
Morin likens the effect to managing rush hour traffic, "It's like ensuring that every car has the maximum number of occupants so you use fewer vehicles to move the same number of people. With Diskeeper 15 Server you need fewer I/O cycles to access a file".
You can find more information about Diskeeper Server on the Condusiv website.
Photo Credit: klRr / Shutterstock
Project plans can house a huge amount of data, but turning that into useful information which can help with business decision making can be difficult and time consuming.
Online project management specialist LiquidPlanner is introducing a new Dashboards feature designed to help teams easily curate and share project data with internal and external stakeholders.
"People are overwhelmed by too much information and bogged down by too many meetings. We created Dashboards to make sharing key project data with your stakeholders more efficient than ever before," says Liz Pearce, CEO of LiquidPlanner. "Dashboards are both easy to use and powerful, so all of your communication needs -- from team coordination to executive sponsor updates -- can be managed in one place and updated dynamically".
Members of LiquidPlanner workspaces can create customized Dashboards to communicate and share ideas, project data, status, or anything else related to a project, ensuring that the right information can always be made available to the right people.
Dashboards are made up of customizable widgets which are dynamically linked to the project data that already exists in a workspace. Widgets can include many dimensions of a project workspace such as data tables, charts, notes, documents and images, they can be easily organized simply by dragging and dropping a particular widget into a new space.
They can be used in a number of ways such as tracking key performance indicators, as a visual way for a creative team to share design concepts, or as a means for a professional services firm to update project status of with a client.
You can find more information about Dashboards and sign up for a free trial on the LiquidPlanner website.
Photo Credit: suphakit73/Shutterstock
More than half of internet users in the US, UK and Germany believe it's impossible to keep their personal information private if they're to enjoy the Internet.
This is one of the findings of research by Open-Xchange, the German open source software company. The Consumer Openness Index surveyed 1,000 internet users in each of the three countries to gauge their opinions about online privacy.
Although they doubt their ability to remain private, 50 percent of respondents say that if they had a tool which could alert them when a website was sharing their personal data they would stop using the site immediately. Another 36 percent said they would revisit how or where their data is stored and make changes to it. Only 6 percent would simply continue using the website or service as normal.
The survey's respondents are also open to the idea of encryption for emails and online chats with 72 percent saying they could be convinced to use it. The top factors that would persuade users to adopt encryption are ease of use (54 percent saying they would use it if it involved just clicking a button). 47 percent would use it if it came standard with their applications, and 47 percent would use it if they had a better understanding of the technology.
"In today's age of famous whistle-blowers and nearly constant data leaks, most users know that their online privacy is severely compromised," says Rafael Laguna, CEO of Open-Xchange. "However, we are seeing an acceleration of individuals who are open to new technologies and are demanding help to monitor their privacy and online communications. In order for such encryption technologies to become mainstream, however, they must be easy to use and straight forward to understand -- as these are currently the largest obstacles to adoption".
The results also show differences in attitude between regions. Germans are warier about making financial transactions online, with nearly a quarter (23 percent) saying they make no financial transactions online at all, compared with 16 percent in the US and just 6 percent in the UK. Similarly, the recent controversies surrounding Facebook's privacy policies and terms and conditions have resonated more with German users, 23 percent of whom have deactivated their Facebook accounts, compared to 18 percent in the UK and 14 percent in the US.
Regardless of where they live all respondents are frustrated by complex terms and conditions. More than 72 percent say that T&Cs are too long and complicated to read before agreeing to them. However, 80 percent would read terms of service in full if they were shorter, 64 percent if they highlighted the main points and 49 percent if they used language that was easier to understand.
"There are no quick and easy solutions to today’s Internet quandaries, where giant Data States hold our information captive with undecipherable terms and conditions," Laguna concludes. "But by listening to users, and keeping a finger on the pulse of 'openness' that's out there currently, makes it ten times easier for those of us in the Internet industry to continue to drive the changes that matter now, and that repairs the trust-gap being more and more experienced across the Internet's broken state".
Image Credit: iQoncept/Shutterstock
Modern businesses spend a lot of money on customer service and on e-Commerce solutions, but often it seems that there's a disconnect between the two.
California-based company Altocloud has come up with a solution that combines machine-learning technology with real-time communications to predict the right time to interact with customers.
The software can determine the best answer to real-time decisions such as "will connecting this prospect to this sales representative now help them purchase today, or should we simply make a recommendation?" Since it's cloud based, the Altocloud software needs no extra infrastructure and is also integrated with existing marketing automation and e-commerce platforms.
"There is a better route to digital customer engagement than yesterday's 1-800 numbers, random chat popups and disjointed telephone conversations," says Altocloud CEO Barry O'Sullivan. "Our platform enhances existing marketing and sales software so that companies doing business online can reach out to prospects at a time when they're most interested, to drive increased sales".
The software can be used to enhance customer experience by embedding voice, video, chat and screen sharing into websites and mobile apps. Plus it can be deployed fast with lightweight JavaScript snippets and mobile APIs powered by a SaaS platform. Live communications can be integrated with marketing automation and CRM systems to enhance existing enterprise contact center solutions.
Altocloud has announced the commercial availability of its product from today along with $2 million of seed funding to allow it to carry its business forward.
It's exhibiting its software at the Enterprise Connect Conference and Exhibition from March 16-19, 2015 at the Gaylord Palms in Orlando. You can also sign up for a free trial via the company's website.
Image Credit: Dusit / Shutterstock
For businesses moving to a cloud-based office solution the biggest problem can be understanding and controlling the licensing costs involved.
Cloud transition specialist SoftWatch has a solution for this in the form of its analytics tool which provides in-depth information on how businesses are actually using desktop-based and web based applications as well as cloud storage and web conferencing.
It offers solutions for businesses moving to Google Apps and to Office 365. For SMBs that are moving to the Google Apps for Work suite of services, SoftWatch has an OptimizeIT Google solution to enable informed decisions based on actual usage information, manage the transition from MS Office to Google Apps and optimize their license spending.
For those that are moving to the Office 365 suite, SoftWatch offers SaaS solutions which include CloudIT 365 to enable the transition to Office 365 and help in selecting the best Microsoft price plan.
"We are very pleased to introduce our analytics solution to the SMB market segment and make it easy for them to purchase and start using our software right from our website," says Uri Arad, co-CEO of SoftWatch. "Our SoftWatch Benchmark now has 400,000 users and it is consistently showing that companies are overspending on MS licenses and can save substantially by transitioning to cloud-based alternatives. We believe that our solutions can help smaller companies to better manage their software assets and optimize their IT spending".
SoftWatch has previously been available to enterprise customers though Office 365 and Google Apps resellers, but it's now being opened up to businesses with fewer than 500 end users via the company's website. The site also offers the chance to sign up for a free trial before purchasing.
Image Credit: ND Johnston/Shutterstock
The BYOD trend is something that often creeps up on companies as employees take the initiative in using their own kit. That can leave businesses with a BYOD environment but no proper policy.
There are many potential benefits to BYOD in terms of employee efficiency and morale, but that's of limited use if it puts the safety of commercial data at risk.
Webmasters' blog StudyWeb has created an infographic guide to creating an effective BYOD policy. Whilst it acknowledges its popularity, with 74 percent of IT leaders saying that using personal devices can improve employee productivity, it also points out concerns about underground use, lack of oversight and security issues.
It then goes on to examine the keys to a successful BYOD policy including listing approved and unapproved devices, requiring complex passwords, being clear on service policy, being clear on which apps can be used, and having an effective employee exit strategy.
You can see the full infographic below.
Private information relating to more than 280,000 domains registered via Google Apps has leaked, leaving the registrants open to risk of identity theft or spear phishing.
The ability to buy domain names from one of Google's partners is a feature offered by Google Apps to allow easier access to and management of services.
A problem has existed since 2013 that has been slowly revealing the hidden registration information for domains that had opted into Whois privacy protection as they were renewed. Full names, addresses, phone numbers, and email addresses for each domain have been leaked in the form of Whois records.
There around 305,925 domains registered via Google's partnership with eNom. Of these 282,867 domains, around 94 percent seem to have been affected. Google says that new domains that haven’t yet faced a request for renewal are not affected and of course some registrants choose not to hide their details anyway.
The leak was uncovered by security research group Cisco Talos which immediately notified the Google security team. Within days the privacy settings were restored to the affected domains. Google issued a notice to affected customers yesterday once it was sure the problem had been resolved. However, the information has been available for a long time, so anyone with a cached copy of Whois information will still be able to access it.
There's an interesting side effect to all of this as some of the leaked data relates to domains associated with malicious activity. For example, the domain "federalbureauinvestigations.com" which has an extremely poor web reputation score and might lead to some embarrassing questions for the people who registered it.
Cisco Talos concludes its blog post on the issue, "Organizations that handle any sensitive information must ensure that the appropriate systems are safeguarded and that the processes handle failure gracefully. In this instance, a simple check on domains changing state from being privacy protected to not being privacy protected could have identified the problem as it started to occur".
Image Credit: Angela Waye / Shutterstock
According to a new survey by the CyberEdge Group although IT security spending is increasing, confidence is falling, with the majority of respondents expecting to be breached in the next 12 months.
The survey of more than 800 security decision makers and practitioners finds that more than 70 percent of respondents' networks had been breached in 2014, which is a 62 percent increase from the previous year.
In 2014, 71 percent of respondents' networks were breached with 22 percent of them having been attacked six or more times. A majority of respondents (52 percent) now believe a successful cyber attack is likely in the coming year -- up from 39 percent in last year's report.
These fears are driving a shift away from traditional security solutions. 67 percent of respondents indicated their intent to evaluate alternative endpoint anti-malware solutions to either augment (34 percent) or replace (33 percent) their existing products.
Half of those surveyed are also now relying on continuous monitoring technologies for discovering network assets, achieving policy compliance, and mitigating vulnerabilities and security misconfigurations.
"Cyberthreats hit an all time high in 2014, in terms of not only the number of breaches but their impact on all aspects of business. Who would have thought that we would see a time when a simple movie would spur attacks that forced an entire industry to publicly address the way it thinks about privacy, piracy, and geopolitical implications of the product it produces," says Steve Piper, CEO of CyberEdge Group. "For the first time in our research, a majority of participants predict their networks will become compromised in 2015. These are indeed dangerous times, but there is still cause for optimism as organizations take active steps to prepare for the unexpected. Welcome to the new reality".
The full report is available to download from the CyberEdge website.
Photo credit: Tashatuvango/Shutterstock
There's no doubt that cloud office platforms offer gains in productivity and easier collaboration, but they also present challenges for information security teams who need to limit content sharing.
For organizations that must comply with industry regulations like HIPAA this can lead to significant legal risk which, until now, was extremely difficult to mitigate.
With the launch of BetterCloud Enterprise for Google Apps they now have a real-time auditing, compliance, and data loss prevention (DLP) solution for the popular cloud service. It offers Drive Compliance to allow administrators to continuously audit the contents of their organization's entire Google Drive in real-time. Using custom regular expressions, they can scan for social security numbers, payment information, or any other type of number or phrase, in an effort to certify compliance with industry regulations.
"At many organizations, millions of documents are created, edited, deleted, and shared daily, with little oversight," says David Politis, BetterCloud’s CEO. "An enterprise IT or information security team’s responsibility to meet privacy and compliance regulations requires a tool like Drive Compliance. BetterCloud Enterprise for Google Apps is the only product that makes real-time DLP available to all Google Apps customers, and the only solution that combines DLP functionality with the rest of the toolset that enterprises need when deploying Google Apps across their organization".
BetterCloud uses new APIs made available by Google to allow it to connect securely with data at its source, providing maximum control with minimal setup and no impact on network performance. This allows it to alert admins to security risks and policy violations through a dashboard, prompting administrators to take action. They can notify the document owner, correct the violation, or automate future occurrences by building context aware compliance policies.
BetterCloud Enterprise for Google Apps is available to try for free for 30 days and costs $2 per user per month following the trial period.
Image Credit: Nata-Lia/ Shutterstock
Project management can be daunting, especially for smaller organizations with limited resources or lack of expertise to use complex tools.
Dallas-based project and professional services automation specialist Vorex is launching an updated version of its cloud-based platform which offers new and enhanced features that aim to help SMBs better manage and grow their businesses, while increasing profitability.
It's aimed particularly at businesses such as IT service providers and professional services firms. By streamlining day-to-day tasks, Vorex frees up business owners' and managers' time so they can focus on strategy and growing their businesses, rather than on logistics and operations. Key features of the new release include the ability to transfer billable time into Quickbooks, creating invoices that map to tracked time.
It also offers enhanced native CRM features to track accounts, service desk tickets, contacts and new revenue opportunities. This can happen within Vorex's native CRM system, or integrate directly with leading CRM systems. There's Outlook Calendar integration too so users can directly and easily schedule projects, tasks, to-dos and appointments, as well as allocate resources according to existing schedules.
Vorex can keep track of the team's individual skills, skill categories and education levels to better match the talents of employees to upcoming and existing projects. An online dashboard offers improved project insight through graphics, statistics and charts in a single location.
"Vorex is taking our business management solution to the next level by adding features that our customers and channel partners need to run business more efficiently, effectively and profitably," says Vorex CEO and Founder Mike Salem. "We are on a mission to create the perfect software that allows companies and IT service providers to run their businesses smarter".
For more information on how Vorex can help streamline project management you can visit the company's website.
Photo credit: Tashatuvango/Shutterstock
Enterprise collaboration software specialist Clarizen is introducing enhanced integration between its product and cloud storage service Box, making it easier for businesses to manage and share materials.
Thanks to strengthened integration between the two cloud services, companies can now connect files and folders seamlessly between platforms, leading to increased productivity that drives business results.
"More than ever, people are constantly collaborating across organizations, teams and geographies -- this makes it crucial that the services they use work well together and provide a seamless user experience within a secure environment," says Roger Murff, VP of Business Development at Box. "We value our great partners like Clarizen that are committed to evolving their integrations with Box in an effort to address the new way that people work".
Key features of the integration include access to one-time authentication via oAuth, the ability to link existing Box files and folders to single or multiple Clarizen items, assigning of folders to collaborators, uploading of files to Box directly from Clarizen, and viewing of files and folders in context.
The announcement coincides with enhancements reports and dashboards in the Clarizen package to offer stronger business insights. Specific views and visualizations can be shared as 'widgets' or snapshots for a high-level executive view. These can be accessed by internal as well as external users, including customers, without requiring a login.
"Transparency and context are prerequisites for continuous improvement in today’s modern workplace," says Avinoam Nowogrodski, CEO, Clarizen. "Leaders need a 360-degree view of the health of their initiatives, so that they can quickly understand patterns, predict potential business trends and make organizational improvements. The world-class reporting capabilities in Clarizen’s latest release deliver deep insights to accelerate the speed of doing business".
Both of these enhancements will be on display at the Clarizen@Work conference in San Francisco from March 8-10 or you can find out more on the company's website.
Image Credit: Lightspring / Shutterstock
Earlier this year Google introduced a number of enhancements to its Translate service. As well as written text this now makes it able to transcribe and translate audio.
But how does it compare to a human? Translation service Verbal Ink has done a head-to-head comparison and released the results as an infographic.
The tests show that Google Translate has come a long way since its 2001 launch. It does a pretty good job of getting the gist of a text or recording, certainly enough for basic understanding. However, it still struggles with capturing nuance and its translated texts suffer from poor word choices that harm readability.
So whilst it's a good choice for day-to-day tasks where you need a translation fast, it seems Google has some way to go before it can be relied on for commercial documents.
The infographic is reproduced below. You can find out more and access the text files and recordings used in the test on the Verbal Ink website.
Image Credit: Cienpies Design / Shutterstock
Companies increasingly want to take their business to new consumers by using mobile sites and apps. But it seems that it's startups and hobbyists that are driving a big chunk of app demand.
ContractIQ, which offers a service that matches developers to software projects, has produced its latest report on app development trends and pricing, offering some interesting insights into the market.
Key findings include the difference between the cheapest app development market (Indonesia) and the costliest (USA) being about 30x. In addition only 10 percent of app publishers know what SDKs to use for their apps. The lack of knowledge among customers about SDKs and APIs leaves developers to evangelize the technology.
The report shows that 75 percent of app developers surveyed from over 500 app development agencies believe that demand for app development services will be robust in 2015. But a high proportion of their demand comes from hobbyists and idea stage entrepreneurs, the segments that are most susceptible to macroeconomic shocks. Even in a buoyant market, developers say that only 1 in 4 customers publishing an app have gone on to become a viable business.
Most developers are also confident that the rates they charge will rise by five to 10 percent in 2015, though this confidence is higher among iOS and Android developers than those working in Windows and HTML 5.
The full report, with more information about worldwide app pricing trends and the most popular development tools, is available to download from the ContractIQ website.
Photo credit: bloomua/Shutterstock
Cloud technology is being adopted across a wide range of industry sectors and financial companies are no exception. But a new report from the Cloud Security Alliance suggests that many of them are still looking for the right strategy.
The survey targeted executives from banking, insurance and investment firms around the world. Whilst it found that cloud computing is becoming more and more prevalent throughout the financial sector, many respondents still don't have a firm strategy.
Among the findings are that 61 percent of respondents admitted that a cloud strategy was in the formative stages within their organization, with 39 to 47 percent planning to use a mix of in-house IT, private, and public clouds, and 18 percent planning to use private clouds.
None of the respondents had plans to be hosted mostly in a public cloud. Worryingly though the results of the survey also showed that the higher the electronic channel transaction base among a firm's customers, the less tough the policy with only three percent of these types of organizations indicating having a strict cloud policy in place.
"The results of this report are insightful into understanding how the financial services industry is progressing in terms of cloud adoption and how cloud providers can best serve their interests and needs," says Jim Reavis, CEO of the CSA. "We hope that cloud providers and financial institutions can use this as guidance to help accelerate the adoption of secure cloud services in the financial industry".
Increased transparency and better auditing controls are something 80 percent of financial firms want from their cloud providers, even more than better data encryption (57 percent). On motives for moving to the cloud, respondents indicated that flexible infrastructure capacity was at the top of their list (68 percent), followed closely by the need for reduced time for provisioning (63 percent).
The most popular services and features being adopted when moving to the cloud include CRM (46 percent), application development (45 percent), and email (41 percent). Backend services (20 percent) or virtual desks (14 percent) are low priorities.
The report also looks at compliance regulation requirements when moving to the cloud. Top of the list here is data protection (75 percent), followed by corporate governance (68 percent), Payment Card Industry Data Security Standard (PCI-DSS) at 54 percent, and national regulations on 47 percent.
The full report How Cloud is Being Used in the Financial Sector is available to download from the CSA website.
Photo Credit: Rrraum/Shutterstock
Moving systems to the cloud presents new challenges when making sure that data is safely backed up. This is a particular issue for service providers who offer backup as an added value product for their customers.
Backup specialist Intronis is simplifying and accelerating real-time data backup and recovery for its channel partners with the launch of a new release of its Intronis ECHOplatform.
The latest version has enhancements designed to help channel partners better support more complex cloud, virtualized and physical IT environments, and attract new business by offering a real-time, cloud-based data recovery solution that’s built to protect the business.
Key features include Hyper-V Rapid Recovery for better support of hybrid IT environments by offering Hyper-V environment recovery from local image-based storage in as fast as 30 seconds. There's also Imaging Rapid Recovery which simplifies recovery for physical server environments from local image-based storage, using a combination of advanced algorithms, native data formats and reverse incremental backup techniques.
It enables object-level restore to retrieve specific files, folders, and databases from physical and virtual local image-based backups with greater ease, accuracy and efficiency. Plus it's VMware 6.0 ready to ensure channel partners will be able to provide native backup for the upcoming release of the industry’s leading hypervisor platform.
"Intronis is continually looking for ways to simplify the backup and recovery processes our partners use, and the 2015 Winter Release is another dramatic step forward," says Chuck DeLouis, vice president, product management at Intronis. "The Intronis ECHOplatform offers one of the fastest recover time objectives in the industry, while at the same time offering channel partners greater flexibility in how and what they recover. This combination of speed, flexibility, and reliability enables our partners to rapidly and efficiently get their clients back up and running in just minutes -- when they need it most".
More information on the latest release is available on the Intronis website.
Photo Credit: everything possible / Shutterstock
Businesses are increasingly keen to turn to mobile solutions, but this often presents problems in terms of integrating functions and keeping corporate data secure.
Launched at this week's Mobile World Congress, MobilityLab's WorksPad combines enterprise file sync and sharing, a fully-featured office package (Polaris Office Enterprise core) and a corporate email client in one app.
All of these capabilities are integrated into a single secure environment which allows control via centralized application level policies. The embedded office package allows document editing and users can attach documents to emails, save attachments on corporate resources, and manage file structures on iPad, iPhone and Android devices.
"Apple's and Google's mail, calendar, and contacts are good for consumers, but they are about a one function, per app approach. Acompli's 'Triaged Email' rebranded to Microsoft Outlook is about integration of mail, calendar and contacts in one app. But it has the same consumer user experience of working with one item at a time without ability to open multiple items to switch across them. This is the key mobility issue when supporting multitasking scenarios," says CEO of MobilityLab Sergey Orlik. "From another perspective, how do we work with business documents? Enterprise file sync and sharing solutions are about accessing file resources, viewing documents, and editing. However, these three key information worker tools -- file management, office and email client -- have traditionally been disconnected. WorksPad solves this entire problem in a secure and centralized way".
WorksPad's multiscreen user interface allows the opening of multiple documents, email messages and appointments on separate swipeable screens, with ribbons to keep track of all of the opened items. It also has a presentation mode on iPad, Android and Windows PCs that provides business users with cross-device screen sharing.
WorksPad is available on the Apple App Store and Google Play Store or you can find out more and sign up for a free trial on the company's website.
Cyber attacks are getting bigger and more complex and are targeting many different types of organization and industry. This means defending against them is more than ever a major concern for businesses.
Attack mitigation specialist Radware has launched a new version of its DefensePro platform to provide enterprises with stronger protection.
As the industry's first dedicated attack mitigation platform to offer 100Gb interfaces with the ability to handle 230 million packets per second of attack traffic, Radware's DefensePro x4420 platform is designed for multi-tenant environments with the ability to support up-to 1,000 active policies, separate processing capabilities and customized management and reporting.
The new design offers up to 300Gbps of mitigation capacity while allowing customers to enjoy the widest range of simultaneous cyber-attack protection. It can address today’s most tenacious volumetric DDoS attacks -- where the amount of traffic becomes too much for a site to handle -- such as UDP reflection attacks, fragmented and out-of-state floods. At the same time it can pick out and mitigate the sophisticated non-volume threats which can lurk below the surface in multi-vectored attacks.
"Cyber-attacks have evolved and reached a tipping point in terms of quantity, length, complexity and targets," says Carl Herberger, vice president of security solutions for Radware. "In 2014, one in seven cyber-attacks were larger than 10Gbps and we've seen attacks 100+Gbps in size. The attack landscape is changing and cyber-attackers are getting more and more aggressive with their tactics. It's not uncommon for mobile carriers and cloud providers to experience extra-large attacks".
Radware's attack mitigation platform can provide service and cloud hosting providers with better value for their investment as it eliminates the need to deploy multiple devices and provides a high performance platform that can protect networks from sophisticated and volumetric attacks.
The platform is currently being showcased at Mobile World Congress in Barcelona or you can find out more on the Radware website.
Photo Credit: Andrea Danti/Shutterstock
Blue wavelength light emitted by the screens of computers and gadgets is known to suppress the body’s production of melatonin, the hormone which regulates sleep.
Use of gadgets therefore can prevent you from getting a good night's sleep. Mobile accessory company Fabre Technik has come up with some tips to help you make use of your gadgets but still get some decent shut-eye.
The body produces melatonin in the two hours before bedtime so limiting gadget use during that two hour window is key to getting off to sleep. If you must check your email or catch up with the latest BetaNews story in bed use a device with a smaller screen as it emits less light, also hold it away from you as the closer it is the more light your eyes will take in.
You should also turn down the brightness or engage reading mode to reduce the amount of light produced. It's possible to get apps that change the wavelength of light produced depending on the time of day. These can help your ability to get to sleep and improve your sleep quality.
Finally, you need to get out more. Humans need blue light to alert their bodies and let them know it’s time to work. The more blue light taken in during the daytime, the better the body is able to desensitize itself to blue light's effects when it's time to go to bed.
Photo Credit: Shumilina Maria/Shutterstock
Employees are putting business data at risk with their email and file sharing habits. This is among the findings of the latest survey by email encryption specialist DataMotion.
Although companies are increasingly putting security and compliance policies in place nearly 44 percent of respondents admitted that these are only moderately enforced at best.
In addition more than three-quarters of respondents said they believe employees at least occasionally violate their company’s compliance and security policies. More than one in five said those who do so are aware of what they are doing, but violate the policy anyway to simply get their job done.
"Though the survey shows us there is year-over-year growth in the number of companies putting security and compliance measures in place, the widespread security risks occurring are of great concern," says Bob Janacek, chief technology officer at DataMotion. "Particularly at a time when a number of organizations -- both large and small -- have experienced serious data breaches, it is essential that companies have strong security and compliance policies in place and that they ensure their employees fully understand and diligently follow them".
Other findings from the survey show that 30 percent of respondents don't have the ability to encrypt email. Nearly 86 percent of respondents said their organization permits the use of mobile devices for email. However, of those who have the ability to encrypt email and allow email use on a mobile, almost 36 percent can't send and receive encrypted email directly from their mobile email client.
Smaller organizations are more at risk when it comes to mobile with 47.4 percent stating email encryption was not enabled on their mobile clients, versus 30.9 percent for large organizations.
The results show a lack of confidence too with more than half believing it was likely their company would be selected for a compliance audit within the next year. Yet, nearly 60 percent admitted they are, at most, only somewhat confident they would pass this type of audit.
The full report is available to download from the DataMotion website.
Image Credit: Balefire/Shutterstock
A new study carried out by Forrester Research for security rating company BitSight Technologies reveals that third-party security has become a major concern for enterprises.
The results show that when it comes to tracking third-party risk, critical data loss or exposure (63 percent) and the threat of cyber attacks (62 percent) rank as the top concerns. These come above standard business issues, including whether the supplier could deliver the quality of service they were contracted for.
It also shows that the majority of IT decision makers believe that continuous third-party monitoring would have a major improvement on their security effectiveness in key areas. These include event identification time (76 percent), event remediation time (72 percent) and response times to high-profile events (71 percent).
However, whilst it's a major concern the findings also suggest that many businesses suffer a lack of resources to actively monitor and manage third parties. Only 37 percent of survey respondents reported tracking third-party security metrics on a monthly basis. This is despite the fact that 63 percent of respondents believe continuous third-party monitoring would improve their ability to screen vendors based on risk.
The landscape is changing though with 79 percent of respondents reporting that ensuring business partners and third parties comply with their security requirements is a top IT security priority over the next 12 months.
"The supply chain has become a cyber security minefield for companies, as we've seen with breaches caused by third-party vendors at Target, Neiman Marcus, Goodwill, Home Depot and many more," says Stephen Boyer, CTO and co-founder of BitSight Technologies. "Continuous, data-driven monitoring of third-party security vulnerabilities and threats has become essential for effective vendor risk management".
The full report is available to download from the BitSight website.
Image Credit: iofoto / Shutterstock
A majority of service providers have experienced some form of DDoS attack and have experienced loss of revenue or customers as a result.
This is among the findings of a new report by security and DDoS protection specialist Black Lotus. Only 16 percent of service providers said they'd rarely or never experienced a DDoS attack whilst 35 percent are being hit by one or more attacks each week.
There's no doubt that DDoS attacks have a major impact, 61 percent of all service providers see them as a threat to their business. Attacks are carried out across industry sectors too, 64 percent of platform as a service providers have been impacted by DDoS, as have 66 percent of managed hosting solutions providers and 66 percent of VoIP service providers.
"DDoS attacks lasting hours or even minutes can lead to loss of revenue and customers, making DDoS protection no longer a luxury, but a necessity," says Shawn Marck, co-founder and chief security officer of Black Lotus. "DDoS attacks will continue to grow in scale and severity thanks to increasingly powerful (and readily available) attack tools, the multiple points of Internet vulnerability and increased dependence on the Internet. Enterprises have to move from thinking of DDoS as a possibility, to treating it as an eventuality".
How providers respond to attacks varies too. In the event of a DDoS attack, 34 percent of the surveyed providers remove the targeted customer, and 52 percent temporarily null the route used or block the problem customer. Despite their efforts though 85 percent of respondents say they've experienced customer churn due to DDoS attacks.
The full report is available to download from the Black Lotus website and there's a summary of the findings in infographic form below.
Photo Credit: Duc Dao / Shutterstock
One of the advantages of advertising on digital platforms is that it reveals information about the devices and apps being used to view ads. This is useful for marketers but also echoes some general industry trends.
Digital advertising specialist Millennial Media has released its latest Mobile Mix report charting the use of its platform over the past year. The results throw up some interesting patterns. Among them are that Samsung saw the greatest number of impressions on the platform in the past year, unseating Apple who had previously been the leader.
This jump in Samsung impressions contributed to an overall increase in Android impressions, with hits from all Android devices growing six percentage points year-on-year. 54 percent of all tablet impressions came from Android devices. However, the Apple iPhone remains the most popular single device when measured by ad impressions.
More sophisticated devices and bigger screens has also led to an increase in video advertising. Some 29 percent of apps allowed video ads in 2014, up six percentage points from the previous year. Millennial's figures show that video and rich media ads see nearly twice the engagement rate of standard banners proving that they pay off for advertisers.
Looking at ad impressions by app type, games, music and entertainment, and productivity apps lead the way. However, health and fitness apps entered the top ten for the first time in 2014.
The Mobile Mix Report is available to download from the Millennial Media site along with breakdowns of data for specific regions.
Image Credit: Denphumi / Shutterstock
A new report from security company FireEye, based on analysis of over seven million mobile apps during 2014, reveals that mobile users are being targeted from a number of directions.
Risks on the Android platform include malicious apps that steal information once installed, legitimate apps written insecurely by developers, legitimate apps using insecure but aggressive ad libraries, malware and aggressive adware that passes Google Play checks and is assumed to be safe, identity theft, and premium rate phone and SMS fraud.
Whilst malware on the iOS platform is still comparatively rare due to stricter app store review processes, there are other risks. The report identifies a new delivery channel for iOS malware that is able to bypass the Apple App Store review process. Attackers can take advantage of enterprise/ad-hoc provisioning to deliver malicious apps to end users, either through USB connections or over the air. FireEye researchers have uncovered more than 1,400 iOS apps publicly available on the internet -- signed and distributed using enterprise provisioning profiles -- that introduce security issues.
FireEye's director of technology Jason Steer writing on the company's blog says, "Apps are the future for online experiences to complete our jobs, shop, bank, use social media and many other purposes in modern daily life. Our mobile devices are also the most important piece of equipment we have today; they contain our diaries, contacts, emails, photos, videos, employer information and many other pieces of important and sensitive information. Yet our mobile devices still do not have sufficient security to ensure they, and the information they contain, are secure".
Apps are the main source of threat which means consumers and enterprises need to understand their behavior and the risks they may present. Legitimate app stores work hard to identify harmful content but Steer warns, "Third-party app stores, while providing app content not available elsewhere, provide a safe harbor for many more malicious apps to be available".
The full report is available to download from the FireEye website.
Photo Credit: style-photography.de/Shutterstock
Bluetooth headphones are pretty common place but these from DIGICare are a bit different because they use bone conduction technology -- as does Google Glass and some hearing aids.
That means instead of sitting in or over your ears they rest on the sides of head and feed the sound into your inner ear via your skull.
First impressions are that the headset is light and nicely made using a combination of shiny white and matte black plastic. It comes with a hard case and a soft bag so you have a choice of how to protect it when you’re carrying it around. You also get a USB charger cable, some ear plugs and a carabiner-style clip so you can attach it to a belt or backpack when not in use.
There's a built-in microphone for making phone calls, a play/pause button on one side and a call answer/drop button on the other. The on/off switch, volume controls and charging point, with obligatory flimsy cover, are on the headband. Charging up from USB takes a couple of hours then you're ready to go.
It's a simple process to pair with your phone via Bluetooth as there are audible alerts that walk you through the process. You also get a tone when Bluetooth disconnects or goes out of range or when the battery is running low. The light weight means they're comfortable, there’s an adjustable band to adapt to different sized heads, although they’re a bit awkward if you wear glasses.
If you’re not used to bone conduction the listening experience feels slightly weird at first. You can still hear ambient noises -- unless you opt for the ear plugs -- but otherwise it's not unlike using conventional headphones. The bass isn't particularly strong which means these won't please the serious music listener but then I suspect that's not really the intended market here.
Getting the fit right is very important, if you don’t they'll shift slightly as you move around and you'll hear changes in tone as they do so. A little trial and error is necessary to find the right position for optimum listening.
There are a number of advantages to bone conduction technology. Because it bypasses the eardrum it still works even if your hearing isn't perfect and there's less potential to damage your ears with loud music. Plus, because it doesn't block other sounds, there's less potential to damage the rest of you -- by not hearing an approaching truck when you're out cycling or running for example.
If any of these things matter to you then these are well worth considering but if you're a hard core audio fan you'll probably want to look elsewhere.
Our review sample was provided by Geekbuying.com and the headphones cost $69.99. BetaNews readers can get a $15 discount by using coupon code ULNIVVZC at the checkout. Code expires on 28 March 2015.
We all worry about protecting our information, but how do we know which activities or locations are most likely to put it in jeopardy?
Digital rights management company Seclore has produced an infographic showing the four places where your data is most at risk. Unsurprisingly perhaps some of these are areas where you have the least control.
Third parties are a particular worry. The Home Depot breach in 2014 saw details of 5.6 million credit cards stolen. Yet it seems businesses still haven’t learned the lesson, with only 32 percent of vendors having security certifications.
Mobile is a risk too with 113 phones lost or stolen every minute in the US alone and 86 percent of mobile apps lacking adequate security. The cloud is also a worry with 71 percent of IT professionals believing their cloud service providers wouldn’t alert them to a breach involving customer data.
Email is a bigger threat than you might think too with 88 percent of companies having experienced some sort of data loss via email. Each email is copied an average of six times thanks to team collaboration increasing the risk of exposure.
You can view the full infographic below.
Photo Credit: D.R.3D/Shutterstock
One of the best ways of getting people to buy your product is to get your existing customers to recommend it. That’s equally true in the business world as it is for consumer products.
A new infographic from SaaS customer management specialist Bluenose looks at how companies can create more powerful advocates for their B2B and SaaS products.
Among the key points are that acquiring new customers can cost seven times more than retaining existing ones, so it’s important to focus on the customers you have. Satisfied users are more likely to become advocates for your business and can be worth as much as $500,000 each.
It's also useful to offer a rewards program for those who recommend your services to others. Some 84 percent of B2B decision makers start off the process with a referral and these leads are 36 times more useful than a lead from a cold call.
Employees are also an important part of the process. They are the face of the company and if they’re positive about the product it reflects well on the business. It's important that they know their product too, 67 percent of customers trust content provided by a company’s technical expert.
You can see the full infographic with other tips including promoting word of mouth and social media advocacy below.
Photo Credit: bikeriderlondon/Shutterstock
Email is the most common form of digital ID, used to login to websites, complete transactions and more besides. This means that over time each email address develops its own unique reputation and digital life based on its past behavior and actions online.
Phoenix-based startup company Emailage has used this to develop a risk scoring system for email addresses which will help companies to reduce the risk of fraudulent transactions. Emailage has successfully flagged over 2 million transactions as risky in the past year alone, amounting to $150 million it's saved customers. The company has now received $3.8 million in venture capital funding to further develop its product.
"Email is the most unique and common ID in the online world," says Rei Carvalho, CEO of Emailage. "By using our proprietary machine learning algorithms across a vast consortium of data, we are able to stop fraudsters in real time. As our customer base grows, our solution becomes more powerful and our industry-leading fraud detection rates will continue to improve. We are excited to use this financing to grow quickly and expand our offerings".
Emailage customers have already benefited from faster approval rates for 60 percent of transactions and improved pinpointing of the the most risky transactions with an average hit rate of 25 percent. Some customers are detecting 50 percent or more of their total fraud just by analyzing risk based on the email. Having this information available in real time not only prevents fraudulent transactions from occurring but also helps recognize reputable new customers that may have been declined based on other criteria.
More information on how email scoring is able to help prevent fraud is available from the Emailage website.
Photo Credit: Balefire/Shutterstock
Developers often find themselves repeatedly going over the same ground when it comes to adding functionality like forms or product pages.
California-based Cloudward is aiming to make life easier for web app developers with the launch of Cloud Snippets. These are cloud-hosted scripts, powered by Google Cloud Services, that allow anyone to instantly add forms, surveys, landing pages, ecommerce product listings, and more using the simplicity of Google Docs, Sheets, and Drive.
Developers can add a Cloud Snippet to any website, including platforms like WordPress, Weebly, Squarespace and Wix, or any HTML page. All they have to do is copy and paste the JavaScript code and publish it. Cloud Snippets also gives developers the code allowing them to make customizations as required.
"Cloud Snippets are important because they allow anybody to easily build an independent, embeddable web app," says Cloudward co-founder and CTO Danny Kolke. "For the first time, a web designer or developer has the power to build sophisticated web functions without having to know PHP, Python, Java, etc. Small agencies and web designers can use Cloud Snippets to gain big-agency capabilities. Small businesses can easily add complex functionality to their websites. And enterprises gain development flexibility".
Cloudward has set up a Snippet Store which has lots of free snippets for developers to get started. It intends to open this up as a marketplace for other web designers and developers to build and sell their own custom snippets.
Current snippets include one to create a content slideshow by taking images and tagline descriptions from a Google Sheet and displaying them in a slider, and one to take addresses from a Google Sheet and display each on a map with a marker and an information window.
You can find out more about Cloud Snippets on the Cloudward website.
Photo Credit: dencg/Shutterstock
Developers put a lot of time and resources into the technical aspects of their apps. But when it comes to selling them in other markets there's often little left for localization.
Now OHT-Mobile, part of One Hour Translation, has a solution with the launch of Lingui, a low-cost way to localize apps quickly without the need for extra manpower, complicated processes or even the requirement to send updates to the App Store or Google Play.
"Having spent a lot of time and effort developing their application, one of the biggest challenges facing developers is how to make their applications accessible and engaging for users around the world," says Ofer Shoshan, CEO of One Hour Translation. "Lingui by OHT-Mobile allows developers to cut out the time consuming and expensive process of localizing applications for multiple audiences".
Lingui simplifies the development process by inserting a few lines of code into the app that detect text in the UI and allow the option to translate in a number of ways. There's the choice of automatic translation, professional human translation or crowd sourced translation. Once the process is complete, the update goes live instantly and everywhere allowing app users to choose from all active languages.
"Until now any newly translated apps would have to be uploaded to the relevant app stores, delaying the time to get the app to market. What's more, users often had to update the app in order to get support for new languages or updated translation," says Shoshan. "With Lingui, your app translations and supported languages are managed on OHT-Mobile's cloud. Updated translations or additional languages are simple and easy to add. There is no need to republish the app in the market or to update the app on the user's device".
Lingui will be on display at Mobile World Congress in Barcelona from the 2nd-5th March or you can find out more on the One Hour Translation website.
Companies are increasingly tuning into the importance of understanding their customers in order to make their marketing more effective and big data has a key role to play in providing them with the information to do so.
A new infographic produced by Hadoop solutions specialist Datameer looks at how companies are using big data to build their brands and boost revenue.
Big data analysis can help to increase customer acquisition, reduce churn and enable businesses to develop more innovative products with features that customers actually want. The graphic uses two examples, the first being a credit card company that was able to achieve a 25 percent better conversion rate and reduce its annual advertising spend by $3.5 million thanks to big data.
The second example is an online game company that was able to understand the features that make players stay for longer and introduce new elements to boost revenue.
You can see the full infographic below and read more on the Datameer blog.
Image Credit: Maksim Kabakou/Shutterstock
A new report from IDC and enterprise mobile specialist Amdoc's OpenMarket reveals that taking an ad hoc approach to mobile messaging is harming return on investment.
The findings reveal that 62 percent of businesses have more than one messaging platform deployed and 78.5 percent have more than one instance of the same platform active across different departments.
This disjointed strategy is problematic for today's enterprises, as 75 percent of companies demand payback on these initiatives in less than a year. The results indicate the need to adopt a flexible mobile messaging platform that supports multiple use cases across business functions.
According to IDC, it will be critical for enterprises to implement a streamlined platform with global reach that can be used company-wide. To do this, 29.7 percent of enterprises are looking to partner with a mobile messaging specialist, and a majority are seeking a global provider.
"With mobile devices in the hands of employees and customers who show a preference for messaging-based communications, businesses should focus on proven mobile communication formats such as SMS and MMS," says Robert Parker, Group Vice President, IDC Insights. "Enterprises must avoid deploying single use case products, and should seek comprehensive solutions that improve customer and employee communications across the business. To do so, they should select providers that have domain expertise, service flexibility, optimal professional services, and a knowledgeable customer service staff to ensure they are getting the proper support for all their mobile messaging initiatives".
70 percent of enterprises use mobile messaging for internal communications. However, IDC sees the largest area for future growth in the adoption of SMS and MMS as in service-focused initiatives such as customer surveys, opening up SMS channels for customer support and providing valuable, time-sensitive alerts and reminders.
The summary report is available to download from the OpenMarket website.
Image Credit: Bloomua / Shutterstock
Being able to do business online is almost essential these days, but for smaller companies the mechanisms needed to accept payments can prove complex and expensive.
Specialist in web client engagement software for small businesses vCita is making things simpler with the launch of its new, seamless online payment solution for service-based small businesses.
According to MasterCard's 2014 Merchant Scope study, 90 percent of small businesses have an online presence, yet only 20 percent are leveraging their websites for product or service focused transactions.
The vCita LiveSite Online Payment system eliminates these barriers by allowing small businesses to use web technology for a cost-effective and convenient online payment system that works on any internet-connected device. LiveSite Online Payments gives businesses a website-integrated, online payments solution where clients can easily pay with any credit card, at any hour, even from their mobile phone. This caters to the growing population of consumers in the US who prefer using their mobile device to pay bills.
"We've created a solution that is easy to use and intuitive for small businesses to efficiently offer online credit card payment options to their clients," says itzik Levy, founder and chief executive officer of vCita. "For small businesses today, the ability to easily accept online payments in a secure and hassle-free manner is a huge advantage that can make or break a consumer's decision to continue the business relationship, and vCita is pleased to bridge this gap with these new capabilities".
Features of LiveSite Online Payment include a Pay Now button that accepts credit card payments to be deposited straight to a bank or PayPal account. It has a customized payment form, where the business can request additional information about the customer as part of the payment process, plus a seamless user interface ensuring the client doesn’t have to leave the business' website to pay.
There are also online payment options directly from Facebook, emails, and any other online presence. A self-service portal allows returning clients to be automatically recognized and view their account, inquire or pay their balance.
For more information on the vCita online payment and other engagement options you can visit the company's website.
Photo Credit: Slavoljub Pantelic/Shutterstock
Up to now smart glasses have been a bit of a gimmick, but they could soon be making a major impact in the enterprise market, allowing workers to communicate as they carry out tasks.
Eyewear technology company Vuzix has announced a partnership to use its Vuzix M100 Smart Glasses for the EyeSight platform from wearable software specialist Pristine. Customers taking advantage of the combined Pristine and Vuzix platform will benefit from impressive video quality, strong integrations into safety goggles and a vertically adjustable camera, useful for surgery and hands-on repair tasks.
"Pristine's EyeSight platform is a killer app for the exploding smart glasses market and enables users to collaborate in industries and locations never before imagined," says Dan Cui, Vice President of Business Development at Vuzix. "Having Pristine's solution optimized for our award-winning smart glasses will open new opportunities and deliver real value and ROI to customers around the world".
EyeSight is a powerful video communication platform for wearables that allows colleagues to securely collaborate and solve problems hands-free. It uses cross-platform architecture built on open source technologies and hosted in the cloud. This means no on-site hardware is needed and users can get up and running quickly with zero capital investment. For healthcare organizations, EyeSight also fulfills strict requirements for HIPAA-compliance.
This makes the software a good fit with Vuzix M100 Smart Glasses which are are the world's first commercially available hands-free display and wearable computer designed for enterprise users. The M100 contains a virtual display with an integrated camera and a powerful processing engine running Android. It can connect wirelessly using Bluetooth or Wi-Fi directly to most standard networks or to a smartphone.
"Our customers are generating incredible ROI. What used to cost them $2,500 per day now costs next to nothing. Using Vuzix technologies, we are delivering an incredible telepresence solution for clients in life sciences, industrial equipment, field service and healthcare." says Kyle Samani, co-founder and CEO of Pristine.
You can find more information about the M100 and enterprise smart glasses solutions on the Vuzix website.
Image Credit: Vuzix
Although organizations are increasingly concerned about data protection many of them don’t have the appropriate tools in place to secure their information.
According to a new report from data loss prevention specialists Boldon James compiled by Bloor Research, although over half of organizations see data security as a major concern 47 percent say they don't have a data classification tool.
The report is based on a survey of 200 organizations in the UK and US. It finds that even where classification policies are in place 64 percent of respondents that have a critical or serious concern over data security admit that their policy is not being adequately enforced. This is partly because of a lack of knowledge.
Martin Sugden, MD of Boldon James says, "Enterprises need to understand what information they have and where it is held in order to know what level of security to apply". Security strategy also needs to take account of new technologies like mobile. Over a third of respondents stated mobile security to be of serious concern, particularly as mobile devices are easy to lose or have stolen.
Unsurprisingly financial services companies report the most concerns over data security, with almost all respondents from this sector saying that it is serious or critical. However, they're also most likely to have policies and classification tools in place. Manufacturing firms lag behind, most seeing data security as a low concern with only 27.5 percent rating it as serious or critical. They also lag in implementing data classification policies, with a quarter stating that they do not have one in place and just 41 percent using a technology tool for enforcing data classification.
But securing data based on classification needs a combination of technology and understanding and Sugden believes understanding is more important, "If users add labels themselves they have more trust in what they mean. They're therefore less likely to leave confidential documents lying around or read them on the train".
Boldon James' solution allows labels to be used to filter documents so that they can be kept within an organization or prevented from being sent to mobile devices or specific domains like Gmail. You can read more on the company's website.
Image Credit: megainarmy/Shutterstock
It's rare these days to rely on just one service -- you find yourself using Facebook, Twitter, Gmail and more which means information and messages are coming at you from many different angles.
This can lead to information overload as well as security worries. With its new secure platform San Francisco-based Ekko is launching a way to streamline all of your communications and protect your privacy.
"Messaging has become fragmented across multiple apps and services. We created Ekko to simplify the way we communicate, and provide everyone with a way to keep messages private and secure," says Rick Peters, President and CEO of Ekko. "Ekko also offers new and unique messaging features, including comprehensive search, multi-modal messaging, and context-sensitive functions that we feel should be part of any messaging app. We’re confident that Ekko is the next generation of messaging -- private, secure, powerful, and right at your fingertips".
Available for iOS or as a web app, Ekko supports Facebook, Twitter, Gmail, iCloud, Exchange, Outlook, Yahoo, AOL, POP3, and IMAP accounts, with others in the pipeline. It uses a subscription-based model that allows you to link unlimited accounts and use channels to tune, filter, and search your messages in any way you want. Built-in, user-friendly features protect your data and support private and secure messaging. Crucially, Ekko doesn't track you or your data, nor does it scan your messages, or profile you in any way.
It allows users to apply easy-to-use security controls to any type of message, using any linked account. They can also password protect any message, redact it, or set it to delete on read -- after a predefined time or after a defined number of unique views. It lets you search simultaneously across all of your accounts ensuring you never lose track of anything important.
"A recent Pew Research Center poll revealed that 91 percent of adults surveyed felt consumers have lost control over how personal information is collected and used by companies. Clearly we, and many of you, are tired of trading away our privacy and being profiled in exchange for 'free' services and apps," says Peters. "That's why messages sent through Ekko will always be kept private, and personal data will always be protected".
Ekko charges a subscription of $5 per month (or $50 per year) but new users can try it out for $1 for the first month. You can download it from the Apple App Store or sign up via the company's site.
Data privacy is a growing concern and a number of countries including Germany, France and Russia have recently adopted new data protection regulations to protect their citizens' information.
Add in regulations like HIPAA and FINRA in the US and it's clear that businesses need to have an infrastructure to meet the various requirements or face possible legal consequences.
Data protection and governance specialist Druva is launching a set of new capabilities that offer a comprehensive data privacy framework to enable businesses to meet growing global privacy demands.
Built on the company's existing cloud security offerings it addresses concerns about corporate and employee data misuse and emerging legal data requirements. Druva centralizes and controls business data residing on employees' desktops, laptops, tablets and smartphones via integrated endpoint backup, data loss prevention, IT-managed file sharing, and data governance controls. It then continually mirrors end-user data, which enables rapid data recovery for lost or stolen devices, allows remote user access to any file or folder from any device, and supports eDiscovery, compliance and forensics needs when required.
Using a single cloud solution it has support for 11 different global admin regions. So for example companies with operations in Germany can comply with the country's tough employee data legislation. But whilst meeting local requirements enterprises can maintain a single global record of activity.
"Securing data is important, but addressing security without enacting appropriate privacy measures leaves data -- and companies -- vulnerable. Today, more than ever, global organizations must comply with regional data regulations. Privacy concerns are being forced into IT’s top priorities. Focusing exclusively on security can compromise privacy, exposing organizations to negative publicity as well as possible legal and regulatory action," says Jaspreet Singh, CEO of Druva. "With 70 percent of new inSync customers now choosing our cloud deployment option, we have developed a rigorous privacy framework to reduce those risks and support their global needs".
You can find more information about the framework on the Druva website.
Photo Credit: Slavoljub Pantelic / Shutterstock
The increase in web application use means that we're loading more code than ever into our browsers. According to httparchive, the amount of JavaScript used by the top 100 websites has almost tripled in the last three years whilst HTML has almost doubled. This has performance implications because larger page-sizes mean end users have to wait significantly longer for web pages to load.
California-based cloud delivery service Instart Logic is hoping to improve things with the launch of SmartSequence, a new technology that employs machine learning to optimize how HTML and JavaScript code is loaded in browsers.
SmartSequence uses a cloud-client architecture and machine learning technology to accelerate JavaScript and HTML, enabling browsers to load only the code that's needed, thus reducing download size and speeding up performance.
It learns which code is most frequently used by watching user behavior. For JavaScript Streaming, it then downloads only what a web page or web application needs, while ignoring unused code. For HTML Streaming, it determines which portions of dynamic HTML are used across all users, and sends that in advance. SmartSequence can also learn which sections of the page <HEAD> are dynamic as opposed to static and patch dynamic data in as needed.
"With SmartSequence, we are taking a revolutionary approach to a critical web performance challenge that is created by dynamic HTML and heavy use of JavaScript," says Peter Blum, vice president of product management at Instart Logic. "Our team of computer scientists and algorithmic experts have developed new machine learning techniques that enable us to intelligently stream JavaScript and HTML code, greatly improving page load times and customer experience".
SmartSequence is available now as part of Instart Logic's software-defined application delivery platform and you can read more about it on the company's blog.
Image Credit: isak55 / Shutterstock
Although as we reported last week more businesses are turning to the cloud it seems that some UK companies are lagging behind the trend.
According to a new Service Provider and Performance Satisfaction survey by audit and accounting specialist KPMG 71 percent of UK organizations are spending 10 percent, or less, of their IT budget on cloud services.
As part of a global study of almost 2,100 contracts covering deals worth £7.8 billion (around $12 billion) it looked at 330 UK-based contracts. Asked why they are reticent about employing cloud services, the top 3 reasons cited by UK respondents centered around data location, security and privacy risks (26 percent), concerns over regulation and compliance (16 percent) and cynicism around the ease with which cloud services can integrate with legacy systems (15 percent).
The results show that many organizations continue to rely on 'tried and tested' outsourcing models. The favored destinations for outsourced IT support services remain India (51 percent), Poland (8 percent) and South Africa (8 percent).
"Despite widespread acceptance that cloud services offer access to the latest technologies, and make IT more accessible, adoption remains relatively sluggish. While concern about the security risks surrounding new technology is understandable it may also be disproportionate, as cloud options are just as safe as other outsourcing solutions. Of course, investors and stakeholders will welcome caution on the part of the buyers, but they also want to see innovation, meaning that UK plc will need to find the right balance to remain competitive," says Jason Sahota, director in KPMG's Shared Services and Outsourcing Advisory team.
The survey also shows a nervousness about IT spending in the UK despite improvements in the economy. Only 43 percent said they plan to increase spending on outsourcing in the next two to three years. This figure contrasts with 77 percent this time last year.
More information of the study is available on the KPMG website.
Image Credit: Brian A Jackson / Shutterstock
The use of mobile devices for business presents a new set of challenges both for IT departments and the broader enterprise. This is leading many companies to turn to enterprise mobility management (EMM) solutions to secure their data and devices.
But how effective are enterprises at looking after mobile data and how will they need to adapt to the needs of new legislation? We spoke to Ryan Spence, Director of Enterprise Mobility Management for managed service company MOBI to find out.
BN: How important is it for businesses to have procedures and protection in place to protect their use of mobile?
RS: The need for active security design for the mobile workforce is nothing short of paramount. Properly designed security procedures and platforms are so critical to a valuable mobility program that I would recommend appointing security experts to help develop your security needs. Mobility platforms and the devices they manage are very good at constant change. This means organizations are required to create adaptive security structures.
BN: Does the advent of BYOD and the proliferation of different operating systems and devices make EMM more difficult to implement?
RS: Device and OS diversity do make strong EMM programs very complex and with that complexity comes increasing difficulty to build and maintain. The complexity of properly implemented EMM solutions requires integrators with expertise across diverse disciplines. It is common for current EMM solutions to be underutilized because so few organizations are clear about all of the moving pieces of EMM. The field of mobility arrived without respect to business processes or platforms, requiring business and IT to change. Change, especially in competitive markets, is a difficult process for everyone.
BN: How complete an answer are technical solutions? Isn't educating employees in safe data practices equally important?
RS: That's correct. Technical "solutions" are not, in themselves, the totality of security design. Technical solutions are vital, but they must be designed hand-in-hand with an organization’s education and communication strategy, business goals, and projections for the changes yet to come. Technical solutions only go so far, and if poorly implemented, they can create more problems and slow an organizations ability to win in their market. More often than not, this is what I see happening to organizations who are attempting to implement security measures. It is not enough to appoint a person, or buy a technology, or implement policies. Organizations must now revisit how they think about nearly every process and reshape it around the assumptions of mobility.
BN: How will President Obama's proposed data breach notification law affect the way businesses handle data security?
RS: Well, honestly, I don't think the proposed law will inform how businesses think about their data security. It was already common for states to require organizations to report data breaches. The proposed law simply unifies all current requirements across the US, making the requirement clear no matter the location of your organization. The proposed timeline on breach awareness will require businesses to be aggressive about their internal reporting in order to inform legal and messaging departments.
BN: Is this likely to have an impact beyond the boundaries of the IT department?
RS: Absolutely. As mentioned above, the proposal creates requirements that will effect PR and Legal more than technical. The impact of a required timeline on public awareness will predominantly be felt by departments outside of IT. There isn't anything technologically new in the proposal, it is really geared toward information and what an organization’s legal requirements are around public disclosure.
BN: Do you think legislation will lead to greater overall visibility in terms of the way enterprises handle data security?
RS: That's a great question. For good reason, much of the dialogue around security is not part of the public discourse. Discussing security designs publicly can have the unfortunate result of increasing risk. I do not anticipate legislation increasing visibility into enterprise security, but I do expect the frequency of data breach to compel open, public conversation around the difficulties of providing security, the complexity of security design, how this generation defines privacy, the nature and lifecycle of data, and so much more. The questions around security in the mobile age force us to dig deeply into how we have built technology, what we must do to move forward safely, and what kind of society and organizations we are working to build.
Image Credit: Anan Chincho / Shutterstock
Most of the biggest IT security risks aren't new but are threats that have been around for years or even decades.
This is one of the findings of the latest HP Cyber Risk Report published today which looks at pressing security issues facing enterprises during the previous year and indicating likely trends for 2015.
"Many of the biggest security risks are issues we've known about for decades, leaving organizations unnecessarily exposed," says Art Gilliland, senior vice president and general manager, Enterprise Security Products at HP. "We can't lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organizations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk".
Among the key findings of the report are that 44 percent of known breaches came from vulnerabilities that are 2-4 years old. Attackers continue to use well-known techniques to successfully compromise systems and networks. Every one of the top ten vulnerabilities exploited in 2014 took advantage of code written years or in some cases decades ago.
The main causes of commonly exploited software vulnerabilities are defects, bugs, and logic flaws. Yet most vulnerabilities stem from a relatively small number of common software programming errors. This means that old and new vulnerabilities in software are swiftly exploited by attackers.
Server misconfigurations represent the number one vulnerability. Over and above things like privacy and cookie security issues, server configuration issues dominated the list of security concerns for enterprises in 2014, providing adversaries with access to files that leave an organization susceptible to an attack.
Additional avenues of attack were introduced via connected devices. As well as security issues presented via Internet of Things devices, 2014 also saw an increase in the level of mobile malware. As the computing ecosystem continues to expand enterprises must take security into consideration or attackers will continue to find more points of entry.
In order to stay safe HP recommends that businesses carry out a number of measures including keep their software patches up to date, carry out regular penetration testing, and take advantage of intelligence sharing to reduce risk.
The full Cyber Risk Report 2015 is available to download from the HP website.
Image Credit: Myibean/Shutterstock
Dear EE,
We've known each other for a long time, you were called Orange when I first got to know you. A work colleague said we'd be good together and he was right. We've been through more than 12 years and five pay as you go mobile phones together. Then you decided to change your name to EE. What's in a name? I thought, a change to what was shown on the screen of course, but the service seemed the same as before so we carried on and I was still happy. Until I decided I needed a new phone.
I went to your website which had a shiny new look, alarm bells really should have started to ring at this point -- I'll come to that in a bit -- but it was Black Friday, you were offering good deals and I placed an order.
You emailed me to say there'd be a delay due to strong demand but that was okay. Then a few days later you send me a message, displaying high levels of apostrophe misuse, telling me that you didn't have the phone I ordered in stock but that you’d be in touch within 21 days to tell me what was happening or suggest an alternative.
I waited, Christmas came and went, so did New Year, you didn't email me any more. Had I done something wrong? Then in February a chance visit to your website revealed that the phone I'd ordered was back in stock. I called customer services -- a process that involves one of the most labyrinthine menu systems known to man -- and spoke to someone who said the phone was indeed in stock and I could have one next day, still at the Black Friday price. Good, although I really shouldn’t have had to chase you over this you should have kept in touch. But a new phone is on the way so everything will be all right. I thought...
The phone arrives, and this is where I knew your website should have rung alarm bells. On your old Orange site I could log into my account before ordering, the new phone came with a SIM programmed to my old number, I just activated it and all was good. On your new site there seems to be no link between my account and your shop. The new phone arrives with a SIM that has a new number and I have to get my old one swapped across.
Still, that shouldn't be a problem, there's even a page on your website to do it. Except the page doesn't work, it asks for a 19 digit SIM code, the new card you sent me only has 12. So I call your customer services line again, another trip down Menu Lane, and talk to a pleasant chap who doesn't really know what he's doing and has to keep putting me on hold to talk to colleagues. Eventually he tells me the transfer is set up and will take up to 72 hours, after which my old SIM will stop working and I can switch to the new one.
The following day I receive a text from you saying my credit is low. I knew there was about £20 on there when I started so I assume this is evidence of the transfer happening. Switch on the phone with the new SIM and I have credit, but I have the wrong phone number. Another call to customer services, "press three if you're losing the will to live," and I speak to someone else. She tells me this is normal, that the credit will move first and the number will catch up.
The problem is I now need two phones. One with credit to make calls, one with my old number to receive calls and texts -- which I can’t reply to because it has no credit. Another day later and the old SIM stops working but if people ring my old number it comes up unrecognized so no one can contact me. My online account login no longer works either. None of this would be so bad if you properly explained the process or sent updates so I knew what to expect.
At last! After two days you’ve finally managed to put my number and credit back together but, EE, I’m afraid that you and I are drifting apart. I still can't login to my online account and it really shouldn't be this hard to switch to a new phone with your existing provider.
Maybe things will be better when you merge with BT but I’m not holding my breath.
Yours truly,
Ian
Photo Credit: NinaMalyna/Shutterstock
It’s no surprise that more and more organizations are using the cloud, but the latest State of the Cloud report from RightScale throws up some interesting trends.
The company surveyed 930 technical professionals across a broad cross-section of organizations about their adoption of cloud computing.
Among the findings are that a vast majority, 93 percent, of organizations surveyed are running applications in the cloud or experimenting with infrastructure-as-a-service. In addition 82 percent of enterprises now have a hybrid cloud strategy, up from 74 percent in 2014.
It seems to be IT departments that are driving the move with 62 percent of enterprises reporting that central IT makes the majority of their cloud spending decisions. 43 percent of IT teams are offering some form of self-service portal to allow access to cloud services, with an additional 41 percent planning or already developing a portal.
Public cloud is the most popular with 88 percent of enterprises using it compared to 63 percent with private clouds. However, the private cloud leads in workloads with only 13 percent of enterprises running more than 1000 virtual machines in public cloud, while 22 percent of organizations run more than 1000 VMs in private cloud.
Amazon Web Services is the most popular public service, AWS adoption is 57 percent in this years' survey, while Azure IaaS is second on 12 percent, up from 6 percent in 2014. Among enterprise respondents, Azure IaaS has narrowed the gap with 19 percent adoption compared to AWS with 50 percent. The rebranded vCloud Air from Vmware comes in with seven percent adoption among enterprises, behind AWS, Azure, Rackspace, and Google.
Despite this widespread adoption there's still room for more with 68 percent of enterprises saying they run less than a fifth of their application portfolio in the cloud. 55 percent report that a significant portion of their existing application portfolio, although not in cloud, is built with cloud-friendly architectures.
A full copy of the report is available from the RightScale website.
Image Credit: everything possible/Shutterstock
Mobile cyber threats are more common and more sophisticated than ever before, with a number of high profile threats in the past year.
According to a new report from security companies Check Point and Lacoon Mobile Security, this means mobile devices are growing into a serious threat to the enterprise.
The survey monitored more than 500,000 Android and 400,000 iOS devices from over 100 countries, uncovering over 20 variants and 18 different mobile remote access Trojan (mRAT) families. Of the 1,000 devices found to be infected 60 percent were Android and 40 percent iOS.
It finds that enterprise employees are increasingly targeted by mRATs, risking sensitive data found from emails, messages, keystrokes, calls, employee locations and more. Large organizations in the US have only a 0.21 percent chance of an infection, but employees of infected corporations are twice as likely to be infected by mRATs. If there are 2,000 devices or more in an organization, there is a 50 percent chance that it will have infections within the enterprise network.
It also points out that attacks on organizations are clustered. Attackers choose certain large organizations and attack multiple targets inside them, as opposed to just attacking corporate employees of random organizations.
There's a summary of the findings in infographic form below or the full report is available to download from the Lacoon website.
Image Credit: watcharakun/Shutterstock
A disconnect between systems leaders and business leaders coupled with a lack of resources is keeping enterprises from properly addressing cyber threats.
This is according to a new study commissioned by defense and security company Raytheon and conducted in conjunction with the Ponemon Institute.
Among the findings are that less than half of respondents (47 percent) believe their organizations take appropriate steps to comply with the leading cybersecurity standards. Also only one-third of those surveyed believe their organizations are prepared to deal with the cyber security risks associated with the Internet of things (IoT) and the proliferation of IoT devices.
Only 47 percent of respondents believe their organizations have sufficient resources to meet cybersecurity requirements. Plus 66 percent of those surveyed indicate that their organizations need more knowledgeable and experienced cyber security practitioners.
When asked about trends over the next three years almost half of respondents believe zero-day threats will become one of the most prevalent cyber threats. More than one-third (35 percent) believe attacks on critical infrastructure will become one of the world’s five most prevalent threats.
Senior IT leaders see the use of virtual currencies as being a low risk to their organizations today but likely to become a very high risk in the future. Surveyed CISOs believe that when it comes to strengthening cyber security, the three most important technologies in the future will involve big data analytics, forensics and next-gen firewalls.
"You don’t have to wait until you’re attacked to take cybersecurity seriously," says Jack Harrington, vice president of cybersecurity and special missions at Raytheon Intelligence, Information and Services. "From the board room to the President’s desk, rallying around the cybersecurity issue is critical to address the real threats we face as a global society".
You can see an overview of the report's findings in infographic form below, or read more on the Raytheon website.
Photo Credit: Sergey Nivens/Shutterstock
We constantly hear about the benefits big data can bring to organizations, but a shortage of expertise means that many are missing out. A recent McKinsey report reckoned that the US alone faces a shortage of up to 190,000 people with big data skills.
In order to overcome this DataRPM is introducing Smart Machine Insights which uses machine learning to automatically model data, perform advanced statistical analyses, and present key insights to users in an easy to use visual format.
"This is not a human scale issue, it' a machine scale issue," says CEO of DataRPM Sundeep Sanghavi. "As Smart Machines dominate the disruption in the next decade, the only way to provide any insights in any reasonable time frame is through machines. Current data discovery tools presume that the enterprise knows where to look and what to specifically ask and have enough resources and skills to address it. As we learned with one of our smart enterprise customer, Cisco, this assumption is simply flawed, hence we are advancing beyond data discovery to insights discovery using smart machines, which will completely reshape how analytics is performed on Hadoop infrastructure".
DataRPM runs natively within Hadoop and its algorithms automatically discover entities and relationships in the data and conduct statistical analyses and hypothesis tests. This includes machine learning algorithms such as time-series analysis, forecasting, prediction, root cause analysis, anomaly detection, recommendations and more.
You can visit DataRPM's website for a demonstration of how it works or the solution will be on display at Strata + Hadoop World in San Jose from February 17-20th.
Image credit: David Gaylor / Shutterstock
Organizers of events and conferences often find themselves using multiple software tools in the process, from ticketing services and project management to emails and spreadsheets.
To streamline things Bizzabo is launching what it calls an Event Success Platform, equipping small to medium event organizers with a complete system to promote, manage and monetize their events.
"The Bizzabo Event Success Platform is the next step in the natural development of our product -- a comprehensive system where event organizers can actually take more ownership of their event branding and overall event experience," says CEO Eran Ben-Shushan of Bizzabo. "After working closely with thousands of organizers we understood the need for a holistic event software that works. We wanted to free the industry from a reliance on multiple siloed tech solutions that increase an event organizer’s workload, minimize their ability to measure success and limit productivity. By evolving our current product offering we are able to provide a one stop shop for all event technology needs, delivering the same quality we’re known for through a much more enhanced and complete experience from start to success".
Bizzabo's Event Success Platform has been trialled by a number of conferences around the world prior to its official launch. It can create an event website, sell tickets, launch an event app, initiate email marketing campaigns, build engaged networking communities. It can also help organizers get to know their audience using a smart contact management system.
The platform helps organizers measure success too by generating real-time analytics on each feature giving a snapshot of all aspects of an event's progress as it happens. The success dashboard allows organizers to deliver on measurable ROI to stakeholders, and track how they're doing compared to their goals.
Bizzabo is available online and on mobile platforms, for more more information go to the company's website.
Image Credit: Maxim Blinkov / Shutterstock
If a workforce is engaged people will be happy and more productive in their jobs, so it's something that businesses are keen to promote. But a Gallup survey last year found that 87 percent of workers worldwide and 70 percent of employees in the US are either not engaged or are actively disengaged in their jobs.
In order to try to put this right Californian company Glint is launching a real-time cloud solution to help people succeed at work. It's based on attractive and user-friendly pulse surveys that take only two or three minutes to complete.
Automatic analysis of survey data gathered then delivers immediate insights into key employee engagement drivers like leadership, culture, manager, and recognition. Managers can analyze the data by business unit, tenure, location or performance rating, while protecting individual employee confidentiality. In addition, Glint's cloud solution delivers smart alerts that can highlight groups with engagement scores that fall below industry benchmarks or company averages, as well as flagging up significant increases or decreases in scores.
"We created a platform to deliver real-time feedback that allows you to drill down into specific engagement data while ensuring a level of confidentiality that employees need in order to give direct and honest feedback," says Glint CEO and Co-Founder Jim Barnett. "In addition, we spent a lot of time and effort designing our pulse surveys so that they are a quick and positive experience that employees look forward to, as opposed to the dreaded annual survey".
Unlike traditional employee engagement solutions that produce reports with a long time lag, Glint delivers real-time insights that can keep pace with the business. It's also quick to implement and easy to configure allowing companies to get started quickly.
Glint is available on a SaaS subscription model, you can find out more or sign up for an introductory webinar on the company's website.
Image Credit: wavebreakmedia / Shutterstock
There's always that tiny glimmer of hope that in some way a new year is going to be somehow different from and better than the one that went before.
Usually it's extinguished quite quickly and it seems that, in software terms at least, 2015 is no exception according to the latest vulnerability report from Secunia released today.
It finds that in the last quarter of 2014 there were 1,357 new vulnerabilities in the 20 most used software products and that the vendor with the most vulnerable products in the period was IBM. The single product with most vulnerabilities was X.Org Xserver, the open source X Window implementation.
2015 meanwhile has got off to a bang with two zero day vulnerabilities for Adobe Flash in January and one at the beginning of February. As Secunia points out a zero day in a popular product like Flash, "...means there are more entry points into any organization. The only thing to do about it is to either remove the affected product from everywhere in your infrastructure -- which can effectively paralyze your business -- especially when the affected application is bundled and widespread -- or have complete visibility to your systems and complete data control."
The report also highlights a new set of patches for Java in Oracle's January update which see 19 vulnerabilities fixed. Java is high on Secunia's 'Most Exposed' product list thanks to its large market share, but many users simply don't bother to patch it.
The Ghost vulnerability in GNU Library C was patched in version 2.18 as long ago as 2013. However, older versions are often bundled in other applications which may remain unpatched. Secunia has issued advisories on 24 products made vulnerable by Ghost, including McAfee, Cisco, IBM, Red Hat and Xerox. Exploitation of Ghost may allow for remote code execution so users are advised to make sure their product patches are up to date.
There's some praise for Google in the report for relaxing its strict 90-day rule on disclosing vulnerabilities. On 13 February it amended its policy to allow a two week grace period to allow vendors to release patches.
You can read more about Secunia's vulnerability reviews on the company's website.
Image Credit: Pavel Ignatov / Shutterstock
According to a new report from telecommunication company Alcatel-Lucent's Motive Security Labs security threats to mobile and residential devices and attacks on communications networks all rose in 2014.
It estimates that 16 million mobile devices worldwide have been infected by malware. It also points out many retail cyber-security breaches in 2014 were the result of malware infections on cash registers or point-of-sale terminals, not online stores, so shopping offline isn't guaranteed to keep your details safe.
The report finds that malware infections in mobile devices increased 25 percent in 2014, compared to a 20 percent increase the previous year. Android devices have now caught up with Windows laptops, which used to be the primary workhorse of cybercrime. Infection rates detected by researchers are now split roughly 50/50 between Android and Windows devices.
Less than one percent of infections come from iOS and Blackberry devices, indicating the benefit of their more strictly controlled app stores. However, new vulnerabilities indicate that these platforms aren't entirely immune from threats. Alcatel-Lucent says that mobile malware generally is gaining in sophistication with more advanced command and control features.
The overall monthly infection rate in residential fixed broadband networks is up too at currently just under 14 percent, a fairly substantial rise from the nine percent recorded in 2013.
The big increase in mobile infection rates is aided by the fact that many users still don't take proper precautions. Few people would now think of attaching a Windows PC to the web without protection but the same isn't true of Android. The spotlight therefore tends to fall on service providers to address the issue.
"With malware attacks on devices steadily rising with consumer ultra-broadband usage, the impact on customer experience becomes a primary concern for service providers," says Patrick Tan, General Manager of Network Intelligence at Alcatel-Lucent. "As a result, we're seeing more operators take a proactive approach to this problem by providing services that alert subscribers to malware on their devices along with self-help instructions for removing it".
The full report is available to download as a PDF from the Alcatel-Lucent site.
Photo Credit: style-photography.de/Shutterstock
Chief Information Officer (CIO) is usually seen as a plum role in technology organizations. But new information from search specialist Lucidworks reveals that day-to-day responsibilities are holding back CIOs from driving innovation.
Some 25 percent of CIOs are solely responsible for leading tech-driven innovation at their organizations, but most of their time is being taken up with problem solving and troubleshooting.
Ideally CIOs would like to be spending 57 percent of their time driving innovation but currently are only spending 12 percent. In order to free up time for innovation they're increasingly turning to unconventional activities like hack days, study tours and tech showcases.
There also seems to be a trend towards recruiting more staff to take pressure off the department head, with 87 percent of CIOs surveyed saying they plan to increase headcount in the coming year. The findings show that appointing a deputy can free up the equivalent of one day a month.
CIO time needs to be spent in promoting a digital rather than corporate culture. They can do this by maintaining regular contact between IT and business leaders and by increasing the level of business knowledge within IT. They're also increasing their spend on tools to empower individuals, with the biggest investment being in business intelligence and analytics.
You can view the complete findings in infographic form below.
Image credit: olly/Shutterstock
Threat protection company Damballa has released its latest State of Infections report for the fourth quarter of 2014 which highlights the limitations of a prevention-focused approach to security.
The report finds that within the first hour of submission, AV products missed nearly 70 percent of malware. Further, when rescanned to identify malware signatures, only 66 percent were identified after 24 hours, and after seven days the total was 72 percent. It took more than six months for AV products to create signatures for 100 percent of new malicious files.
This has an impact on containment and raises the risk that at any time there may be live infections on a network. The report also highlights the importance of automating manual processes and decreasing the noise from false positives to make the most of skilled security manpower, rather than trawling through uncorroborated alerts to find the true infections.
In order to reduce manual efforts, Damballa advises that security teams must have automatic detection of actual infections able to reach a statistical threshold of confidence in a true positive infection. They also need integration between detection and response systems, and policies that enable automated response based on a degree of confidence.
"What's clear from these figures is that we have to turn the table on infection 'dwell' time. In much that same way that a flu vaccine hinges on making 'best-guess' decisions about the most prevalent virus strains -- AV is only effective for some of the people some of the time. Viruses morph and mutate and new ones can appear in the time it takes to address the most commonly found malware", says Brian Foster CTO of Damballa. "Dependence on prevention tools simply isn't enough in this new age of advanced malware infections; attackers can morph malware code on a whim, yet organizations have a finite number of staff to deal with the barrage of noise generated from security alerts. We urge taking a fresh 'breach-readiness' approach, which reduces dependence on people and legacy prevention tools".
The full report is available to download from the Damballa website.
Image Credit: Sergey Nivens / Shutterstock
Last year we looked at how supplier of point-and-click answer technology AnswerDash was integrating its software with the Zendesk help centre system.
Now the company has released performance stats from its customers which show that self-service technology can cut support costs by an average of $20k a year.
The technology can also boost conversion rates by up to 85 percent and reduce support ticket volume by 60 percent.
By providing a first line of defense for handling customer questions Answerdash can reduce the volume of incoming support inquiries requiring human assistance and allow customers to get answers at their point-of-action where they are most likely to complete a purchase.
"We calculated AnswerDash's impact on support ticket reduction across our early customer base and examined the average support cost savings, revealing a substantial $20K average cost reduction across all verticals. AnswerDash provides the biggest impact for SaaS customers, with a $32K average cost reduction", says Jake Wobbrock, founder and CEO of AnswerDash. "By answering common and frequently asked questions, AnswerDash reduces support ticket volume by up to 60 percent, allowing businesses to grow without a huge support investment".
A separate analysis across eight customers revealed that companies which had implemented AnswerDash witnessed double-digit increases in sales conversion rates, averaging around 30 percent increases.
For example PetHub experienced a 24.9 percent increase in sales conversion rate and also a 67 percent reduction in customer support tickets. Similarly after implementing AnswerDash, TireBuyer saw an 13 percent increase in revenue per visitor by deploying AnswerDash in the checkout process.
You can find out more about how AnswerDash works and see interactive demos on the company's website.
Photo Credit: sheelamohanachandran2010/Shutterstock
As more businesses want to take advantage of the insights that analysis of big data can offer there's greater demand for the cloud to allow direct access to stored data.
San Francisco-based big data platform specialist Datameer was the first big data analytics platform purpose built for Hadoop. Now the company is first to market with a big data analytics platform designed specifically for the cloud.
Datameer Professional offers an affordable and agile option for business executives who want to start integrating, preparing, analyzing and visualizing all of their data right away. Using Hadoop-as-a-Service (HaaS) it allows businesses to start taking advantage of big data without the need to invest time or effort in setting up and maintaining a Hadoop infrastructure.
"Datameer Professional is the accelerant the market has needed for individual departments within an organization to stop talking about the benefits of big data and Hadoop and start realizing them immediately", says Stefan Groschupf, CEO of Datameer. "Now companies that want to gain a competitive advantage with big data analytics right away can simply purchase Datameer Professional running on a HaaS offering and discover actionable insights in hours or days, not months. We believe that this will catapult Hadoop adoption as a whole as businesses discover shared success between departments and discover new use cases, encouraging the entire company to become data-driven".
The company has established partnerships with cloud providers Altiscale and Bigstsep. This will allow it to make its latest offering available to companies with limited IT or Hadoop expert resources but who want direct and immediate access to their data, regardless of its size.
For more information and to request a demo you can visit the Datameer website.
Photo Credit: T.L. Furrer / Shutterstock
Containerization of applications has done much to enhance the flexibility and portability of software as it makes it easy to move between in-house, private cloud and public cloud.
Until now, however, it's been restricted to Linux systems, using solutions like Docker, or Oracle servers running Multitenant. Now though containerization is coming to Windows servers as DH2i launches its DxEnterprise container management solution for Windows Server.
By decoupling the apps and all associated data from the host OS and the underlying physical infrastructure, DxEnterprise delivers fast and transparent application portability. This offers enterprises cloud-like agility and ensures high availability. It also makes it easier to provision, test, deploy, and manage new applications.
Each container -- called a Vhost -- consists of a logical computer name, an associated IP address (or addresses), Vhost management metadata, and portable native NTFS volumes. The metadata within the Vhost coordinates container workload management and directs the managed application to launch and run locally. Multiple DxEnterprise containers can share a single Windows Server OS instance and are then stacked on virtual or physical servers.
Management features include protection from hardware, OS or application faults with "self healing" and quality of service automation. Resource management allows workloads to be adjusted to meet the needs of the highest priority tasks.
"With DxEnterprise, customers can containerize and make any new or existing Windows Server app service, file share, or Microsoft SQL Server instance portable and highly available, with the native dynamic NTFS volumes following the workload -- all with just a few clicks", says OJ Ngo, CTO and Co-Founder of DH2i. "The results include a reduction in software and infrastructure costs of 30 percent - 60 percent and the elimination of significant lifecycle management expense -- and headache. It also eliminates OS sprawl and reduces OS cost by eight-15 times, and provides near zero application downtime as well as protection from OS, application and infrastructure faults".
DxEnterprise is available now and there's a technical white paper with more details of how it works on the DH2i website.
Image Credit: Oleksiy Mark / Shutterstock
Software-driven intelligent devices and the Internet of Things are changing the way companies deliver their products and services.
This is among the findings of a new report from Flexera Software and IDC which points towards a 'third industrial revolution' transforming the global economy.
The report based on responses from software vendors, intelligent device manufacturers and end-user enterprises, finds that the number of manufacturers making Internet of Things devices is set to more than double in the next two years.
There's also strong growth in intelligent devices, with 50 percent of respondents saying they currently develop intelligent devices and another 21 percent planning on making their devices intelligent over the next two years.
79 percent of respondents say they are, or plan on, delivering remote monitoring and maintenance as part of their product/service mix. 66 percent will add business intelligence capabilities and 37 percent will improve their supply chains with new services, such as automatic replenishment -- for example empty water coolers being able to order their own refills.
Software licensing and entitlement management is seen as key to monetizing the Internet of Things, allowing companies to develop new offerings that bundle device, services and consulting. This will see the proportion of revenues gained from hardware decline over the next two years and revenue from services grow to take its place.
"The report supports a long-proven truism in the high-tech arena -- that innovation, alone, isn't sufficient to transform an industry. There must also be a practical means to monetize new technology in order to profit from it," says Vikram Koka, Vice President of Intelligent Devices and Internet of Things at Flexera Software. "Software- and Internet-enabled products are spawning a vast new category of products and services previously unimaginable. The data from today's report shows that in conjunction with their new products and services, device makers are also beginning to transform their business models via flexible licensing and entitlement management -- enabling them to turn their innovations into revenue".
Image Credit: alexmillos / Shutterstock
The Simplocker ransomware targeting Android systems first appeared in mid 2014. Prior to Simplocker most ransomware only claimed to encrypt files but didn't actually do so.
Fortunately files locked by the malware were fairly easy to decrypt, but now researchers at antivirus company Avast have uncovered a new version of Simplocker with an even nastier trick.
The latest version uses unique keys for each device it infects making it much harder to decrypt and is already believed to have infected around 5,000 devices.
Avast mobile malware analyst, Nikolaos Chrysaidos writing on the company's blog says, "To use an analogy, the original variant of Simplocker used a 'master key' to lock devices, which made it possible for us to provide a 'copy of the master key' to unlock already infected devices. The new variant however, locks each device with a 'different key' which makes it impossible to provide a solution that can unlock each infected device, because that would require us to'‘make copies' of all the 'different keys'".
The new Simplocker masquerades as a Flash Player update to trick users into installing it. Android blocks installs from unofficial markets by default, so users should be safe unless they've changed their settings.
If it is installed the app is granted administrator rights and uses social engineering to deceive the user into paying a ransom to unlock the device and decrypt the files. The app claims to be the FBI, warning the user that they have found suspicious files, violating copyright laws and demanding the user pay a $200 fine to decrypt their files.
There's more information including a look at how the Simplocker malware operates on the Avast blog.
Image Credit: Carlos Amarillo / Shutterstock
It probably hasn't escaped your notice that today (10 February) is Safer Internet Day. This is intended to promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people.
Online advice site Knowthenet.org.uk -- operated by the Nominet domain registry -- has published some new research looking at the attitudes of parents to their children's use of social media and finds that whilst it has a generally good effect there's still a need for caution.
Parents are mostly positive about social media's effects, with 27 percent saying it has helped their children make new friends, 23 percent that it helped them feel more included and 18 percent that it helped them feel more confident.
There are some worries though with 24 percent saying that their child was unhappier since using social media and 31 percent that their child had been upset by something they'd seen on a site. 42 percent of parents say they don't set any time limit on their child's internet use.
In response to the findings Knowthenet has put together some handy tips for parents. These include:
For more information on keeping children safe online and understanding internet safety in general you can visit the Knowthenet website.
Image Credit: Pressmaster / Shutterstock
In the past malware developers and hackers have tended to concentrate on Windows. But as mobile has taken off and there's been a shift in the type of systems people use they've diversified their efforts into other systems.
In particular Android, as the most popular mobile OS, has become a prime target. We spoke to Ren Huan, chief architect at Android security and performance specialist 360 Security to get his view of the mobile security landscape.
BN: How does the Android threat landscape differ from other operating systems? Are premium SMS threats still a major problem for example?
RH: There's no absolutely safe operating system on the market. Android in particular has from day one been the go-to platform for a couple of reasons. Android makes up nearly a third of the global smartphone market. At the same time, Android's open platform supports many different variants of the Android ROM running on different types of devices, and hundreds of different app stores around the world. It's no surprise under these conditions that hackers target Android -- the low hanging fruit. With a far higher volume of threats to account for, compared to other operating systems, Android also tends to be home to the more creative types of hacks, whether it’s an SMS Trojan, or even an adware scheme.
BN: Does the fact that Android is often customized by hardware OEMs make it more difficult to keep it secure?
RH: There are pros and cons to Android's open platform. The open platform has encouraged Android to flourish, it provides developers and OEMs the convenience of adopting a single operating system, and users with choices between phones. However it's far more difficult to provide robust security services in an incredibly fragmented market when it's not only Google's responsibility to provide support to users. For instance, Google will push a vulnerability patch through a new OS version but historically the OEMs are slow to react and deliver the patch to the end user. In a real world analogy, this explains why Jelly Bean has been delivered to under 0.1 percent of Android users.
BN: People tend to point to the operating system when breaches occur, but how much of the security risk comes from poorly designed apps?
RH: You're definitely onto something. The Google team is known to be on top of Android security vulnerabilities. For example, Google rolled out Security Enhanced Linux (SELinux) with Jelly Bean. Google also updated SMS broadcast requirements, which secures SMS messages that are delivered to mobile apps. Of course this is just the tip of the iceberg. Google offers encryption protocols including MD5, AES, and HTTPS, along with regular security patches. The consequence of providing an open platform is a loss of control over its own platform and security standards. If security isn't a prerogative for an app developer they may decide to store users' information in plain text format for the sake of developing a fast, minimum, viable product. Of course this opens the app up to vulnerabilities and hackers wouldn't need to sweat to steal any stored information about the app's users.
BN: Are we at the stage where it's essential for Android users to have some sort of anti-malware app installed on their device?
RH: Many Android users end up installing malware because they're downloading untrustworthy apps or apps from third-party Android markets with questionable policies. Or users may unwittingly download malicious apps from forums and even other devices. Surprisingly, not many Android users are cognizant of the threats that lurk on Android, so we'd argue that it's essential for Android users to have one additional anti-malware app installed on their device. Fortunately, these days, security apps are simple to use and free-to-download. Think of an Android security app like the antivirus software you’ve installed onto your PC. Because Android security apps have varying degrees of quality, you might have more than one antivirus product installed in the case that one product failed to catch a virus. You can check AV-TEST's monthly list of top security apps, which includes 360 Security's antivirus engine by Qihoo 360.
BN: In response to Google's recent pulling of support for WebView you recommended users switch to using Chrome. Is the Chrome browser significantly more secure and why?
RH: Ideally you'd want to be using Chrome or Firefox if you want to avoid these WebView vulnerabilities. The reason isn't because of how secure Chrome is. Google explained that it's dealing with five million lines of outdated code, not to mention thousands of commits developers are submitting regularly, making it more difficult to deliver patches to WebView, particularly when WebView until recently came packaged in firmware. That means to get the latest WebView version delivered to end-users Google had to first send it to OEMs and carriers to distribute the patch. Once that happens it's out of Google's hands and it's a waiting game before the OEM and carrier gets around to delivering the patch. So to cut to the chase Google decided to deliver WebView patches directly and instantly to users by way of the Google Play store. Because Chrome and Firefox can be downloaded from the Play store, to receive the latest WebView patch all you need to do is update your browser version when a new one is available.
BN: Is the user always the weakest link in keeping any system secure?
RH: I'm sure, based on my previous response, that you'll get the inkling that Android users aren't taking enough precautionary measures to safeguard their mobile security. Oftentimes it's what apps you download, sites you browse, or links you click that causes you to have that nasty bug hiding away in your phone. Of course, not everything is in the users' control. For instance, there are plenty of situations where a trusted developer's app is hacked and user data is stolen. But more often it's the users’ actions that cause their device to contract malware. Luckily, there are measures that users can take to safeguard themselves to minimize the chance that this happens.
BN: Finally, what everyday steps should people take to protect their Android devices?
RH: We'd recommend that you update your apps and operating system regularly to ensure that you're receiving the latest patches. This will minimize the chances that a hacker could take advantage of your device. At the same time, security apps are a great aid in not only detecting any new threats, but also removing them. And of course, users should pay more attentions to how they're engaging with the content on their device. That means avoiding suspicious links, apps, mobile sites, and unfamiliar Wi-Fi networks.
Image Credit: Palto / Shutterstock
Consumers are increasingly using mobile devices to access various aspects of their digital lives including online shopping.
Yet in many cases businesses are failing to take advantage of the extra marketing opportunities that mobile offers them.
Smart online forms company Formstack has put together an infographic that uncovers the top five mistakes businesses make in their mobile marketing.
The first mistake is simply not bothering to build an app or a mobile optimized site. Yet 46 percent of consumers say if they're using a company's mobile app they're unlikely to shop around for other options. The second error is not optimizing for devices with different screen sizes like tablets.
Not having a strong call to action, such as a one-click button to download a coupon, is another error, as is not offering the ability to auto-fill forms using links to social media accounts. Companies also suffer from overloading their mobile sites with content, 57 percent of users say they won’t recommend a badly-designed mobile site to their friends.
You can view the five main mistakes in infographic form below.
Image Credit: Bevan Goldswain / Shutterstock
System downtime is always frustrating, but according to a new survey from IDC, sponsored by performance management specialist AppDynamics, it has major cost implications too.
According to the survey respondents an infrastructure failure can cost $100,000 per hour. A critical application failure costs between $500,000 and $1 million per hour.
A little more than a third of those outages last from one to 12 hours; 17 percent of infrastructure failures and 13 percent of application failures last more than a full day. This means that downtime could be costing the Fortune 1000 companies between $1.25 billion and $2.5 billion every year.
The quest for more reliability is why many companies are turning to DevOps practices. 40 percent of Fortune 1000 companies already use DevOps and the survey shows that a further 40 percent are actively investigating its adoption.
They expect it to deliver improvements in customer experience, productivity, costs and profitability, as well as speed of application delivery. These benefits will be delivered through increased capabilities in automation, continuous delivery, continuous integration, automated testing, and application monitoring.
You can read more about the report's findings and download a full copy from the AppDynamics blog and there's an infographic summary of the findings below.
Image Credit: amadorgs / Shutterstock
Consumers are increasingly wary of downloading apps according to a new report by mobile commerce community MEF and antivirus company AVG.
The study is based on data from 15,000 mobile media users in 15 countries across five continents. It explores the key areas of trust, privacy, transparency and security to identify their impact on mobile consumers, from purchasing a new device to downloading apps or paying for goods and services.
Among the findings are that almost half of all consumers surveyed (49 percent) say a lack of trust limits the amount of apps they download, compared to 37 percent last year. 72 percent of mobile consumers are not happy sharing personal data such as their location or contact details when using an app and 34 percent say a lack of trust prevents them from buying more goods and services using their mobile device.
Of the markets studied the US experienced the largest increase in a lack of trust, at 35 percent (up nine percent year-on-year). Many consumers feel that app stores and device manufacturers should be taking greater responsibility for protecting their personal information. 30 percent of respondents said this would give them greater trust in the platforms and 63 percent said that they considered transparency important or extremely important (compared to 49 percent last year).
Interestingly although the results show a high awareness of malware, caution surrounding it has decreased. Only 48 percent of respondents said the threat of malware would make them think twice when downloading apps compared with 74 percent last year.
"Building consumer trust is an integrated process," says Judith Bitterli, Chief Marketing Officer at AVG Technologies. "While the mobile industry across the board must step up and take responsibility for increasing transparency across user privacy policies, it is equally important that consumers take their own steps to educate and protect themselves in order to better protect their rights and understand their choices online. This research shows that while consumers are taking certain proactive steps towards greater protection there is still some way to go in order to ensure their privacy and security are not at risk".
More information about the report is available from the MEF website.
Photo Credit: phloxii/Shutterstock
Many of the security breaches that have made the headlines over the past year have been due to some form of web vulnerability. It's no surprise that the web has become the main route for cyber attacks as highlighted by things like Shellshock.
But identifying these flaws manually can be a mammoth task. Which is why cloud security provider Qualys is announcing the latest version of its Web Application Scanning (WAS) tool.
Qualys Web Application Scanning is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection.
It's an automated service which makes it possible to carry out regular testing that produces consistent results, reduces false positives, and easily scales to secure large numbers of web sites. Qualys WAS also proactively scans websites for malware infections, sending alerts to website owners to help prevent search engine black listing and consequent damage to brand reputation.
"In today's increasingly digital world, web applications are the new battleground for attackers looking to gain access to corporate or personal data," says Philippe Courtot, Chairman and CEO for Qualys, Inc. "Since its inception, we designed our web application scanning solution with scale and accuracy in mind as we anticipated this explosive growth of web apps. Now with the new progressive scanning capabilities, we have reached a new milestone, which coupled with our recently introduced Web Application Firewall, allows companies of all sizes to ensure the security of their web apps".
Key features of the new release include progressive crawling where each scan builds on the information obtained in previous scans, prioritizing newly identified pages over previously tested ones. Similarly, progressive testing enhances the flexibility of scanning by automatically starting, stopping and resuming scans across networks without manual intervention. There are also new customized reporting templates to simplify the time and effort needed.
For more information and to sign up for a free trial you can visit the Qualys website.
Photo Credit: Yuriy Boyko/Shutterstock
The increasing use of mobile devices for business has highlighted the need for solutions to manage devices and keep them secure.
Samsung has recognized the growing importance of this and has announced the release of the Good app container and management system on the Samsung KNOX enterprise security platform for Android.
Good's container platform and app ecosystem are integrated directly into the KNOX security stack. This joint solution creates a secure solution for enterprises and government agencies looking to accelerate their Android deployment to drive secure mobile productivity.
"Together, Samsung and Good are addressing the growing importance of mobility management for enterprises by delivering an unmatched secure mobile productivity solution for Android that will relieve organizations of past concerns with Android adoption," says Injong Rhee, executive vice president of enterprise business, IT and mobile business at Samsung Electronics. "The combination of Samsung and Good represents the best solution for secure enterprise Android productivity -- no matter whether corporate-liable, COPE (Corporate Owned, Personally Enabled) or BYOD(Bring Your Own Device) device ownership models are being used".
The product creates a Good-secured domain within the KNOX Android system where any secured apps sit. It prevents the rooting of corporate Android devices and stops rooted BYOD devices from accessing corporate resources. It also protects devices against Android malware that attempts to modify the kernel or system and secures corporate apps and data whether they’re at rest, in motion, in memory, or between apps.
"The large companies in the world trust Good Technology as the secure mobility leader, including all of the Fortune 100 commercial banks and other industry leading companies in over 190 countries," says Christy Wyatt, chairman and CEO of Good Technology. "By partnering with Samsung to integrate our container and secure app ecosystem with the KNOX platform, we are delivering a comprehensive, layered solution to secure Samsung Android devices in the enterprise".
You can find more information about Good for Samsung KNOX and see a video of how it works on the Good website.
Image Credit: Moon Light PhotoStudio / Shutterstock
Availability and performance are key factors to success in the eCommerce field but as sites grow, the software used to support them needs to be able to keep pace.
San Francisco-based database company Clustrix is rolling out the latest version of its ClustrixDB product to help businesses cope with expansion and reduce the risk of slowdowns and outages.
ClustrixDB 6.0 is compatible with MySQL and includes performance enhancements for Magento Community and Enterprise Editions. It can support hundreds of thousands of customers per hour and an unprecedented 2,000+ active sessions. In addition, its built-in fault tolerance and high availability capabilities ensure zero downtime and continuous processing of eCommerce transactions even during hardware failures, both on premise and in the cloud.
It allows eCommerce sites to adjust their capacity easily to keep pace with variable volumes of customers, products and orders. Product highlights in this release include up to five times more read and write performance than standard Magento with MySQL, automatic recovery from hardware failures, prioritizing eCommerce transactions over other tasks, and data made available directly at each server to reduce load times.
"Our largest customers manage upwards of 170 million products that require constant real-time inventory and pricing updates, and eCommerce retailers of all sizes are already benefiting from the performance and availability that ClustrixDB's scale-out architecture provides," says Mike Azevedo, Clustrix CEO. "Version 6.0 builds on these features, offering a scalable solution that ensures zero downtime and provides live reporting of business performance metrics to increase sales opportunities and capture more revenue".
For more details of Clustrix's eCommerce products you can visit the company's website.
Photo Credit: Nonnakrit/Shutterstock
We reported a few weeks ago on research showing that cloud security was becoming a concern outside the IT department and having an impact on the boardroom.
Now a new study in the UK by Tom Neaves, Managing Consultant at security specialist Trustwave backs this up, showing that cyber security is increasingly becoming a corporate issue.
Looking at the annual reports of UK companies over recent years, the findings show that in 2012, just 49 percent of FTSE 100 companies made a reference to cyber security. In 2013, the number increased to 60 percent. And in 2014, more than three-quarters of companies (76 percent) referenced it.
There are also changes across industry sectors. Neaves says, "In 2012 and 2013, the utilities industry remained stagnant at 60 percent of companies recognizing cyber security. In 2014, that number rose to 80 percent. On the other side of the spectrum, the oil-and-gas industry saw no change in 2014 at 85 percent. But that’s still a vast majority. I also saw a significant jump in the financial and health care industries, both showing an increase of 25 percent".
As to why companies are taking security more seriously, it could be due to a number of things, the number of data breaches that made news headlines in 2013, increases in the number of internet-connected control systems, as well as involvement at a Government level to help improve cyber security across all businesses such as the UK government's Cyber Essentials Scheme.
Neaves concludes that increased recognition of security at board level is a step in the right direction, but notes, "...a security program is only as good as the people who manage it. If businesses lack the manpower and skillsets to ensure their controls are installed, updated and working properly, they should augment their in-house staff and partner with a third-party team of experts whose sole responsibility is to protect their information".
You can read more about the findings on Trustwave's blog.
Image Credit: Manczurov / Shutterstock
Many of the things we do online require an ID and password, but typically whilst this makes things easier for the site it doesn't always do a lot to protect the user, who may be revealing more information than they need.
For example you may have to reveal your full date of birth and address to a video streaming service in order to verify your age and region, running a risk that the information may fall into the wrong hands.
Now researchers at IBM have announced plans for a new cloud-based technology to help consumers guard their personal data.
The technology, called Identity Mixer, uses a cryptographic algorithm to encrypt the identity attributes of a user, such as their age, nationality, address and credit card number in a way that allows the user to reveal only selected pieces to third parties.
Identity Mixer can be used within a digital wallet, which contains credentials certified by a trusted third party, such as a government-issued electronic identity card. It's important to note that the issuer of the credentials has no knowledge of how and when they are being used.
"Identity Mixer enables users to choose precisely which data to share, and with whom," says Christina Peters, IBM's Chief Privacy Officer. "Now web service providers can improve their risk profile and enhance trust with customers, and it's all in the cloud, making it easy for developers to program".
Taking the example of the video site above, Identity Mixer would be able to confirm a user's age and region without revealing any more. This ensures that even if the website is hacked personal data remains safe.
Similarly, if you wanted to make a payment Identity Mixer would be able to confirm that a credit card is valid and that it can accept payment, without actually revealing the full card number or expiration date.
Identity Mixer is now being made available to developers as an easy-to-use web service in IBM Bluemix, IBM's new platform-as-a-service (PaaS) cloud. Beginning this spring, Bluemix subscribers will be able to experiment with Identity Mixer within their own applications and web services. Using simple pull-down menus, developers can choose the types of data that they wish to secure and Bluemix will provide the code, which can then be embedded.
"Identity Mixer incorporates more than a decade of research to bring the concept of minimal disclosure of identity-related data to reality, and now it is ready to use for both computers and mobile device transactions," says Dr. Jan Camenisch, cryptographer and co-inventor of Identity Mixer at IBM Research.
You can find out more about Identity Mixer and how it works on the IBM website.
Image Credit: Nata-Lia/ Shutterstock
Data security is a big concern for both individuals and businesses. This doesn't only apply to the public face of a business, but to exchange of information and collaboration between employees too.
Canadian company Witkit is launching a new platform that allows the creation of teams and groups within industries, companies, and departments to tackle projects and solve problems collectively, with the safety and security of knowing their data cannot be breached.
"Our intention with Witkit is to make the first fully encrypted global collaboration platform so that companies and individuals can more easily reap the benefits that socialized teamwork brings to their business challenges," says Sean Merat, president and CEO of Witkit.
Witkit is a modular platform that works by allowing users to create tailored workspaces. These center on 'Kits' -- virtual groups based on specific topics or projects. Within each Kit, members can upload and access shared files, initiate and contribute to group discussions, post and respond to team tasks, and use a single synchronized calendar.
Additional features include secure storage using proprietary encryption, along with messenger and video conferencing services.
Kits can be made private or public and users are able to participate in multiple Kits at the same time. A single dashboard and news feed collates all of a user's memberships in one place.
"The vast majority of breaches today happen on a centralized system which contains sensitive user data," says Merat. "WitCrypt technology ensures that the encryption and decryption of user data is only done on user devices locally. All data that is sent to the Witkit servers is fully encrypted and can only be decrypted by the user's WitCrypt passphrase. We can confidently say that we've minimized most, if not all the risk, to user data being hacked. That is to say that in the unlikely event that the Witkit servers are compromised, there will be no decrypted data to be found".
For more information visit the Witkit website, the first 50,000 people who sign up for the platform will get 50GB of encrypted storage and all available applications for free.
Image Credit: Tischenko Irina / Shutterstock
One of the major worries for online businesses is being subject to a DDoS attack. As well as damaging reputations these can have a serious effect on finances too.
According to a new study by Kaspersky Lab the average cost of a DDoS attack ranges between $52,000 and $444,000 dollars depending on the size of the business.
The cost reflects a number of different issues. According to the study, 61 percent of DDoS victims temporarily lost access to critical business information, 38 percent of companies were unable to carry out their core business, and 33 percent reported the loss of business opportunities and contracts. In addition, in 29 percent of DDoS incidents, a successful attack had a negative impact on the company’s credit rating while in 26 percent of cases it prompted an increase in insurance premiums.
The figures also factor in the costs of dealing with an attack. These include 65 percent of companies having consulted with IT security specialists and 49 percent paying to modify their IT infrastructure. Also 46 percent of victims had to turn to their lawyers and 41 percent turned to risk managers.
Attacks can have an ongoing effect too depending on how an organization deals with them. 72 percent of victims disclosed information about a DDoS attack on their resources. Specifically, 43 percent of respondents told their customers about an incident, 36 percent reported to representatives of a regulatory authority and 26 percent spoke to the media. 38 percent of companies say they suffered reputational loss as a result of an attack.
"A successful DDoS attack can damage business-critical services, leading to serious consequences for the company," says Eugene Vigovsky, Head of Kaspersky DDoS Protection at Kaspersky Lab. "For example, the recent attacks on Scandinavian banks (in particular, on the Finnish OP Pohjola Group) caused a few days of disruption to online services and also interrupted the processing of bank card transactions, a frequent problem in cases like this. That's why companies today must consider DDoS protection as an integral part of their overall IT security policy. It's just as important as protecting against malware, targeted attacks, data leak and the like".
You can see a summary of the study's findings in infographic form below or the full report is available from the Kaspersky website.
Photo Credit: Fabio Berti/Shutterstock
A new global study conducted by Microsoft across 12,000 people shows that most internet users still don't believe they're aware of all the data that's being collected about them.
For example, Facebook, Twitter and Google+ know you've read this page, as they track your visits to any website with a 'Like', 'Tweet' or '+1' button, whether you click that button or not. Information gathered can include anything from your IP address and general geography, to insights into your age, gender, income, hobbies, health status and financial situation, by way of your browsing and purchase history.
All of these bits of data may not be much use on their own, but according to the Internet Society's Privacy and Identity Director, Robin Wilton, companies are increasingly putting them together to create a bigger picture. They can then use this to predict your behavior, including your habits, preferences, values, aspirations and intentions.
This can have significant implications for your finances. Wilton says, "According to one study, you may pay more than others when shopping online based on your web browsing history or the kind of smartphone you own. Some consumers have seen their credit limits reduced by their credit card companies because they shopped at stores frequented by cardholders who don’t have good repayment histories. From there, it’s possible insurance companies might eventually string your data together to determine if you’re insurable (and what kind of premium you should be charged based on your perceived risk) and credit card companies could use it to determine your creditworthiness (and charge you higher interest)".
What can you do about all this? Wilton suggests fragmenting your online identity. "Strategically use different email addresses, browsers, credit cards, and maybe even devices, for different web activities (like personal, work and online shopping) to make it more difficult to collect one cohesive data set about you".
You can also adjust your browsing habits by using Do Not Track or Incognito settings to prevent cookies from being left on your system. That doesn't prevent your searches from being tracked by the provider of course. To stop that you could switch to a non-tracking search engine like DuckDuckGo, or Boston-based privacy company Abine is about to launch a private search service for Google -- with Yahoo and Bing to follow soon -- integrated into its Blur product that protects passwords and payments.
"By the end of 2015, anybody who wants to use the Internet safely should be using Private Search, alongside a password manager and a secure payments service," says Rob Shavell, CEO of Abine. "Blur users can use the best search engine the way it used to be -- simple and not nosy".
Using the internet is a balance between convenience and privacy. It may be inconvenient to use additional privacy tools, but do remember that someone somewhere knows you're reading this.
Image Credit: Stuart Miles / Shutterstock
As demand to access company information on the move and from mobile devices increases it places extra strain on security resources.
Existing web applications firewalls (WAFs) monitor traffic but don't have an understanding of the logic of data flows and the behavior of applications. This can make it hard for them to distinguish between legitimate traffic and attacks on apps such as SQL injection and cross-site scripting.
Israel-based security company Checkmarx is launching a run-time application self-protection (RASP) tool called CxRASP which will monitor an app’s bidirectional data flow, enabling the detection of and defense against real-time attacks.
Checkmarx's technology 'listens' at each interaction junction of the app, covering access points between the application and the user, the database, the network, and the file system. With complete visibility into the app's input and output, CxRASP tailors the protection mechanism to the specific flow within the application to achieve high detection accuracy in real-time. Suspicious activity is flagged when it enters the app, and then verified to see if it is actually malicious at the output to minimize false positives and false negatives. If an attack is identified, the organization is alerted and instructions are sent on how to fix the vulnerability.
"The fast increasing number of applications and the resulting vast amounts of insecure code written and released into production means that we need a more intelligent way to ensure software security," says Emmanuel Benzaquen, CEO of Checkmarx. "CxRASP is the ultimate way to protect applications as it lets applications do the work of protecting themselves so that security vulnerabilities are revealed and blocked in real-time".
The product can be integrated with static application security testing tools from Checkmarx and elsewhere to ensure application protection throughout the development process.
For more information on Checkmarx products you can visit the company's website.
Imaged Credit: soliman design / Shutterstock
As the need for real-time data increases thanks to the Internet of Things and growing demand for mobile services, organizations are looking for new ways to capture and process information.
In response to this demand database company VoltDB is launching version 5.0 of its in-memory database application offering increased support for the Hadoop ecosystem, expanded SQL support and a new Management Center.
"Developers are in need of better tools with which to develop fast data streaming applications with real-time analytics and decision making across industries," says Bruce Reading, President and CEO of VoltDB. "As the popularity and adoption for Hadoop continues to surge, there is an increased need for integration between fast and big data so developers can focus on the applications and not the infrastructure. Version 5.0 meets that demand".
Along with improved Hadoop support key features of the latest release include new export connectors for HDFS, HTTP, Kafka and RabbitMQ as well as Avro format. There’s also a new Kafka data Import option as well as bulk data import from, JDBC Loader, Hadoop OutputFormat and Vertica Udx. The new VoltDB Management Center (VMC) provides browser-based, one-stop database monitoring and configuration management.
As an example of how effective the product is, VoltDB Developer John Hugg has used version 5.0 to develop a real-time analytics app that counts the number of unique mobile devices/types of devices accessing an application. He was able to do that using only 30 lines of code, while the traditional Lambda architecture would have needed thousands of lines.
The latest version of VoltDB is available to download now. For more information visit the company's website.
Image Credit: wavebreakmedia / Shutterstock
Mobile device strategy, especially if it involves BYOD, can mean having to manage a wide range of devices and operating systems. That makes it difficult for IT departments to find a single solution to do the job.
Now though secure mobility specialist Good Technology is launching its Good Management Suite, a comprehensive cross-platform solution for organizations getting started with mobile business initiatives.
"As mobility continues to assume a larger role in the enterprise, organizations need to plan for both their current and future mobile needs," says John Herrema, senior vice president of product management at Good Technology. "By delivering a comprehensive cloud-based Enterprise Mobility Management solution, we are ensuring that organizations have access to a simple solution that expands as their mobile initiatives evolve".
Good Management Suite is a cloud based solution that can be installed and configured quickly. It provides a unified solution to simplify the deployment of mobile devices across an enterprise.
Unlike traditional MDM products, Good Management Suite is designed to adapt to an organization's growing and changing mobile needs. It can be used in conjunction with other Good Enterprise Mobility Management products for maximum flexibility, while simplifying management of these environments through a single management console called Good Control.
"The rising complexity of the mobile landscape is forcing many organizations to examine how MDM products can integrate with broader mobile management capabilities," says Stacy Crook, research director, mobile enterprise at research company IDC. "While standalone MDM products used to be the entry point, organizations are now looking for more comprehensive EMM solutions with flexible deployment options. We believe this shift is indicative of the growing sophistication of mobility strategies within these organizations".
For more information on Good Technology's mobile management solutions you can visit the company's website.
Image Credit: jannoon028 / Shutterstock
Shifting to mobile and cloud solutions has led to expectations that software projects should be delivered faster and more efficiently.
However, according to a recent Mendix survey 71 percent of development teams are unable to keep up with demand.
To help ensure software projects are delivered faster and within budget, enterprise and collaboration software company iRise is launching its iRise 10 Enterprise Visualization Platform in the cloud.
It allows dispersed teams, both business and technical, to work together in real time on software requirements, designs and prototypes. By allowing issues to be spotted early it can reduce the need for reworking and cut delivery times. iRise's Professional Services team works with each client to develop an adoption strategy that is scalable across the organization.
"Delivering software with speed and agility is more critical than ever before," says iRise CEO and CoFounder, Emmet B. Keeffe III. "In today's hyper-competitive business landscape, it's very difficult to compete without a world class software development capability. Collaborative visualization is the single best investment organizations can make to ensure they deliver the right software ahead of their competition".
Because it's web-based iRise is easy and intuitive to operate even for non-technical users. All team members can provide instant feedback on projects, thus allowing greater clarity and understanding across the enterprise.
Additional features include shared libraries to allow modules to be assembled using pre-built templates and UI elements that meet corporate design standards. An iRise Studio desktop companion permits the adding of complex behaviors, business logic and data operations.
Available from today, iRise 10 can be deployed on-premise or in the cloud and can be purchased on subscription or a perpetual license basis. For more information and to sign up for a free trial visit the iRise website.
Photo Credit: Vallepu / Shutterstock
Businesses are turning increasingly to mobile devices as means of boosting productivity, but if employees are allowed to use their own devices for work it can be difficult to ensure they use approved apps.
Licensing and compliance specialist Flexera Software has a solution in the form of its App Portal. This is a universal enterprise app store which allows self-service delivery across platforms.
The latest release of App Portal, launched today, allows the IT department associate mobile and desktop versions of an application, allowing employees to request an application once and have it deployed to all of their devices at the same time -- eliminating the need to individually request software from each device.
It also goes further by proactively suggesting apps that are available for other registered devices. It includes support for the iOS and Android public stores as well as for internally developed apps. The checkout process works with a number of management solutions including AirWatch and Microsoft System Center Configuration Manager.
"Employees want the ability to request an app once and use it wherever they work -- on their desktops, tablets or mobile phones -- without having to go to each of their devices and request the same app over and over again. They want immediate access, and don’t appreciate that behind the scenes, a very complicated request has been triggered for IT to fulfill," says Maureen Polte, Vice President of Product Management at Flexera Software. "App Portal is the first universal enterprise app store able to centralize and manage those back office processes, making ‘request once, fulfill anywhere’ a reality".
App Portal 2015 is optimized for use on mobile devices, giving employees simplified access to approved mobile apps directly from their phone or tablet. Employees can browse, select and check out corporate approved mobile apps from their Apple or Android device.
The portal enables enterprises to provide a transparent, friendly, personalized user experience while maintaining proper control and governance over valuable enterprise software assets. You can find out more by visiting the Flexera website.
Photo Credit: Digital Storm/Shutterstock
With more and more websites requiring passwords to access them, people are looking for ways to manage their surfing that don't require multiple IDs.
Increasingly the answer they're turning to is social media and in particular Facebook. A new infographic from identity management specialist Gigya shows that the social network accounted for over 60 percent of logins in the fourth quarter of last year.
Google takes care of 22 percent of logins, with Twitter and Yahoo trailing on six percent each. Facebook’s most dramatic gain cane from mobile devices which showed a 15 percent increase over the third quarter as consumers increasingly use smartphones as their main internet device.
The graphic also breaks down logins by type of site and by region. Interestingly Facebook is least popular as a login in North America with only 59 percent of the market. In Europe it accounts for 71 percent but Facebook is most popular in Africa and the Middle East with 79 percent.
When looked at by site, Facebook is most popular for education and non-profit sites on 76 percent, and least popular for media and publishing sites on 55 percent.
You can view the full infographic below.
Photo credit: JuliusKielaitis / Shutterstock
In 2014 we saw many data breaches which were often due to a direct attack on a company’s network in which human error played a part.
Big data security specialist Exabeam has produced an infographic showing how hackers can penetrate a network and remain difficult to spot.
It points out that 76 percent of breaches involved stolen user credentials. Using stolen identities hackers can penetrate a system and will then look to elevate their access privileges to allow them access to sensitive information.
Because they're using valid credentials these attacks often remain below the radar. This allows hackers to remain on the system for a long time, 200 days according to some sources.
Exabeam uses SIEM (Security Information and Event Management) technology to digitally monitor user behavior, and take human error out of the equation.
You can view the full infographic below.
Photo credit: Adchariyaphoto/Shutterstock
The increased popularity of social media, for business as well as personal use, has opened up a new avenue of attack for cyber criminals.
Risk management company ZeroFOX has produced a list of the top social media attacks to look out for this year.
These include impersonations of businesses and executives using fake accounts. These can be used to send phishing messages, launch social engineering attacks or to damage the reputation of those targeted.
Hijacking accounts is another approach. Once in control an attacker can do serious damage either by malware attacks or cyber vandalism. Organizations need to treat their accounts like any other high value asset when it comes to protecting them.
As social media has become a popular source of news, so attackers have realized that they can launch a successful attack by planting malicious links where people are discussing events. This is known as 'watering hole phishing' and is made worse by the fact that 75 percent of people use the same password for their social media and email so once one account is compromised the other is too. Clickbait attacks using sensationalist headlines are another concern as is the hijacking of hashtags to distribute malicious links to a specific audience or divert traffic.
ZeroFOX points out that cyber criminals are using social media to plan their attacks too. With the right tools in place, organizations can leverage social media as an early warning system, unlocking a wealth of attack data that could give security teams the edge.
You can see the full list of threats on the ZeroFOX blog.
Image Credit: Fabio Freitas e Silva / Shutterstock
American workers spend an average of 4.6 hours a week preparing for meetings and 4.5 hours actually in them, but most would rather be doing something else.
This is among the findings of a new survey by enterprise collaboration software specialist Clarizen. It also shows that almost half of respondents would rather "do any unpleasant activity" than sit in a status meeting, including going to the Department of Motor Vehicles or watching paint dry.
35 percent say that status meetings -- a meeting with updates for team members on completed and active work tasks -- are a waste of their time. Three in five also report that they multitask during meetings.
"Survey results continue to show that status meetings do not boost employee productivity," says Avinoam Nowogrodski, founder and CEO of Clarizen. "In today's modern workplace, where demands are constantly changing, employees need easy, real-time access to their discussions, work content and processes. This is what fuels employee productivity and quality work, not sitting in status meetings or preparing lengthy status reports. Clarizen enables company-wide collaboration, accountability and transparency, meaning workers spend less time in meetings and more time completing actual, meaningful work".
Clarizen's latest release includes a new mobile platform which mirrors the features of its web-based application. This creates a seamless user environment which allows users to have a consistent experience wherever they are and whatever device they’re using.
By offering immediacy and flexibility it allows employees to get their work done and stay up to date without having to spend time sitting in meetings.
The latest release is available now at no charge to existing Clarizen customers. For more information on what it offers you can visit the company's website.
Image Credit: wavebreakmedia / Shutterstock
Microsoft's Bill Gates predicted the death of the password as long ago as 2004, yet we're still heavily reliant on them for our day-to-day security.
Part of the reason the password has lingered so long is the lack of solutions that provide security combined with ease of use.
Now though thanks to the widespread adoption of smartphones we may be getting closer to seeing the death of the one-time password. SSL certificate supplier SSLs.com has produced an infographic looking at the alternative authentication methods that are set to take over.
Biometric security methods range from the fingerprint readers we're increasingly familiar with to technologies that can detect your cardiac rhythm, scan the shape of your ear -- perhaps not so useful for boxers -- or even read your brainwaves.
Other authentication technologies involve syncing your phone to other devices, proximity devices or wearables that authenticate devices within range. There's even the possibility that you could swallow a pill or have a tattoo that lets your body act as an authentication token.
For a look at these and other methods of eliminating the need for a password you can see the full infographic below.
Photo Credit: Dr. Cloud/Shutterstock
Increased reliance on systems and data means that downtime and loss of information is a greater problem than ever before.
Disaster recovery specialist Vision Solutions has launched the latest version of its annual State of Resilience report which highlights the trends and challenges for business and IT leaders.
The report combines information from five industry-wide surveys of more than 3,000 IT professionals. Among the findings are that nearly 75 percent of respondents have not calculated the hourly cost of downtime for their business. For those who did experience a storage failure, nearly 50 percent lost data in the process due to insufficient disaster recovery methods or practices.
Almost two-thirds of those surveyed said they had delayed an important data migration for fear of downtime or lack of resources. Hosted private cloud is still the most prevalent cloud environment at 57 percent usage, with hybrid cloud adoption at only 32 percent with room to grow.
Despite the growing popularity of the cloud, nearly two thirds stated they didn't have high availability or disaster recovery protection in place for their data once it's stored in the cloud.
"In order to address the many challenges presented by exploding data growth, businesses must invest in better data protection," says Vision Solutions' Vice President of Sales Engineering Henry Martinez. "Importantly, these solutions must be agile enough to minimize system disruptions, support emerging technologies and provide the flexibility to operate in any combination of physical, virtual and cloud platforms and storage environments. This is a critical foundation for IT resilience and business success in the future".
The company is hosting a webinar to discuss the report's findings on January 22nd and you can register to take part on its website.
Image Credit: Oleksiy Mark / Shutterstock
In order to gain a competitive edge marketers are keen to gain insight from customer data. But the information may be spread across various systems and the cloud, making it hard to access.
In response to this problem marketing software company AgilOne is launching a product built from the ground up to unify online and offline data integration, cleansing, insights and campaigns, seamlessly bridging the worlds of digital and offline marketing.
We reported last month on the company's predictive intelligence solution but the new AgilOne 5 Predictive Marketing Cloud provides marketers with a comprehensive turnkey solution that works out of the box. It allows users to predict the needs of the customer and to design and execute relevant email, social media, web and direct mail campaigns from a single hub.
"Companies of all sizes need to deliver relevant customer experiences that not only delight their customers and build loyalty, but also improve business results," says AgilOne CEO Omer Artun. "Today, AgilOne delivers the industry’s first an easy-to-use, truly predictive and out-of-the-box marketing cloud, so that all brands, large and small, can take advantage of the wealth of customer data available to them and deliver an omni-channel experience that improves customer engagement and the company’s bottom line".
Key features include a drag and drop builder that enables any marketer to create and design targeted audience campaigns based on sophisticated predictive analytics. They're able to generate smart content based on an individual's recommended products, abandoned cart items, or personalized discounts.
It allows users to tailor the look and feel of the web recommendations to match their brand image. They can also add rules that automatically adjust recommendations to achieve the best results, by excluding items that are in short supply, for example.
For more information and to sign up for a webinar you can visit the AgilOne website.
Image Credit: Kidsana Maimeetook / Shutterstock
In the past few years the adoption of new methods to access corporate data has led to traditional endpoint security being less effective. At the same time there are concerns about the number of employees who have access to data and how much of a threat they present.
Data security specialist Vormetric has released its latest Insider Threat Report which reveals that 93 percent of US organizations polled believe that they’re vulnerable to insider threats.
Among other findings are that 59 percent of respondents in the US believe privileged users pose the biggest threat to their organization, and preventing a data breach is the highest or second highest priority for IT security spending for 54 percent.
The cloud comes under scrutiny too with 46 percent of US respondents believing they present the greatest risk for loss of sensitive data in their organization. However, 47 percent believe databases have the greatest amount of sensitive data at risk.
Businesses are subject to pressure from attacks and security breaches too. 44 percent say their organization has experienced a data breach or failed a compliance audit in the last year and 34 percent of respondents say their organizations are protecting sensitive data because of a breach at a partner or a competitor.
"As the past year demonstrates, these threats are real and need to be addressed," says Alan Kessler, CEO for Vormetric. "Organizations wishing to protect themselves must do more than take a data-centric approach; they must take a data-first approach. Although we are heartened that 92 percent of organizations plan to maintain or increase their security spending in the coming year, our larger concern is about how they plan to spend that money. The results indicate there is still disagreement about where corporate data, which is most at risk, actually resides. Our experience, observations and conversations with customers have taught us that even if the situation isn't entirely black and white, organizations’ use of encryption, access controls and data access monitoring greatly reduce their risk and exposure".
The problem isn't limited to the US either, 55 percent of global respondents believe privileged users are the biggest threat. Also 54 percent say they will be increasing spending to offset the threat in the coming year.
The full report is available from the Vormetric website.
Image Credit: Andrea Danti/Shutterstock
Public cloud services put a lot of resources into managing their systems in order to provide an efficient service with automated infrastructure and self-service features.
For businesses wanting to implement their own private clouds, however, achieving a similar level of service can be difficult. They often turn to solutions like OpenStack but fail to reach its full potential thanks to a lack of the resources and skills required.
Private cloud specialist Platform9 aims to make things easier with the announcement of the general availability of Platform9 Managed OpenStack. This is a SaaS solution that transforms an organization's existing servers into an AWS-like agile, self-service private cloud.
"Today, Platform9 is disrupting the complexity barrier to private clouds with Platform9 Managed OpenStack -- its SaaS simplicity, production readiness, and seamless integration with existing environments enable every organization to manage their in-house infrastructure with greater agility and efficiency", says Sirish Raghuram, Co-founder and CEO of Platform9.
Platform9 Managed OpenStack offers ease of use without the need for any OpenStack expertise. It supports existing environments so that businesses can import their own servers, storage and network configurations. It can also work seamlessly across multiple sites, integrating all of an enterprise's distributed infrastructure into a single private cloud.
The service is continuously monitored by Platform9's internal telemetry for availability and operational health. Also updates are seamless and non-disruptive and in most cases will be transparent to the customer. It incorporates an update to a new, stable OpenStack release each year to take advantage of the latest enhancements.
The product is available as a free, Lite, version to allow users to test or learn about it on a limited scale. There are then pricing models for business from $49 per month. You can find out more and sign up for the Lite tier on the Platform9 website.
Photo Credit: Marynchenko Oleksandr / Shutterstock
Careless user behavior and targeted malware campaigns are putting many industry sectors in danger from security breaches with the pharmaceutical and chemical industries at highest risk.
This is among the findings of the latest Annual Security report from networking specialist Cisco. It also finds that attackers are adapting their methods to make their campaigns harder to detect.
Among the changes are the rise of 'snowshoe spam' which involves sending low volumes of spam from a large set of IP addresses to avoid detection, and the use of less common exploit kits so as not to attract attention. There's also an increase in malicious combinations, sharing attacks between two files, for example Flash and JavaScript to make them harder to detect.
Users are the main target though and may also be unknowingly aiding cyber attacks. Throughout 2014, Cisco threat intelligence research has revealed that attackers have increasingly shifted their focus from servers and operating systems as more users are downloading from compromised sites leading to a 280 percent increase in Silverlight attacks along with a 250 percent increase in spam and malvertising exploits.
Users are increasingly targeted using web browser add-ons as a medium for distributing malware and unwanted applications. This approach too is proving successful because many users inherently trust add-ons or simply view them as benign.
"Attackers have become more proficient at taking advantage of security gaps. At any given time, we should expect for one percent of high-urgency vulnerabilities to be actively exploited while 56 percent of all OpenSSL versions are still vulnerable to Heartbleed," says Jason Brvenik, Principal Engineer, Security Business Group at Cisco. "Despite this, we see less than half of the security teams surveyed using standard tools like patching and configuration management to help prevent security breaches. Even with leading security technology, excellence in process is required to protect organizations and users from increasingly sophisticated attacks and campaigns".
The report also reveals that while many defenders believe their security processes are optimized, and their security tools are effective, in truth, their security readiness likely needs improvement. It concludes that corporate boards need to take a role in setting security priorities and expectations.
It sets out some basic principles for achieving security which include that security must be transparent and informative, that it must enable visibility and appropriate action and that it must be viewed as a 'people problem'.
A complete copy of the report is available from the Cisco website.
Image Credit: watcharakun/Shutterstock
Like any new technology, smartwatches when they first appeared were fiendishly expensive. Now that budget manufacturers are getting in on the act however prices are starting to tumble.
The R5 from Chinese company Rwatch costs less than $50 and will work with most Android phones, but can it compete with the pricier offerings from big name manufacturers?
First impressions are pretty good. The R5 comes in a nice sturdy, white cardboard box which you wouldn't be ashamed to hand over as a gift. What you get in the box is the watch, a USB cable and some basic instructions. The watch itself is quite stylish (it's available in silver, gold or the black of the review unit) and it looks very similar to the Samsung Gear 2. It has a rubbery plastic strap and a shiny surround to the screen.
You only get one button on the front of the device which is used to turn it on and off and wake it from standby. There's a cover over the USB port on the left side which feels a little bit flimsy. The R5 has a 1.5-inch touch screen with a 240 x 240 resolution and the makers claim 120 hours of standby or three hours of talk time from a full battery charge.
Plug it into a USB port and leave it to charge for a while then you can get started. To sync it with your Android phone you need to download an app -- there's a QR code in the instructions to allow you to do this -- once connected with Bluetooth it allows you to sync various phone functions. There's all of the usual stuff related to calls and messages, plus you can control your phone's media player and camera remotely.
There's also an 'anti lost' function which will vibrate the watch to alert you if the phone goes out of range and some basic health monitoring in the form of a sleep monitor and a pedometer. Being a watch of course it also tells the time and you can choose between a digital or analogue-style display and there are stopwatch and alarm functions.
The R5 may look like a Gear 2 but it's a lot cheaper than it or any of the big name smart watches. It has a capacitive screen which proved to be quite responsive and with decent viewing angles. You need pretty accurate fingers to access some of the settings or to dial numbers though. If you look closely the display is a little pixellated but it's good enough for day-to-day use. It's not as if you're going to be watching movies on it.
There are only a limited number of rather weedy ring tones, but for most people the vibrate function is probably more useful as an alert anyway. As with a lot of Chinese devices the instructions are written in somewhat mangled English but most of the functions are easy to use anyway.
The device feels a bit chunky compared to a normal wristwatch, but given its price the R5 has a surprisingly good range of features and is nicely usable. You're also not tied to a particular make of phone, it should work with anything running Android 4.3 or above. If you want to give smartwatches a try without spending a lot of money it's worth a look.
Our review sample was supplied by GearBest.com and currently sells for $43.19. BetaNews readers can use coupon code: RWR5CN at the checkout to get it for $38.99. The coupon expires on March 3rd.
It was over a year ago that the FUZE, a machine aimed at getting a new generation interested in programming, hit the market.
Now there's a revised T2 version of the Raspberry Pi- based machine that brings a number of useful updates and new features.
There's now a built-in USB hub so that spare ports are available after a mouse and keyboard are connected, an uprated PSU and, something that we mourned the lack of in our original review, an on/off switch.
It now comes with an 8GB SD card rather than the 4GB of the old version, plus the IO board has been updated with the main pins duplicated and clearer labeling. GPIO pass through has been added allowing popular add-on boards to be directly connected and the case has gained mounting holes for popular kits and building blocks.
In addition to the hardware changes there's a special edition FUZE-T2-SE available, styled to look like a 1980s home computer. You can also now buy a FUZE complete with a robot arm kit.
The standard version complete with a Raspberry Pi B+ costs £179.99 (around $273) or if you already have a Pi you can buy the unit for £129.99 (around $197). If you want the robot arm the complete package costs £229.99 (around $350). For more information visit the FUZE website.
Perhaps best known for its SystemCare products for Windows, software company IObit is launching a new version of its Android app, AMC Security.
AMC Security is a combined security and device optimization app. Among the new premium features included in this release is Payment Guard, which is designed to protect mobile users' financial data and the mobile payment and banking process.
It has built strategic partnerships with more than 1,000 of the world's leading mobile banking apps and online retailing apps in order to offer payment protection. The software helps users ensure safe access to a payment environment thanks to a number of features.
These include a fake Wi-Fi hotspot detector, a copycat payment app remover, the ability to block fake and phishing sites and a tool to prevent the theft of account details and passwords.
"With the increasing awareness of mobile wallet, 2015 will see the global m-commerce market's boosting to reach a new record high level. Therefore, our Payment Guard is just the beginning. AMC Security will keep on working out solutions for NFC and fingertip payment methods," says Fiona Choo, PM of IObit Mobile.
AMC Security has a base of more than 12 million consumer users for Android. It has established itself as a global leader in the mobile security space by building long-term partnerships with scores of major mobile manufacturers, operators and carriers to provide payment protection to their users and subscribers.
AMC Security is available to download now from the Google Play store.
Photo Credit: Slavoljub Pantelic/Shutterstock
False positives are often accepted as a fact of life with anti-virus programs but a new survey commissioned by breach detection specialist Damballa reveals that they have a significant cost for businesses.
The study produced by the Ponemon Institute reveals that enterprises spend $1.3 million a year dealing with false positive cyber security alerts, which equals nearly 21,000 hours in wasted time.
In a typical week, organizations receive an average of nearly 17,000 malware alerts, yet only 19 percent are deemed reliable -- or worthy of action. This means security teams can waste time on alerts that pose no threat to their data security and which can distract them from dealing with threats that can lead to compromise.
Compounding the problem, respondents believe their prevention tools miss 40 percent of malware infections in a typical week. The longer malware goes undetected of course, the greater the risk of a breach.
In addition 60 percent of respondents report that the severity of infections has increased over the last year. But despite this 33 percent of organizations revealed that they have an unstructured or ad hoc approach to handling alerts. In terms of responsibility, 40 percent of respondents say there is no one person or function in their enterprise accountable for the containment of malware.
Only 41 percent of respondents say their organization has automated tools to allow them to capture intelligence and evaluate the true threat caused by malware.
"These findings confirm not only the sheer scale of the challenge for IT security teams in sifting out the real threats from tens of thousands of false alarms, but also the huge financial impact in terms of time. The severity and frequency of attacks is growing, which means that teams need a way to focus on responding to true positive infections if they are to get a firmer grip on their security posture," says Brian Foster, CTO of Damballa. "It's more important than ever for teams to be armed with the right intelligence to detect active infections to reduce their organization's risk exposure and make the best use of their highly-skilled, limited security resources".
The full report is available on the Damballa website or there’s a webinar to discuss the findings on January 20th.
Photo Credit: Alexander Kirch/Shutterstock
For anyone under 30 it may be hard to remember a time when you shared your musical tastes via mixtapes rather than playlists, when the top of every bus shelter was adorned by a broken cassette trailing yards of tape, and when loading a home computer program involved a tense few minutes hoping that you wouldn't suffer a read error before the end of the tape.
Well, prepare for a wave of hissing and clicking nostalgia as the cassette player seems to be making a comeback. According to UK catalog retailer Argos sales of cassette players over the past three months are 45 percent higher than the same period last year.
It's hard to see the cassette staging a comeback in the same way as vinyl records though and the trend is believed to be down to older users rediscovering their favorite music.
"We know that many of our customers have been buying cassette players for older friends and family to enjoy their favorite music from the 60s, 70s and 80s," says Argos audio buyer Rachel Bartram. "The devices also provide a great way of finding out about the lives of our loved ones when they were younger, from mixtapes created for friends to recordings of favorite radio shows, and even family events captured on tape".
It could be too that people are digging their old cassettes out of the attic before converting their musical memories to MP3. However, in the last couple of years indie bands including British Sea Power and MGMT have embraced the cassette and released material in the format.
Are you nostalgic for the hiss of a C60? Tempted to revisit your old mixtapes? Got a pencil handy to take up the slack? Let us know in the comments.
Image Credit: Luis Louro / Shutterstock
Passwords are increasingly being seen as inadequate for protecting information and businesses and end users alike are looking for more secure alternatives.
San Francisco-based SASSPASS is making it easier to implement two-factor authentication with the launch of its Computer Connector. In conjunction with a SAASPASS mobile app it enables quick and easy 2FA for Macs and PCs.
The need to possess a physical device helps prevent 99 percent of hacks, which are typically launched remotely. With SAASPASS new passcodes are generated every 30 seconds, thereby enabling a level of security that in the past would only have been available to the largest companies and governments using expensive and complex corporate 2FA systems.
The SAASPASS Computer Connector enables this level of security in an intuitive, seamless way by allowing users to use their mobile devices to login to their PCs and Macs. Users can simply use their mobile phone to unlock access to paired accounts with just their device proximity or a simple scan, rather than have to rely on individual passwords.
As well as logging into devices it can be used to allow access to websites or cloud services like Office 365 or Dropbox for Business. The API means it can be integrated into things like access control systems too allowing a phone to substitute as a pass card.
"We believe strong security is a right, and it shouldn't be a pain in the ass. If a solution isn't simple enough for my mom to use, then it's not a solution. The average person doesn’t care for complexity, they want security to just work in the background simplifying their lives." says SAASPASS Chairman Oliver Ring. "SAASPASS does just that. Never before has strong security been so simple and easy to use. It's the iPhone of Strong Security".
You can get more information on the SAASPASS website and there’s a video demonstrating how it works below.
Whilst companies employ an array of sophisticated technology to combat security risks, often the weakest link remains the person sitting in front of the screen.
New research from Wombat Security Technologies and the Aberdeen Group suggests that changing employee behavior when responding to cyber threats via social media, phishing and other popular attack vectors can reduce an organization's risk by as much as 70 percent.
The report finds that despite controls and protection being in place many -- if not most -- reported security incidents result from the actions of company employees. The new research clearly demonstrates that investments in security awareness training can help businesses close the security gap.
"It's important for security teams to communicate clearly about the risks that organizations are accepting when their employees' response to cyber threats is not addressed," says Derek Brink, VP and Research Fellow for Aberdeen Group, at Harte Hanks Company. "While the public disclosures of the past several months have provided some startling examples about what can happen when security awareness and training is ignored, Aberdeen and Wombat have developed this model to address the most basic and logical question that security teams so often struggle to address: How does an investment in changing end user behavior through innovative security education solutions actually reduce the organization's risk?"
The findings show that an investment in user awareness and training is effective in changing behavior and measurably reduces security-related risks by between 45 and 70 percent. The report also estimates that for an organization with $200 million in annual revenue there is an 80 percent likelihood that infections from employee behavior will result in total costs of $2.5 million, with a 20 percent chance of exceeding $8 million.
The full report, The Last Mile in IT Security: Changing User Behavior, is available to download from the Wombat Security site.
Photo Credit: tommaso79/Shutterstock
The growth of mobile workforces means that employees are often reliant on data that's stored outside the protection of the normal IT infrastructure.
With global data breaches having an average cost of $3.5 million, according to a study by the Ponemon Institute, due to lost or unrecoverable data on employee devices, organizations are beginning to embrace centrally managed platforms that can be used to address data protection, collaboration, regulatory, and eDiscovery requirements in a secure manner.
Information management specialist CommVault is launching a new solution called Simpana for Endpoint Data protection, designed to help protect and enable the mobile workforce by efficiently backing-up laptops, desktops and mobile devices and providing secure access and self-service capabilities.
"We are excited to bring Endpoint Data Protection to market with an expanded new feature set and pricing structure that will give customers flexible options in how they want to tackle the growing challenges and complexities around data management beyond IT’s traditional reach," says Rama Kolappan, senior director and head of CommVault's Mobile Business Unit. "With data breaches continuing to make headlines and wreaking havoc on corporate reputations, our new solution set is able to give organizations the 'peace of mind' knowing their data is protected while freeing employees access to information residing within IT".
The product offers a number of capabilities that can be purchased as separate modules. Rapid backup and recovery protects devices and lowers business risk, secure file sharing makes sure data is available when and where it's needed. Integrated compliance and eDiscovery delivers security with role-based access and allows faster response to legal requests for data. Security and data loss protection encrypts data in transit and at rest as well as allowing remote wiping of lost devices. Finally, analytics make it easy to review data and ensure compliance requirements are being met.
More information is available on the CommVault website.
Photo Credits: Slavoljub Pantelic/Shutterstock
Mobile device management is becoming essential for more and more businesses, but solutions are often complex and difficult for enterprises without specialist IT staff to adopt.
Software company JAMF which produces MDM solutions for iOS devices has launched a low cost, easy-to-use solution called Bushel aimed at small and medium businesses.
Bushel is a cloud-based solution that’s designed to be easy to set up, even by non-experts, and can protect Apple devices at any time and from anywhere. It makes complex tasks including Apple device setup, security and management, simple and quick -- enabling users to focus on their business, rather than get caught up with managing technology.
"Bushel marks a remarkable step in Apple device management. For the first time, workgroups and smaller businesses have a solution that is specifically designed for them," says Charles Edge, Product Manger of Bushel. "Bushel enables anyone, including non-technical staff, to manage Mac, iPad and iPhone without the headache. Users can take advantage of all the best in Apple technology, including enterprise-grade security features simply and at low cost. We look forward to this new era in Mobile Device Management as we continue to fulfil our mission of making people's lives easier".
Bushel features easy, hands-free device configuration through the Apple Device Enrollment Program (DEP), as well as comprehensive device inventory features. With automated device enrollment, users can get up and running quickly, while businesses can ensure ongoing management and inventory insight into their devices.
Businesses can automatically install applications to all devices at once, saving time and manpower. Enrollment in Apple’s Volume Purchasing Program (VPP) means that management can also keep their application investments in-house with the option of revoking applications from any devices that are no longer in use.
If a device with Bushel is lost or stolen, it can be locked remotely or wiped completely. Users can also require devices to have passcodes and specify a time before a device automatically locks. Additionally, Bushel allows for easy disk encryption and control options to ensure that all valuable business data is kept safe and separate from personal information in BYOD environments.
Bushel can be installed on up to three devices for free so that companies can try it out and thereafter costs $2 per machine per month. You can find out more and sign up for a free trial on the Bushel website.
Turning customer data into sales is something of a holy grail for businesses and there are an increasing number of software solutions aimed at helping find it.
One player in this field, customer retention platform Optimove, is using the National Retail Federation's Annual Convention and Expo to launch a version of its platform with real-time capabilities.
Optimove CEO, Pini Yakuel says, "By building into our customer retention software a complete, end-to-end system for real-time personalized messaging, we have not only taken another great stride towards achieving the ultimate retention marketing solution, but we've also become the first platform to offer real-time retention marketing in such a sophisticated and easy-to-deploy manner".
The product allows users to deliver messages to customers at the time when they'll be most effective. It employs trigger-based campaigns to enable marketers to respond to customer behaviors as they happen in real-time, increasing customer engagement and loyalty while reducing churn rates.
A variety of events or activities can be used to trigger a marketing message. For example if a customer is about to spend, say, $75 they can be sent a message offering free shipping if they increase their order to $100. If products are viewed but not added to the shopping cart a discount can be offered, or social gamers can be invited to extend their play time by inviting friends.
Other features include end-to-end campaign management tools, automatic selection of control groups, event tracking, automatic message delivery, results analysis, and optimization recommendations.
You can find out more about how it works and request a free web demo on the Optimove website.
Image Credit: donskarpo / Shutterstock
When a version of Windows reaches the end of its normal support, as Windows 7 has today, Microsoft continues to provide security patches for an extended time.
Google it seems prefers to take a tougher line and is not issuing patches for versions of Android prior to 4.4 KitKat, leaving millions of users of older versions out in the cold.
The policy came to light when researchers at security company Rapid 7 reported a vulnerability in WebView -- a core component used to render web pages -- on pre 4.4 versions of the OS and received the following reply:
"If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch".
In other words security companies are now expected to report a bug along with a patch to fix it. Otherwise Google will simply inform manufacturers like Samsung and Motorola and expect them to provide fixes for their handsets. Imagine for a moment if you reported a Windows bug and Microsoft told you you had to call Lenovo or Dell to get a fix for your PC.
This potentially puts over 900 million Android devices out of the loop when it comes to getting security patches. Given that many of these will be budget phones and tablets that won't have the option to upgrade to a later version they're likely to remain vulnerable.
Of course Android is open source so handset makers -- or anyone else -- can come up with a patch. However, leaving this to chance seems like a short-sighted policy on Google's behalf and could dent long-term confidence in the operating system, particularly when it comes to safeguarding personal details.
On its blog Rapid 7 urges Google to reconsider. Whether or not it will have a change of heart we'll have to wait and see.
Image Credit: Gary Ham
Last year saw a number of high profile security incidents hit businesses. From attacks on individual companies to bugs like Heartbleed that had the potential to affect large numbers of organizations.
Can we expect more of the same in 2015 or will the threat landscape continue to evolve? We spoke to Mark Bermingham, director of global B2B marketing at Kaspersky Lab, to find out.
BN: We've seen cybercriminals become much more businesslike with the dark web being used to sell tools and services. Can the security industry combat this or does it risk driving the perpetrators further underground?
MB: Cybercriminals have recently become more focused on stealth attacks. While this is their focus, Kaspersky Lab has evolved its discovery techniques to keep pace with the renewed emphasis on malware authors attempting to hide or erase their tracks. It's become a complicated game of cat and mouse. However, it's important to acknowledge that as malware increasingly becomes more sophisticated, one specific goal of cybercriminals is to attempt to be completely anonymous.
BN: Windows has historically been the main target for malware but we're starting to see that spread to Android and other systems. Can we expect to see more systems including iOS and Linux becoming vulnerable?
MB: One of the largest growth areas for malware is mobile. We've seen mobile malware spike significantly over the last couple of years. As consumers and businesses shift to using mobile devices for a greater percentage of their daily activities, cybercriminals will place a larger emphasis on targeting these platforms -- specifically Android and jail-broken IOS devices. Remote find, lock and wipe aren’t enough. Containerization is an excellent vehicle for ensuring isolation and separation of corporate and personal data on mobile devices, but these measures offer reactive security. It is critical for businesses to place mobile security agents on these devices, with capabilities like anti-malware, anti-spam and anti-phishing, to ensure proactive security.
BN: Is there a trend towards attacks becoming more targeted with a view to stealing financial information or intellectual property?
MB: There isn't a clear cut answer. It is important to note that stolen data assets are often monetized and that both attack types have increased and will likely remain high. In fact, we recently conducted a survey that found 94 percent of organizations encountered at least one cybersecurity incident in the past 12 months. Of these incidents, the number of organizations that reported having at least one targeted attack rose substantially, with 12 percent of respondents indicating that they experienced at least one targeted attack in the past year. However, I expect we'll see more financial impacts being publicized as businesses, and particularly consumers, become more comfortable and increase financial transactions via the Internet. This will likely become an attractive target for malware authors.
BN: Mobile payment systems are expected to take off in a big way this year. How can consumers and retailers ensure they stay protected when using mobile in new ways?
MB: Ensure due diligence with these devices. Deploy security agents when and where possible. Implement the security measures that are available with some devices like encryption and basic credential checks. Don't store passwords on these devices or have settings in place that don't require passwords. And make sure that you have a plan in place should a device become lost or stolen.
BN: As more and more devices get connected to the Internet of Things will they become subject to mass attacks and how can the data they hold be protected?
MB: IoT presents a new challenge for vendors like Kaspersky Lab since these devices will operate differently from traditional devices where security is understood to be required. Over time, the IoT will likely become a target -- especially as it becomes more connected to personal and corporate devices. These devices will require security in place, but special challenges exist in this space because of the functional goals of IoT. This is an emerging space and security requirements continue to evolve, but this environment will likely be a target of attack and security must be a key consideration.
BN: Recent events like the Sony hack have led to fears of state-sponsored hacking and malware. How real a threat is this and will we see governments becoming more involved in combating cyber threats?
MB: This is a trend that may continue, but these are generally extremely well-funded, highly sophisticated attacks designed with a specific purpose and are laser-focused. There is generally a tremendous effort with these types of attacks for cybercriminals to hide their tracks, so these are some of the most difficult types of attacks to identify. The threat resulting from these attacks is that malware authors often learn from these sophisticated attacks and deploy similar techniques on businesses and consumers.
BN: Finally, what simple steps can business take today to help protect themselves?
MB: Perform due diligence when selecting and deploying security in your environment. The game has become more complex so your security infrastructure must keep pace. Deploying a best-in-breed AV solution is a tremendous first step, but not all AV is created alike. Small differences in AV efficacy have a significant impact. Additionally, security tools such as controls, patch management, encryption and others are critical to evaluate.
Photo Credit: watcharakun / Shutterstock
Moving systems and data to the cloud is increasingly common, but it inevitably leads to concerns about security and those worries are now reaching the boardroom.
This is according to new research by the non-profit Cloud Security Alliance which looks at how companies are currently approaching the cloud, including their views on shadow IT, obstacles preventing cloud adoption, and security priorities.
The report includes responses from more than 200 IT and security professionals from varying sized companies around the world. Almost 72 percent admitted that they didn't know the number of shadow IT apps within their organization. The survey also highlights that decisions concerning the security of data in the cloud have moved from the IT department to the boardroom, with 61 percent of companies indicating that senior executives are now involved in such decisions.
Security remains the major barrier to cloud adoption but that isn't stopping companies from moving ahead. 74 percent of respondents indicated that they're moving forward with cloud adoption. However, lack of knowledge on the part of IT and business managers was cited by 34 percent as a reason for slow adoption.
The size of the business makes a difference, those with more than 5,000 employees being more likely to have things like policies and training in place to cope with the cloud. Yet large enterprises, seem to be more hesitant when it comes to investing in cloud services, with only 36 percent spending more than a fifth percent of the IT budget on cloud services, compared with 49 percent of companies with fewer than 5,000 employees.
"As companies move data to the cloud, they are looking to put in place policies and processes so that employees can take advantage of cloud services that drive business growth without compromising the security, compliance, and governance of corporate data," says Jim Reavis, CEO of the CSA. "We hope that this report provides companies with some good peer insight so that they can make better decisions to help confidently and responsibly accelerate the use of cloud services in their environment".
The full report is available to download from the CSA website.
Image Credit: Ferbies / Shutterstock
Over the years we've grown used to Windows being the target of viruses, hacks and other forms of attack. Although other systems like Android are now coming under attack too it’s still Windows that gets the most attention.
Researchers from security company ESET have released a report showing the major trends in Windows exploits over the past year.
Among the findings are that Windows saw twice as many vulnerabilities in 2014 as in the previous year. Internet Explorer was the most attacked Windows component, and many users are still running potentially unsafe versions of the OS like XP.
Drive by downloads are the main means of exploiting vulnerabilities and delivering malicious code and ESET predicts that this is likely to continue to be the case in 2015. Other Microsoft products can be targeted too and researchers uncovered a number of cases where vulnerabilities in MS Office have been used to deliver a malicious payload.
Microsoft hasn’t been idle in protecting it's newer systems, however. The latest version of its Enhanced Migration Experience Toolkit (EMET) introduced some new security features. These features are ASR (Attack Surface Reduction) and EAF+ (Export Address Table Filtering Plus). ASR is similar to IE’s option to block outdated Active-X controls but can cover a wider range of exploits and protect the address spaces of Word, Excel and Powerpoint.
EAF+ improves on the existing EAF system and can work independently of the older option. It blocks attempts to access addresses exported from various system modules. In addition to blocking access to the Export Address Table from unknown code, it also blocks attempts by code from legitimate libraries that could be used by attackers for scanning the EAT.
These technologies make it harder for attackers to succeed in remote code execution exploits for newer versions of Windows. Older versions such as XP, however, don’t contain this anti-exploit technology leaving them more vulnerable.
You can access the full report in PDF format with details of the most common exploits on the ESET website.
Image Credit: Sergey Nivens/Shutterstock
If you want the features of a smart TV but don't want to have to buy a new set or spend $99 on Fire TV then the MK808B, which offers Google TV for less than $35, might be the answer.
It's basically a tiny Android PC that you hook up to your TV set and your Wi-Fi to allow you to stream media from the web or from another device on the same network or via Bluetooth.
The back of the box spec looks impressive with a quad-core 1.5GHz processor, 1GB of RAM and the latest-but-one Android KitKat. It comes with an HDMI Cable, a power adapter, and a USB cable, plus there’s a slot for a microSD card if you want to expand the storage.
On the unit itself are a USB 2.0 port, an OTG port, a mini USB power port and an HDMI connector. You can use the USB to attach a variety of devices like webcams or external storage or you can plug in a mouse or keyboard to control the device. The Wi-Fi is dual-band to ensure a good signal and there’s built-in Bluetooth too which lets you stream media from other devices.
So much for the theory then, how does it work in practice? When you power up the device there's a few seconds delay while it boots and you're then presented with a chunky, tiled interface that looks a bit like Windows 8 but is no worse for that. Dig into the settings and you'll find there’s standard Android lurking underneath.
Setting it up and getting connected to your network is easy. The instructions leave a bit to be desired but the steps you need to take are mostly intuitive if you've used Android before.
You can share media with other devices via Miracast, DNLA or AirPlayer. There are also a number of pre-installed apps including NetFlix, YouTube, Skype and XMBC media player. Playback of streamed media from the web is smooth with good video and sound quality. I did find that it refused to play some YouTube videos though.
You can control the device by plugging in a USB mouse or keyboard, but it's better to install a remote control app -- a link is provided in the instructions -- on your Android smartphone. This makes navigation easier and leaves the USB port free to connect external storage or a a headset to use Google Voice commands.
Often what lets budget media devices down is the interface, but because it runs Android the MK808B has no such worries. If you don't like the standard apps you're free to install others you prefer. Add in ease of use and a smooth playback experience and you have to keep reminding yourself that this is a device that only costs $35.
Our review sample was supplied by GearBest.com and currently sells for $34.64. BetaNews readers can use coupon code MK808BCN at the checkout to get it for $29.98. The coupon expires on 31 March 2015.
If you want the features of a smart TV but don't want to have to buy a new set or spend $99 on Fire TV then the MK808B, which offers Google TV for less than $35, might be the answer.
It's basically a tiny Android PC that you hook up to your TV set and your Wi-Fi to allow you to stream media from the web or from another device on the same network or via Bluetooth.
The back of the box spec looks impressive with a quad-core 1.5GHz processor, 1GB of RAM and the latest-but-one Android KitKat. It comes with an HDMI Cable, a power adapter, and a USB cable, plus there’s a slot for a microSD card if you want to expand the storage.
On the unit itself are a USB 2.0 port, an OTG port, a mini USB power port and an HDMI connector. You can use the USB to attach a variety of devices like webcams or external storage or you can plug in a mouse or keyboard to control the device. The Wi-Fi is dual-band to ensure a good signal and there’s built-in Bluetooth too which lets you stream media from other devices.
So much for the theory then, how does it work in practice? When you power up the device there's a few seconds delay while it boots and you're then presented with a chunky, tiled interface that looks a bit like Windows 8 but is no worse for that. Dig into the settings and you'll find there’s standard Android lurking underneath.
Setting it up and getting connected to your network is easy. The instructions leave a bit to be desired but the steps you need to take are mostly intuitive if you've used Android before.
You can share media with other devices via Miracast, DNLA or AirPlayer. There are also a number of pre-installed apps including NetFlix, YouTube, Skype and XMBC media player. Playback of streamed media from the web is smooth with good video and sound quality. I did find that it refused to play some YouTube videos though.
You can control the device by plugging in a USB mouse or keyboard, but it's better to install a remote control app -- a link is provided in the instructions -- on your Android smartphone. This makes navigation easier and leaves the USB port free to connect external storage or a headset to use Google Voice commands.
Often what lets budget media devices down is the interface, but because it runs Android the MK808B has no such worries. If you don't like the standard apps you're free to install others you prefer. Add in ease of use and a smooth playback experience and you have to keep reminding yourself that this is a device that only costs $35.
Our review sample was supplied by GearBest.com and currently sells for $34.64. BetaNews readers can use coupon code MK808BCN at the checkout to get it for $29.98. The coupon expires on 31 March 2015.
Information security company High-Tech Bridge has uncovered a flaw in the Microsoft Dynamics CRM package that could allow the insertion of malicious code.
The self-XSS issue isn't currently recognised by Microsoft itself as a flaw but could trick a logged in user into putting malicious HTML and script code into the 'newUsers_ledit' input field on vulnerable websites that are thought to be secure.
"Taking into consideration that same vulnerabilities were actively and successfully exploited by hackers in 2014, this XSS vulnerability is pretty serious, despite the 'low' category we assigned due to this being a relatively complex exploitation. I think that Microsoft's decision not to patch the vulnerability is wrong as, regardless of their general policy, they should think about their customers' security first and foremost," says Ilia Kolocheno, CEO of High-Tech Bridge and Chief Architect of ImmuniWeb. "Such vulnerabilities could potentially be ignored in the past, but not in 2015, especially in such popular and sensitive products as Dynamics CRM".
Dynamics CRM is used by the US government among others. High-Tech Bridge's security advisory says that it could be exploited using a social engineering technique to get a user to copy some seemingly legitimate text from a specially prepared malicious document to their clipboard and then paste it into the vulnerable web page.
It recommends that companies protect themselves by blocking access to the vulnerable script using a firewall or web server configuration as a temporary solution.
You can read the full advisory on the High-Tech Bridge website or there's a video explaining how it could be exploited below.
Photo Credit: Sergey Nivens/Shutterstock
There are a number of companies offering enterprise collaboration products, but Clarizen is among the first to be awarded a patent for its technology.
The patent relates to the company's InterAct email engine which lets users trigger specific project-related actions like approval processes, generating reports, creating new projects and other workflows through their email.
"This patent is an important technical milestone for Clarizen, one that has been in the making for several years," says Avinoam Nowogrodski, founder and CEO of Clarizen. "It underscores the significant investment we have made in continuous innovation to stay one step ahead of customer and market needs. The value the technology delivers is a strategic win for Clarizen's customers, and we look forward to sharing more patented innovations with them in the future".
Clarizen InterAct allows users to use their email as a routing system so they can generate an unlimited number of email addresses and associated actions, business and routing rules. Emails can be sent via Clarizen requesting an updated report and receive an automated reply with the report attached.
Issues can also be submitted to InterAct via email or a form, prompting the issue to be automatically added to the appropriate project with a notification sent to the project manager.
"Email is still by far the most used collaboration tool, but email was not really built to support collaboration (many-to-many). What Clarizen has done with this patent is part of a trend we are seeing where team members are moving from email to more context-based in-app communications," says David Coleman, senior research analyst at Gigaom Research and managing director of Collaborative Strategies, Inc.
You can find more information about InterAct on the Clarizen website.
Photo Credit: Arcady/Shutterstock
Digital rights campaigner Electronic Frontier Foundation has launched its own EFF mobile app with the aim of alerting users to issues and campaigns.
Users will get a notification and be able to one-click connect to the EFF action center to help fight for freedom online. Unless they happen to be iPhone users.
Writing on the EFF blog Corrynne McSherry the foundation's intellectual property director says, "Sadly, though, we had to leave out Apple devices and the folks who use them. Why? Because we could not agree to the outrageous terms in Apple's Developer Agreement and Apple's DRM requirements".
The blog post highlights a number of terms in Apple's Developer Agreement including the ban on reverse engineering and exclusive distribution restrictions as being bad for both developers and users.
The EFF also objects to Apple's imposition of DRM, McSherry says, "Contract restrictions aside, the final barrier was knowing that we’d be required to include a form of Digital Rights Management (DRM). DRM means that Apple is putting technical restrictions on what you can and can’t do with your app. When we create tools for EFF, we want them to be broadly available to others to use, adapt, and customize".
It has started an online petition to Apple asking the company to revisit its developer agreement.
Meantime if you're an Android user you can download the EFF app from the Play Store and start receiving alerts. Presumably these will include updates on how the Apple petition is progressing so you can keep your iPhone owning friends in the loop.
Image Credit: iQoncept/Shutterstock
No matter how effective a business is at selling products or services it's the quality of customer service that often determines how consumers feel about it.
A new report from research company Gartner looks at the importance of mobile customer service and how it will need to adapt in the future.
Although automation of support tasks may reduce the number of interactions, Gartner reckons that by 2017 a third of all customer service queries will still need human input. This is down from the 60 percent that needed human input in 2014 but it will still require companies to retain a core of trained customer service representatives.
"Businesses need to focus on what key customer experiences would benefit from customer engagement with a human," says Michael Maoz, vice president at Gartner. "It is important to poll customers and internal stakeholders such as those in marketing, sales, customer support and inventory/shipping/billing, where the availability of a human customer support representative can mean the difference between a sale or no sale, the acceptance of an offer or its rejection, and/or a quality customer experience".
The Internet of Things is set to play a part too. By 2018 it's estimated that five percent of support calls will be initiated by internet connected devices. "The explosive growth of the IoT and associated use cases will bring a transformational change in the customer service space". says Olive Huang, research director at Gartner. Industries including healthcare, banking, insurance and retail are expected to lead the way in this trend.
Growth in the use of mobile devices will also lead to more video chats being used for resolving customer service issues. Gartner estimates that more than 50 of the 500 largest global businesses will introduce video-based chat for customer-facing interactions by 2018 and this is set to double in three years.
"Video chat provides customers with a richer sense of presence, personalized experience by helped coordination of communication and the support of emotional expression, and the real-time sharing of content," says Brian Manusama, research director at Gartner.
More detailed analysis is available via the Gartner website and analysts will further discuss mobile CRM trends at the Gartner Customer 360 Summit to be held in Tokyo next month.
Image Credit: Rawpixel / Shutterstock
Chip maker Intel is using the 2015 CES to announce its plans for moving into the wearable technology sector.
These include the Curie, a button-sized hardware module, and a collaboration with sports sunglasses brand Oakley.
"The rise of new personal computing experiences, intelligent and connected devices, and the wearable revolution are redefining the relationship between consumers and technology," says Brian Krzanich, Intel CEO in his keynote address. "Our goal with Intel technology is to help solve real problems and enable experiences that are truly desired by people and businesses. In order to do this, we must also do more to lead the growth of diversity and inclusion within the technology industry. Women and under-represented minorities will continue to play a greater role as consumers, influencers, creators and leaders".
The Intel Curie is a tiny hardware device based on the company's first purpose-built system-on-chip (SoC) for wearable devices. The module is scheduled to ship in the second half of this year -- subject to getting FCC approval -- and includes the Intel Quark SE SoC, plus Bluetooth low-energy radio, sensors and battery charging.
Intel has been pursuing collaborations with a number of different fashion and lifestyle brands and Krzanich announced a new tie up with Oakley. The two companies are said to be working on an intelligent product, available later this year, designed to enhance athletic performance.
Also highlighted was Nixie, winner of Intel's 2014 Make It Wearable challenge. Nixie is a camera that's worn as a bracelet but can fly off to take photographs. You can see it in action on YouTube below.
Aside from wearables, Krzanich reaffirmed Intel’s commitment to diversity with the announcement of a $300 million fund to help recruit and retain more women and under represented minorities. "We're calling on our industry to again make the seemingly impossible possible by making a commitment to real change and clarity in our goals," says Krzanich. "Without a workforce that more closely mirrors the population, we are missing opportunities, including not understanding and designing for our own customers".
You can find out more about the Make It Wearable project on Intel's site.
Image Credit: Intel
More than ever before we expect our technology to come with us wherever we go and more importantly be able to survive the journey.
The weakest link in the past has usually been storage because even SSDs don't take too kindly to rough treatment. Storage company G-Technology is using CES to launch a solution in the form of its range of rugged drives.
There are two models, the G-DRIVE ev ATC which has an all-terrain case that will survive a drop of up to 2 meters, is dust and water proof and will float if dropped in water. The 1TB drive has a transfer rate of 136MB/s and comes with a three-year warranty. It's available as USB 3.0 or Thunderbolt versions at $179.95 (£139.95) or $229.95 (£179.95) respectively. For people who already own a G-DRIVE the case is available separately.
The second device is the G-DRIVE ev RaW fitted with a removable rugged bumper making to drop-proof up to 1.5 meters. Available in 500GB or 1TB versions it too has a three-year warranty. Prices are $99.95 (£79.95) for 500MB or $129.95 (£99.95) for 1TB.
"Whether you’re capturing a professional skier flying down the slopes or your family's beach vacation, keeping your data safe is essential," says Mike Williams, vice president and general manager at G-Technology. "We know how precious data is for professionals and consumers alike, and we've developed our rugged series to keep up with even the most active lifestyles and professions, so you can focus on capturing once-in-a-lifetime moments without worrying about your data".
The G-DRIVE ev RaW will be available this month with the ev ATC following in February. For more information visit the G-Technology website.
It's been a common joke in the technology industry for many years that the wonderful thing about standards is that there are so many to choose from.
But whilst it may be a joke, in the past conflicting standards have led to very real issues when it comes to getting systems to work together. In the modern era when we increasingly expect things to 'just work' compatibility issues are becoming less acceptable.
Samsung's president and CEO BK Yoon used his keynote speech at 2015's CES to call for greater openness and collaboration across industries to unlock the possibilities of the Internet of Things.
He also said that the Internet of Things must fit into people’s lifestyles, "The Internet of Things is not about 'things'. Instead, it is about people. Each person is at the center of their own technology universe, and the IoT universe will constantly adapt and change shape as people move through their world".
As part of Samsung’s commitment to making the IoT work, Yoon announced a timetable that will see all the company's TVs become IoT enabled by 2017 and all Samsung devices IoT ready within five years. He also stressed the importance of developers in making all of this work and announced a $100 million investment in Samsung’s developer community this year.
Sensors are key to making the IoT work and Samsung is working on chips, such as the embedded package on package (ePOP) and the Bio-Processor, which are energy-efficient and compact enough to go into a wide range of devices, especially wearables.
"Expanding the devices in the IoT ecosystem and the components that power them is the first step in fulfilling the promise of the Internet of Things," says Yoon. "Samsung already has a broad range of IoT devices. Last year, Samsung delivered more than 665 million products, and this number is set to increase. We have already begun to unlock the value hidden in connected devices and all the everyday objects around us".
The importance of openness was emphasized too. Alex Hawkinson CEO of SmartThings joined Mr Yoon on stage and stressed that, "Any device, from any platform, must be able to connect and communicate with one another. We’ve worked hard to accomplish this, and are committed to putting users first, giving them the most choice and freedom possible. The SmartThings ecosystem is now compatible with more devices than any other platform".
Samsung believes that the IoT will have an impact far beyond the electronics industry, Yoon says, "I know in my heart that neither one single company nor one industry alone can deliver the benefits of the Internet of Things. To create this IoT universe, we have to see the potential of the Internet of Things across all kinds of industries. Only if we work together can we improve people’s lives".
You can see highlights from the speech on the Samsung website.
Image Credit: Samsung
The tablet market experienced something of a slump in 2014 and things don't look like being much better this year according to a new report by research specialists Gartner.
It estimates that tablet sales will reach 233 million units in 2015, an increase of only eight percent over last year's figure. Worldwide combined shipments of devices (PCs, tablets, ultramobiles and mobile phones) for 2015 are estimated to reach 2.5 billion units, an increase of 3.9 percent over 2014.
"The collapse of the tablet market in 2014 was alarming", says Ranjit Atwal, research director at Gartner. "In the last two years global sales of tablets were growing in double-digits. The steep drop can be explained by several factors. One is that the lifetime of tablets is being extended -- they are shared out amongst family members and software upgrades, especially for iOS devices, keep the tablets current. Another factor includes the lack of innovation in hardware which refrains consumers from upgrading".
The strongest percentage growth is set to come from the premium ultramobile sector though sales numbers here are still relatively small, 39,000 in 2014, expected to reach 62,000 this year and 85,000 in 2016.
The mobile phone market is set to grow by only 3.7 percent in 2015 and reach two billion units in 2016. "The smartphone market is becoming polarized between the high- and low-end market price points", says Annette Zimmermann, research director at Gartner. "On one hand, the premium phone with an average selling price at $447 in 2014 saw growth dominated by iOS, and on the other end of the spectrum you have Android and other open OS phones' growth area in the basic phone segment, where the average phone costs $100. For the midrange smartphones, the market opportunity is becoming increasingly limited".
Android is expected to continue its rapid growth -- it reached a billion shipments in 2014 -- with a further 26 percent increase this year. Windows is expected to stage something of a comeback too. "From 2015, we expect Windows to grow faster than iOS, as the PC market stabilizes and the challenge for the next iPhone to find significant growth becomes greater, narrowing the gap between the two operating systems", says Atwal.
All of this should prove good for consumers as manufacturers fight to attract buyers for their devices, so keep a look out for bargains.
Image Credit: vinzstudio / Shutterstock
When the LinkedIn network for professionals launched it was sometimes referred to as social networking for grown ups. But is it really any better than Facebook for business users?
The UK's Brighton School of Business and Management has produced an infographic comparing the relative merits of the two sites and it shows that Facebook may be getting overlooked as a business tool.
With over 300 million members LinkedIn is by no means small, but Facebook's 1.35 billion puts it in the shade. The breakdown of those members is interesting, whilst Facebook as a 50/50 gender split, a majority of LinkedIn users (57 percent) are female. There are also, a little surprisingly perhaps, more people aged over 35 on Facebook than on LinkedIn.
When it comes to business pages, again Facebook wins the numbers game with 25 million to LinkedIn's four million. For advertising too Facebook looks to offer better value with a higher click through rate for your spend.
Where LinkedIn has the edge is in B2B networking and recruitment, though the graphic shows that Facebook has useful benefits in these areas too.
You can see the full infographic with more interesting statistics on the two sites below.
Image Credit: Oleksiy Mark / Shutterstock
When your working life involves being bombarded with information about new technology it's easy to become a bit blasé about it all. For something to really impress therefore it has to be pretty good or fill a niche that others have missed.
You've already read Alan and Wayne's picks for the year, so here are some of the things that ticked the right boxes for me in 2014.
Fire HDX 8.9
The second generation of the Fire HDX 8.9 did more than just drop the Kindle bit from the product's name. It built on the already impressive capabilities of the original with a faster processor and graphics and the latest 802.11ac wireless.
The screen is unchanged from the first version but it still offers one of the best viewing experiences of any tablet even though others are starting to catch up with its 339ppi pixel density. If there's a downside it’s that you’re tied to Amazon's ecosystem rather than having access to the Google Play store but if you can live with that it’s an impressive piece of kit.
Motorola Moto E
The Moto E is never going to compete with the latest iPhone or Galaxy, but that's not what it's about. The idea is to take smartphone ownership into a whole new marketplace, aiming at people who may be switching from older basic handsets.
Okay, so there's no 4G and no front-facing camera -- so no selfies or video calls. The Wi-Fi is only 802.11n rather than the newer, faster 802.11ac and the rear camera is 5MP, which is okay but not exceptional. It's nicely designed though with swappable rear panels and a family resemblance to the Moto G so it's a budget phone you won’t be ashamed to be seen with.
ChargeKey
The ChargeKey is a simple idea, a USB charger cable that you can fit on a keyring, but its very simplicity is what makes it so clever. Being caught with an uncharged device is one of the great 21st century problems. The ChargeKey means that as long as you have a USB socket -- on a PC or in your car -- you always have the means to replenish the batteries in your smartphone, MP3 player, Kindle or whatever.
Sony Action Cam Mini
Whilst smartphones have been growing in 2014 thanks to demand for bigger screens, Sony has been busy making its video camera smaller. At around three inches long, an inch and a half high and an inch wide it’s small enough to slip into a pocket. Yet it still packs an 18.6 megapixel image sensor that can handle resolutions up to 1080p at 60fps.
The trick to making it smaller is that the LCD display is taken off the camera and put on a separate remote that you can wear on your wrist. You also have the option to connect to your smartphone and control the camera from that.
Software
On the software front Windows 10 previews came along and surprised with a number-skipping name but otherwise looked and felt like Windows 8.1 with a few tweaks, though it works well enough. Android Lollipop brought in a sleeker interface and improved notifications but more importantly under the hood changes for faster app performance and improved battery life.
Do you have any particular technology favorites from the last year? Let us know via the comments.
Image Credit: StockThings / Shutterstock
You send a command from your smartphone and your house automatically decorates itself with a holographic Christmas tree complete with decorations and a suitably conifer-like smell.
Sound like science fiction? Maybe, but this is among the predictions by the authors of a new book that looks at how technology is changing our lives and how we do business.
Here are some more of their views on what Christmas might look like in ten years time. As customization capabilities become more sophisticated we'll see more and more things like clothes and shoes being tailor made for the individual. And it could be the end of sending your Christmas gifts through the post. Affordable 3D printing means simply emailing a code to someone so they can create their own present at home.
3D printing will also lead to a new cottage industry of designers simply selling the code needed to print out their products rather than doing their own manufacturing. The authors also predict the growth of a 'sharing economy' which will reduce the number of products we own as we share more details online via Facebook and Twitter. For example, cars or power tools will become shared items, used when and where needed.
For elderly members of the family it might be possible to get a robot companion able to emotionally connect with its owner and play a comprehensive role as a friend and helper.
Because we'll know much more about our friends and family thanks to social media it will be possible to create gift giving algorithms to ensure everyone gets the right present with no risk of someone else buying them the same thing.
As physical products become less valuable their attractiveness as gifts will decline. It will therefore become more common to give services as gifts, things like meals in restaurants or activity days.
If you want to read more about this sort of stuff including predictions for many areas of life, not just Christmas, the book is called iDisrupted by John Straw and Michael Baxter and is available now via Amazon.
Image Credit: Kirill_M / Shutterstock
North Korea experienced a complete internet outage for several hours last night before links were restored early this morning.
With the North Koreans at the center of the political storm over the Sony hack could this be some form of revenge attack?
Whether or not you believe that the Koreans were behind the Sony episode -- and some security experts like Graham Cluley are sceptical -- the timing of this attack is interesting. It also comes just a day after the leaking of information from South Korea’s nuclear power operator.
There are therefore potentially two sources that would like to make some form of response. Plus North Korea's internet is delivered via China. The Beijing regime has become increasingly frustrated by the rogue state's behavior, so could the Chinese be sending a message?
On the other hand, is this nothing more than hackers carrying out a DDoS attack? "According to public reports, North Korea’s total bandwidth is 2.5 gigabits per second, with a single Internet Service Provider STAR-KP, and a single IP range consisting of 1024 addresses. We routinely see attacks of 10 to 20 gigabits against our commercial clients, with those of 100 gigabits per second no longer uncommon," says Ofer Gayer, security researcher at Incapsula. "Even if North Korea had ten times their publicly reported bandwidth, bringing down their connection to the Internet would not be difficult from a resource or technical standpoint".
By relying on a single service provider and a limited range of IP address North Korea has left itself particularly vulnerable to attack.
At the moment we just don't have enough information to know who is behind this outage -- DDoS attacks are notoriously hard to trace anyway.
In the meantime feel free to discuss your conspiracy theories below.
Photo credit: Thomas Reichhart/Shutterstock
DDoS attacks can have a serious effect on businesses, yet according to a new survey by Kaspersky Lab and B2B International only 50 percent of companies regard countering DDoS attacks as an essential part of their IT security.
This is despite the fact that the average cost of a DDoS attack to small and medium businesses is put at $52,000. For larger companies the average is $444,000.
The damage isn't only financial, 38 percent of businesses believe that a DDoS attack has damaged their company's reputation. 29 percent reported that a DDoS attack damaged their credit rating, and 26 percent reported an increase in their insurance premiums as a result.
How seriously the threat of attacks are taken does vary by industry too. 60 percent of financial institutions, energy companies and utility services are conscious of the need of protection against DDoS attacks.
However, countermeasures against DDoS were named as important by 53 percent of telecom companies, 50 percent of IT businesses, 41 percent of e-commerce and only 38 percent of media companies. This is despite the media being one of the four most frequently attacked sectors.
Size matters too, only 38 percent of small businesses consider protection against DDoS attacks an important component of IT security, compared to 60 percent of big companies.
Eugene Vigovsky, head of Kaspersky DDoS Protection says, "Even if a company does not have a public-facing website, its finances and reputation can be seriously affected by DDoS attacks. It is known that DDoS can be organized not only to incapacitate online services or for ransom, but also to mask other cybercriminal activities such as targeted attacks on the company to gain access to its confidential data. Therefore, protection against DDoS attacks is not reinsurance, but a logical precaution important for any company that has business processes dependent on Internet services. To provide this protection, companies should use specialized solutions from vendors who have a wealth of experience and expertise in combating cyberthreats".
You can find out more in the full report which is available on the Kaspersky Lab website.
Photo Credit: Duc Dao / Shutterstock
The world of information security is, as we know, a constant arms race between the hackers and cyber criminals and the protection industry.
Since the focus has turned to making money rather than simply causing disruption it's become big business too. 2014's string of retail and other security breaches is testament to this.
The money angle also means that trends in security tend to follow trends in the wider industry. So what do the experts think are going to be the key targets for next year’s attacks and how do they see the industry adapting?
Kaspersky Lab expects payment systems to come under increasing threat as cybercriminals seek to monetize their efforts. It predicts increased levels of attacks against NFC payment systems as technologies like Apple Pay become more popular.
Kaspersky also sees the internet of things as being ripe for exploitation. It expects to see networked printers and other connected devices come under attack as a way of gaining access to corporate systems. ATM and point of sale systems could come under increased threat from advanced persistent threats (APTs) seeking to gain access to their processors. Many of these systems still run variants of XP leaving them vulnerable.
More malware targeted at Mac systems is on the cards too. Although the closed ecosystem makes it harder for malware to take hold, Kaspersky's blog notes that, "[...] there remains a subsection of users who'll gladly disable Mac OS X security measures -- especially people who use pirated software. This means that those looking to hijack OS X systems for a variety of reasons know that they simply need to bundle their malware with desirable software (probably in the form of a key generator) to enjoy widespread success". Since Macs are less likely than PCs to have antivirus solutions installed a successful infection can go undetected for longer.
The success of the recent Sony attack will lead to more of the same according to Jason Lewis, Chief Scientist, at threat intelligence company Lookingglass. "As with all high profile attacks, security spending will increase as a result of the Sony compromise. The cyber impact on PII and Sony employees will force companies to re-evaluate their security. While insider threat solutions have grown in popularity, the trend of external threats moving inside the enterprise is growing".
There will be a greater need for businesses to focus on incorporating security into all aspects of their operations says Shawn Marck, CSO and co-founder of DDoS protection company Black Lotus. "Since cybercriminals don’t limit themselves to targeting just one component of a company, a company can't limit itself to only protecting its offerings and departments in isolated manners. IT and security teams need to investigate every aspect of their enterprise to identify each area that needs to be taken into account for an effective cybersecurity strategy."
Where mobile security is concerned, document sharing service WatchDox sees technology taking a role in keeping company data safe. "In 2015, we'll progress into what Gartner calls the new era of mobile security: making work safe on untrusted devices. Thanks to developments in iOS and Android Lollipop, developers can now create apps that self-destruct in the event that they're opened on a rooted or jailbroken device in order to keep company data safe. This means enterprises can worry less about what devices employees are using, and focus instead on apps and software that can keep data safe wherever it travels", says Ryan Kalember, chief product officer.
Open source software is likely to play a big part in helping companies remain secure too. Oliver Thierry, chief marketing officer of social collaboration specialist Zimbra says, "We can expect to see an uptick in the interest in and implementation of open source software solutions due to the increased continuity and control open source software provides over proprietary solutions. In fact, a November 2014 Ponemon Institute study of U.S. IT professionals found that 74 percent of respondents believe that commercial open source software offers better continuity and control than proprietary software."
Whatever the coming year has to bring one thing is fairly certain, at some point there will be a Heartbleed moment that nobody has foreseen at all.
Image Credit: northallertonman / Shutterstock
Web security specialist Incapsula has released its 2014 annual Bot Study which reveals that 56 percent of website traffic is accounted for by bots.
That's down from 61.5 percent on last year's study, however the number of 'bad' bots posing as humans has increased significantly.
The number of impersonator bots has risen by 15 percent in the two years since Incapsula began its annual study and by 10 percent in 2014. These include DDoS bots, bots masked by proxies and bots that are trying to avoid security measures by using false identities.
The overall decline in bot traffic is, says Incapsula, mainly down to the drop in bots associated with RSS. Google stopped crawling RSS feeds some time ago as its place has increasinngly been taken by social media.
Interestingly it's smaller websites that receive the most bot traffic, reaching 80 percent this year for those with fewer than 1,000 daily visitors. Large sites by contrast -- those receiving more than 100,000 daily visitors -- receive only 56.2 percent bot visits.
The proportion of bad bots stays pretty much the same, however, product evangelist Igal Zeifman writing on the Incapsula blog says, "...the average percentage of bad bots consistently hovers around the 30 percent mark, regardless of website size or popularity. In absolute terms, Incapsula can state that malicious bot traffic grows in an almost exact proportion to a site’s human traffic".
You can see a summary of the report in infographic form below and find out more in Incapsula's blog.
Image credit: Gunnar Assmy/Shutterstock
Ask anyone who has worked on a help desk and they'll tell you that a lot of their time is spent on solving the same problems.
In order to reduce the help desk workload for online businesses and allow users to solve straightforward issues themselves, contextual answer specialist AnswerDash has announced the integration of its technology with Zendesk.
The integration makes it easy for websites to display help content from Zendesk Help Center as contextual Q&A that appear on relevant objects on a web page. The effect is that website users have access to Help Center content wherever they have questions, with just a click of the mouse and without having to type search queries. Links from revealed content connect users back to Help Center, making it easy to directly access full Help Center articles.
"For most online businesses, 80 percent of support ticket volume is due to just 20 percent of the most frequently-asked questions, leading to customer service agent fatigue and inability for support teams to cost-effectively scale," says Jake Wobbrock, CEO and co-founder of AnswerDash. "Our integration with Zendesk helps transform traditional assisted customer service into highly-efficient customer self-service, reducing the number of help tickets and enabling support teams to scale".
AnswerDash's self-service technologies allow users to get answers to their commonly asked questions in the context of existing webpages, without having to visit separate knowledge bases. Customer service staff can sync their Zendesk articles to AnswerDash and syncing take place every 10 minutes to ensure the most recent content is available.
Any new questions raised via AnswerDash are automatically raised as Zendesk tickets and the answers linked back as they're solved.
You can find out more and try out how it works for yourself on the AnswerDash website.
Image Credit: lucadp / Shutterstock
Enterprise computing is more and more centered around the user, but how will this trend affect the workplace and what changes will it make to productivity and the way systems are managed and delivered?
We spoke to Torsten Volk, VP of product management, cloud at business software specialist ASG Software Solutions to find out.
BN: What do you think will be the main trends for IT in the workplace during 2015?
TV: In 2015, the workplace will become more and more end user centric. Business staff, developers and IT operators will receive an individualized user experience that enables them to be more productive. All three of these user groups will be able to receive a more consistent interface from any PC or mobile device, with all the applications, content, services and business data they require. This means, 2015 will be the year where enterprise IT becomes much more independent of the OS and truly focused on delivering a role based and unified user experience.
BN: Are we going to see a continuing shift towards the cloud and SaaS product delivery?
TV: The short answer is 'yes'. In many cases, the economics of delivering software via public cloud cannot be beat. However, we can expect a paradigm shift toward a truly policy driven approach to software delivery. Each placement decision -- physical, virtual, private cloud or public cloud -- comes with different parameters in terms of cost, compliance, security and performance attached to it. The only way to ensure consistent delivery is to introduce a policy engine that 'intelligently' decides where to place an application. The end user should be entirely removed from this decision process.
BN: How can dynamic workspaces make things easier for the user?
TV: Dynamic Hybrid Workspaces go significantly beyond the application centric approach to enterprise computing by offering a truly unified dashboard, where end users no longer have to worry about where their apps, services, data or content are coming from. These placement decisions are made by a policy engine that works its magic in the background. To optimally complete their daily tasks, end users will no longer have to log into multiple applications with different user interfaces. Instead they will receive one unified dashboard with services and apps that exchange content to enable truly business driven computing.
BN: Can this work with a range of different devices in a BYOD environment?
TV: The idea is to provide the same user experience independent of device and operating system. Whether or not content can be accessed will ultimately depend on compliance and security policy. The CFO should not be able to review payroll data on the train, where his iPad might be stolen. Context sensitive computing will become a standard, freeing users from the limitations of individual Operating Systems and providing the ultimate level of control and governance to the IT department.
BN: Will offering users a 'self service' approach to installing apps help reduce support workloads or just add more complication?
TV: The workspace aggregation principle enables end users to request and receive apps without a complex installation procedure. Of course, depending on cost and other considerations, there will be workflows that enable IT or LOB management to approve the delivery of certain costly applications or services. However, the actual delivery will be automated and shift more and more toward virtualized apps and services that can easily scale.
BN: Can using hybrid workspaces help businesses control their software licensing costs?
TV: Yes, the idea is to have one central place -- the workspace -- to monitor user behavior. If certain apps and services are not used, a workflow can be triggered to ask the user whether the license could be returned to the pool. The key is the tight integration with a software asset management solution, to prevent licensing violations before they occur and to enable IT to govern the newly introduce self-service paradigm. Simply letting end users order apps and services in a self-service manner does not work without the right checks and balances in place. Workspaces represent the central hub, where the optimal degree of license control can be applied and enforced.
Photo Credit: wavebreakmedia/Shutterstock
Businesses are increasingly turning to mobile to communicate with both customers and employees. But whilst attention tends to be focused on apps, SMS messaging still has its place.
Communications platform Sinch is announcing the launch of its SMS API, making it easier for developers to integrate SMS capability into their apps and websites.
Previously integrating SMS capability has been a difficult challenge for developers, involving deals with SMS termination providers, then managing the back-end operation, which can require a major commitment of resources.
Sinch offers a simple, affordable route to in-app SMS communication. Features on offer include the ability to notify customers or users instantly without relying on push notifications. It's useful for marketing campaigns and to drive downloads by sending links to apps. It can also be used to enable two-factor authentication to verify user login details. Analytics allow an at-a-glance view of how many messages have been sent successfully delivered.
"We're in a great position to help developers take advantage of huge time and cost savings while implementing a much needed communication layer into their offerings," says Daniel Forsman, COO of Sinch. "Sinch takes all the hassle out of the integration process, so new features can be added quickly and securely. By implementing new communication features, not only can developers create richer apps, they can help drive up active users and time spent within their products".
One of the first customers for the SMS API is Swedbank, one of Sweden's largest banks which is now using Sinch to send fleet management notifications to the 15,000 drivers of its company cars. "The Sinch SMS API was really easy to implement and did just what I needed," says Robert Bergman, head of fleet management at Swedbank.
You can find more information on the SMS API on the Sinch website.
Image Credit: Bloomua / Shutterstock
Higher education institutions with their rapid turnover of students' devices each year present particular problems when it comes to protecting data.
A new infographic from enterprise security and backup specialist SysCloud looks at the risks higher education bodies face and how they can improve their levels of protection.
Amongst the findings are that there have been over 500 security breaches at more than 320 higher education institutions since 2005 -- that's around one a week. Also 35 percent of all breaches take place in higher education.
The most common cause is hacking or malware on 36 percent, followed by unintended disclosure on 30 percent. Portable devices are more likely to be the source of a breach than fixed workstations.
Interestingly the higher you go up the education ladder the more likely a breach is to occur with 63 percent happening at doctoral level. Maybe their minds are on higher things?
The key challenges for IT professionals in higher education are seen as protecting data and intellectual property, balancing productivity and protection, and meeting compliance standards. The graphic also recommends five ways in which higher education institutions can strengthen their protection.
You can see the full infographic below.
Image Credit: hxdbzxy / Shutterstock
Avast has long been a favorite with home PC users thanks to its free antivirus offering, and protects 175 million computers worldwide. It also launched a free mobile product in 2011 and now protects around 50 million smartphones too.
In 2015 it's looking to move into the business market and is seeking beta testers to help perfect its product before launch.
Avast For Business will offer free business-grade security from the cloud for any number of devices. It's designed to protect devices in the background without being intrusive and will protect both Windows and Mac devices. There's a Secureline option as well to protect business users when they're on public Wi-Fi connections. Cloud-based controls allow system admins to upgrade and add new features to protected systems.
Testers get early access to pre-release versions of the Avast for Business product and will be able to make suggestions for improvements and additional features. They'll also be rewarded for their efforts with three months of the product's Premium service for free when it’s launched in 2015.
For more information and to sign up to take part in the beta program you can visit the Avast website.
Image Credit: soliman design / Shutterstock
With increasing pressure to produce new apps to meet customer demand, testing is vital as problems can lead to the loss of customers and revenue.
Yet the test process can often prove a bottleneck as the tools involved are cumbersome and can struggle to cope with modern complex apps and sites.
Website and app performance testing pioneer Appvance aims to streamline the process with the launch of Appvance PerformanceCloud 2 (APC2), the next generation of its flagship testing platform.
Its advanced feature set allows for test teams to develop complex and comprehensive testing scenarios. It also allows the re-purposing of functional tests to data-driven performance tests all with detailed simulated user controls. Test scripting with APC2 has been found in independent benchmarks to be up to 20x faster than other tools.
"The performance testing market has seen far too many over-hyped tools touting incomplete solutions that only address protocol-level issues and offer limited results that don't provide the beginning-to-end insight that professional testers need," says Srikar Achanta, Applications Engineering Manager at Appvance. "APC2 is the first platform to offer serious testers the comprehensive breadth of features required to drive website and app performance on a day-in, day-out basis. APC2's beginning-to-end testing platform in the first technology to properly address the user experience level (UX), giving testers the most realistic test scenarios possible to mimic real-world user behaviors at scale and identifying client side code issues before launch".
APC2 offers a wide range of features including advanced analytics to identify performance issues, improved cloud support giving testers a wider array of Amazon Web Services instances for load generation, and offering new capabilities for IBM SoftLayer cloud.
Testers can gauge response times over simulated 3G, 4G, LTE or Wi-Fi network bandwidths. There's also support for deeper testing of Java-based applications. For testers of large-scale, enterprise-grade apps and websites, APC2 allows test scenarios to be created in hours, instead of days or weeks, enabling performance issues to be located quickly with little or no coding necessary.
You can find more information and request a free trial on the Appvance website.
Image Credit: alphaspirit / Shutterstock
Businesses are keen to harness the benefits of big data, but traditional database solutions are often confined by their design, making them hard to scale.
Aerospike which claims to be the world's fastest database has unveiled new features and enhancements to its product to improve performance, streamline deployment and breed a new generation of real-time, context-driven applications.
The latest release of the open-source, flash-optimized, in-memory, NoSQL database brings new clients, easier installation and deployment, storage and performance improvements, enterprise security enhancements and Hadoop integration. Aerospike's speed, scale and simplicity make it possible for organizations of all sizes to innovate with new applications that drive improvements, and enable bottom-line savings.
"Big data is big context, and organizations looking to harness the power of real-time context to personalize the user experience for millions of consumers across billions of devices have a small window of opportunity for success," says Monica Pal, CMO of Aerospike. "Aerospike's next-generation, NoSQL database is poised to lead the way as startups and enterprises alike choose its technology as the context store and system of engagement for consumer-facing applications. With Aerospike, companies can turn insights into action, reach consumers with the right message right now and scale with the best price to performance ratio, making it a no-brainer for today’s disruptors".
Unlike first-generation NoSQL databases and traditional in-memory technologies, Aerospike is self-managing and scales on a handful of servers instead of hundreds. Enhancements include more flexible development with upgrades for popular clients and a beta Ruby client. Deployment is simplifies with Docker containers and Click-to-Deploy on the Google Cloud Platform.
Storage and performance are improved with features like a new disk write cache and hot-swap SSD capability. Role-based authentication and authorization improve security and control. Enhanced Hadoop integration includes a patented Indexed MapReduce capability so Hadoop jobs can operate on a targeted subset of data within Aerospike.
The latest version is available now and you can find out more on the Aerospike website.
Image credit: David Gaylor /Shutterstock
The shift to mobile computing has led to some major changes for enterprises, not least in how the security and confidentiality of data is governed.
A new report, commissioned by data protection specialist Druva from Forrester Consulting, surveyed 205 IT and legal professionals in enterprises in the US and UK. It suggests that 20 percent of CIOs could lose their jobs in 2016 for failing to implement information governance.
Forrester’s analysis revealed rising recognition of the role that mobile computing is playing in weakening existing governance infrastructures. 44 percent of survey participants believe that endpoint data remains at risk despite security and governance controls already in place. The top three challenges are seen as proliferation of file shares (45 percent), lack of coordinated governance (42 percent) and mobile devices (41 percent).
"With the rise of the mobile workforce, organizations must establish strategies to govern not only corporate and employee-owned mobile devices, but also the multiple channels that are now required to make data available anywhere on any device. The increase in complexity is staggering," says Chandar Venkataraman, Chief Product Officer at Druva. "As these findings indicate, technology solutions are going to become increasingly important in identifying, preserving and collecting content from end user devices for all aspects of governance, including compliance and eDiscovery".
The results show that 89 percent of respondents plan to invest more in information governance programs, with 44 percent expecting increases of between 10 and 20 percent. Some 53 percent expect to centralize information governance to ensure that content on end user devices is protected and managed.
Using eDiscovery is expected to increase with 84-85 percent expecting to use technology to facilitate governance and eDiscovery on end user devices.
You can see a summary of the findings in infographic form below and the full report is available to download from the Druva website.
Image Credit: Sergey Nivens / Shutterstock
Social marketing has become an increasingly popular option for companies, but delivering it often involves using a number of different tools to handle publishing, monitoring of campaigns and more.
To streamline the process brand and audience specialist Parllay has announced some new integrated, knowledge-based tools. Parllay Studio is a complete content marketing and trend Intelligence platform powered by a semantic knowledge engine.
It has also released Parllay Channels, a content aggregation, product discovery and loyalty marketing platform that helps brands create sales from social engagement.
"The Parllay ecosystem of products helps brands cut through the social clutter and establish meaningful relationships with their customers and build branded communities at scale", says Tarek Najm, CEO and founder of Parllay. "As a team of former data mining, advertising and knowledge engineering executives, we saw an opportunity to usher in a new wave of products to close-the-loop from content discovery and marketing to merchandising".
Parllay Studio has a number of key features including a visual dashboard of trending stories, social listening and intelligence to gauge what’s being said about brands, and an interactive calendar to manage campaigns and messages across channels. Analytics allow campaign performance to be reviewed and summarized.
Parllay Channels helps businesses build branded communities, creating dynamic social hubs using their aggregated social content, user-generated content, campaigns and loyalty rewards programs. Features include the ability to create personalized messages and promotions in real time, point-based loyalty programs, and a Semantic Explorer that blends user-generated and branded content.
Cloud-based subscriptions to Parllay start from $500 per month. For more information you can visit the Parllay website.
Image Credit: Oleksiy Mark / Shutterstock
As businesses move their systems to the cloud security becomes a major concern but often applications don't offer the flexibility and ease of access that administrators need.
To address this need for users of Office, cloud security automation company Palerra has announced a partnership with Microsoft to add an extra layer of security to the Office 365 suite.
Palerra's LORIC will allow enterprises to automate security configuration management, threat detection, predictive analytics and incident response for their entire cloud footprint. It unobtrusively monitors activity and detects threats at the source of the data. There's no hardware, software, or agents required making deployment and operation straightforward.
"As proven by recent high-profile security breaches, the market is facing a gap in security as enterprises increasingly adopt cloud services while the threat landscape intensifies," says Rohit Gupta, founder and CEO of Palerra. "The recent launch of our unique cloud security automation platform, LORIC, aims to tackle this market gap so enterprises don't have to make security compromises when embracing productivity. As such, we’re thrilled to be partnering with Microsoft, the market leader in enterprise productivity tools, to provide their global customer base with greater assurance as they embrace the cloud".
LORIC for Office 365 offers a number of useful features including automated monitoring and enforcement of security configurations across all Office 365 services. It also evaluates deviations from normal user behavior, suspicious locations, and non-compliant security configurations. Admin accounts are monitored for suspicious behavior too in order to cut the risk of backdoor access.
Threats are identified across the enterprise's cloud footprint and predictive analysis is used to produce real-time analysis of potential risks. Incident tickets are automatically generated for threat events and can be integrated with existing change management systems.
Also integration with Single Sign-On and Active Directory means user-level policies, reports, and remediation can be used for visibility and control.
You can find out more via the Microsoft Office Showcase or the Palerra site.
Photo Credit: Slavoljub Pantelic / Shutterstock
Technology has had a major impact on the world of marketing, making it possible to target customers more accurately than ever before.
However, when it comes to selecting the best tool to deliver a message there's still confusion, especially since the rise in importance of social networks. A new survey by email marketing brand Campaigner looks at the technologies businesses see as most effective as part of their marketing effort.
The results show that email remains a favorite channel with 60 percent of respondents rating it as the best return on investment generator. Looking ahead to next year 76 percent plan to invest in email will with 33 percent investing in social media.
Newer methods like mobile are developing slowly with 36 percent reporting that it won't impact their marketing strategy and 39 percent saying they’re still researching the technology. Mobile payments are seen to have limited impact too, with 87 percent saying that Apple Pay won't have an impact on their 2015 marketing strategies.
"2014 has been a year of evolution in the marketing industry. Given the introduction of tech advances like Google's Inbox, the new Promotions tab, Twitter's Buy Button and Apple Pay, the modern day marketer has a lot to consider when developing 2015 strategies," says EJ McGowan, general manager at Campaigner. "In order for marketers to effectively stay up-to-speed, they should regularly monitor consumer reactions to new innovations and adjust strategies accordingly. Moving into 2015, I predict email will remain a significant investment in overall planning, with added emphasis on the mobile commerce movement".
An overview of the survey results along with hints for marketers for the coming year is in infographic form below.
Photo Credit: Balefire/Shutterstock
According to a BIA Kelsey report for the Manta small business community, 61 percent of small businesses get the majority of their revenue from repeat clients.
This means that timely interaction and following up with customers is important. Yet many smaller businesses still manage these tasks manually and may be losing sales as a result.
To help businesses use their websites more effectively to retain clients, customer engagement specialist vCita has launched a new version of its LiveSite software giving small businesses greater control and providing a simplified, seamless user experience, increasing customer engagement while improving business efficiencies.
With LiveSite added to their websites, businesses can create an interactive menu of calls-to-action that improve online client engagement. It transforms any website into an interactive app that also works on mobile devices and enables clients to schedule appointments, pay online, upload files and complete forms.
"For small service businesses, the ability to streamline payments, scheduling and client communications is key to creating customer retention and loyalty," says Itzik Levy, founder and chief executive officer of vCita. "The new LiveSite will help over 100,000 businesses working with vCita to deliver an exceptional service to their clients, increase customer satisfaction and make their website look more professional than ever".
Enhanced features in the latest version include an online payment form that can be added to a website or embedded in an email, a MyTime scheduling feature that lets customers set appointments in line with staff availability, and new email templates with greater flexibility and branding options.
The basic system is free and additional modules are available starting at $9.95 per month. For more details and to try out the free version visit the cVita website.
Image Credit: Sebastian Duda / Shutterstock
With OpenSSL problems, ransomware, retail security breaches and the rise of the internet of things, 2014 has been a difficult year for businesses from the security point of view.
Each year brings its own set of challenges of course and Mike Foreman SMB general manager at security company AVG has been looking ahead to the threats companies need to watch for in 2015.
Cyber criminals are increasingly aiming their attacks at smaller businesses and a new class of malware aimed at stealing logins and customer data is the Advanced Persistent Threat (APT). "They are purposely designed to gain a foothold in the business and remain there undetected for a prolonged period of time," says Foreman. "To counter this businesses require an equally sophisticated approach to defense that includes protection from risks in mobile communications and Cloud services as well as traditional networks".
Ransomware is expected to remain a major threat too. Foreman advises businesses to use reputable antivirus software, avoid risky downloads, and to educate their staff about the dangers.
Password breaches will continue to be a problem as internet of things devices become more common. Foreman cites the example of the Russian website streaming images from insecure IP cameras left open by the use of default passwords.
The other area to watch is mobile threats as the use of cloud systems and mobile working increases. Even devices previously thought to be secure could be at risk says Foreman, "Not so long ago it was probably quite natural for your Apple-loving colleagues to congratulate themselves for using the relatively threat-free Macintosh platform. But the tide is turning. The prevalence of iPad and iPhone mobile devices in the office has turned the Apple operating system into a prime target".
You can read more about Foreman's predictions and how small businesses can protect themselves on AVG's blog.
Image Credit: Lightspring / Shutterstock
One of the biggest trends in enterprise systems this year has been the rise of social collaboration tools within the workplace.
Business intranet tools specialist Bitrix24 has been a major player in this field and is releasing a new and enhanced suite of unified communication and collaboration solutions targeted to businesses of all sizes.
Among 35 new features and upgrades included in this release are an enhanced mobile app for both Android and iOS users, an improved Activity Stream that offers fast rendering speeds yet and is provided in real time and a new CRM social collaboration platform that features a new product catalog, support for the new Bitrix24.Drive and faster processing capabilities.
"We always want to ensure that Bitrix24 is on the cutting edge of the unified communications and collaboration industry, and we believe this advanced suite of tools exemplify our pledge to product superiority," says Dmitry Valyanov, CEO of Bitrix24. "Unlike other recently released products, Bitrix24 also offers an in-depth set of sales tools and CRM functionality. Providing the additional value-add of client management and CRM are key cornerstones for Bitrix24 and crucial elements of our comprehensive solution".
Key features include free two factor authorization to protect users from spyware, and powerful new Bitrix24.Drive and document options which lets users work with documents stored inside Bitrix24 using an office suite that's already installed on their computer. There’s also a new instant messenger feature with the ability to edit and delete messages and share files.
Businesses pay a competitive $199 a month for unlimited users and unlimited online storage. Bitrix24 is now available in Russian, English, German and Spanish. For more information and to sign up for a free trial you can visit the Bitrix24 website.
Image Credit: Diego Cervo / Shutterstock
One of the key reasons why businesses migrate their systems to the cloud is to make them easier to access from anywhere.
But that can create complications where office systems are Windows based and mobile devices are running a different OS. Cloud services provider dinCloud has an answer in the form of webHVD, its HTML5-based virtual desktop.
The company has now released an Android version of the app which supports Adobe Flash, Microsoft Silverlight, YouTube, Netflix and more, and is ideal for businesses with 50 or more Windows desktops. It's compatible with a wide selection of Android devices including Google's Nexus 7 and the Samsung Galaxy range.
Companies can use webHVD as a replacement for remote access VPNs and other technologies that allow access from home or remote locations. No backend or virtualized infrastructure setup is required, allowing customers to provision, access, or upgrade a turnkey desktop within minutes.
"As tablet growth approached almost 10 percent in the 3rd quarter, it has created an exciting opportunity for companies to utilize a hosted virtual desktop offering like webHVD," says Mike Chase, CTO at dinCloud. "Users want to connect to legacy applications from any device, and now that Android has an extension for Chrome, we provide an application for this without traditional and costly VDI set up when using a Windows virtual desktop in the cloud".
The webHVD Android app offers a number of features including anytime accessibility, security that requires the user to enter their password and PIN code, similar to the Google Chrome app and an easy-to-use virtual mouse and keyboard for data input. There's also a Send Key facility allowing the use of commands like Ctrl+Alt+Del and the ability to zoom in and out.
Existing webHVD customers can download the free Android app now from the Google Play store.
Whilst high profile vulnerabilities in popular products tend to make the headlines, they’re often not the ones that most of us face on a regular basis.
IT security specialist Secunia has released a new quarterly Vulnerability Update revealing the day-to-day threat landscape. It lists the number of vulnerabilities disclosed for software products over a three month period.
Secunia looked at 50,000 products and ranked the top 20 with the most disclosed vulnerabilities for each month. Google Chrome topped the tree in August with 64 vulnerabilities and in October with 162, however, Apple OS X took over the top slot in September with 59.
Other interesting entries include Oracle Solaris, taking the number two slot in August with 58 vulnerabilities, and Apple iOS which took the eighth slot in September with 20. Several IBM products make the top 20 list for each month, this is largely due to the fact that IBM likes to bundle products with third-party software, often things like Java and OpenSSL.
That these programs are bundled within the individual IBM product means that every time a vulnerability is discovered and a patch released the corresponding IBM products need patching too.
Also interesting is that August saw nine OpenSSL vulnerabilities. Not terribly exciting you might think, but what Secunia calls 'OpenSSL Take 3' shows that in the wake of earlier OpenSSL vulnerabilities like Heartbleed and Shellshock if a problem doesn't have a catchy name and a dose of publicity it’s less likely to be disclosed and patched.
More information on Secunia's vulnerability reviews is available on the company's website.
Photo Credit: Sergey Nivens/Shutterstock
Theft by hackers is a constant problem for software companies, so solutions that can prevent license abuse can help protect revenue.
In the past these have often been quite clunky, involving hardware dongles and such. The cloud era means that more sophistication is needed and Flexera Software has created a secure licensing technology with leading tamper resistance and detection.
"The amount of revenue illegally being siphoned away from producers due to unauthorized software use is staggering," says Mathieu Baissac, Vice President of Product Management at Flexera Software. "Today's hackers are extremely sophisticated and relentless, leaving vulnerable the application producers that fail to implement the latest security measures. FlexNet Licensing offers best-in-class, multifaceted, patent-pending tamper resistance to ward off hackers, allowing producers to better guard their intellectual property, protect revenues, and focus on their core competencies".
FlexNet establishes a virtual 'moat' around software making illegal access by hackers significantly more difficult. It prevents the debugging and application signature spoofing techniques hackers use to reverse engineer applications and gain illegal entry.
Code obfuscation makes it harder to find an entry point, FlexNet Licensing hides strings, variables and functions that control the flow of software and application data which may contain sensitive information. Built-in alarms can also alert the developer to tampering attempts.
There's better support for the cloud too, a new Microsoft Virtual Machine Generation ID helps producers detect cloning and ensure that their customers stay compliant in virtual environments. Developers can choose to prevent cloning or to monetize it should it occur.
FlexNet Licensing works in Microsoft Azure too, so developers can keep track of customers shifting their priorities to cloud-based solutions. It also gives them the ability to adjust their revenue model based on usage.
More information on FlexNet Licensing is available on the Flexera website.
Photo Credit: mkabakov/Shutterstock
One of the problems that larger businesses face is pulling together information from different sources in order to get an overview of the whole.
Integration specialist Jitterbit has upgraded its Harmony cloud platform to allow it to bring together digital processes spanning multiple applications, departments and partners in real time.
The new release includes Salesforce connectors that allow any application or endpoint system to connect to Salesforece in a matter of minutes. To design the new integration solutions Jitterbit partnered with Salesforce to get direct access to the platform and engineering teams behind the latest products. The resulting connectors deliver fast, reliable integration capabilities that business users can quickly and easily configure to meet their needs.
Jitterbit Analytics Connect can unlock the power of the new Salesforce Analytics Cloud and external data, helping business users to instantly analyze on-premise, cloud, internet of things, mobile and social enterprise data from any device. Salesforce1 Lightning Connect integrates the CRM system's data with back office applications including SAP.
"We're excited to offer true real-time cloud integration with our Winter release to give businesses connectivity between their enterprise applications at the speed of the cloud," says Jitterbit's Vice President of Alliances and Marketing Andrew Leigh. "With the addition of our real-time and analytics connectors, companies can not only amplify the value of their on-premise, cloud, and mobile solutions but also harness this explosion of data for better intelligence within their analytics tools".
The new release also includes an updated messaging system that delivers improved performance and increased throughput whilst using fewer resources. The new messaging bus provides guaranteed delivery, ensuring that companies never miss a transaction even if an outage occurs during the integration process.
Current Jitterbit Harmony users will receive a seamless upgrade to the latest release. For new customers prices start at $1,000 a month and there's a free trial available via the company's website.
Photo Credit: EDHAR/Shutterstock
Bombarding customers with irrelevant communications is not an effective way of getting across a marketing message and generating new sales.
The key is to understand the consumer and deliver the right message at the right time. Cloud marketing specialist AgilOne is making this easier for retailers with a new 'predictive intelligence' product.
It can be used to personalize Facebook advertising campaigns and understand user behavior on Apple iOS-native apps. This allows marketers to create personalized, relevant campaigns. The AgilOne cloud integrates easily with Facebook to create custom audiences. AgilOne's Facebook API integration allows marketers to translate their insights to Facebook advertising campaigns almost effortlessly. Retailers can use AgilOne to find specific segments or "clusters" in their existing customer base, such as those who tend to favor specific types of products or brands, or those who have unsubscribed from their mailing list, they can then use Facebook custom audiences advertising to reach those customers.
AgilOne has also released new capabilities for native Apple iOS ecommerce apps. This feature allows marketers to integrate user behavior data from Apple iOS apps with customer data, which includes days since the first and last visit to the app and visit frequency. This makes it possible to identify mobile users as a specific audience and contact them directly. It can also spot things like when items have been placed in a cart but not purchased, allowing the seller to send reminders about those products later.
"Consumers are inundated constantly with less-than-relevant communications from brands, and Facebook has become a new, very busy and cluttered touch-point," says AgilOne CEO Omer Artun. "People react to content that is relevant and courteous. With our predictive marketing cloud, marketers can create relevant conversations with their consumers".
More information on AgilOne's predictive marketing is available on the company's website.
Image Credit: Sarawut Aiemsinsuk / Shutterstock
Moving applications to the could is a major step for businesses and finding the right partner to make the transition a success is vital.
The latest latest fruit of the long-standing alliance between technology consulting specialist Accenture and Microsoft is aimed at providing a powerful hybrid cloud platform to bring new capabilities, economics and innovation to the enterprise.
Accenture Hybrid Cloud Solution for Microsoft Azure -- suggestions for snappier names welcome in the comments -- uses new hybrid cloud technologies and services to help enterprises build and manage enterprise-wide cloud infrastructure and applications. It's jointly funded and developed along with Avenade -- a company launched by the two technology giants in 2000.
"Enterprises around the globe are looking for the right platforms and partners to help them transform and thrive in a mobile-first, cloud-first world," says Satya Nadella, CEO of Microsoft. "The Microsoft cloud, combined with Accenture's industry knowledge and implementation expertise, accelerates our customers’ cloud adoption and unlocks new benefits, including powerful new applications, data-driven insights and increased productivity".
The new solution integrates and builds on key existing capabilities from the three companies to help enterprises deliver a one-stop service solution. The Microsoft Azure platform provides enterprise performance, hyper-scale and hybrid capabilities connected to Windows Server with Hyper-V, System Center and Azure Pack running in customer data centers.
The Accenture Cloud Platform supports multi-platform environments with self-service provisioning for any application. There's a central dashboard to control cloud brokerage and management capabilities, along with enterprise-grade governance, reliability, security and operations.
The product also includes professional services to help clients define and execute their cloud goals, based on Accenture's specialized industry knowledge.
"Our expanded relationship with Microsoft represents a game-changing proposition that addresses the biggest concerns and complexities our clients face as they look to leverage the cloud," says Pierre Nanterme, chairman and CEO of Accenture. "With new demands being placed on IT departments every day, enterprises need to smartly connect their infrastructure, software applications, data and operations capabilities in order to become agile, intelligent, digital businesses. This unique collaboration with Microsoft and Avanade is one of Accenture's most strategic and important initiatives for driving enterprise-wide cloud adoption".
The solution is already being piloted and more information is available on the Accenture website.
Photo Credit: everything possible / Shutterstock
After last month's blizzard of patches tomorrow's last round of Windows updates for the year looks set to be rather quieter.
Only seven bulletins have been announced, of which three are rated Critical and four Important. Of the Critical patches one is for Internet Explorer, one for Office and one for Windows itself -- likely to be for a remote code execution vulnerability.
There's an Important MS Exchange patch to resolve an elevation of privilege problem. Chris Goettl Product Manager of IT management specialist Shavlik says, "As you may recall, this patch was held out of last month's Patch Tuesday updates along with another out-of-band patch that was released later in November. With all of the changes at Microsoft recently, this practice of holding a patch could become a pattern. It is likely that with less important patches, these will be released on a subsequent Patch Tuesday".
The Internet Explorer patch looks set to be a cumulative security update, something that will probably become a regular fixture in future Patch Tuesdays as hackers increasingly target browsers. There are three Office updates in total all of which address remote code vulnerabilities.
Karl Sigler, Threat Intelligence Manager at Trustwave says, "This security update will be light compared to the previous patch Tuesday. None of the CVEs included in this release are exploited in the wild at the moment. Also, it's not likely there will be a vulnerability as nasty as the Schannel Remote Code Execution vulnerability (MS14-066) from last month".
Third-party patches are expected from Adobe too according to Wolfgang Kandek, CTO of cloud security specialist Qualys. "Adobe has notified of a new version of Adobe Reader and Acrobat in APSB14-28. Both versions 10 and 11 on Windows and Mac OS X are affected by this critical vulnerability. In addition we also expect a new version of Flash as Adobe has had monthly release for Flash in every month in 2014 so far".
All versions of Windows, Office and IE are thought to be affected by at least one of the vulnerabilities. Users with automatic updates enabled should receive these updates automatically though a reboot will be required to apply them.
Photo Credit: fotoscool/Shutterstock
The latest monthly report from internet security specialist Doctor Web shows that whilst Windows and Android users have no cause for complacency, November saw substantial numbers of malicious programs aimed at Mac OS X and Linux platforms.
Trojans remain the most popular form of attack making up 8.7 percent of all malware detected. Trojan.InstallCore.12, which installs different adware, toolbars and browser extensions, ranks first. BackDoor.Andromeda.404, which downloads other malicious programs into an infected system when commanded to do so by intruders, ranks second.
In November BackDoor.Andromeda.404 was distributed in large quantities by email thanks to a mass spam campaign. It accounted for 2.4 percent of the malware detected by Doctor Web. The malware top 10 includes a number of other programs that seek to steal confidential information.
Several new examples of OS X malware have been added to Doctor Web's database. These include Mac.BackDoor.Ventir.2 a backdoor that can execute commands from a remote server, log key strokes and relay information to criminals. Particularly sneaky is Mac.BackDoor.WireLurker.1 which waits for the moment when an iOS device is connected to an infected Mac and then uploads its files onto the device. It even comes in two versions, one intended for jailbroken devices, while the other is for unaltered iOS devices. It takes advantage of the "enterprise provisioning" feature that enables companies to bypass the AppStore and install applications onto its employees’ devices.
Linux systems have been targeted by Linux.BackDoor.Fgt.1 which scans random IP addresses on the internet and launches a brute force attack in an attempt to establish a Telnet connection with their nodes. If successful, it commands the attacked host to download a special script. The malware’s command and control server stores versions for various Linux distros and versions allowing it to infect not only internet-connected servers and PCs running Linux, but also other devices, such as routers.
Android doesn't escape the onslaught, with a large number of malicious programs being detected. Many of these are banking trojans aimed at stealing money from accounts accessed on compromised devices. For example Android.BankBot.33.origin is aimed at Russian internet banking users. It employs SMS commands to covertly transfer money to the intruders' account and hide SMS replies from the bank, so that the user won't notice unauthorised transactions. In addition it can load a bogus web page in the browser to lure users into submitting their online credentials.
For more information about the latest virus activity and a free online scanner for malicious files and links you can visit the Doctor Web site.
Photo Credit: Jirsak/Shutterstock
Since its beta introduction to the US in the spring of this year Windows Phone 8.1's personal assistant tool Cortana has generated lots of interest.
It became available in the UK and China over the summer but now it's moving into the rest of Europe with native language versions for France, Germany, Italy and Spain.
From today Cortana will be availabe in these countries as an alpha via the Windows Phone Developer Preview Program. This will have most of the features of the beta but some are still missing.
Flight tracking isn't available for alpha for example and transit data is currently limited to larger cities. Also reference data isn’t available, though Microsoft says it's working hard to enable this soon. Cortana's 'personality' will be tailored to each market with local chat and jokes to make it culturally relevant. It will also show European football league data.
Marcus Ash, program manager for Cortana, writing on the Microsoft blog encourages the developer community to use Cortana, "By working with her, you will help to improve her conversational understanding and also help us improve her intelligence -- the breadth of answers she can provide and the categories she's aware of -- so she can truly help you throughout your day. There's no need to file explicit feedback: simply using Cortana will help make her better over time. It's so exciting to see the passion the community has had for Cortana and your passion has been one of the driving forces for us to bring Cortana alpha to more countries".
In order to try the new alpha you'll need to sign up to the Developer Preview Program.
Image Credit: Microsoft
As the IT landscape changes and employees are more likely to be accessing cloud services on a range of devices, it's important that they remain properly protected from threats.
Cloud-delivered security service OpenDNS has announced that it's opened up its platform to other security vendors to fight attacks through intelligence sharing.
The company has launched a new security platform and APIs that enable leading enterprise security vendors to integrate with OpenDNS's worldwide network. The combining of OpenDNS with threat intelligence can protect users wherever they are and whatever system they're using.
This will improve protection by using OpenDNS's capability to provide global threat enforcement. It will also reduce the need for security professionals to develop their own custom integrations between security solutions, leading to lower operational costs.
Two new partners Check Point Software Technologies and ZeroFOX have also been announced and will be integrating OpenDNS with their security offerings.
"Combining OpenDNS’s global, cloud-delivered security platform with intelligence from our partners’ advanced detection capabilities results in unmatched protection for our mutual customers," says David Ulevitch, CEO of OpenDNS. "Hackers and cybercriminals are already
experienced at sharing intelligence, infrastructure and operational expertise. We see vendor partnerships -- such as the ones we are announcing today -- as the best strategy for the security community to leverage our collective strength against advanced, targeted attacks".
The OpenDNS Global Network currently handles more than 50 billion of the world's internet requests daily. With this announcement joint customers can now offer the same level of security to employees both inside and outside of the network perimeter while adapting to new threats as they are detected.
For more information on OpenDNS services you can visit the company's website.
Image Credit: Yellowj / Shutterstock
As more and more data gets moved to the cloud it's easy to forget that it still needs to be protected against corruption and loss.
Cloud backup specialist Spanning has a new solution for Office 365 users with the launch of an enterprise grade cloud-to-cloud backup solution. It's aimed at bringing the same application-centric focus and backup and restore expertise to Office 365 that it already has for Google Apps and Salesforce solutions.
"We are seeing a rapid adoption of and migration to Office 365, and we are also seeing data protection for cloud application data becoming more important than ever," says Jeff Erramouspe, CEO of Spanning. "A mobile and collaborative work environment opens the door for increased user error and other data issues. As Microsoft customers move to the cloud in droves, they now can do so without worry, knowing they can implement the industry’s most trusted cloud-to-cloud backup to ensure they are fully protected from data loss and are compliant with industry regulations and requirements".
Spanning Backup for Office 365 enables IT administrators and end users to quickly and easily find and restore lost data from any point in time, from any device. Features include Automated daily and on-demand backups of Mail, Calendar, and Contacts. Point-in-time backups let administrators and end users search, view and directly restore any previous version of the data. Cross-user data restore makes it easy to restore data from one Office 365 account into another, useful when employees leave or change roles.
There are multiple layers of operational and physical security to ensure the integrity and safety of data, including 256-bit encryption, SSAE 16 compliance, intrusion detection and compartmentalized access. Pricing is on a simple single rate, per user, per year, no matter how much data is stored.
The product will be generally available in the first half of 2015 but in the meantime Office 365 users can sign up for early access via a beta program.
Whilst access to data is often the key to things running smoothly in business, providing access to that data for the right people at the right time can be a challenge.
Enterprise collaboration specialist Clarizen combines social engagement with powerful project management to redefine enterprise collaboration and has announced a new release of its product bringing a number of tools together in a single solution.
Clarizen v6 was announced last year and the latest release is aimed at providing greater productivity with a number of new key features.
Using a single cloud platform it offers Clarizen Panels, giving users a new way to visualize any data -- via panel or page -- whether internal or external to Clarizen. Clarizen Home is a single page that contains all daily work items, cases and relevant conversations in one easy-to-read, easy-to-access view. Clarizen Home also includes quick access to common actions, recent items and new items. Users can customize the page to show specific fields and data.
A new partnership with ProofHQ allows users to proof any digital file, from a simple text document to commercial videos and Flash applications, in full context with Clarizen workflows, projects and tasks. It's possible to create new proofs and manage them for any uploaded file.
There's also expanded integration between Clarizen and Box. Box users can now seamlessly connect and view their Box work files and folders from within Clarizen. Workers can also easily create new folders and upload new files to Box directly from Clarizen by connecting them to tasks, work items and projects.
"In today’s workplace, priorities, projects and action items can change at a moment’s notice. The modern worker needs easy, all-in-one access to their mission-critical information and a single place to get work done," says Rachel Haim Hadas, Clarizen's VP of Product. "We are enabling workers to customize and configure how they visualize and access their day-to-day work information and project-related data. This increased customization translates to more productive employees, better project visibility and, in the end, quality work".
For more information on Clarizen's latest features you can visit the company's blog.
Photo Credit: Pressmaster/Shutterstock
Bare metal recovery (BMR), restoring a machine with no requirement for operating systems or software to be present beforehand, isn't always seen as a reliable technique.
To look at how successful it really is, cloud backup and disaster recovery specialist Zetta.net has released the results of a survey looking at companies’ real world experience of BMR.
"Anecdotally, bare metal recovery has a reputation for being unreliable," says Gary Sevounts, CMO of Zetta.net. "But it was difficult to find any numbers related to success. We conducted this survey to learn more about how our customers use this technology, and how successful it's been for them".
The company asked 200 IT professionals about their BMR experiences including usage, success rates and causes of failure. Among the findings are that 34 percent of respondents had used BMR at some point in their career. 23 percent of respondents were currently using BMR, though the findings revealed several respondents citing increased virtualization as eliminating their need for this approach.
Of those using BMR 48 percent reported that they had experienced problems trying to perform a restore. Among these the primary cause was most commonly dissimilar hardware (36 percent), corrupt backups (35 percent), 24 percent driver failure, and three percent other issues such as tape problems.
More information about the findings is available on Zetta.net's blog and there's an infographic summary of the results below.
Meeting the needs of employees to access systems is an important consideration for any modern business. Now, cloud-based call enter systems provider TCN is making its technology accessible for the visually impaired.
Its Platform 3 Vocal Vision product is optimized to work with Job Access with Speech (JAWS) technology and allows visually impaired call center agents to effectively navigate TCN's cloud-based contact center suite, helping to improve agent productivity while also creating new employment opportunities for the visually impaired.
"We’ve been impressed with TCN's VocalVision cloud-based phone service. They have been very willing to customize the solution to meet our employee's accessibility needs. So, our employees like the system and its ease of use. It has enhanced the level of service we can offer our customers through its call recording and time reporting capabilities," says Jim Kerlin, president and CEO of Beyond Vision. "In the future, we plan to use the system to measure and report productivity and utilization metrics, just as we do in our manufacturing environment".
JAWS assists computer users whose vision impairment prevents them from seeing screen content or being able to operate a mouse. VocalVision helps the agent navigate Platform 3.0's workflows via hot keys that use JAWS functionality during both incoming and outgoing calls, while audible tones signal the connection of an incoming call.
Standard features of VocalVision include handling incoming and outgoing calls, agent dashboard along with reporting and call analytics. It works without any need for complex, specialist hardware.
"TCN has always been committed to providing customers with the most advanced call center technology," says Terrel Bird, CEO and co-founder of TCN. "We are excited to bring Platform 3 VocalVision to the market to meet the needs of the visually impaired community and open new doors for employment".
More information on Platform 3 VocalVision is available on the TCN website.
Image Credit: HABRDA / Shutterstock
Cyber Monday is once again set to break records for online sales and web traffic, but there’s a darker side to the day too.
Social risk management company ZeroFOX has released the results of some research into the risks associated with the Cyber Monday spending spree.
Among the findings are that 64 percent of companies report an increase in cybercrime on Cyber Monday, phishing links go up as much as 336 percent at Thanksgiving, and on Twitter, there are 30 Million fraudulent or malicious tweets sent out daily.
Attacks are carried out in several ways, for example by spear phishing -- fake emails and landing pages designed to trick consumers into thinking they're dealing with a real company. But hackers increasingly use social media either by posting clickbait offers for tempting deals or by hijacking trending hashtags.
You can see a summary of the findings, along with tips on how to keep yourself safe, in infographic form below.
Image Credit: Gustavo Frazao / Shutterstock
It's that time of year when industry analysts like to start rolling out their predictions for the year ahead. One of the first out of the blocks is technology research specialist Ovum with a new report on enterprise mobility.
Up to now mobility has been driven by the consumer market with employees demanding to use their own devices in the workplace. Among Ovum's predictions are that this will continue to lead to a 'mobility mismatch' where employee demand isn't matched by IT department's ability to deliver.
It also predicts that businesses will start to look beyond BYOD, adopting a more managed approach to device usage, particularly where sensitive data is involved. This is likely to mean framing mobile management as part of a wider workspace strategy. By governing management of all endpoints and applications the strategic aim is giving employees access to the tools and data they need wherever they happen to be and with whichever device they happen to have in front of them.
Ovum also sees more pressure from senior executives, particularly in HR and operations, to allow mobile deployments. SME's should expect 2015 to become even more mobile centric, vendors and service providers will need to adapt to this additional demand.
Richard Absalom, senior analyst, enterprise mobility at Ovum, says, "While pressure from end users continues to have an impact on the shape of the EMM market, it is time for enterprises to become more proactive with their mobility strategies and look for ways that mobile devices -- whether corporate or employee-owned -- and apps can work in tandem with other endpoints to transform the way that people work. Vendors and service providers in the space need to keep expanding the range of features and services that they offer to meet the growing range of demands, and they will also need to continue to build effective partnerships, especially in support of large, global organizations which expect and demand consistent global service delivery".
More information on Ovum's research into enterprise mobility can be found on the company's website.
Image Credit: Sergey Nivens / Shutterstock
Enterprise software specialist SAP has announced the availability of a new manufacturing application to help deliver data integration across businesses using the SAP HANA platform.
SAP Manufacturing Execution includes the SAP Manufacturing Integration and Intelligence (SAP MII) application and SAP Plant Connectivity software. This allows it to provide machine-to-machine integration and orchestrate intelligent manufacturing.
Using the existing SAP HANA platform it offers global visibility into operations by making manufacturing big data more accessible and enabling predictive analytics capabilities to be used in house or in the cloud. This gives businesses advanced problem solving ability and ease of access to manufacturing data so they can make improvements in cost, quality, asset utilization and performance.
"The launch of SAP Manufacturing Execution is helping SAP to close in on the vision of running manufacturing operations in memory," says Hans Thalbauer, senior vice president Extended Supply Chain at SAP. "By integrating manufacturing results with real-time feeds into SAP HANA, companies can take advantage of the cloud for orchestrating global performance management".
The product gives manufacturers an enhanced user experience, extended mobility and end-to-end enterprise integration with deeper operations transparency. This release gives enterprises the deployment option of SAP MII on SAP HANA, extending the internet of things capabilities of SAP into manufacturing operations. SAP Plant Connectivity simplifies integration at the equipment level and allows direct data feeds to SAP HANA, giving access to big data sources and enabling analytics.
Manufacturing Execution is available now for existing SAP HANA users and more information is available on the company's website.
Image Credit: SAP
We're frequently being told that the real potential for growth in mobile devices sales is coming from emerging markets, particularly in Asia and the Far East.
The latest research findings from IDC into the Indian market bears this out with strong growth in sales of both smartphones and tablets.
A new high in smartphone shipments in the third quarter of 2014 saw them take over 30 percent of the Indian market for the first time with 23.3 million units shipped. That represents a growth of 27 percent over the previous quarter and 82 percent year on year.
Most of these are standard smartphones rather than oversized devices, however. "With 6 percent of the overall smartphone market, Phablets (which IDC defines as smartphones with a screen size of 5.5 inches to 6.99 inches) are observed to be hitting a plateau," says Kiran Kumar, Research Manager, Client Devices at IDC India. "Smartphones with screen sizes between 4.5 inches and 5.5 inches are seen as the sweet spot for consumer preference. However, consumers need larger screen sizes to enjoy media content and with the 4G rollout expected in calendar year 2015, we expect the Phablets segment to pick up again".
Looked at by manufacturer, Samsung is the market leader with 24 percent, followed by local brand Micromax on 20 percent, up two percent on the previous quarter, whilst Samsung’s share contracted slightly. Next come Lava and Karbonn, with Motorola rounding off the top five.
The tablet market has also shown its best year to date growth, with quarter on quarter growth of 10 percent in the third quarter taking it to 0.94 million units. Android devices dominate with 90 percent of the market and this trend is expected to continue. The adoption of Windows tablets is forecast to increase as units become available at lower prices but they’re starting from a low base.
Samsung again has the largest share of the market with 22.2 percent with Micromax second on 10.9 percent. Coming up fast in third is relative newcomer iBall on 10.6 percent, its growth mainly coming from consumer sales.
Next year IDC expects the commercial tablet market to show the most growth whilst consumer sales remain relatively stable. "We are likely to see increased activity by PC OEMs in the tablets space with a focus on the 7 inch and 8 inch form factor," says Tanvi Mann, Market Analyst at IDC India.
More information on IDC's market trackers is available on the company's website.
Image Credit: SnowWhiteimages / Shutterstock
This time of year sees a spike in online shopping activity, but that also means added worries about how well our information is being looked after when we buy online.
Password management company LastPass has put together an infographic 'naughty and nice' list looking at how online retailers store information when we shop.
On the naughty step are some big names including Amazon and Walmart. Problems include weak password requirements, collecting too much information before you make a purchase and the storing of credit card details -- convenient for future buys but a risk if someone gains access to your account.
On the nice side of the list are eBay and the Apple Store, along with one of last year's bad guys Target. The graphic also offers some tips for staying safe as you shop including looking out for HTTPS connections, using a different password for each account and lying in your answers to security questions to reduce the chances of your account being hacked.
You can see the full infographic below and if you have any extra tips for surviving the online shopping experience do let us know in the comments.
Photo Credit: RTImages / Shutterstock
Electronic tags to help stop you losing stuff are nothing new. But usually they rely on Bluetooth or similar to sound an alarm when an object goes out of range.
A new solution from Canadian company Linquet mixes the cloud and the sharing economy to track tagged devices in a kind of internet of lost things.
"We've all been there. We always lose or misplace our phones, keys, wallets, laptops, pretty much everything," says Pooya Kazerouni, Linquet's president. "Now, we have a product that is much more than a great anti-loss solution. Not only does Linquet prevent your valuables from getting lost in the first place, but it also allows for smart sharing and connecting of important items with guests, acquaintances and customers".
More than one person can connect to a Linquet tagged item making it easy to share things like bikes or keys. You can loan gadgets to colleagues, or even track your pets, and see where they are via an iOS or Android app. The cloud element allows you to have Smart Profiles so you can, for example, customize times and locations when alarms don’t sound.
You can build up a network of trusted friends who can help you locate missing items at locations you visit regularly. If something strays further afield the whole Linquet network can be brought into play. You can be anonymously notified of an object’s location if it comes within 100 feet of another Linquet user.
The device tags also have a Magic Button that can be used to find your phone, take a picture with its camera or alert your friends in an emergency.
The introductory pricing model (until January 5) is $1.99 a month for a single device and user, $6.99 for four devices, two users and three smart profiles, and $14.99 for ten devices, five users and seven profiles.
The company is also set to release an API which will allow developers to build apps or integrate Linquet with their own products.
You can find out more and sign up on the Linquet website.
Anyone who's tried to connect a notebook to a big screen for use in meetings or presentations knows it can be a process that's fraught with difficulty, particularly when it comes to finding the right connection and cable.
The latest release from electronics giant Philips solves this problem by offering simple, one-plug access to desktop equipment, networks, intranet and internet via a single, super-speed USB cable.
The 231P4QUPES may lack a catchy name but it does have a 23-inch full HD display. This offers extra wide 178 degree viewing angles making it ideal for meeting rooms, plus a 90 degree pivot so it can be used portrait or landscape.
It also has Philips' PowerSensor technology that can detect if nobody is in front of the screen and automatically reduce the brightness.
Its big draw though is connectivity. It has an integrated Ethernet port and two USB 3.0 ports as well as one USB 2.0. This means users can plug in their notebooks to the monitor for immediate access to all the IT resources connected to the display, which can include printers, external drives, camera, keyboard or mouse. All the peripherals remain connected to the monitor ready for immediate use -- so there's no need for separate docking stations. Via USB 3.0 connection it's possible to stream video and connect to networks and the internet.
The display is available now with a recommended price in the UK of £239 (around $375).
Using e-cigarettes, or vaping, is widely touted as being healthier for you than smoking tobacco, however, it may not be so healthy for your PC.
Many e-cigarettes offer a USB charging option but a story on social news site Reddit suggests that this is a potential source of malware attack. An executive's PC became infected after he'd recently given up smoking and the infection was traced to his e-cigarette charger.
It seems likely that this is a variant of the BadUSB malware uncovered in August this year by German company SRLabs. This allows the firmware on USB controller chips to be reprogrammed to deliver a malicious payload or masquerade as another device, such as a network card, to capture transmitted information.
Dave Goss of London's Vape Emporium told the Guardian that e-cigarette users can stay safe by purchasing respected brands but added that, "Any electrical device that uses a USB charger could be targeted in this way, and just about every one of these electrical devices will come from China".
How much you read into the fact that these devices originate in China is also open to question. Carelessness on the production line or more sinister, state-sponsored malware? Either way it's a good idea to treat unknown USB devices with suspicion.
Users can protect themselves by using a 'charge only' cable with the data pins disconnected to connect devices that don't need to exchange information. This news is likely to encourage more businesses to restrict the use of unauthorized USB devices on corporate networks too.
Have you suffered any kind of malware problem with a USB device? Let us know in the comments.
Image Credit: scyther5 / Shutterstock
Analysis of large volumes of information is increasingly used by businesses to gain an advantage. A new infographic produced by big data specialist Datameer looks at how it’s being used to gain a competitive edge.
Among the highlights are that the global Hadoop Market is projected to be worth $50.2 billion by the year 2020, a huge increase from the $1.5 billion it was worth in 2012.
North America is currently the biggest investor in big data at 37.8 percent, though Asia/Pacific businesses plan to increase their investing by 106.6 percent, bringing them to a close second. Looking at usage by industry, financial services lead the way, followed by technology and communications companies.
The most popular use of big data is to analyze customer behavior, with 48 percent of users. It allows businesses to look at the customer journey, reduce churn rates, increase revenue and improve existing products.
Operational analytics is carried out by 21 percent of companies to improve supply chain efficiency and help with IT analytics and network planning.
You can see the full infographic below (click to view a larger version) and read more on Datameer's blog.
Photo Credit: Maksim Kabakou/Shutterstock
Communication service providers (CSPs) have spent the last few years investing heavily in cloud software provision to expand their business.
A new report by Israel-based Allot Communications shows that this is paying off as software as a service is now a major revenue source for CSPs.
The most innovative CSPs surveyed have addressed enterprise CIO concerns around security and performance by responding with specific cloud-based visibility, control, quality of service (QoS) and security managed service offerings.
Of those surveyed 47 percent offer hosting services, and 42 percent have specifically developed cloud applications aimed at SMBs. 45 percent offer public cloud applications and services for enterprises, ranging from basic email and storage to sophisticated CRM and ERP solutions. . Microsoft’s Office 365 is the most popular cloud office suite, well ahead of Google, and is offered by 33 percent of surveyed CSPs.
Quality of service management for the cloud is lagging behind according to the results. Just 23 percent of CSPs are currently offering QoS and/or visibility solutions for mission-critical applications. 32 percent of CSPs offer some form of cloud-based security service such as anti-DDoS or URL filtering. However, QoS management is more popular when unified communications or Office are involved. With unified communications, 32 percent of CSPs offer QoS management, 48 percent offer it with Office applications and 50 percent with Microsoft Lync .
"Workforce productivity and mobility needs are causing CIOs to re-evaluate their network infrastructure and operations. At the same time, CSPs are responding by evolving their SMB and enterprise cloud services to reach beyond classic connectivity and IT solutions traditionally provided," says Yaniv Sulkes, AVP Marketing at Allot Communications. "The market trends surfaced in our report reflect what we are seeing with our CSP and enterprise customers. CSPs around the globe are increasingly delivering value added digital services that can help enterprises overcome their toughest adoption challenges and achieve the cost and efficiency benefits promised by the cloud".
For more details of the report visit the Allot website.
Photo Credit: Rrraum/Shutterstock
Sending out generic marketing emails and scatter-gun coupon offers is no longer enough to attract the attention of consumers and can in fact have the opposite effect.
Predictive marketing company AgilOne has released the results of a survey which shows that online shoppers appreciate personalized communication -- as long as it's done right.
The survey asked more than 3,000 adult online shoppers about what information they expected companies to know about them and what personalized experiences they appreciate. The results indicate that while consumers appreciate and even expect brands' efforts to personalize the buying experience, the preferred methods for that personalization vary greatly across demographic groups.
Key findings are that 79 percent of US consumers and 70 percent of UK consumers expect some sort of personalization from their brands. Also more than half of consumers in both the US and UK expect e-commerce sites to remember their past purchases.
Among the most popular personalized experiences are emails offering discounts on products shoppers have previously viewed, alerts when products they like are on sale and VIP customer appreciation rewards.
The millennial generation is more likely to appreciate almost all forms personalization. For example 52 percent of those aged 18 to 24 expect brands to remember their birthday as compared to 21 percent of shoppers aged 65 and over.
Interestingly whilst email targeting is popular, with 66 percent of US and 57 percent of UK consumers welcoming it, web targeting is much less so. Only 24 percent of US and 17 percent of UK consumers liked web-based targeting such as on-site pop-ups for particular products.
You can see more of the report's findings in infographic form below.
Image Credit: iQoncept / Shutterstock
The trend towards mobile devices and BYOD is great for productivity but it creates new challenges in terms of keeping information secure.
Identity and access management specialist Ping Identity has produced an infographic looking at the vulnerabilities introduced by letting employees use mobile devices.
Some 460 million smartphones will be shipped worldwide in 2016 and 65 percent of these will be used for both personal and business purposes. Combine this with two-thirds of companies expected to adopt BYOD by 2017 and the potential for problems is huge.
It's not surprising then that 49 percent of companies see security as their biggest concern for the cloud. However, the weakest link is often the employee, 40 percent don't password protect their devices and 57 percent don’t realize security systems exist for their device.
This means that as BYOD becomes more widespread there'll be added focus on corporate solutions including mobile device management, extending single sign-on protocols to mobile devices and using multi-factor authentication.
You can see the full infographic with more hints on how to keep mobile systems secure below.
Photo Credits: Slavoljub Pantelic/Shutterstock
Cross-site scripting (XSS) vulnerabilities allow attackers to inject script into web pages in order to infect client computers.
Security company High-Tech Bridge has released a report revealing that 95 percent of XSS vulnerabilities can be used to perform sophisticated drive-by-download attacks, which infect users who open harmless-looking URLs that they trust. More worrying is that 90 percent of vulnerabilities can be exploited in such a way that even advanced users and IT professionals won't suspect anything. The structure and architecture of more than 70 percent of web applications allows the creation of a sophisticated XSS exploit that can perform several fully-automated actions, ultimately giving full administrative access to the attacker. This access can then be used by hackers to compromise the entire website and even the web server.
To protect against this type of attack companies are advised to explain to their web developers that one XSS vulnerability may lead to total compromise of the entire company. Developers and server admins need to respect security best practices as this will resolve majority of potential problems.
It's also important to make sure that the IT team has a clear inventory of web resources and that there are no abandoned or test web projects that are accessible from the outside. Regular web penetration testing by an independent company is recommended too.
Ilia Kolochenko, High-Tech Bridge's CEO, says, "SQL injection vulnerabilities are becoming more and more rare, as well as other high and critical risk vulnerabilities. They are complex to detect and quite often requires a lot of time to exploit. At the same time almost nobody cares about 'medium-risk' XSS vulnerabilities leaving their websites vulnerable. Obviously, hackers benefit from such negligence and use XSS vulnerabilities to achieve their goals. If you close your door, don't forget to close your windows -- otherwise the entire security is at risk".
There’s much more information on how XSS can leave users open to hacking on the High-Tech Bridge blog.
Image Credit: spaxiax / Shutterstock
Up to now cyber security has generally taken a defensive approach to protecting data and intellectual property.
That’s set to change as a team of industry experts has got together to create a system that's aimed at dramatically improving the reliability and security of enterprise data and applications running in both cloud and conventional environments.
Called Virtual Software Systems (VS²) the company is set to offer an entirely new approach to security based on the founders’ deep expertise in systems architecture, design and development.
VS²’s technology is intended to fill the gap between current perimeter solutions (firewall, intrusion detection/prevention, anti-virus, etc.) and interior defenses such as encryption, which is currently the only method for protecting data following a perimeter breach.
Existing security doesn’t go far enough says VS² President and CEO John Conway, "They've applied technologies and methodologies from the physical world to the virtual world -- but the headlines tell us every day that this approach is incomplete. The mechanisms used by intruders to evade detection and trick perimeter defenses are infinite, so the key is to simplify and manage the attack surface from the inside of the computer. VS² achieves this by rethinking security at the system design level, combining principles of fault tolerance with a new spatio-temporal architecture that virtually manipulates time and neutralizes attacks before they can become harmful exploits".
The engineering team behind VS² holds more than a dozen computer design patents and is responsible for many of the foundational technologies that support today’s complex computer and network infrastructure.
The company is intending to demonstrate its new technology in 2015, in the meantime you can keep up with developments on its website.
Imaged Credit: soliman design / Shutterstock
Databases are important to enterprises of all sizes, but building applications to exploit data effectively can be time consuming and expensive.
Now Splice Machine, maker of the only Hadoop RDBMS (relational database management system), is making its product publicly available for the first time. It will allow database architects and app developers to build real-time, scalable applications without the burden or cost of a traditional RDBMS.
The product has been in beta for the past year and the company has been working with customers to gather feedback on what matters most to enterprises in a scale-out relational database. As a result the version 1.0 release has some key new features.
These include analytic window functions providing advanced SQL analytic capabilities based on the SQL-2003 standard. Native backup and recovery to protect against data loss, and a cost-based optimizer to ensure efficient query performance. There's also a console that provides a view into how well queries are working.
Splice Machine integrates with the Hadoop big data ecosystem and has a native ODBC driver offering custom-built database connections.
"With these new features and the validation from our charter customers, we are now fully prepared to support enterprises that are growing quickly and looking to scale affordably," says Monte Zweben, co-founder and CEO of Splice Machine. "Shipping the 1.0 version of our Hadoop RDBMS is just one milestone for us in a year of many, but it's perhaps the most important one. It says 'we’re here, and we’re ready,' which is an exciting place to be".
A standalone version of Splice Machine Hadoop RDBMS is available to download allowing users to try it out. For enterprise customers Splice Machine offers comprehensive services and support, including training courses, a Kickstart Package to speed implementation, and on-demand consultants to optimize operations.
Image Credit: alphaspirit / Shutterstock
There's an old computing joke that says the difference between software and hardware is that hardware is the bit you can kick.
To celebrate software's 60th birthday business package selection specialist Capterra has produced an infographic charting the history of the bit you can't kick. It'll provide a trip down memory lane for anyone involved in computing.
The software industry as we know it, selling software separately from hardware, began in 1955 with the formation of the Computer Usage Company. Two years later an IBM mainframe (IBM dates back to 1911 by the way) was used by ADP to process payroll for the first time.
Other milestones include the foundation of SAP in 1972 and Microsoft in 1975. The first business accounting software for PCs, Peachtree, was released in 1978 followed a year later by Visicalc, the first spreadsheet.
In 1989 the first version of Microsoft Office was released and in 1993 Mosaic, the first web browser, entered the world. The graphic brings things right up to date with the rise of big data, tablets and wearables. It also looks at the future of software and charts the history of programming languages.
You can see the full infographic with lots more fascinating milestones below. Do let us know about your early software experiences in the comments.
Photo Credit: Elena Schweitzer/Shutterstock
We've all seen those adverts for partworks allowing you to build a scale model of the Titanic at a cost not far off that of raising the real thing.
Now though UK publisher Eaglemoss Collections is producing a partwork that allows you to produce something a bit more useful. In 90 weekly parts it lets you make your own working 3D printer.
Up to now 3D printing has required expensive, complex equipment that’s meant it's been largely the preserve of industry and academic institutions. 3D Create & Print will give consumers the ability to build their own machine and safely print jewelery, games, figurines, mobile phone cases and many other objects.
The collection will be supported by its own website allowing users to download designs and software. There'll also be an online shop to purchase consumables and tools.
Maggie Calmels, Eaglemoss' senior VP, global creative and innovation says, "This collection also allows us to utilize our unique 'partwork' retail model; offering people the opportunity to purchase and build their own printer at small weekly costs, while the accompanying magazine is aimed at engaging readers and giving them the chance to learn more about the science behind the product".
The printer has been designed by Sebastian Conran, founding director of Sebastian Conran Associates, and is the first non-industrial model to come with a safety hood. "As 3D printing technology and applications become more mainstream, 3D printers are moving from the hi-tech workshop into the home, office and shed. Recognizing this trend and opportunity, we worked with Eaglemoss to develop a 3D printer that was more suitable for home use," Conran says.
3D Create and Print will be available in the UK from December 26th with the first issue costing £1.99 and subsequent issues £6.99 -- plus two premium issues at £14.99. For more information or to pre-order a subscription visit the www.3dprinter-collection.com site.
Malware developers are constantly shifting the goal posts in order to evade detection mechanisms. Part of this involves changing the domain names used to communicate with command and control servers and spread infections.
The latest trick identified by security company Seculert is the increasing use of Domain Generating Algorithms (DGAs).
The latest DGAs like that used by the Matsnu Trojan can create domains that are comprised of a noun, verb, noun, verb combination until the domain is 24 characters long. This attempts to bypass machine learning phonetic algorithms that are looking for domain names with no meaning.
The latest variant of Matsnu with the new DGA was first seen in June 2014 and has been targeting mainly German speakers, with 89 percent of infected users being located in the DE domain region. It's thought to spread mainly via spam emails relating to shopping sites.
Seculert's research has also uncovered that Matsnu can have additional capabilities added to it through an extension, enabling it to think on its feet, and adjust according to the obstacles in its way.
In addition it lets the user set the number of domains they want to generate daily as well as how many days in the past to reuse previously generated domains. It monitors the registry to ensure its run key is still present and renews it if it's been removed. Matsnu contains its own built in Uninstall function too allowing it to remove itself from systems.
There's more information about Matsnu and DGA malware on the Seculert blog.
Photo Credit: Balefire / Shutterstock
New research from DDoS protection specialist Black Lotus shows that cyber attack incidents have continued to decline throughout this year.
There were 201,721 incidents in the third quarter of this year (down from 462,621 in Q1 2014 and 276,447 in Q2). This can be attributed to the security industry's increased knowledge and filtering against NTP DrDoS types of attacks, as well as more proactive activity to stop malicious attacks before or as soon as they're detected.
The character of DDoS attacks is changing too. The average attack bit volume is increasing while the average packet volume is going down. A change of attack methods used, from large volumetric network-based attacks to more complex multiple vector attacks with application layer attacks and SYN flood attacks blended together accounts for this change.
DDoS attacks have declined in peak size and total incident count as NTP DrDoS attacks have largely subsided. This is thanks to better awareness in the security community about the threat of vulnerable NTP daemons, prompting administrators to upgrade from vulnerable versions and, in some cases, prompting network operators to filter potentially malicious NTP traffic.
When more effective zero day attacks aren't possible, attackers will often fall back to tried and tested methods of attacking systems. These include SYN floods and application layer attacks, which are often launched in tandem. The largest bit volume attack observed by Black Lotus in the last quarter was the result of a SYN flood against a Web server, largely sourced from Chinese networks.
Whilst most still come from China, the US and Russia, DDoS attacks are increasingly originating from Vietnam, India and Indonesia. These countries have a large number of compromised mobile end point devices which makes them prime sources of newly created botnets.
SYN flood attacks aren’t as dangerous to providers of internet infrastructure, since the bit and packet volumes are much lower and within the capacity of many tier 1 networks. However, they continue to pose a serious threat to service providers and enterprises that don’t have significant excess capacity and DDoS mitigation solutions in place.
You can find more information about the report's findings on the Black Lotus blog.
Photo Credit: Duc Dao / Shutterstock
The last year has seen a number of high profile security breaches involving retail businesses and there’s no sign of the trend slowing down.
Security ratings company BitSight Technologies has released some new research looking at the performance of 300 major US retailers over the past 12 months. It shows that 75 percent of retailers that suffered a data breach have improved their security effectiveness.
"While it's encouraging that a majority of the breached retailers have improved their security effectiveness, there is more work to be done, especially in the area of vendor risk management," says Stephen Boyer, co-founder and CTO of BitSight. "This trend in retail highlights the importance of proactive measures such as industry and peer benchmarking, as well as continuous monitoring of one's supply chain. We are seeing retail take steps in the right direction, with the formation of the Retail Information Sharing and Analysis Center to increase intelligence sharing among retailers in the US, but more improvements are needed".
BitSight uses publicly available data to rate the security performance of organizations. Ratings range from 250 to 900 with higher numbers indicating better performance. Key findings include that the of the 300 retailers analyzed 58 percent experienced a decline in overall security performance with an average 90-point decrease. The 34 percent of retailers that improved saw an average 70-point increase, while eight percent of retailers saw no net change in their Security Ratings over the past year.
Of the 20 large retailers that had a high-profile breach within the last year, nearly 75 percent saw an average increase of 50 points to their Security Rating score since their breach.
It's securing the supply chain that remains a challenge though. Nearly a third of all breaches in the retail sector began with a compromise at a third-party vendor. Organizations can take steps in securing their own networks, but ignoring risks posed by third-party partners can leave them exposed and vulnerable to breaches.
The findings also show that infections are increasing across a range of different threats with malware showing the largest increase. It finds that incident response times are up too, averaging 1.33 days in November this year compared to 1.26 in November 2013.
You can see an infographic summary of the report's findings below.
Photo Credit: nokhoog_buchachon/Shutterstock
'Tis the season to go and spend lots of money, as we approach Thanksgiving (in the US), Christmas, Black Friday, Cyber Monday and other shopping opportunities.
With November and December sales expected to top $616 billion dollars, payment processing specialist Merchant Warehouse has produced an infographic looking at what to expect from the holiday shopping season.
There are some interesting statistics, for example Thanksgiving has 229 percent more gaming deals than Cyber Monday and is the best time to shop if you’re looking for a TV or Blu-ray player. Black Friday is best for laptops, data storage and kitchenware, and Cyber Monday, interestingly, is the best time to buy clothes and shoes.
Shipping options are seen as increasingly important since in 2013 15 percent of Christmas eCommerce purchases arrived after 25th December. 70 percent of shoppers now say that shipping options are a key part of their buying experience.
The graphic rounds off with some tips on how to work the system to get the best deals. You can see the full thing below.
Image Credit: Slavoljub Pantelic / Shutterstock
According to the third annual State of Mobile App Security report from application protection company Arxan Technologies, 87 percent of the top 100 paid iOS apps have been hacked.
Don’t feel smug if you're an Android user though as the report reveals 97 percent of the top 100 paid Android apps have been too. But whilst the Android figure is in line with previous years, the iOS percentage represents a jump from 2013 when 56 percent were found to have been hacked.
Before you start to panic, what Arxan means by a 'hacked' app, is one that's actually a modified version available from an unauthorized store or torrent site. In the case of iOS apps this also means the device needs to have been jailbroken.
The situation isn't much better with free apps. The report shows that 80 percent of popular free Android apps and 75 percent for iOS also have hacked versions available.
Not surprisingly high profile targets like banking are most at risk. 95 percent of the Android financial apps reviewed were 'cracked' while 70 percent of the iOS financial apps were hacked. This is an increase in both cases, with Android hacks growing about 80 percent.
Shopping apps are being targeted too with 90 percent of retail/merchant Android apps and 35 percent of iOS apps in the same field having been compromised. Hackers are targeting growth in B2C retail apps, as stores launch mobile payment and wallet services, but also B2B merchant point-of-sale apps. In both cases sensitive data, intellectual property, and financial transactions are at risk.
Also worrying is that 90 percent of Android healthcare/medical apps have been hacked, 22 percent of which are FDA approved.
With app downloads still increasing and forecast to reach 253 billion free and 15 billion paid in 2017 there are potentially huge numbers of people at risk if they venture into unofficial stores. Among the report's recommendations are that apps with high-risk profiles running on any mobile platform should be made tamper-resistant and capable of defending themselves and detecting threats at run time. Also that apps be developed to maintain the confidentiality of the code and that software used to enable mobile wallets and payment apps should be protected with secure crypto and app hardening.
"The pursuit of greater mobile application security remains at the forefront our research and development initiatives," says Jonathan Carter, technical director at Arxan. "We continue to evolve our security innovations based on emerging threats to ensure the strongest application protection for our customers in the dynamic battlefield against hackers".
The full report is available to download from the Arxan website and there's an infographic summary of the findings below.
Photo Credit: lucadp/Shutterstock
We've become used to the fact that for pretty much any product or service we want to buy there will be reviews available online to help us with our purchase decision.
These reviews matter to businesses as they can have an impact on sales. Open review community Trustpilot has carried out a survey looking at how online reviews can influence the bottom line.
Findings include that 54 percent of companies fear the impact of negative reviews, however, 79 percent report that a mix of negative and positive reviews posted together have a positive financial effect on the business.
Collecting online reviews helps attract new customers according to 75 percent of companies and 25 percent say reviews improve loyalty. Plus 58 percent say that reviews help them identify opportunities for business improvement.
From the consumer side of the fence 62 percent say that they are more likely to do business with a company after reading a positive review. How a company deals with negative reviews is important too, 90 percent of unhappy customers will return if an issue is resolved quickly and effectively. Also 15 percent are more likely to do business with a company after reading a response resolving a negative review.
You can see an overview of the findings in infographic form below.
Image Credit: Rawpixel / Shutterstock
With more and more data stored in the cloud or accessed from corporate systems on mobile devices, security and regulation becomes a major concern.
Enterprise file sharing specialist WatchDox has announced a new solution to both detect and protect sensitive files everywhere, on every device.
By integrating with Symantec Data Loss Prevention, WatchDox can now automatically and proactively protect sensitive files detected in motion on networks or emails, at rest in file shares and other repositories, and created on both mobile and PC endpoints.
This allows IT and security teams to apply controls to sensitive files on the fly. This can be encryption, digital rights management, tracking or revocation, and these continue to apply wherever the files travel. Traditional DLP solutions identify potentially sensitive data on the move, and flag it for action. Administrators then choose to ignore it or block it. However, blocking the data impedes workflows and letting it go involves risk.
WatchDox DLP solves this problem, protecting workflows but also enabling external collaboration. For example, a sensitive email attachment can still be delivered to the recipient, but be controlled, tracked and can even be revoked if it’s found that it should not have been shared.
"DLP is great at finding sensitive data, but historically it’s been hard to take action to protect that data without blocking someone’s workflow," says Ryan Kalember, chief product officer at WatchDox. "Through this integration, organizations can keep their workflows intact, while still securing the data, even when the sensitive data is involved in an external collaboration or on an unmanaged mobile device".
The new feature is available to all users of WatchDox Enterprise. There's a data sheet on how it works available to download and you can sign up for a free trial.
Photo Credit: Maksim Kabakou/Shutterstock
Data breaches in large organizations have made the headlines in recent years and that’s led to a huge increase in the amount of personally identifiable information being traded online.
According to UK credit report company CreditExpert there's been a 300 percent jump in the amount of personal information being traded online since 2012.
The company has produced an infographic analyzing this information. Interesting facts include that passwords are now more valuable than credit card details. The value of a username and password has continued to rise since 2010 whilst those of debit and credit card information are declining.
Despite this, 5 percent of Britons still use the same password everywhere and 10 percent never bother to change their passwords. The graphic shows how one stolen password can be used to expose other sites and ultimately steal an identity. Hackers can then go on to attack others in the victim’s social media networks.
The full infographic including tips on how to keep yourself safe is below.
Image Credit: Minerva Studio / Shutterstock
With more businesses adopting cloud and hybrid environments, protecting data is more important than ever but it’s also more complex.
Microsoft is looking to improve protection for its enterprise customers with today's announcement that it has acquired Aorato, an innovator in enterprise security.
Writing on Microsoft's official blog, Takeshi Numoto, Corporate Vice President of Cloud and Enterprise Marketing says, "We all know corporate security is more important than ever. Nearly every day there are more headlines about breaches, fraud and data loss. Unfortunately, compromised passwords, stolen identities and network intrusion are a fact of life. Companies need new, intelligent solutions to help them adapt and defend themselves inside the network, not just at its edge".
Aorato's technology uses machine learning techniques to detect suspicious activity on a corporate network. It understands what normal behavior is and then identifies anomalies, so a company can quickly see suspicious activity and take appropriate protection measures.
It uses an Organizational Security Graph, which is a continuously-updated view of all of the people and machines accessing an organization's Windows Server Active Directory (AD). AD is used by most enterprises to store user identities and administer access to critical business applications and systems. Since it leverages this existing technology existing Microsoft enterprise customers should be able to easily take advantage of the Aorato system.
Numoto adds, "This will complement similar capabilities that we have developed for Azure Active Directory, our cloud-based identity and access management solution".
An announcement on Aorato's website says, "At our core, Aorato has always been focused on strengthening enterprise security, by giving customers deeper visibility into their Active Directory and identity infrastructure with an emphasis on user behavior intelligence and analytics. Joining Microsoft gives us a unique opportunity to pursue this vision, and help customers at the broadest possible scale".
Image Credit: rosedesigns / Shutterstock
Securing data and making sure that it's stored in compliance with regulatory standards is a key task for all businesses, but it relies on knowing where the information is stored in the first place.
That isn't always as easy as it sounds but a new solution from database security specialist GreenSQL allows enterprises to easily identify all sensitive and regulated data fields across their Amazon Relational Database Service databases.
The software scans RDS databases to automatically identify sensitive fields, providing rapid implementation of regulation compliance, reporting and auditing, enabling data masking policies and enforcing role-based access to data.
"Without touching the database or applications, organizations are now able to instantly discover and protect their most sensitive data and achieve regulatory compliance," says Amir Sadeh, CEO of GreenSQL. "Users of Amazon RDS are now able to use one-click activation of polices for database monitoring, enforcement of duties and data-masking for every sensitive data field in their organization’s databases".
The company has also launched Dynamic Data Masking to allow users and applications to fulfill their job functions without ever gaining access to sensitive data fields. This makes for easier, faster and cheaper regulatory compliance as it hides data from unauthorized persons without making changes to databases or applications. As the data is never exposed to unauthorized employees or applications this reduces the risk of theft or abuse of information.
The solution is policy-driven, meaning that data masking policies can be defined by data table column, user or user role, client IP address and/or client application. Based on these policies, protected data fields are masked or randomized in real-time using a context-relevant template, allowing users and applications to function normally.
"GreenSQL’s out-of-the-box solution enables enterprises to easily identify and mask all sensitive and regulated data fields in their RDS databases," says Sadeh. "Without touching the database or applications, organizations are now able to instantly protect their most sensitive data and achieve regulatory compliance, among other benefits".
Both solutions are being launched at the AWS re:Invent conference this week, for more information visit the GreenSQL website.
Image Credit: wavebreakmedia / Shutterstock
Enterprises can be reluctant to move some functions into the cloud because of security and other concerns. So services that can allay these fears have big potential in the market.
Data flow specialist Axway already hosts secure private cloud portfolio solutions with AWS and has now announced that it’s making a Cloud B2B service available.
The Axway Cloud B2B Service enables companies to securely manage and integrate with their B2B communities in the cloud without the additional investment in hardware or labor resources common with legacy solutions.
Antoine Rizk, VP, Global Go-To-Market Programs at Axway says, "The solution has low initial cost and is scalable to allow for seasonal peaks. This also means a cloud solution becomes affordable for smaller companies."
Rizk belives there is large potential for the product as B2B cloud services currently only account for around six percent of the enterprise software market and will grow to 18-20 percent over the next five years.
Axway offers subscription-based product configurations that enable organizations to seamlessly connect their on-premises systems to their partner communities. The Cloud B2B Service includes extensive reporting, alerting and monitoring capabilities that enable companies to onboard, manage and interact with their communities through a cloud-based infrastructure, enterprise application integration, and advanced community management.
As Axway hosts its secure private Cloud portfolio solutions with AWS, it has access to infrastructure regions located around the world, including Western Europe, which helps protect the data integrity of its customers at all times.
"We designed AWS to enable our customers and partners to manage their computing needs through a highly flexible model, paying only for resources used and allowing organizations to avoid costly and time consuming traditional infrastructure," says Brian Matsubara, Head of Global Technology Alliances at Amazon Web Services, Inc. "By moving to the cloud Axway is able to take advantage of the scalable, reliable, secure and flexible technologies offered by AWS to power their Axway Cloud B2B Service technology, allowing them to focus on serving customers around the world."
Axway Cloud B2B Service is available now on the AWS Marketplace as a SaaS offering, or for more information visit the Axway website.
Image Credit: Lightspring / Shutterstock
DDoS attacks can be extremely disruptive to business but it can be hard to quantify that disruption in financial and business terms.
A new report by security company Incapsula collates responses from 270 North American organizations of varying sizes to gauge the true impact of attacks. The findings indicate that DDoS attacks are relatively common with 45 percent of the respondents indicating their organization has been hit at some point. Of these, almost all (91 percent) reported an attack during the last 12 months, and 70 percent were targeted two or more times.
Larger organizations are more at risk with those having over 5,000 employees most likely to suffer an attack. The attacks tend to be short-lived though with 86 percent reporting a duration of 24 hours or less.
Motives for attacks vary too with respondents pretty evenly split between those who had and hadn't received a ransom note as part of an attack. 40 percent believe perpetrators were attempting to flood their organization’s network, 25 percent surmised they were trying to cause an outage by targeting specific applications, and 33 percent believe that both were the motivating factors.
In terms of business impact, 49 percent of DDoS attacks last between 6-24 hours so with an estimated cost of $40,000 per hour, the average DDoS cost can be assessed at about $500,000, though some are significantly higher. Costs aren't limited to the IT department either, they can have a large impact on security and risk management, customer service, and sales.
Among companies that had been targeted, 87 percent experienced non-financial consequences, such as loss of customer trust, loss of intellectual property, and virus/malware infection. 52 percent had to replace hardware or software, 50 percent had a virus or malware installed/activated on their network, and 43 percent experienced loss of consumer trust. Also 33 percent admitted to customer data theft, and 19 percent suffered intellectual property loss.
You can find out more and download a copy of the report on the Incapsula website.
Photo Credit: Duc Dao / Shutterstock
As consumers we're used to being able to download apps for just about any purpose. As we come to expect this sort of flexibility in enterprise applications too, a shift is needed in the way software is delivered in order to keep us appy -- sorry!
A new report by Flexera Software in conjunction with IDC suggests that a transformation is under way, paving the way for software vendors and intelligent device makers, including IoT manufacturers, to profit from the 'appification' of the enterprise.
What makes an appified enterprise is a shift to software that is task-oriented allowing employees to focus on things like sequencing a DNA molecule, executing email campaigns, or utilizing specific drone aircraft features.
To profit from task-oriented apps, producers need to alter their focus to target usage-based activities. According to the Report, this is exactly what's happening. 17 percent of producers indicate that they now offer utility software licensing models -- up from 9 percent in last year's survey. That number is forecast to grow to 23 percent over the next two years.
"As consumerization of IT gains hold within the enterprise, increasingly we’re seeing business users want more flexible buying models allowing them to align cost to value," says Amy Konary, Research Vice President - Software Licensing and Provisioning at IDC. "Usage-based licensing models give producers a new way to capture revenue from customers that want to pay based on how they’re actually using an application. Offering utility licensing can supplement more traditional monetization models such as device, nodelocked, processor, core and others".
In an appified enterprise, employees want app-store-like, one-click software access and activation rather than more traditional, complex license activation models like email or website activation. In the survey 44 percent of respondents report that they now distribute license keys/files via in-product activation.
This also marks the demise of technologies like the hardware dongle for securing licenses. Only 19 percent of producers report using hardware dongles as their licensing technology.
"The key to capturing a growing market of users who view enterprise software in a more app-centric way is to offer tailored licensing, activation and delivery models that appeal to this audience," says Mathieu Baissac, Vice President of Product Management at Flexera Software. "The challenge for producers is that it requires tremendous time, resources and money to build, manage and maintain in-house these myriad new and traditional licensing models, and track back-office customer entitlements. This is why adopting automated software monetization solutions is becoming increasingly essential for producers".
You can download the full report from the Flexera website.
Image Credit: logolord / Shutterstock
Moving business applications to the cloud doesn't remove the need for securing them, in fact it potentially makes them more vulnerable.
Cloud application delivery service Instart Logic has announced a new Security Suite offering customers multi-layered protection against DDoS attacks and other cybersecurity threats.
It builds on the company's software defined application delivery (SDAD) platform, a software-based architectural approach that provides control, extensibility and performance.
Features of the suite include a secure ProxyWall that combines web application firewall capabilities with origin protection. It inspects plain text and SSL traffic and can issue alerts, set rate limits or block malicious traffic, designated user agents or IP addresses. ProxyWall also protects the origin server from non-HTTP(s) traffic and transmits 'clean' traffic from a dedicated connection to the Instart Logic cloud.
In addition the suite offers DDoS protection that absorbs denial of service (DoS) and distributed denial of service (DDoS) attacks. It has PCI DSS Level-1 compliance too so it can provides a dedicated environment for carrying out financial transactions.
"Instart Logic uses the same open source web application firewall engine and rule set for its Security Suite that are standard in the application delivery market," says Peter Blum, vice president of product management at Instart Logic. "What sets us apart is our patented SDAD platform, which delivers unmatched application performance -- especially over wireless networks. Now, customers don't have to choose between speed and security".
The Instart Logic security suite is available now, for more information visit the company's website.
Photo Credit: Slavoljub Pantelic / Shutterstock
According to a new survey carried out for security device specialist Kensington, 73 percent of executives recognize that BYOD presents greater risks for the organization.
However, 59 percent still approve the use of personal devices for business use and to address concerns 55 percent are planning to invest more in physical security.
"With the rapid rise in the use of BYOD mobile devices and laptops, organizations need to consider protecting their employees devices with physical security locks to protect them from the risk of theft and putting critical business and personal data into the wrong hands," says Judy Barker, Global Product Marketing Manager at Kensington. "By employing simple and secure device locking products, organizations can safeguard their data and mobile assets with an added layer of protection".
Security measures in use by respondents include 64 percent opting for employee training and guidelines, 61 percent using anti-malware and encryption, 55 percent having compliance and governance policies, and 48 percent using data loss prevention and authentication solutions.
There’s a summary of the findings in infographic form below.
Photo Credits: Slavoljub Pantelic/Shutterstock
We all experience the frustration caused by IT issues from time to time, but a new survey by Forrester on behalf of operations performance specialist PagerDuty reveals that 55 percent of IT and business decision makers in the US experience IT service problems at least once a week.
What's more worrying is that 53 percent found out about the problems via users or external customers rather than through internal monitoring tools. Also 54 percent of respondents said their companies lacked adequate incident and problem management processes or didn't provide enough information to identify where the problem comes from.
The study points out that these problems often occur due to the approach taken to incident management. Companies may use multiple non-integrated monitoring tools, resulting in overlapping notifications and multiple sources of information and causing information overload for support teams.
Disorganized corporate culture may lead to teams focusing on passing the blame rather than collaborating to resolve problems quickly.
"Today's businesses desperately need a better way to manage their expanding collection of enterprise technologies to guarantee greater reliability in an always-on world," says PagerDuty CEO Alex Solomon. "I believe that this latest study from Forrester Consulting confirms the effectiveness of the holistic approach to incident lifecycle management that we have pioneered at PagerDuty".
The study suggests that by adopting a more strategic approach to solving problems and creating a unified operations center to manage incidents the impact on the business can be reduced and user satisfaction will be higher.
There needs to be a command center that is responsible for a broad overview of incidents. The second element is an automation center that owns the entire life cycle of incident resolution tools. Finally a service center or service desk to act as a center of excellence within the IT organization.
Whilst this takes care of the day-to-day handling of problems, businesses also need to understand the strategic importance of IT services and identify those which are most crucial. Incidents which affect customer service should always be given precedence.
The full report us available to download from the PagerDuty website.
Image Credit: alphaspirit / Shutterstock
Allowing employees to use their own devices for work is increasingly popular, but it can present problems for smaller businesses when it comes to implementing the technology and keeping it secure.
California-based hopTo has an answer for small and medium businesses in the form of its mobile productivity platform hopTo Work. The platform provides instant BYOD functions with a flexible and secure mobile workspace.
Using hopTo Work employees can access files, corporate email, SharePoint sites, and the organization’s intranet web services and storage locations, along with full editing capabilities for Microsoft Office documents in a rich, touch-friendly user interface.
"We have taken an entirely different approach to BYOD that will provide the ultimate user experience while still meeting the needs of IT departments for corporate security and governance," says Eldad Eilam, President and CEO of hopTo. "We designed the hopTo Work platform to allow mobile business users access to their workplaces by leveraging the devices they are carrying in everyday life. This will deliver an instant BYOD solution that both IT departments and end-users can agree to implement and begin using immediately".
The platform doesn't need any network configuration effort, which eliminates the complex planning and deployment stages required with other BYOD solutions. It also offers best-of-breed protection against data loss by ensuring that documents remain on the server while being edited and viewed, rather than on the end-user’s devices. This means the organization retains full control over the flow of content, so documents are never at risk of leaking outside the organization.
Key hopTo Work features include a seamless user experience with the ability to multitask using multiple tabs, enabling users to easily switch back and forth between projects. Touch-friendly access to all permitted documents on the corporate network from a variety of sources such as SharePoint, local files, network shares, etc. Access to all Windows applications and rich, touch-friendly editing capabilities for Office documents (Excel, Word, and PowerPoint) on the mobile device.
Early next year hopTo Work will receive additional enhancements including support for secure web browsing through the corporate network as well as support for secure access to corporate email in a native iOS user interface.
Introductory pricing is available until January 1st 2015 and you can find out more on the hopTo website.
Image Credit: Peter Bernik / Shutterstock
A recent report by Gartner predicts that there will be 4.9 billion connected 'things' in use in 2015 and as many as 20 billion by 2020.
There’s little doubt that the internet of things is set to have a big impact which will be felt across enterprises and homes. Business systems specialist SAP is keen to be at the forefront and is using its TechEd conference in Berlin to announce three new IoT solutions.
"The Internet of Things will be the key enabler of industry scenarios and of innovations in the digital economy," says Bernd Leukert, member of the Executive Board of SAP SE, Products & Innovation. "It is converging our digital and physical worlds, which will spur new products and services, and even change business models. The Internet of Things has the potential to dramatically improve responsiveness of businesses, re-imagine customer experience and open up new opportunities and brand new business models such as move from sell-to-service based models. SAP customers that have already implemented Internet of Things solutions have seen considerable improvement in asset utilization and higher business process efficiency and helped address operational costs".
The IoT solutions are powered by the existing SAP HANA Cloud Platform which offers features including in-memory computing, predictive analytics and complex event processing. In addition, it has open APIs that allow third-party providers to develop IoT applications.
The three new applications announced today are; Predictive Maintenance and Service, Connected Logistics and Connected Manufacturing.
Predictive Maintenance and Service will help assess historic and sensor data to assist users in predicting a malfunction before it occurs and prevent a negative impact on profits. It will be able to automatically generate work requests for field service technicians when a device is failing.
Connected Logistics is planned to allow logistics hub operators and others to monitor traffic toward and within a hub and facilitate communication between involved parties including those that don't have a direct business relationship. It will also use a recently announced AR warehouse picker mobile app that uses wearable technology, such as smart glass devices, for a complete hands free operation, helping to eliminate the need for handheld scanners.
Finally Connected Manufacturing is aimed at optimizing global operations. It will allow businesses to use predictive analytics to drive cost efficiencies and achieve higher asset utilization.
You can find out more about SAP and the internet of things on the company's website.
Image Credit: PlusONE / Shutterstock
Darkhotel sounds like it ought to be one of those budget hotel chains you find on the outskirts of towns -- possibly one built without windows to keep costs down.
In fact researchers at Kaspersky Lab have revealed that it's an espionage campaign, which has been operating for almost a decade, that steals sensitive data from corporate executives traveling abroad.
It works by hitting its targets while they're staying in luxury hotels. Never going after the same target twice it operates with surgical precision, obtaining all the valuable data it can from the first contact, then deleting traces and fading into the background to await the next high profile victim. 90 percent of the infections seen by Kaspersky have been in Japan, Taiwan, China, Russia and Hong Kong, but it has also detected infections in Germany, the USA, Indonesia, India and Ireland.
The Darkhotel perpetrator places software on hotel networks and the unsuspecting victim downloads it with the welcome package when connecting to the hotel's Wi-Fi. Once on a system, the backdoor may be used to further download more advanced tools such as keyloggers and Trojans. These tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords and other private information. Victims lose sensitive information likely to be the intellectual property of the businesses they represent. After the operation, the attackers carefully delete their tools from the hotel network and go back into hiding.
Kurt Baumgartner, principal security researcher at Kaspersky Lab, says, "For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior. This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision".
Kaspersky Lab recommends that when traveling, all networks should be treated as suspicious. Executives are advised to use VPN to get a secure network channel to their company systems and to treat any software updates they may be offered when on unfamiliar networks as potentially harmful.
You can find more information about Darkhotel on the Kaspersky Lab blog.
Image Credit: Dragon Images / Shutterstock
Traditional malware infections usually require a file object to be placed on the system which makes it relatively easy for them to be detected and removed.
Now though there’s a stealthier threat uncovered by security company Malwarebytes. Poweliks is an infection that runs without a filesystem object, completely from the registry and memory using rundll32.exe, javascript and a create on-the-fly dll.
Code can be injected into the machine via a fake landing page which makes traditional security solutions like white listing ineffective in combating it.
It doesn't place a physical file on the system, instead Poweliks injects code into processes which are currently running, like Internet Explorer. This allows it to run on the back of the legitimate process and thus avoid detection.
Security researcher Jerome Segura says, "There are many advantages of doing that. For starters, by never dropping anything onto the hard-drive, you reduce your payload's footprint on a system and chances for it to get detected. It is typically much easier to detect a piece of malware on disk than one hiding in memory".
To ensure that it can survive after a system restart it places code in hidden registry keys allowing it to execute and infect the legitimate process again after a reboot.
A newly released version of Malwarbytes Anti-Rootkit is able to remove Poweliks. There's also more information on fileless infections and how they work on the Malwarebytes blog.
Image Credit: alphaspirit/Shutterstock
We've all encountered websites that are badly designed or seem to be willfully hard to use and now a new survey reveals the sites which cause the most frustration and are likely to be rapidly abandoned.
Website FAQ technology provider AnswerDash has released the results of its first website survey revealing Comcast.com, IRS.gov and CenturyLink.com as this year's most frustrating websites for US consumers.
Those that get it right are Amazon.com, Facebook.com and Apple.com which yielded the highest scores in terms of website usability among survey respondents.
The survey also shows that we're quick to give up and move on when a site doesn't deliver what we want. Among 18-24-year-olds, 75 percent will abandon a website within two minutes if they can’t find what they need. 57 percent of those 55-years or older abandon a website in two minutes or less, with 28 percent indicating that they would spend only 4 minutes trying to accomplish their task on a website before leaving. Across all demographics the average abandonment time is 90 seconds.
"As e-commerce grows, and particularly in the light of the upcoming holiday season, delivering an excellent online user experience is imperative to helping propel consumers along the path to purchase," says AnswerDash CEO Jake Wobbrock. "We conducted this survey to provide companies with actionable insights around website usability, and the results are telling. Companies face a huge opportunity to provide an intuitive online experience by including website support tools, such as Contextual FAQs, that reduce abandonment through improved user experience".
Key findings include that more than half of consumers (59 percent) selected Comcast.com as this year's most frustrating website. While consumers said the IRS and CenturyLink websites were also difficult to use, they both out performed Comcast, at 37 percent and 35 percent disapproval, respectively.
Microsoft's website is more difficult to use than Apple's according to consumers, with 20 percent stating that the Microsoft site is confusing, compared with only 6 percent who get flummoxed by Apple’s website.
Of US government sites, the IRS is rated most frustrating, with Healthcare.gov ranked as the easiest, just edging out the Department of Motor Vehicles. In e-commerce Amazon leads the way with over 70 percent of consumers approving its ease of use, Target comes bottom with 16 percent selecting it as the most frustrating site.
Are there any sites you find particularly frustrating? Do let us know.
Image Credit: Syda Productions/Shutterstock
Next week's round of Patch Tuesday updates from Microsoft is set to be the biggest so far this year with 16 bulletins in total, five of which are rated Critical and nine as Important.
Most of the Critical bulletins are for Windows components and affect a range of supported systems. Karl Sigler, Threat Intelligence Manager at Trustwave says, "If you are currently running a supported version of Windows, you will want to update as soon as these updates become available. These are some of the nastier vulnerabilities we've seen in Windows in a while".
It's likely that one of these bulletins will address the OLE remote code execution for which a security advisory was published last month. Exploits have continued in the wild and it’s likely that two or three of the critical patches will address this according to Chris Goettl, product manager with enterprise systems specialist Shavlik.
There will be an update to .NET Framework too which Goettl says, "...usually means a little longer time on the maintenance window as those patches tend to take a little longer than the average OS patch to install".
Patches for the Windows 10 and Windows Server Technical Previews will be available in this round too which is a good opportunity to try out the update process on the new OS.
Wolfgang Kandek CTO of Qualsys points out that despite the large number of updates this month, "Overall the additional 16 bulletins will bring Microsoft's count up to 79, meaning that we will finish the year under 100 vulnerabilities, which is a bit lower than in 2013 and 2011 and probably on par with 2012".
Kandek believes that bulletin 2, which covers all versions of Internet Explorer from IE6 on Windows 2003 to IE11 on Windows 8.1, should be the highest priority for admins since there's a whole underground industry developing browser exploit kits.
The Important bulletins address Windows, the .NET runtime framework and Word along with the SharePoint and Exchange servers. If you have automatic updates turned on all of the required updates will be downloaded as they become available. A reboot will be needed to complete the installation.
Adobe has put out Flash updates on all but one of this year's patch Tuesdays, so you can add that to your list of things to do too.
Image Credit: alexskopje / Shutterstock
Cloud adoption is booming amongst business users, but there's a big variation in what developers and IT managers want from their cloud deployments.
Developers want instant access to cloud services and true self-service capabilities, while IT managers require greater control, visibility and integration across the whole cloud spectrum.
The beta launch of Dell Cloud Marketplace gives both developers and IT managers the ability to compare, purchase, use and manage public cloud services from Amazon Web Services (AWS), Google Cloud Platform and Joyent via a single, unified console on the dell.com site.
Cloud Marketplace gives users the tools they need to select the best cloud services and solutions to meet their unique requirements. With management, governance and security built in. It streamlines the buying and deployment of cloud services, allowing customers to use single, multiple and hybrid cloud environments across several users and various accounts.
"The Dell Cloud Marketplace epitomizes the Dell Cloud strategy of offering customers choice and flexibility while simplifying the cloud experience," says Nnamdi Orakwue, Vice President, Software Strategy, Operations and Cloud at Dell. "Developers benefit from the ease of multi-cloud purchases and the immediate use of cloud services. IT managers benefit from the governance, secure management and single billing of multiple cloud services. By combining those benefits with the strengths of Delphix, Docker and Pertino, together we will knock down the hurdles to using multiple cloud services effectively so customers can unlock the full potential of the public cloud ecosystem".
In addition to the marketplace Dell has announced alliances with Delphix, Docker and Pertino. Solutions from these companies will be made available via the Dell Cloud Marketplace next year, allowing users to subscribe to these offerings along with the public cloud infrastructure resources of their choice.
Dell Cloud Marketplace beta is now available in the US and you can sign up at www.dell.com/cloudmarketplace there’s also more information on the company's blog.
Image Credit: Dell Inc.
It's easy to assume that the range of choice available when buying online leads to a lack of consumer loyalty with people shopping around for the best deal.
However, a new survey from e-commerce specialist Avangate suggests that customers are looking for a long-term relationship with providers of online services.
Findings of the survey include that 60 percent of consumers have set up at least one or two recurring payments online. 46 percent refuse to purchase online subscriptions without a 'freemium' option and almost 40 percent prefer to pay bills online.
The ability to compare is still important though with 45 percent comparing three to four online channels before making a purchase decision. Payment methods remain resolutely conservative with 99 percent of consumers not using Bitcoin and the one percent who do not using it as their primary payment method.
Mobile payments are catching on but mainly among younger age groups. In total 52 percent of consumers have used their mobile to make a purchase. But while 30-44 year olds are most active with 30 percent making monthly mobile payments, 72 percent of over 60s have not used a mobile to make a payment.
The main concern with mobile payments is security with 22 percent of consumers saying that they don’t feel secure when making mobile payments, but they do it anyway.
"Today, we are seeing the digitization of products into services -- what we are calling the 'New Services Economy' -- and it's spawning the next generation of software and online services companies that are redefining commerce. For these new service providers and vendors, the ability to truly monetize their offerings is no longer about point payment transactions with the customer, but rather being able to interact, service and expand the relationship with the customer from the discovery, trial, and add-on and retention phases -- all of which are potential opportunities to make purchasing decisions," says Carl Theobald, CEO at Avangate.
Avangate has added more than 200 new features to its Commerce Solution for Service Providers to help businesses exploit online revenue streams. You can find out more on the Avangate website and see more details of the survey findings in the infographic below.
Photo Credit: Nonnakrit/Shutterstock
Cloud backups are all the rage at the moment, but they do raise security concerns, particularly for businesses that deal with sensitive information.
Cloud to cloud backup specialist Backupify has added some new features to its service to make it more secure. These include HIPAA (Health Insurance Portability and Accountability Act) compliance as well as new features for admins.
"Given all the changes in the regulatory landscape, Backupify wanted to get independent verification that we meet the required standards for HIPAA compliance," says Ben Thomas, VP of Security at Backupify. "We now have third party validation through an independent audit which should help customers feel even more comfortable entrusting their data to Backupify. As we build innovative backup solutions, data security remains a core focus. It always has been and always will be".
All companies dealing with protected health information (PHI) must ensure the right security measures are in place and followed. While Backupify doesn’t interact with PHI directly, the company does have many healthcare organizations as customers and therefore felt it necessary to meet HIPAA compliance requirements.
In addition to HIPAA, Backupify is self-certified in compliance with the US Department of Commerce Safe Harbor program. It also allows customers to store data in Amazon's VPC (Virtual Private Cloud), and goes beyond using Amazon's built-in bucket-level encryption, with every Backupify account receiving a unique AES 256-bit encryption key. Backupify has also renewed its SOC 2 Type II compliance which reviews Backupify's backup and recovery system to ensure that controls are suitably designed to protect financial information.
You can read more about Backupify's security on the company's blog.
Photo Credit: jörg röse-oberreich/Shutterstock
As many as four out of five internet-connected households in the US could be at risk of attack through their wireless router.
This is among the findings of a study by security specialist Avast which found that more than half of all home routers are poorly protected using default or easily hacked password combinations such as admin/admin or admin/password.
It also found that 25 percent of consumers use their address, name, phone number or other easy to guess items as their router passwords. "Unsecured routers create an easy entry point for hackers to attack millions of American home networks," says Vince Steckler, chief executive officer of Avast. "Our research revealed that the vast majority of home routers in the US aren't secure. If a router is not properly secured, cybercriminals can easily gain access to an individual’s personal information, including financial information, user names and passwords, photos, and browsing history".
Among the biggest threats to any Wi-Fi network is DNS hijacking. This involves malware being used to exploit vulnerabilities in an unprotected router to redirect the user from a known site, such as a bank website, to a fake site designed to look like the real thing. When the user logs in, hackers capture the user’s login credentials and can then use them to access the real site.
Less than half of Americans strongly believe their home network is secure, according to the survey and 16 percent of respondents said they had fallen victim to hackers. This is despite being aware that a breach can lead to their bank or financial information being stolen (42 percent were concerned about this), losing personal information (33 percent), having their browsing history stolen (11 percent), and getting their photos hacked (9 percent).
"Today's router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment. The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen," says Steckler.
You won't be surprised to learn that the recently launched Avast 2015 is able to identify and protect against network threats including DNS hijacking and weak passwords.
Image Credit: Piotr Adamowicz / Shutterstock
Many businesses are put off moving their systems to the cloud by the complexity and time involved to complete the transfer process.
To help overcome this problem management tools specialist Metalogix is launching a Cloud Acceleration Suite along with a Partner Program to help businesses deploy collaboration abilities on their chosen cloud platform.
It works with Office 365, Microsoft Azure and Amazon Web Services, as well as hybrid and private cloud systems. By bringing together migration and management tools from Metalogix with Microsoft qualified cloud deployment partners it offers organizations a start-to-finish solution to rapidly migrate email, files and SharePoint content to the cloud.
The Cloud Acceleration Suite uses expert tools to provide IT professionals with a single, unified solution for the migration of email, files and SharePoint content into OneDrive for Business, Office 365 and other cloud-based platforms. Employees are also given simple and secure tools to move business content from their personal cloud storage into their corporate cloud accounts. Once migrated to the cloud, the suite then provides tools for the on-going management of sites, security, users, content and metadata.
"Successful cloud deployments combine the right set of tools and the right expertise to accelerate migration to and adoption of cloud-based collaboration platforms," says Steve Murphy, CEO of Metalogix. "So today, we are launching the Cloud Acceleration Suite and Partner Program to provide clients the tools, training and expertise they need to overcome the unique deployment and user adoption challenges of rolling out a cloud-based collaboration platform".
The Partner Program gives clients access to experts in cloud deployment who can help at each step of their cloud transition including developing a migration road map, establishing governance and management processes and ensuring sensitive content stays secure.
You can find out more about both the Cloud Acceleration Suite and the Partner Program on the Metalogix Website.
Photo Credit: IdeaStepConceptStock/Shutterstock
Understanding the audience is key to success in marketing and thanks to our ability to gather data from transactions and social networks there's more opportunity to analyze customer actions than ever before.
Atlanta-based Insightpool is launching a new version of its audience cultivation and conversion platform aimed at giving brands greater insight into and control over their marketing.
Insightpool 2.0 uses predictive analytics and machine learning to drive conversion and return on investment for brands. Instead of needing to piece together multiple tools or services to execute large scale digital campaigns, users can target the audiences most likely to engage with a brand. They can also drill down into the most relevant set of messages to produce the desired results.
The platform delivers real time, goal-specific analytics so that brands can easily understand what resonates with individuals and tailor their efforts accordingly.
"Marketing software is mature enough that ROI should be expected as it is in any other technology category. Because Insightpool is focused on conversion, we can deliver results that drive the bottom line and not just vanity social metrics," says Devon Wijesinghe, Insightpool's CEO. "Insightpool's level of sophistication for social marketing is unrivaled, and completes the full engagement cycle to achieve measurable business results that scale".
Using proprietary algorithms that can be custom tuned for specific organizations, Insightpool can predict social engagement using over 60 variables. It can integrate with existing social media management software so that businesses can take advantage of its insights without upsetting their existing operations.
Key features of version 2.0 include 'social drip' campaign management and optimization designed to generate leads. Social predictor rankings that use proprietary algorithms and machine learning to analyze and identify people with the highest potential for conversion. It also allows easy identification of the most effective messages along with social customer relationship management integration and a real-time dashboard for easy management.
You can find more information on the Insightpool website.
Image Credit: Kidsana Maimeetook / Shutterstock
In an unexpected announcement today Microsoft and Dropbox have revealed that they're joining forces to integrate Dropbox more closely into Office.
The link up will allow Office files to be edited directly from the Dropbox mobile app and the changes synced across devices. It works the other way too with access to Dropbox from within Office.
Dropbox links can also be shared directly from within the Office app. The changes will roll out to all users of Dropbox for Android and iOS over the next few weeks. They'll be available for Dropbox for Business customers with Office 365 licenses too.
Microsoft's Office blog also confirms that next year connections will be added to both Dropbox and Office Online web services.
Writing on the Dropbox for Business blog Ilya Fushman, head of product for Dropbox and Dropbox for Business says, "With this partnership, we're bringing the magic of the Dropbox and Office desktop experiences to mobile and the web. What does that mean for you? In short: boundless productivity. You'll be able to edit Office documents right from your Dropbox mobile app, and access your Dropbox from within your Office apps".
You might wonder where this leaves Microsoft's own OneDrive cloud storage service which will continue to appear alongside Dropbox in Office apps. It seems that Microsoft is simply recognizing that with Dropbox for Business in use in over 80,000 organizations worldwide, and the service being home to more than 35 billion Office documents, it simply can't afford to ignore a potentially valuable source of users.
"In our mobile-first and cloud-first world, people need easier ways to create, share and collaborate regardless of their device or platform," says Satya Nadella, CEO of Microsoft. "Together, Microsoft and Dropbox will provide our shared customers with flexible tools that put them at the center for the way they live and work today".
Is this a surprising announcement or is it an inevitable consequence of the state of the cloud storage market? Let us know what you think in the comments.
Shakespeare's Globe in London is known for its productions of the bard's plays in an atmosphere close to their original environment.
Now the Globe is going global with the launch of a new online video platform offering full-length HD films of its productions to rent or buy on demand in a world first for a theater.
Every foreign-language production from the 2012 'Globe to Globe' festival of international Shakespeare has been made available on film, along with the main productions from the 2012, 2011, 2010 and 2009 summer seasons.
Last year's touring production of the three Henry VI plays are also available now and 2013's main titles, The Tempest, A Midsummer Night's Dream and Macbeth will be available online in the coming months.
Dominic Dromgoole, Artistic Director of Shakespeare's Globe, says, "Whether we're touring the world, inviting the world to the Globe, or being the first to experiment with low ticket prices with our £5 groundling tickets, the Globe is always looking for bold new ways to take Shakespeare out into the world and share his astonishing plays with as many people as possible. Globe Player will allow us to reach brand new audiences and to make access to our productions simple and seamless for anyone with the internet. We are delighted to be the first theatre with its own dedicated video-on-demand platform".
Globe Player also hosts a range of other material including footage gathered in the making of the film Muse of Fire, available free to allow people to try out the site. Other content either available now or coming soon includes dozens of short films from the New York Shakespeare Exchange’s Sonnet Project and the feature-length documentary A Summer Hamlet.
The player has been created by Qip Creative, a digital agency founded by two recent Cambridge graduates and specializing in innovative online shopping and other projects.
You can try out Globe Player now. Rentals cost £2.99-£4.99 (around $4.80-$9.60) and purchases £4.99-£9.99 (around $9.60-$15.99).
With Azure and Office 365, Microsoft already has a strong position in the business cloud market. But the company isn't resting on its laurels, it used this week's Convergence 2014 conference in Barcelona to announce a number of innovations to help enterprises gain greater benefit from the cloud.
The main announcement is that the latest Microsoft Dynamics CRM 2015 release will be generally available in December this year. The new release is designed to address the growing need for businesses to deliver seamless experiences to their customers by helping them break down the barriers between divisions.
New capabilities in this release include advancements in natural user interface and integration with Cortana -- the intelligent personal assistant on Windows Phone 8.1. With Cortana, users will be able to set up meetings and reminders; search for contacts, accounts and activities; view customer lists; and create new customer records -- all using voice commands.
There will also be platform updates allowing companies to create pre-defined, configurable processes, along with API enhancements to ensure consistency across devices. Templates will be made available to help customers with industry-specific requirements.
Other announcements include a Sales Productivity solution for Office 365 and a partnership with Thunderhead.com. The Thunderhead.com link will offer a complete customer engagement solution bringing together the Microsoft Dynamics CRM platform and Thunderhead.com's ONE Engagement Hub. This will enable marketers to build customer engagement by tying together customer insight, context and behavior.
There's a new version of Microsoft Dynamics AX, the company's flagship ERP solution, too. The update allows businesses to combine all the benefits of Dynamics AX and Azure in an end-to-end cloud solution. It lets companies run hybrid environments with an optimal mix of development, test and production. Plus it adds a new Point-of-Sales client for Windows tablets and phones, giving in-store staff the ability to access product and customer information at their fingertips to deliver improved shopping experiences.
Microsoft also showed off a new Dynamics NAV 2015 release that adds a tablet and touch-optimized user experience. This will allow small and mid-sized business customers to access their company data and processes regardless of location or device.
"To better engage with their customers, businesses are looking to the cloud for greater collaboration and the right insights to help them be more productive," says Microsoft Business Solutions executive vice president Kirill Tatarinov. "Microsoft is re-imagining and reinventing productivity by harnessing the power of the cloud through a flexible platform in Azure, a cloud productivity suite in Office 365, and customer-centric business applications delivered through Microsoft Dynamics solutions that are helping organizations transform the way they engage with customers and run their business".
Tatarinov's full keynote speech is available on demand if you want to learn more.
Photo Credit: Sakonboon Sansri/Shutterstock
Using your smartphone can be dangerous according to findings from a new study by gadget insurance specialists SquareTrade and it's people as well as devices that are getting damaged.
A poll of UK smartphone owners found that a stunning -- or possibly stunned -- 86 percent had tripped, stumbled or hit a lamppost or wall when distracted by using a mobile device. Stumbling incidents accounted for 37.2 percent of people damaging their phones in the last two years with over half of all accidents happening in the home. Also 18 percent of accidents were caused by someone other than the phone owner.
Brits aren't the clumsiest in Europe though -- 40 percent of Greek smartphone users managed to damage their phones in stumbling incidents the last two years. Whilst over the same period, 39.8 percent of Italian and 38.9 percent of Spanish smartphone users had slipped up when using a phone. Maybe the Mediterranean climate has something to do with it?
Least likely to have accidents whilst using their phones are the Poles (24.3 percent), Belgians (24.9) and Swiss (26.3). Kevin Gillan, SquareTrade's European managing director says, "While the percentage of smartphone tumbles varies from country to country, it’s clear that there are a lot of people out there who have damaged their phone and themselves in some way. Talking and walking are perfectly safe, but perhaps our smarter phones are now putting us at risk by diverting our eyes off the path ahead".
Doctors too are reporting an increase in the number of people admitting to having mobile-related mishaps. Dr Louise Newson, a British GP, says "I've seen a lot of mobile-related injuries in my surgery in the last 12 months, mostly from people tripping or bumping into something because they've been distracted by their smartphone. Some of the injuries are quite nasty. As more young children and elderly people are using mobile phones, I expect that we’ll see more mobile-related injuries in these groups of people in future".
You can see a breakdown of Europe's clumsiest countries when it comes to damaging smartphones in infographic form below. And if you've had a mobile related accident do let us know in the comments. We promise not to laugh.
Image credit: Stokkete / Shutterstock
We're frequently being told that the use of mobile devices makes our work lives easier, but it seems that a sizable percentage of people don't share that view.
Mobile sales solution company Seismic has released the results of its Salesforce Spotlight survey showing the complex relationship between business users and mobile technology.
The survey carried out amongst Dreamforce attendees reveals that Salesforce is still the main platform for handling sales data and that 57 percent of respondents use the package for more than two hours a day. When it comes to mobile access though, 21 percent said they had no plans to implement the Salesforce1 platform.
Of those who have already implemented Salesforce1, 66 percent say they access it via both smartphone and tablet. Those that use it on just one platform favor their smartphones, but more than 60 percent of respondents using both reached for their tablet more frequently than their smartphone for CRM, content management and presentation tasks.
Perhaps most interesting though is mobile's perceived impact on working lives. Whilst the previous survey in 2013 showed that seven percent of Dreamforce users thought mobile technology would complicate their work life, this year's findings show nearly 20 percent feel that mobile technology has made their work lives more complicated in the past year.
"While our survey findings validate the growing importance of mobile devices in the enterprise, it was surprising to find that users view mobile technology as a complication to their work lives," says Seismic CEO Doug Winter. "Cutting-edge mobile technologies should be simplifying marketing and sales processes, not complicating them. Organizations need to become more strategic and agile when implementing new software if they want to gain a competitive advantage".
The full report is available to download from the Seismic website.
Image Credit: Sergey Nivens / Shutterstock
With every new breach, network security hits the news, yet many people and companies still don’t get the basics right.
UK-based wireless network specialist Exigent Networks has produced an infographic that looks at the importance of network security and offers tips and expert advice.
It covers the essentials of what network security does as well as looking at some of the most common attack vectors like eavesdropping, trojans and denial of service attacks. It also looks at the technology of network security and sets out some best practice guidelines for businesses.
It concludes with quotes from some of the industry's leading security experts on why network security is vital. You can see the full infographic below.
Image Credit: rosedesigns / Shutterstock
Twitter provides a unique window into public thinking and that can be useful for businesses, not only to see what people are saying about them but also to get an insight into market trends.
In order to help enterprises understand their customers and markets, IBM and Twitter have announced a partnership that will allow Twitter data to be used in IBM's cloud-based analytics platforms.
The two companies will deliver a set of enterprise applications to help improve business decisions across a range of different industries and professions. The first joint offering from big blue and the blue bird will integrate Twitter data with IBM ExperienceOne customer engagement solutions. This will allow sales, marketing, and customer service professionals to map sentiment and behavior, and help them to better engage with and support their customers.
There will also be collaboration to develop unique solutions for specific industries such as banking, consumer products, retail, and travel and transportation. The partnership will use the skills of tens of thousands of IBM Global Business Services consultants and application professionals including consultants from the industry's only integrated Strategy and Analytics practice, and IBM Interactive Experience, the world's largest digital agency.
"Twitter provides a powerful new lens through which to look at the world -- as both a platform for hundreds of millions of consumers and business professionals, and as a synthesizer of trends," says Ginni Rometty, IBM Chairman, President and CEO. "This partnership, drawing on IBM's leading cloud-based analytics platform, will help clients enrich business decisions with an entirely new class of data. This is the latest example of how IBM is reimagining work."
IBM plans to offer Twitter data as part of other select cloud-based services. These include IBM Watson Analytics, a service that brings intuitive visualization and predictive capabilities to business users. Businesses and developers will also be able to integrate Twitter data into cloud services they build using IBM Watson Developer Cloud and IBM Bluemix platform as a service.
"When it comes to enterprise transformation, IBM is an undisputed global leader in enabling companies to take advantage of emerging technologies and platforms," says Dick Costolo, Twitter CEO. "This important partnership with IBM will change the way business decisions are made -- from identifying emerging market opportunities to better engaging clients, partners and employees."
For more information on the partnership and what it will offer you can visit the IBM website, or the official Twitter blog.
Security breaches have become a major worry for businesses in the last two years and that's reflected in strong growth of the market for breach detection products.
A new market intelligence brief by NSS Labs looks at the rapid rise of breach detection systems (BDS). In 2013 the BDS market was worth over $289 million dollars, up 99 percent over the previous year.
The market is expected to continue growing at an annual rate of 36.9 percent to reach $1.39 billion by 2018. Given that BDS is an emerging market with few products that have been around for more than three years this is an impressive jump.
The study finds that lack of mature solutions along with inconsistent marketing is, however, causing considerable confusion around the necessity, effectiveness and best practices for deployment of these products. The high price of many on-premises solutions is also inhibiting adoption.
Another barrier is that BDS solutions are complex in their own right and require a level of security expertise that is currently hard to find. As a result many vendors are deploying cloud-based or managed offerings to offset the high costs and complexities of BDS. NSS Labs predicts that hybrid solutions could become the primary vehicle for BDS deployments in the future.
Current BDS offerings are deployed primarily as hardware appliances, but many vendors are also introducing virtual appliances, software as a service and the endpoint as part of the product suite.
The report notes that, "The immediate challenges for the BDS market are twofold: Vendors must demonstrate that these expensive solutions do in fact provide increased security (i.e, they will discover threats that all other devices in the security stack have missed), and end users must be trained in how to deploy these devices and manage their output".
To address the training issue some vendors are offering services built around these solutions or are integrating breach detection into their existing security products.
NSS Labs concludes that there's no best approach to BDS, it's more important to determine what works best for a particular business. More details on the report are available on the NSS labs site.
Image Credit: Sergey Nivens / Shutterstock
Securing applications in the cloud can prove a difficult challenge for businesses. Any solution needs to balance protection against accessibility and not harm performance.
Java security specialist Waratek has used the Microsoft TechEd Europe conference in Barcelona to announce an innovative bring your own security (BYOS) approach to the problem called Waratek Locker.
It's a secure container that provides Runtime Application Self-Protection (RASP) for Java applications deployed on the Azure cloud platform. Waratek Locker provides transparent protection against business logic and network layer threats regardless of where an application is hosted and without the need to make any code changes.
The product works within the Java virtual machine allowing it to provide security monitoring, policy enforcement and attack blocking. It can guard cloud applications from exploits that target vulnerabilities in third party libraries and malicious activity including SQL injection, abnormal file manipulation or unexpected network connections.
Applications deployed in Waratek Locker are protected by a rule-based engine. This can be remotely managed by administrators and it comes pre-configured with rules to restrict application access to only required files and network functions, and to block SQL injection attacks.
"Microsoft Azure is a powerful platform for deploying enterprise applications in the cloud that includes industry leading infrastructure level security," says Brian Maccaba, CEO of Waratek. "With Waratek Locker we enable organizations to bring their own application security controls to Azure in one easy to deploy and manage container. It is truly portable enterprise class security for the cloud".
You can find out more and get a free trial on the Waratek website. The company has also made a free tool available for writing custom security rules.
Photo Credit: Slavoljub Pantelic / Shutterstock
Finding skilled mobile developers is one of the top challenges when it comes to the timely delivery of new apps.
This is among the findings of the 2014 Mobile Trends report from enterprise mobile platform provider Appcelerator. The company along with IDC surveyed over 8,000 mobile developers and 121 IT decision makers to get their take on trends that affect the way businesses use mobile in the workplace.
The skills gap was rated by 33.3 percent of developers and 41.3 percent of decision makers as the number one difficulty. The skills problem isn't simply about coding languages but also the way processes must be adapted and apps designed to connect to back office data. Agreeing on features and design priorities is seen as a problem by 17.6 percent of developers and 9.9 percent of decision makers.
There's also division of opinion over who owns the mobile agenda. 66.9 percent of IT decision makers feel that IT is the primary driver in setting the organization’s mobile agenda, however, 49.7 percent of developers say the business side is in control.
This same split is evident on HTML5 too. Among decision makers 70.6 percent report a positive experience of implementing HTML5 but that figure falls to 37.2 percent amongst developers.
The report indicates that release velocity is increasing too along with the number of platforms that need to be supported. 83.9 percent of developers report that their businesses are supporting two or more mobile operating systems, and 55 percent say they release monthly or more often.
What both sides agree on is the importance of accessibility to mobile platforms, with 90 percent of developers and 87 percent of IT decision makers saying it was likely or very likely that connecting mobile apps to both public and enterprise data sources will become the norm.
The full report is available in a snazzy page-flipping format on the Appcelerator website.
Image Credit: logolord / Shutterstock
We reported back in March that DDoS attacks had risen sharply to become a major threat for online businesses.
In order to help companies cope, cloud security provider Incapsula is today launching a DDoS Playbook analyzing the threat landscape and providing businesses with a how-to guide to fend off attacks.
Incapsula's DDoS Playbook provides companies with a practical guide for planning and executing a DDoS response plan. It outlines pragmatic steps and best practices to help in choosing the right mitigation solution for an organization. It will help enterprises authoritatively respond to an attack and conduct a thorough post-attack analysis for developing follow-up defense strategies.
The Playbook starts with the basics of how often DDoS attacks occur and how and why they're launched. It then covers building a response team, preparing a plan and carrying out a risk assessment.
It looks at the key technologies and capabilities needed to build a protection strategy, including detection and the importance of timing. Crucially it also looks at what's needed to respond to an attack, covering establishing a communications center, responding to ransom notes and more.
The book's authors say, "Organizations that engage in advance DDoS response planning are far more likely to limit potential damage and act in an effective manner than those that try to improvise their way through a DDoS-induced crisis".
Written for executives rather than technical staff, the Playbook includes a glossary of terms and is written in an accessible style offering practical advice. For more information and to download a copy visit the Incapsula website.
Image Credit: sibgat / Shutterstock
Over the past decade or so there's been a big change in the way data centers work and in many cases procedures for managing incidents haven't kept pace.
This is partly due to greater complexity brought about by the cloud and virtualization, and partly due to the fact that monitoring has become more fragmented with companies using, on average, five different monitoring tools.
In order to bring data center incident management up to date, data science specialist BigPanda is aiming to use its platform to automate IT incident management. It analyzes alerts then automates the processes involved with detecting, investigating and collaborating to resolve IT incidents. This enables companies to resolve IT issues faster and minimize their impact on customers and revenue.
Assaf Resnick, Co-Founder and CEO of BigPanda, says, "The new generation of IT infrastructure requires a fundamentally different approach to incident management. We believe that only through leveraging data science can IT teams tackle the scale of machines, events and dependencies that must be understood and managed".
BigPanda uses a SaaS platform that aggregates and normalizes alerts from leading monitoring systems, such as New Relic, Nagios and Splunk, as well as in-house monitoring solutions. It then uses powerful data algorithms to automate the incident management process.
It sorts high level incidents from the flood of alerts so that critical issues can be spotted quickly. BigPanda also cross checks IT incidents with the code deployments and infrastructure changes that may have caused them, so IT and DevOps teams have instant access to the data they need to make smart decisions quickly.
In addition the platform makes it easy to notify the right people and keep everyone updated on incident status, notes, activities, metrics, and more. BigPanda syncs with help desk systems like ServiceNow, JIRA and Remedy, which frees IT staff from having to manually manage tickets and keep them up-to-date.
The company has also announced $7 million of funding from venture capitalists to allow it to develop the product. A lite version of BigPanda is available for free and there's a 30-day free trial of the full version available on the company's website.
Image Credit: leungchopan / Shutterstock
More than 70 percent of executives think their organization only partly understands the risks it could be exposed to as a result of a data breach. This is among the results of a study from technology giant HP into the importance of executive involvement in breach responses.
In addition less than half of board-level executives are kept informed about the breach response process and only 45 percent believe they are accountable for the incident response process.
Some 79 percent of respondents say executive level involvement is necessary to achieving a successful data breach response, while 70 percent believe board level oversight is also crucial. However, only 45 percent of executives believe that their own enterprise's incident response process is either proactive or mature.
In terms of what constitutes a serious incident, 57 percent of respondents say the lost or theft of more than 10,000 records containing confidential or sensitive information constitutes a significant data breach. In cost terms, a data breach that averages approximately $2 million is considered significant.
"Without a well thought out plan in place, and without the proper guidance, training and process instituted throughout the organization, executives can stumble when dealing with the public outcry once sensitive data has been compromised", says Arthur Wong, senior vice president and general manager, Enterprise Security Services at HP. "No amount of spend can completely protect organizations from highly sophisticated cyber attacks, but how prepared an organization is in the event of a breach can mean the difference between a speed bump in the road or a catastrophic business event".
To help executives prepare for handling data breaches HP has made some free online resources available as part of an Executive Breach Response program. These include a study exploring how 300 global organizations plan and use best practices to prepare for cyber security incidents.
There's also a breach response assessment which contains a series of questions to compare an organization's answers to those of its industry peers. Using the tool, an individual can assess an organization’s ability to respond to a data breach and identify areas of strength and weakness when it comes to preparing for a breach.
A breach response playbook offers scenarios, best practices, and benefits in planning that will help organizations be prepared in the event of a data breach. Finally there are a series of webinars to help executives draft and implement breach preparedness plans.
The full report and details of the Executive Breach Response program are available on HP's website.
Image Credit: Pressmaster / Shutterstock
In the last year 94 percent of organizations have encountered at least one cyber security incident, with 12 percent indicating that they’d been on the receiving end of a targeted attack.
These are among the findings of a survey of worldwide IT professionals by security company Kaspersky Lab and research specialist B2B International. Damages from one successful targeted attack could cost a company as much as $2.54 million for enterprises and $84,000 for small businesses.
Whilst the threat of targeted attacks affects businesses of all sizes, the survey finds that large companies in particular see them as a major threat. 38 percent of companies with 1,500 to 5,000 employees, and 39 percent of companies with more than 50,000 employees named targeted attacks as their number one concern.
Smaller businesses are slightly less concerned, with 34 percent naming targeted attacks as a key priority. A major worry for all businesses is losing sensitive data with more than a third saying that protection of confidential data against targeted attacks is a key problem for IT management teams.
Chris Doggett, Managing Director of Kaspersky Lab North America says, "The survey results clearly indicate that many businesses now recognize that the threat of a targeted attack is very real and could be very harmful for their organization. However, we are seeing that the number of companies that are actually taking that knowledge and turning it into an action to protect their organization from such attacks is still alarmingly low. With major breaches being reported regularly now, it is critical for businesses of all sizes to make protection of their IT infrastructure their top priority, especially given the damages that arise from each successful targeted attack".
Other findings from the report are that spam is now seen as the number one external threat, named by 64 percent of respondents. Viruses and other malware were named by 61 percent. Phishing attacks trail some way behind on 38 percent followed by network intrusions on 25 percent. Whilst DDoS attacks rate only 18 percent on the overall threat scale they're placed much higher by IT and telecom companies.
Where internal risks are concerned, flaws or vulnerabilities in software are rated highest at 36 percent, followed by accidental leaks by staff (29 percent) and loss or theft of mobile devices (26 percent). Again these figures vary by industry with 42 percent of telecom companies being worried about accidental leaks.
There's much more information in the full report which is available on the Kaspersky Lab website.
Photo Credit: Sergey Nivens/Shutterstock
Individuals are frequently the weakest link in the chain when it comes to protecting business data, often through simple day-to-day lapses that can have a serious consequence.
Atlanta-based IT Services company Leapfrog Services has identified five common bad habits of employees that businesses need to manage in order to guard their information.
Poor password practices are top of the list. If employees fail to log out when they leave their desks, or write passwords on sticky notes attached to the monitor, they're putting company data at risk. It's important to establish and enforce security procedures especially if workstations are shared.
Updating social media may seem like a harmless activity, but badly-judged comments about products, clients or even colleagues can have serious consequences. Enterprises need to have a clear social media policy which outlines what can be shared and what needs to be kept confidential.
Sending texts may be convenient, but if employees use personal devices for business it risks losing the security that's in place for company systems. As a result something like sending links, images and quick thoughts by text may fall outside of the IT department's control or access.
Social engineering is a problem across all businesses and phishing emails do make it through to inboxes occasionally, even with protection in place. Opening an email mindlessly may be all it takes for hackers to infect a system or company network. Whilst it's important to keep security systems up to date, education is vital to make sure staff are aware of the potential threat posed.
Finally, seemingly helpful working methods such as using public clouds to share files or working via insecure home networks or access points can put company data at risk. If employees are allowed to work away from the office or on their own devices this needs to be backed up by security systems that keep the company safe but don't compromise convenience.
"Lines are now blurred between using company computers vs. personal devices for work," Leapfrog’s CTO Trey Hawkins says, "And as we learned with recent celebrity hacking incidents, even cloud-based platforms can be compromised. It is critical to have rules in place that protect company information".
Image Credit: Jirsak / Shutterstock
Threat protection specialist Damballa has released its threat protection report for the third quarter, highlighting that the malware threat is still growing.
Based on analysis of traffic from the company's ISP and enterprise companies, the report looks at one of the biggest challenges facing IT security teams, that of identifying genuine attacks amongst a plethora of security alerts. In the last quarter it says that the 'noisiest' enterprises experienced some 138,000 events in a day. This represents a 32 percent increase over Q2, with customers experiencing an average of 37 infected devices a day.
There is some good news thanks to a 40 percent reduction in daily infections over the previous quarter. This is thanks to customers using technologies like automatic incident detection to respond to threats and identify true positives.
The biggest worry though is an increase in point of sale malware. Damballa detected a 57 percent increase in infections of Backoff from August to September and a 27 percent increase from September to the end of the month. Backoff, is a new breed of highly targeted POS malware and is reported by the US government to have infected 1,000 businesses including Kmart and Dairy Queen.
Brian Foster Damballa's CTO says, "Fundamentally, these figures show that prevention controls cannot stop malware infections. POS malware and other advanced threats can, and will, get through so we can't simply build the walls around the network higher. And for security teams, faced with the trawling through a tsunami of events every day, manually correlating these to find the 'true positives' is simply not feasible".
The particular worry with Backoff malware is that it attacks via local area networks where traffic may not come under the same scrutiny as external traffic. Once an infection is present therefore it can remain active but hidden.
Foster concludes, "The encouraging news is that automatically correlating evidence, can have a significant impact in reducing the number of infected devices within the network. We'd advise enterprises to be prepared, to get ahead by assuming that they will be compromised, and take proactive measures to be ready to remediate".
The full State of Infections report can be downloaded from the Damballa website.
Photo Credit: Balefire / Shutterstock
In large companies it can be difficult for decision makers to see the full impact their choices have. A new product from decision support specialists Mu Sigma aims to provide a holistic picture of how things are connected.
The product, called muUniverse, is designed to give decision makers at Fortune 500 companies a complete view of their business decisions, allowing them to navigate an increasingly complex set of interconnected problems they face in areas such as sales, marketing, finance, supply chain, risk, and others.
It's based on the patterns found in nature where problems occur in clusters rather than isolation and organisms increase in complexity over time. MuUniverse maps the decision foot print within the organization and is claimed to be the only solution available today that can provide an intelligent path to drastically improve decision making and impact the outcomes that are necessary for growth and survival.
"In the age of big data, companies often lack the tools they need to appreciate and understand the complexity of problems they face. A new art of problem solving is needed to address this. The big goal of our new platform is to automate dynamic thinking that is often baked into the DNA of innovators like Steve Jobs and Elon Musk, but now make this available to any major corporation," says Dhiraj Rajaram, CEO and founder of Mu Sigma.
It builds on the company's existing muPDNA business intelligence platform and is aimed at helping businesses improve problem solving and planning by allowing the creation of better insights. It can also assist in prioritizing and engaging with the correct stakeholders, as well as investigating the relationship between problems allowing the impact of decisions to be anticipated. Eliminating risk is another benefit as is the ability to spot new opportunities based on data analysis.
You can find out more on the Mu Sigma website.
One of the problems that enterprises often see in implementing cloud computing is that they risk getting tied into a single supplier for software and platform.
This is leading to more interest in 'hybrid cloud' solutions which allow the mixing and matching of features from different suppliers. Today industry giants IBM and Microsoft announce that they're working together to provide their respective enterprise software on Microsoft Azure and IBM Cloud.
"Together we are creating new opportunities to drive innovation in hybrid cloud," says Robert LeBlanc, Senior Vice President of IBM's Software and Cloud Solutions Group. "This agreement reinforces IBM's strategy in providing open cloud technology for the enterprise. Clients will now gain unprecedented access to IBM's leading middleware and will have an even greater level of choice over the tools that they use to build and deploy their cloud environments".
The idea is to give clients, partners and developers a wider range of options. IBM middleware such as WebSphere Liberty, MQ, and DB2 will be available on Microsoft Azure, whilst Windows Server and SQL Server will be offered on IBM Cloud.
At the same time the two companies are working together to deliver a Microsoft .NET runtime for IBM’s Bluemix cloud development platform. Plus IBM will expand support of its software running on Windows Server Hyper-V. The companies plan to make IBM Pure Application Service available on both Microsoft Azure and IBM SoftLayer for automated deployment, configuration and license management in a hybrid cloud environment.
Customers will be able to bring their own software licenses to the IBM and Microsoft clouds, helping them to avoid extra cost. IBM middleware licenses for things like WebSphere will be made available to Azure users with per user pricing.
"Microsoft is committed to helping enterprise customers realize the tremendous benefits of cloud computing across their own systems, partner clouds and Microsoft Azure," says Scott Guthrie, executive vice president, Cloud and Enterprise at Microsoft. "With this agreement more customers will be able to take advantage of the hyper-scale, enterprise performance and hybrid capabilities of Azure".
For more information visit the IBM Cloud or MS Azure websites.
Photo Credit: Minerva Studio/Shutterstock
Google Analytics has become something of an industry standard for gathering web metrics. But a new report from form building company Formstack says that businesses may be concentrating on measuring the wrong things.
It suggests that users tend to focus on vanity metrics, like page views and bounce rate, but stop short of real data tracking. What they should be focusing on are the actionable GA metrics that will impact conversion rate and ultimately revenue.
The company has produced an infographic guide to calculating the return on investment of a landing page using Google Analytics. This sets out four key steps: defining the audience, discovering conversion rates, calculating page revenue and assigning value to customer actions. Given the relatively simple process it's surprising that only a third of marketers bother to calculate the ROI of their sites.
You can download the full report from the Formstack website and view the infographic below.
Photo Credit: Sergey Nivens / Shutterstock
As businesses increasingly turn to the cloud to store their data the weak link in the chain remains the use of the public internet to transfer information.
To overcome these concerns enterprises are looking for secure and scalable ways to directly connect data centers across the globe. Now IIX (International Internet Exchange) has acquired a platform that fully automates the buying and provisioning of network connections in under five minutes, replacing a manual process that can take as long as 30 days.
IIX has acquired UK-based Allegro Networks which has a pioneering automation platform called Snap. This provides organizations with a new and unique capability to purchase and provision virtual cross connects, point-to-point circuits, and peering interconnections in minutes.
Snap eliminates the manual and laborious process of creating direct network interconnections across multiple markets, something which can take weeks or even months. Using a laptop, tablet or mobile device, customers can log on to a secure portal. From there they can buy and provision connections to the content providers, cloud providers, and other trading partners that are key to their business, in under five minutes.
"Enterprises are rapidly adopting cloud computing solutions, driving the demand for scalable, secure, and flexible direct interconnections to content, cloud, and application providers and other enterprise networks. With the acquisition of Allegro, IIX gains top engineering talent, innovative technology, and 34 network Points of Presence (PoPs) in the UK to support growing customer demand," says Al Burgio, founder and CEO of IIX.
As part of the deal Andy Davidson, Allegro's Chief Technology Officer, has been appointed IIX's Vice President of Network Engineering, Europe. He says, "IIX is at the forefront of next-generation direct interconnection for enterprises worldwide. This acquisition enables our customers to have direct access to additional leading content and application providers globally. Our two organizations share the same philosophy, believing that the ability to provision scalable, reliable, and secure interconnects will power new innovation for the benefit of online users".
You can find out more about the Snap platform and how it works on the Allegro website.
Photo Credit: Palto/Shutterstock
You can't go too far in the big data world without encountering Apache Hadoop. The open source framework was created in 2005 to handle large scale processing.
A new infographic from data management company Solix looks at what Hadoop is, the four modules that make it up, and how it’s used in the enterprise, along with a glimpse at its future.
Key facts are that one in four organizations use Hadoop to manage big data, up from one in 10 in 2012. Reasons cited for using it include low cost, computing power and scalability. More than 60 percent of companies say that Hadoop is used to supplement or replace their existing data environments.
Looking into the future, 61 percent of organizations plan to deploy Hadoop in the future or have already started to deploy it. Worldwide sales of Hadoop-based technology are expected to exceed $50 billion by 2020.
You can see the full infographic below.
Most people are aware that they need to have some form of protection on their PC if it's attached to the internet. Yet it seems that a lot of users still don't know how to properly protect themselves.
Many believe that the security software that comes with their PC is enough to protect them. Security company Check Point ZoneAlarm has released an infographic which shows that 71 percent don’t have both a firewall and antivirus solution on their PCs.
It also shows that 32 percent of PCs in the world have a malware infection and that unprotected machines are 5.5 times more likely to get infected. The graphic compares protecting your PC to defending a medieval castle, but don’t go heating the boiling oil just yet.
ZoneAlarm has also released a blog post on the results of the recent AV-TEST research which shows that its premium product out performs free offerings from Avast and AVG. The message being that relying on free solutions may not protect you as much as you think it does.
The key thing though is that whatever you use you need to have both a firewall and antivirus to provide protection. Otherwise it's back to the drawbridge and the suit of armor. More details in the infographic scroll below.
Data breaches continue to make the news on a regular basis and payment details are high on the hacker’s shopping list when it comes to protecting information. We reported yesterday on Intel introducing a new secure solution for protecting payments and card providers are engaged in a continuing arms race to stay secure. The latest part of this is the introduction of more secure EMV (EuroPay, MasterCard and Visa) compliant payment terminals around the world. Banks are issuing the new chip cards as current cards expire or need replacement. Retailers are installing new chip-enabled terminals.
As the holiday shopping season approaches keeping your details safe as you hit the shops is at the top of many people's thoughts. We spoke to Carolyn Balfany, SVP, Product Delivery and EMV of payment card specialists MasterCard to find out about what consumers can do to help protect themselves as they shop.
BN: Have EMV technologies like chip and pin made a difference to the way criminals target payment card information?
CB: New chip cards have embedded computer chips which provide more layers of security. Chip cards generate a unique code with every purchase, which makes each purchase unique and prevents the creation of counterfeit cards.
BN: What does the upcoming EMV liability shift mean for consumers?
CB: The liability shift means a higher level of security for consumers. Liability for fraud will lie with the bank or retailer with the least secure technology. This is an incentive for banks to issue the new cards and retailers to update their terminals to accept the safest form of payments.
BN: Why has EMV taken so long to roll out in the US given that it's been the norm in Europe for some years?
CB: There are a few reasons. Historically the US has low levels of fraud due to sophisticated processes and technologies which identify potential issues, in many cases, before they happen. Therefore the move to chip cards was not as urgent in the US.
In addition the process for banks and retailers moving to chip cards takes time. It's as if the US decided to drive on the left-hand side of the road -- all cars, road signs, exit ramps and toll bridges would need to be modified. The US adoption of chip cards actually started back in 2012.
BN: How safe are contactless card payments and do they require additional safeguards?
CB: Contactless card payments are extremely safe due to the unique codes mentioned above. Your contactless card or device never leaves your hand, reducing the risk of it being lost or stolen. Safeguards are even in place to only charge once, even if you accidentally tap twice.
BN: What effect will non-card technologies like the new Apple Pay and other NFC systems have? Are these more or less secure than using a card?
CB: Digital payment platforms such as Apple Pay, Google Wallet and MasterPass will make mobile payments as easy and secure as using cards. Think of applying the security of chip cards in the online and mobile worlds.
BN: How worried should people be that if they're using a mobile phone for payments they risk losing their whole identity of they lose their device?
CB: When cardholders use their MasterCard cards they are protected by zero liability -- consumers are never held responsible for fraud. All MasterCard credit, debit, prepaid and small business cards issued in the US. MasterCard's zero liability policy in the US protects consumers and small businesses against card being fraudulently used in stores, online or at ATMs, including all signature and PIN tractions.
In addition there's identity theft resolution assistance. The program provides help in canceling missing cards and alerting credit reporting agencies, as well as targeting searches to detect if stolen personal and confidential data appears online.
As discussed above, chip or EMV cards provide an additional level of security. MasterCard cardholders can also download the InControl app. InControl allows cardholders, parents or employers to establish parameters for when, where and how their cards are used and even block transactions that they deem inappropriate. Additionally, it enables cardholders to receive real-time alerts about card activity via email or text message.
MasterCard has also worked with Apple Pay on security to protect our cards when they are used in connection with the iPhone 6. Apple Pay assigns a unique Device Account Number with a transaction-specific dynamic security code for every purchase. These codes or numbers are never stored on Apple servers and never shared with merchants. If iPhones are lost or stolen, features such as Find My iPhone can quickly put devices in Lost Mode. iPhones can also be wiped completely clean. Either way, both card numbers and identities are not accessible. For Android users, Google Wallet requires users to set up PINs that must be entered before making payments. Android phones also support a separate lock screen. Together, these two security features make it difficult for someone other than you to pay with your phone.
Image Credit: Sedlacek / Shutterstock
Independent testing organization AV-Comparatives has released the results of its latest Real World Protection and File Detection tests showing which security products perform best at dealing with malware.
The Real World Protection test results are based on over 600 live threats including drive-by downloads, malicious URLs, and infected email attachments. 22 products were tested and rated against the 'out of the box' protection provided by Windows (80.4 percent).
The only product to achieve 100 percent protection in the tests was trend Micro Titanium Internet Security, though it did so at the expense of five false positives. Qihoo 360 Internet Security and Panda Cloud Free Antivirus both achieved 99.5 protection with Qihoo scoring no false positives and Panda six.
Kaspersky managed 99.3 percent with no false positives, Avira and BitDefender both scored 99.2 percent again with zero false positives. ESET came next with 98.7 percent and one false positive.
Other notable results were F-Secure which although it managed to block 97.2 percent of malware recorded a massive 66 false positives, and McAfee which blocked 94.7 percent with 36 false positives.
At the other end of the scale Lavasoft and AhnLab both managed 85.2 percent and no false positives. At the bottom of the pile ThreatTrack Vipre scored 84.4 percent with 14 false positives.
So much for protection. The File Detection test measures the product's ability to detect malicious files already present on a system. Products were tested against more than 126,000 malware samples, again the out-of-the box protection of Windows (9.8 percent of samples missed) is used as the benchmark.
No product achieved total detection, Kingsoft and Avira score best here, missing just 0.1 percent, followed by McAfee on 0.2 and Kaspersky Labs and Baidu both on 0.3 percent. Only two products missed more than two percent of samples, Fortinet on 2.1 percent and AhnLab on 6.3.
Looking at false positives ESET scored only one, Panda two, with Emsisoft, Escan and Fortinet on four and Panda five. At the other extreme Avast clocked 120 false alarms, yet still managed to miss 1.4 percent of the malware samples.
What we can conclude from all this is that choosing internet security tools is a balance. No one product offers perfect protection across the board and detection rates need to be set against the number of false alarms likely to be generated.
There's an interactive chart of the Real World Protection Test results and the latest plus previous reports are available on the AV-Comparatives site for both Real World Protection and Detection tests.
Photo Credit: Balefire / Shutterstock
Recent high profile data breaches involving retailers have led many people to have doubts about the security of transactions.
Chip maker Intel has today announced a new data protection technology that will both address these concerns and help speed up the roll out of internet of things devices in retail environments.
Intel Data Protection Technology for Transactions adds an extra layer of software to protect the payment process. This complements other security and authorization technologies. The software sits on an Intel chipset and creates a secure pathway between the retailer's point of sale system and the servers.
The solution supports all modern forms of credit and debit payment including EMV (Europay, Mastercard and Visa), magnetic stripe and near field communication (NFC) transaction readers, including Google Wallet, Softcard and Apple Pay.
"This solution introduces a significant improvement in today's retail transaction data protection without costly hardware upgrades, and provides retailers a path for adopting new Internet of Things technologies," says Michelle Tinsley, director of Mobility Retail and Payments at Intel. "It also sets the stage to expand to other industries such as financial services, healthcare or even government agencies".
The client software is available now and the full solution is expected to be available to retailers by the end of next year. More information is available on the Intel website and there’s an overview of how it works in infographic form below.
Image Credit: Sergey Nivens / Shutterstock
As the popularity of cloud services has grown, so have concerns over the security of the data that's stored on them. This has led security vendors to adapt and develop solutions for the new environment.
A new report by security company NSS Labs looks at the rise of cloud security solutions and at the business demands driving their adoption, as well as the limitations and potential hidden costs in their use and recommendations for enterprises.
Findings include that many cloud security appliances and services are from new vendors rather than established providers, something which significantly complicates integration. Also a key feature of many data protection services -- manipulating data before it heads to the cloud -- can require organizations to deploy new critical assets, such as databases and servers and lead to new processes and potential expenses.
Ensuring compliance with organizations' unique regulatory and other requirements is a critical issue too, as is accounting for any gaps that exist between on-premises security and the cloud.
NSS recommends that enterprises deal with these issues by conducting thorough testing of all SaaS tools, either in-house or through a trusted third party, and that they include mobile platforms in their testing.
They also need to perform total cost of ownership (TCO) analysis on any SaaS solution, and take into account the cost required to change vendors including any updates to security. Legacy applications need to be mapped to existing security functions in order to understand their dependencies. The final recommendation is that businesses don’t outsource security related to mission-critical applications or business functions.
The report’s authors conclude, "The decision to rely on virtual security appliances or SaaS products for the protection of enterprise data presents a dilemma for organizations. While there is interest in leveraging cloud services, if security components cannot be seamlessly integrated to the cloud, organizations will experience gaps in their security architecture that could increase risk and expose sensitive data. Vendors must go beyond merely offering cloud-based services; they must prove that they can extend existing on-premises security controls to the cloud while maintaining regulatory compliance and controls".
The full analyst brief is available to download as a PDF from the NSS Labs website.
Photo Credit: Slavoljub Pantelic / Shutterstock
Banking fraud is down, mobile threats are up and cryptocurrency is the preferred payment method in the world of Russian cyber criminals.
Fraud prevention and cyber crime investigation specialist Group-IB has released a report on the Russian high-tech crime market in 2014. The report provides detailed assessments of the who, what, where and how of high-tech crime, who is behind what crimes, where they originate and who they target.
"With recent cybersecurity events such as the leaks at JPMorgan, Home Depot, Target and others, it pays to know which threats matter and where to best allocate security resources," says Ilya Sachkov, CEO at Group-IB. "Having solid information on the exact nature of cybercrime attacks, and knowing the vulnerabilities that criminal target and exploit, is invaluable to protecting personal and corporate data. Our report provides readers with the knowledge to make smart security decisions".
The report identifies a number of key trends, banking fraud overall is down. Of eight criminal groups active in Russian online banking theft last year, two have switched to foreign targets and one was broken up following the 2014 arrest of one of its leaders. However, mobile banking threats are up as five criminal groups have emerged that specialize in mobile banking theft using Trojans. These groups infect Android phones and steal information via SMS banking and the use of phishing sites.
Attacks on financial institutions continue and groups targeting them have stolen about $40 million during the report period, using techniques including Trojans, phishing sites, and even assistance from inside personnel. ATMs are a popular target too either via physical attack or access to networks.
A look at the online black market in stolen card details -- known as SWIPED -- reveals that one individual uploaded details of over five million cards in the past year. Group-IB estimates the market in stolen cards at $680,000,000. Investigation of a test sample found that all sampled cards on offer were originally stolen from the retail chain Target, which suffered a security breach in the past year.
When it comes to payment hackers prefer virtual currencies. The report finds that 80 percent of payments on SWIPED are made using Bitcoin. The use of malware-based botnets to mine bitcoins has also become more widespread and stealing from cryptocurrency wallets using Trojans is also more sophisticated and commonplace.
None of this means that the old favorite cyber crimes are going away though. Group-IB still detects 10,000 stores selling fake pharmaceuticals via spam every month.
You can read more about the report's findings and look at its prediction of trends for the coming year on the Group-IB website.
Image Credit: Augusto Cabral / Shutterstock
Sharing files among employees can be difficult for any business, but particularly for smaller ones which often end up adopting solutions like emailing attachments or using public cloud services.
These approaches can put data at risk and also cause problems for support staff. Backup and disaster recovery specialist Intronis has a new solution to help businesses share files safely in the form of ECHOshare.
"Intronis ECHOshare is an affordable, enterprise-grade file sharing and collaboration technology, delivered through the cloud, purpose built for business and easy for employees to use," says Chuck DeLouis, vice president of product management at Intronis. "With ECHOshare, we are empowering our partners to address use cases that go beyond backup and data protection, and helping them provide their SMB clients with the ability to access and share their data anywhere, anytime".
ECHOshare can be integrated with existing Intronis backup solutions or supplied separately. It's designed to allow managed service providers (MSPs) to offer sharing to their clients with features including centralized management and billing. It offers security too with remote wipe capability for lost or stolen devices, compliance with industry and government regulations, and integration with the existing ECHOplatform backup solution.
End user clients benefit from team-based sharing with user control over permissions on all projects, folders and files, along with password policies and data wipe features. Data can be accessed remotely from portable devices or branch offices and version control allows tracking of who edited a document and when.
There's also the facility to send large files within teams and to create a public link that can be shared with people outside the organization.
For more information about ECHOshare and to request a free trial you can visit the Intronis website.
Image Credit: megainarmy / Shutterstock
Many organizations are failing to meet data security and governance requirements according to a new Ovum survey sponsored by data flow specialist Axway.
The results reveal that 23 percent have failed a security audit in the past three years and 17 percent lack confidence in their ability to pass one today. It also puts the average cost of a data breach at $350 per record.
The report also highlights the growing complexity of governance and integration challenges facing organizations. With the EU soon to impose data protection legislation reforms, businesses need to ensure they have a 360-degree view of their data or face risks to their economic position and reputation.
"Ovum's findings shine a light on the challenges most organizations have in meeting today's increasing data security and compliance requirements, as well as the risks of failing to instil effective data flow governance," says Dean Hidalgo, executive vice president, global marketing, Axway. "With proven MFT and API management technologies, either on-premise or in the cloud, and by designing a more unified and comprehensive integration strategy, organizations can govern the flow of data across internal and external sources".
The study identifies key priorities for chief information officers, chief information security officers and chief risk officers. Business continuity and disaster recovery is seen as the top priority (87 percent), followed by protecting against cyber threats (85 percent), managing insider threats (84 percent) and compliance monitoring (83 percent).
More worrying is that many organizations struggle to balance security requirements with other strategies. Also more enterprise assets are likely to be exposed to external sources, such as partners, customers and third-party developers, with 78 percent of organizations either having an API program in place or planning to implement one in the next few years. File transfer solutions are also a concern with reliability, monitoring and compliance among the top issues.
"As the volume and speed of business continues to grow, organizations face greater risk of exposing sensitive data. Moreover, stringent regulatory mandates call for transparent audit trails and a high level of visibility into and control over the flow of sensitive data. Therefore, enterprises can no longer afford to implement infrastructure and governance solutions in isolation," says Saurabh Sharma, Senior Analyst, Ovum. "Traditional approaches to managing business interactions are not suitable for meeting these complex requirements and significantly increase the chance of a data breach and compliance failure".
A whitepaper of the results is available to download from the Axway website there will also be a webinar on the topic tomorrow (15 October) with Axway and Ovum experts. Meantime you can see an overview of the results in infographic form below.
Axway Ovum Governance, Risk and Compliance Infographic by Axway.
Photo Credit: tlegend/Shutterstock
Recent high profile security breaches involving retailers like Target and Neiman Marcus mean that people are increasingly aware they may be vulnerable when shopping online. Yet many don't fully understand the landscape that lies behind hacking and why it’s such a lucrative business.
With Christmas and its associated e-commerce peak fast approaching we spoke to Kelly Yee, Vice President of secure email provider Penango who has a wealth of security systems experience in both the public and private sectors. Here are her views on how hackers work and how we can guard against becoming victims over the holiday season.
BN: Most people realize that today’s hackers are motivated by financial gain, but how do they turn stolen data into money?
KY: In the case of stolen identities, an attacker may sell a bulk package of stolen identities to the highest bidder who will pay what they think the information is worth. Selling large amounts of data in the black market is a sophisticated enterprise and has become the new "it" product to sell on the black market.
BN: Hacking seems to be changing from a solitary activity into a serious business. Is there such a thing as a 'typical hacker' and if so what is he or she like?
KY: Today one rarely sees a waitress stealing someone's credit card information and going to Bloomingdale's to buy new clothes anymore. Instead what is more likely to happen is an attack involving tens of thousands of consumers' credit card information from a business being stolen and then sold to the highest bidder on the black market. There is rarely a typical attacker and that is why it is so hard to place a face to them or stereotype them.
BN: Are some companies less vulnerable to attack than others?
KY: Unfortunately, no. As consumers, we do not know what kind of internal security measures a company has and it's unlikely that a company would be willing to share this, as attackers would love to get their hands on this kind of information. For businesses keen to beef up their security, they should investigate what their potential partners are doing to secure their data. For instance, if a company is choosing an online portal to process orders that company should definitely inquire about the security measures that portal has in place for data at rest and in transit.
BN: Is there any way for consumers to know that a particular site is visible to attack?
KY: There are small precautions users can take to help reduce the use of sites that are prone to attacks. For example, consumers should utilize sites that have "https:" as they add a protocol encryption layer (TLS/SSL) for http:.
However, even a trusted website can be attacked. Take the Heartbleed bug infiltration of TLS/ SSL. What's more, the way companies store their customers' data is what is really prone to attack. This storage system, has nothing to do with a company's website.
The bottom line is, it is very hard to know which particular website, let alone which company's security and data retention measures are prone to attack.
BN: How can individuals and companies protect themselves?
KY: As a consumer, first check your credit card statements at least once a month. This only takes a few minutes and users can generally recognize a transaction that is not familiar. Also credit card companies are fairly easy to work with if there is any suspicious activity, and they remove the charge quickly.
Second credit card companies are federally required to have policies in place to help their users when an attack happens. For this reason, consumers should opt to use their credit card over their debit card where they can.
Third, some people prefer to use cash to protect themselves from attackers altogether. However, doing this may affect individuals in other ways: one can easily lose money and returns may be harder without a card receipt. Also some credit card companies have extended warranties or return policies, so consumers should take advantage of those benefits.
Companies should ensure their data is protected at rest and in transit. Using a secure gateway for data is the first step, but what about the data at rest or stored in the company's database? Penango offers a solution to this by providing true end-to-end (at rest and in transit) authenticated and encrypted email. Even if an email is compromised, Penango can prevent an attacker from reading your messages. This is just a first step, so companies should also make sure that the have a security policy from everything to credit card information down to daily emails.
Image Credit: billdayone / Shutterstock
Hackers claim to have stolen the login details of almost seven million Dropbox users. Having released a teaser file on Pastebin with details of around 400 accounts they’re offering to release more in exchange for a Bitcoin ransom.
Like the Snapchat photo leak it seems that this information has come from insecure third-party services rather than from Dropbox itself.
In a post on the Dropbox blog the company's Anton Mityagin says, "Recent news articles claiming that Dropbox was hacked aren't true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens".
A later list of passwords posted yesterday are, says Dropbox, not associated with its services. It appears that the breach doesn't stem from services using the service’s API -- as with Snapchat -- but from simple poor user practice in reusing passwords across multiple sites. Once again a third-party is the weak link here though there's a new twist in the form of the hackers trying to make a quick profit from the information via Bitcoin.
It's not currently clear which site or service is the source of the breach, which potentially means that other services are at risk too. Dropbox says the initially posted batch of 400 credentials have now been reset. It also recommends that users enable two-factor authentication on their accounts to add an extra layer of protection.
This is the second bad news for Dropbox this week after it confirmed the existence of a bug that was deleting user files.
Image Credit: alexmillos / Shutterstock
After all of the recent stories related to the Fappening you could be forgiven for thinking that stories about leaks of nude photos were becoming passé.
That didn't stop the media going into overdrive at the weekend when news emerged of 100,000 (or 200,000 depending on where you read the story) images from disposable message service Snapchat being leaked online.
What got the tabloids hot under the collar was the fact that Snapchat is popular with users under the age of consent. "Thousands of kids, some as young as 10, could have nude photos posted online" shrilled the Mirror. "Naked 'Snapchat images' put online by hackers" the Metro shrieked.
In the cold light of a Monday morning, however, things look a little bit different. So, here's what’s really happened.
First of all, yes there has been a leak of photos. These didn't originate from Snapchat itself but from the SnapSaved.com website, a service that allows Snapchat users to save images that have supposedly been destroyed.
Snapchat is keen to distance itself from the leak saying in a statement, "We can confirm that Snapchat's servers were never breached and were not the source of these leaks. Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users' security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed".
Which is fine except that SnapSaved isn't an app it's a website. There are though apps which offer the same sort of service, similarly named but also not implicated, SnapSave being one of them.
The SnapSaved site is currently offline but has posted a statement on its Facebook page confirming it was hacked and saying, "We had a misconfiguration in our Apache server. Snapchat has not been hacked, and these images do not originate from their database".
That accounts for the leak, but what has been leaked doesn't seem to be the 100,000 plus naked teen images of the tabloids' wet dreams either. According to comments from users on 4chan and Reddit where the photos were leaked most are of everyday activities like displaying a new hairdo or preparing a meal. There may be a small percentage of nudes but certainly not hundreds of thousands.
The other scary suggestion in early stories was that the images were indexed, allowing hackers to link them to user names. Thus leaving the way open for embarrassment at best and blackmail at worst. It seems that this isn't quite true either. Whilst there is a database it's missing its index making it a mass of un-sorted data from which it would be difficult to connect images and users.
So what have we learned? First Snapchat isn't at fault though it does have form for losing data. Second third-parties are often the weakest link when it comes to security, Snapchat makes its users feel secure by claiming images are deleted after 10 seconds but you've no way of knowing if the recipient is using a site or app to capture them. Third the majority of these leaked photos are pretty innocent stuff. Fourth the pictures aren't easily linked to users.
Finally, and you knew this anyway, it isn't a good idea to send naked photos of yourself winging around the internet.
We're increasingly becoming a digital society, yet almost one in five people in the UK lack digital skills and 52 percent of those are aged over 65.
In an effort to provide practical skills and access to technology, catalog retailer Argos has partnered with digital skills charity Go ON UK to offer workshops to 10,000 adults.
The workshops will take place at 120 of the company's stores and will cost £20 per head. In return attendees will receive a Proscan 7-inch 8GB tablet and a voucher to get free TalkTalk broadband for a year. Specially-trained store staff will help participants learn the basics of how to use a tablet, connect to and surf the internet, use a search engine, set up email, stay safe online and more.
John Walden, Chief Executive of Home Retail Group, which owns Argos, says, "The digital revolution continues apace, however, millions remain on the side-lines. Argos Internet Workshops have been developed to help people overcome the barriers of access and affordability and improve their knowledge, understanding and confidence in digital technology. The internet is becoming increasingly essential in day-to-day life, and offers a world of new possibilities that we believe everyone should be able to access".
Research earlier this year from communications regulator OFCOM shows that there's a big increase in over 65s going online and more people are using tablets to do so. This is partly down to technologies like Skype that enable communication between generations.
"Access, affordability and skills have all been cited as key barriers to bringing people online and this fantastic initiative from Argos is exactly the type of program we need to help people become more confident with technology," says Baroness Lane-Fox, Chair of Go ON UK.
The workshops will run from 25 October through to January next year. People interested in participating can call 0345 600 4408 or visit their nearest Argos store for more information.
Image Credit: Home Retail Group
Enterprise software specialist SAP has announced a partnership with business intelligence company Birst to deliver faster analytics on the SAP HANA cloud platform.
The tie up will allow organizations to use a single cloud platform which can deliver instant analytics giving managers the ability to more quickly turn insight into action. It brings together SAP's next-generation cloud platform and Birst's comprehensive two-tier data architecture to provide instant access to business data.
"Driving better business execution and enabling each and every organization to become data-driven is only achievable when leaders come together to innovate and achieve something that solves real business problems, and that is exactly what Birst and SAP plan to do," says Brad Peters, chairman and chief product officer at Birst. "The real opportunity in BI lies in our ability to push data to the front lines, empowering every person to make every decision better. Together, SAP and Birst will give customers instant access to data and allow people to turn insight into action -- that's something today's businesses have been waiting for and we are thrilled to be delivering it".
The SAP HANA Cloud Platform is based on a breakthrough in-memory technology and offers an open platform for customers and developers to build, extend and run applications in the cloud.
Birst's patented analytics engine aims to build a user-ready data store in SAP HANA that can deliver visual discovery, dashboards and enterprise reports across a single business model, accelerated by SAP HANA. By combining the two this solution is designed to offer instant analytics across on-premise and cloud data sources from large-scale data source vendors.
More information about the collaboration and how it will help enterprises to make more effective use of their business data is available on the Birst website.
Image Credit: Dmitriy Shironosov/Shutterstock
In an era of increasing security threats the password is often the weakest link that allows attackers a way into a system posing as a legitimate user.
A new infographic from security company Ping Identity looks at the problem of poor passwords and how in the future they may give way to more sophisticated forms of authentication.
Whether they're obtained by keylogging or through social engineering, 40 percent of the entire internet population has been a victim of stolen passwords at some point. The graphic shows that despite the fact over 90 percent of passwords are vulnerable to hacking, 54 percent of Americans trust systems that rely on passwords alone.
It also reveals the top 10 silly places where people store their passwords, including writing them on the keyboard in permanent marker and attaching them to the screen on a sticky note.
More secure alternatives to simple passwords include password managers that can create long and complex logins. In addition biometrics such as fingerprint and facial recognition are likely to become more common. Behavioral patterns are a possible measure too, using gyroscopic identification of the device's movement, as well as device-based authentication linking the computer with a mobile device to verify identity.
You can see the full infographic below.
Photo Credit: JMiks/Shutterstock
Backups have traditionally involved removable media, whether tape or disk, to allow copies of essential information to be held off site for safety.
The cloud has changed all that but companies still have concerns about security and retention of data, as well as expense. A new product released today by Druva is aimed at delivering a long-term storage solution with less complexity and lower cost.
Druva Phoenix offers a practical alternative to the traditional server backup model requiring backup to secondary storage, tape and then long-term offsite archiving. Phoenix unifies hot, warm and cold backup and archiving processes and administration, offers unlimited retention, and can perform backups and restores up to 20 times faster than other solutions. The company also reckons it can achieve 70 percent cost savings over traditional backup solutions.
"The traditional backup-to-tape-to-archive process is expensive, resource-intensive and subject to error, with 75 percent of organizations experiencing tape failure in the last year. The cloud is clearly a better choice, but current cloud-based solutions have serious limitations ranging from slow speeds and limited data retention to failure to utilize the distributed nature of the cloud to perform large-scale backups," says Jaspreet Singh, CEO of Druva. "By leveraging the technology we developed for our inSync endpoint backup platform as well as our five years of experience with the AWS public cloud, Phoenix offers a truly disruptive alternative that eliminates tape and makes the cloud a viable choice for server backup for the first time".
Key features of the product include unified backup and archiving with ever-incremental backups that remove the need for companies to perform periodic full backups. All processes are centrally managed from a single console to reduce IT overhead.
Storage is optimized so that organizations can store limitless recovery points and archive and retain their data for as long as required -- decades if necessary -- to meet regulatory and compliance rules.
Phoenix delivers direct-to-cloud backup and restore speeds of 100Mbps -- 20 times faster than other solutions -- utilizing the latest in object storage coupled with parallel data transfers. Sites with large data sets, limited bandwidth or demanding recovery time objectives can utilize Phoenix CloudCache, an on-site soft appliance that provides hot LAN-speed backups and restores via local caching. Transfers to the cloud are then staggered to free up real-time bandwidth.
Phoenix uses Amazon Web Services to ensure customer data is maintained in a secure public cloud infrastructure and protected by a full range of system certifications.
For more information and to sign up for a free trial you can visit the Druva website.
Photo Credit: Andreas Weitzmann/Shutterstock
According to a new survey UK consumers increasingly fear the pace of change they face and are particularly cynical about the need for connected, "Internet of Things" devices.
According to the survey of over 1,600 consumers by UK-based audit and accounting specialist KPMG, more than half of people (58 percent) resent the idea that computers seem to run their lives. Also 70 percent suggest that with the marketplace flooded by inter-connected devices, it's too easy for things to go wrong. The survey reveals a hankering for a return to 'simple' technology. Many, for example, mainly want their phone to make calls (54 percent) and the majority think that more advanced internet-based products such as smart fridges which self-order food or cookers reminding owners about recipes aren't needed.
Asked about the reasons for their worries respondents cited difficulties in keeping personal information private, with 56 percent of those polled concerned about a 'Big Brother' effect occurring as a result of internet enabled products and the pace at which they are being produced and implemented. In a work environment, more than a third (36 percent) fear that employers are monitoring their every action.
Wil Rockall, a director in KPMG's Cyber Security practice, says, "It is clear that consumers are struggling with a desire to use connected devices as a route towards an easier life, but they remain wary of the rise of the machine. They still support innovation, recognizing that in the right environment having the latest technology is key -- nearly 60 percent acknowledge that technology makes us more effective at our job".
Indeed, respondents are quick to recognize that inter-connected devices can bring some benefits, with 48 percent welcoming the idea that smart meters can save energy and money, for example. Four in 10 also suggest that health monitors which issue warnings about impending illness are a good idea and 46 percent want to use security systems to monitor their property whilst away from home.
"Security and privacy are high on the list of worries for the consumer with 62 percent believing that there is insufficient concern about it," adds Mark Thompson, a senior manager in KPMG's Cyber Security practice. "The fact remains that where once an Englishman's home was considered to be his castle the advent of the Internet of Things means that fortress walls can be breached more easily. There are also so many opportunities for the latest technologies to provide value and enhance our lives but we are failing to take advantage of them and we will continue in that vein until consumers can be convinced that always-connected devices are safe and worthwhile".
Image Credit: Julien Tromeur / Shutterstock
The main problem that organizations face when combating cyber attacks is that they don't know what to look for and find it difficult to interpret all the data they get from their networks.
Big data analytics company Exabeam has a new product that can cut through the forest of data to make it easier to detect attacks and insider threats in real time using existing security information and event management (SIEM) details.
What Exabeam does is to add a layer of user behavior intelligence on top of existing SIEM and log management data to give IT security teams a complete view of the attack chain. This helps to spotlight valid attack indicators which currently risk getting lost in a sea of security noise.
According to research from Verizon 76 percent of network intrusions in 2013 used authorized credentials to impersonate legitimate users. This is something existing SIEM technologies struggle to detect, Exabeam provides access to real-time data which makes it easier to spot suspicious behavior.
"For too long, security teams couldn’t get ahead of hackers because they didn't know what to look for, had too many security alerts to process and didn’t get the complete picture of what was happening in their network," says Nir Polak, Exabeam's CEO and co-founder. "Exabeam fundamentally changes the way that cyberattacks are managed by addressing these challenges in an automated way and giving security teams the intelligence they need in real time. The future of cyberattack management starts with Exabeam, and the future is now".
Capabilities of the Exabeam platform include extraction and enrichment of existing log feeds, such as Windows, Unix, VPN and security events. It also allows tracking of all user activities regardless of the IP, devices and accounts used.
It uses machine learning to carry out behavioral analysis to automatically and continuously learn user and peer group behavior. By applying risk scoring it can assess the importance of a threat taking into account user access, assets exposed and threat intelligence.
You can find out more and request a demo of the product on the Exabeam website.
Photo credit: Tashatuvango/Shutterstock
Almost two-thirds of senior IT professionals say that their enterprise Java applications contain 50 percent or more third-party code.
These are findings from application security company Waratek based on a survey of attendees at last week's JavaOne conference. However, despite recent high profile vulnerabilities in third-party code, like Shellshock and Heartbleed, nearly 80 percent of respondents still believe their java apps are secure.
"It's a well-known fact that custom developed Java applications are largely constructed with third party software libraries that provide no assurances of security or timely vulnerability mitigation," says Brian Maccaba, CEO of Waratek. "What we found surprising was the high degree of confidence that software developers have in the security of Java applications that use open source components, especially given the widespread threats posed by the recent 'Shellshock' and 'Heartbleed' software flaws".
Further results from the survey show that of those polled 33 percent believe their Java applications are very secure, 46 percent somewhat secure and 13 percent not very secure. When asked about the proportion of third-party or open source code used in their applications, 27 percent say it makes up more than two-thirds of applications, 30 percent say it's more than half and 16 percent more than a quarter with only 19 percent saying less than that.
When asked about the most important considerations when moving Java applications to the public cloud, 71 percent cited security, 54 percent stability and up time, and 28 percent portability and migration. Almost half (46 percent) of respondents said the ability to run Java applications in a secure container would accelerate their plans to move to the public cloud.
You can find out more about Waratek's Application Security for Java platform on the company’s website.
Image Credit: isak55 / Shutterstock
Cyber crime, hacking and data breaches have seldom been out of the news in 2014, but just how well are organizations coping with it?
Not very well, according to a new infographic released by security solutions company CSO that's based on the results of a survey of over 500 private and public sector executives and security experts.
Among the findings are that 77 percent of organizations have reported a security breach in the past year, with an average of 135 incidents per organization. Yet only 38 percent have a system to prioritize security spending based on risk and business impact.
Of those that detected an incident, 69 percent said they weren’t able to estimate the cost. Those that did, put the average annual loss to cyber incidents at $415,000. However, 19 percent of US companies put losses at between $50,000 and $1 million.
Among the major concerns are that most organizations don't take a strategic approach to security, supply chain risks that aren’t adequately assessed or understood, and inadequate mobile device security.
The report finds that effectively fighting cyber crime requires collaboration in order to share experience and knowledge of threats. It also needs strategic spending, particularly on security training for employees.
You can view more detail in the complete infographic below.
Image Credit: Oleksiy Mark / Shutterstock
The Apache Spark framework is a popular add on to Hadoop for handling big data, particularly for building machine learning algorithms.
Until now though it's been hard to effectively monitor Spark performance. That's about to change as Brooklyn-based performance management company Sematext is launching its SPM for Spark.
The tool monitors key metrics for all Spark components -- master, workers, driver, and executor. It also includes alerting, anomaly detection, custom dashboards, log correlation and event graphing. SPM for Spark can be installed on premises or used from the cloud.
"Spark usage has been going through the roof," says Otis Gospodnetic, Sematext’s founder and CEO. "And engineers and DevOps folks handling Spark have not had a good monitoring tool at their disposal. By releasing the first Spark monitoring product to market with SPM, we have just filled a big hole in the Spark ecosystem".
SPM works seamlessly with centralized logging, log management and analytics solution Logsene, to provide a single pane of glass for performance monitoring, centralized log management, alerts, anomalies, custom events, and custom key performance indicators.
John Tripier, Alliance and Ecosystems lead at Databricks says, "One of the critical factors in the success of Spark has been the large developer community contributing to it, and the growing number of applications using Spark. We're very excited to have Sematext join this community and contribute their expertise with a comprehensive monitoring solution like SPM".
You can find out more about SPM for Spark's features with a downloadable datasheet or sign up for a free trial on the Sematext website.
Image Credit: alphaspirit / Shutterstock
Whilst virtual currency bitcoin has soared in popularity in recent times it still isn't an option when it comes to buying goods and services from many mainstream merchants.
That could be about to change thanks to a new partnership between SaaS mobile marketing and customer service provider Acromobile and ecommerce platform Bitnet.
Acromobile Payments will integrate the Bitnet platform to make bitcoin acceptance available to any merchant in a fully integrated order-to-bitcoin-to-cash solution with easy integration into existing CRM and ERP systems.
"Bitcoin is tailor-made for the Internet," says Alain Gendre, VP of Alliances at Bitnet. "No fraud, no risk, no borders, and lower fees than the most common current payment methods. And bitcoin acceptance is only going to grow; we’re seeing merchants who are early adopters of bitcoin reporting that they’ve increased sales and added a new base of customers. We're excited to partner with Acromobile in providing merchants with the ability to accept bitcoin payments".
Black Friday in 2013 saw total bitcoin transaction volume exceed $487 million, making it the fifth largest payment network on the day behind only Visa, MasterCard, American Express, and China UnionPay, and ahead of Discover and PayPal. It's clear therefore that accepting bitcoin payments has benefits for retailers.
"With companies like Dell and eBay already accepting Bitcoin, the demand from B2B and B2C merchants is really accelerating," says Jason Masciarelli, founder of Acromobile. "With Bitnet we are able to deliver an integrated CRM and commerce platform to unlock the bitcoin opportunity for merchants with no risk and have them get paid in their local currency".
Acromobile Payments includes CRM features for easy management of customer profiles, orders, invoices, and transactions to monitor payment status and history. The request payment feature enables merchants to quickly send payment requests to customers. It's mobile-optimized too, allowing customers to pay with bitcoin from any iOS or Android device.
The bitcoin-enabled software is currently available to merchants by invitation and is scheduled to be generally available by the end of next year. To find out more and request an invitation visit the Acromobile website.
Photo Credit: igor.stevanovic/Shutterstock
As we saw last week, parental control products are a bit of a mixed bag and are only part of a protection strategy that includes effective education.
If you have several different devices in the family you may also end up using multiple products to protect them. That is unless you use the latest version of Remo Software's MORE which offers cloud-based management across multiple platforms.
MORE lets users manage and control Windows, Mac, Android and iOS systems and promises to add several internet of things devices in the near future. It gives parents more control over children's device use and also provides home users the ability to manage health technologies and other IoT devices used by their family members.
Version 1.25 of MORE allows the software to be installed on every family member's device and a customized level of control to be set for each via an easy-to-use web console. It's possible to block apps like Facebook and Twitter, allow full access to apps or set time limits. With a single click, administrators can perform device maintenance tasks such as cleanups and can also update device settings at any time, either from the web console or via an app on a mobile device.
It can remotely track devices via GPS, take pictures using the built-in camera, sound a panic alarm or remotely wipe data from lost or stolen devices.
"The 1.25 version of Remo MORE provides families and small to midsized businesses with everything they need to control device usage, ensure security and perform cleanup and maintenance tasks," says Omer Faiyaz, Remo Software’s founder and CEO. "Now parents have the tools necessary to protect kids online and set limits on app usage, and this is just the beginning -- by early 2015, Remo MORE will even allow users to manage IoT devices like health technologies, lighting, switches, appliances and more".
You can get more information on the Remo Software website and try out the software on two devices for free.
Photo Credit: wavebreakmedia/Shutterstock
Identifying complex anomalies that show up the presence of a persistent threat or pinpoint the cause of network and IT performance problems is the sort of thing big data analysis was made for.
The problem though is that big data is often just too big. This means it's usually necessary to transfer the information before doing any work on it which makes real-time analysis impossible and means valuable insights aren't available when they're most needed.
Prelert, a specialist in anomaly detection, has a solution in the form of its new Stats Reduce feature that can dramatically shrink data transfer sizes by up to 40 times. This cuts the time it takes to transfer data but retains its integrity to ensure accurate results.
It works by using the statistical aggregation functions already available in platforms like Splunk and Elasticsearch. The software has been rigorously tested against real world data sets and proven to deliver the same results whether working on the raw or aggregated data.
"Prelert is committed to providing the most accurate and robust insight into data in real-time, no matter how large or complex," says Stephen Dodson Ph.D, Prelert's CTO. "The scale of modern environments presents challenges that require careful selection of methods and techniques, and we built our technology to align with these environments from the start. With Stats Reduce, the aggregation techniques we developed allow massive volumes of data to be analyzed in a distributed manner, enabling real-time multidimensional anomaly detection on Big Data".
Stats Reduce is available from today in the latest version of Prelert's Anomaly Detective and will be rolled out to other big data platforms later this year. The company will be demonstrating it at the Splunk Worldwide Users' Conference this week in Las Vegas.
Photo Credit: Arkady/Shutterstock
According to a survey of IT decision makers commissioned by efficiency software specialist 1E and carried out by Vanson Bourne 86 percent of companies that ban employees from using their own PCs do so because of security concerns.
To address these fears 1E is launching its new MyWorkNow solution, a client-hosted virtual desktop (CHVD) to offer a fast, low-cost way of mobilizing workforces using their own PCs.
The virtual desktop runs locally on the host PC and by using the enterprise's chosen desktop management framework, such as Microsoft's System Center Configuration Manager (SCCM), MyWorkNow eliminates the need for additional hardware and central infrastructure.
It allows enterprise security to be delivered to any PC or Mac with 4GB or more of RAM. Using a FastBoot technology it streams the MyWorkNow desktop in real time as the machine starts up, allowing fast access to the corporate desktop and offline capability if required.
MyWorkNow delivers secure authentication and a 256 AES encrypted local image on a user's own hardware. There’s a remote wipe functionality, which enables an IT department to immediately deactivate MyWorkNow on a user's PC if it's lost or the employee leaves. It also provides default client security, which controls employee opportunities to copy or paste in or out, file drag or drop, or copy intellectual property to a USB drive. Thus ensuring that corporate data is encrypted and secured at the user endpoint.
Other findings of the survey include that more than a quarter of respondents currently don't have a formal policy in place for personal desktop/laptop PC use. More than a third of IT decision-makers prohibit BYOPC because of the associated needs to support and track software usage on personal devices. Yet 11 percent reported that despite the business not allowing it, employees used their own PCs to access work anyway. 84 percent of IT decision-makers allow email access from personal devices, while only 52 percent allow access to hosted applications.
"Employees and organizations will both benefit from the BYOPC movement as evidenced by the Vanson Bourne survey," says Sumir Karayi, CEO of 1E. "MyWorkNow addresses the security concerns that have historically been the deterrent for adopting a BYOPC policy. Not only does it help IT departments sleep better at night knowing they have full control, but it also enables them to run IT for less".
To find out more you can register for a joint Forrester/1E webinar to be held on on Oct 16 or visit the 1E website.
Photo Credit: auremar/Shutterstock
As mobile devices become almost ubiquitous, their attractiveness as a channel for businesses to interact with their customers becomes greater.
According to last year's ICMI mobile customer service strategy survey, 68 percent of experts believe mobile can improve the customer experience. To help companies take advantage of the opportunities mobile offers, enterprise mobile specialist OpenMarket is launching its latest Mobile Engagement Platform. It's a SaaS-based solution, allowing enterprises to easily create and deploy smart, interactive mobile engagement services worldwide with connectivity to over 200 countries.
The platform can integrate with existing CRM systems, using current customer data to create automated, personal and real-time mobile interactions with customers. Key features include the ability to deliver customer alerts to send up-to-date information about orders, deliveries and appointments as well as targeting special offers. Two-way messaging allows businesses to gather feedback and conduct surveys. It can also be used for technical support to offer real-time issue and resolution tracking.
"Customer service is a key differentiator for major enterprises," says Jay Emmet, General Manager at OpenMarket. "Consumers want to communicate with customer service on their preferred channel, which is mobile, and get quick resolution of their issues. They do not want to wait on hold after navigating an IVR system. Enterprises decision-makers should be leveraging the mobile channel as much as possible to accomplish this goal. By implementing two-way SMS communication through OpenMarket’s Mobile Engagement Platform, enterprises can provide a better customer experience that closely aligns with the increasing consumer demand for mobile messaging interactions".
You can find out more on the OpenMarket website and there's a free whitepaper on how mobile can be used to transform the customer experience. The company's solutions will also be on display at the Gartner Symposium/ITExpo being held in Orlando this week.
Image Credit: Art Allianz / Shutterstock
It's now just over a week since news of the Shellshock bug broke and analysts are still trying to work out just how much of an impact it could have.
Security specialist Incapsula has been tracking the vulnerability to get an idea of its magnitude, looking at the number of sites attacked and the damage caused.
The company says it has so far stopped 310,928 exploit attempts, an average of over 1,800 per hour. A spike in attacks over 27/28 September it says was partly down to attackers moving quickly and partly to businesses testing their own vulnerability.
Of the total traffic around 94 percent was some form of attack in the form of scans, server hijack attempts and DDoS malware seeding. Writing on the Incapsula blog co-founder Marc Gaffan says, "The highjack attempts were the most immediately troubling, comprising about 20 percent of the total. Scans and DDoS malware seeding made up the remaining 70 percent or so. To answer the question of how dangerous the vulnerability is, my experience leads me to believe that this may well be the calm before the storm. This appears as if a lot of criminals are setting the stage for future attacks".
These figures are based on Incapsula's sample of 100,000 websites. If its hourly figure for attacks is extrapolated over the entire web that’s potentially 1.3 billion attacks carried out over the first weekend of the vulnerability.
Gaffan warns, "The sheer volume of attacks and the types of planning Incapsula is seeing -- scans, backdoor insertions, and DDoS groundwork -- on such a large scale means that companies need to work now to fix their vulnerabilities". He goes on to say that the real fallout may still be to come from the numbers of machines that have already been compromised.
The bottom line is that businesses need to stay alert, patch systems and not assume that the danger has passed. You can read more and download the latest threat landscape report on Incapsula's website.
Image Credit: Jirsak/Shutterstock
October is National Cyber Security Awareness Month (NCSAM) in the US and security company Secunia has marked this by issuing its latest Country Report assessing the state of security among PC users.
Key findings include that Microsoft’s Internet Explorer, with a market share of 73 percent, had 218 vulnerabilities with 11 percent of installed programs being unpatched and vulnerable. The percentage of users running unpatched operating systems has increased to 12.6 percent, from 11.1 percent in the previous quarter.
The number of people running unpatched, end of life, programs is also up from 4.9 to 5.7 percent. The most exposed programs over the last quarter were: Oracle Java 7 with 145 vulnerabilities and 42 percent of installations unpatched, Apple QuickTime 7 with 11 vulnerabilities and 33 percent unpatched, and Adobe Reader 10 with 21 vulnerabilities and 23 percent of installed programs unpatched.
Interestingly though it seems that the power to stay safe is often in users' hands. Secunia's Vulnerability Review 2014 finds that 86 percent of vulnerabilities in the top 50 software applications on private PCs had patches available on the day when they were disclosed in 2013.
"It only takes one vulnerability for a hacker to exploit a user’s system. Just one. We are concerned to see such a high share of users with unpatched and End-of-Life browsers and operating systems," says Kasper Lindgaard, Director of Research at Secunia. "We hope that as part of National Cyber Security Awareness month, users will take a moment to make sure their systems are up to date with the most recent program versions and patches".
As part of NCSAM Secunia is encouraging users to download its free Personal Software Inspector to check that their installed versions are up to date and protected against vulnerabilities.
You can access the full US Country Report for Q3 2014 on the Secunia website.
Image Credit: alexskopje / Shutterstock
Since the Edward Snowden revelations that governments as well as hackers were likely to be snooping on your internet activity it's been widely assumed that there's no such thing as safe online access.
VPN specialist CyberGhost has other ideas and has been seeking funding via Indiegogo for what it calls a NoSpyProxy. The company's VPN already uses AES256 military-grade encryption to protect passwords, bank accounts and other details as well as obscuring locations and IP addresses. It now aims to make things even more secure by placing the data center hardware under the control of an additional layer of security. This will put CyberGhost in control of the whole process from login through encryption protocol, key management and finally also the server itself.
CyberGhost's NoSpyProxy will be setup and taken care of by its own Certified Security Specialists and will serve to protect people all around the world from mass surveillance, hackers, data and identity theft. It refers to this not as a data center but as a "no-data" center, a new generation of working technical unit that is built to protect people's privacy and security online.
It aims to make this the blueprint for more NoSpy nodes that can be easily rolled out in other countries and regions.
This is obviously a popular idea as the company has managed to reach its $70,000 funding target in just 14 days. "We are so excited that our #NoSpyProxy campaign has reached its initial goal and we managed to draw attention on this important subject of online privacy. We're sure that more victories of privacy will follow, but every citizen has to take responsibility for his own online privacy and personal data by using trustful encryption services," says Robert Knapp, the CEO of CyberGhost VPN.
If you're interested in finding out more and maybe contributing to the funding you can visit the project's Indegogo page.
Photo Credit: auremar/Shutterstock
Parents are keen to ensure that their offspring don't access inappropriate material on the web and for that reason most security software providers now offer parental control products, whether as a standalone product or part of an internet security package.
In a study commissioned for a German magazine, AV-Comparatives has looked at the leading products for Windows and mobile platforms to assess which are the most effective.
There is of course no universal standard for what is acceptable content and as the report points out, "Parents need to talk to their children about the potentially dangerous and upsetting things in life, whether or not they use parental control software". It also stresses that the software is only effective if it’s properly configured.
The tests looked at 22 Windows products, five for Android and three for iOS. Using settings based on those suitable for a nine-year-old girl researchers tested them against almost 600 websites on subjects ranging from abortion to weaponry. They also checked whether it was possible to bypass blocks using Google’s cache or translate functions.
Of the Windows products only two, Microsoft Windows Live Family Safety and Telekom Kinderschutz, achieved a 100 percent block of restricted material but at the expense of a high level of false alerts. AVG Family Safety and Norton Family both achieved 99 percent block rates for porn with low levels of false alerts (zero for AVG) but did less well in blocking other material.
For iOS devices the best product was Deutsche Telekom Surfgarten with 100 percent success rates across the board but again a high level of false positives. The parental controls in iOS 7 managed 92 percent porn blocking but only 62 percent overall.
No Android product managed a 100 percent score, the best being BlueCoat K9 with 98 percent porn blocking and 72 percent overall, and Mobicip Safe Browser (97 and 77 percent) but both had low levels of false alerts.
It's clear from the results that no parental control solution is perfect and the report’s authors say, "We strongly advise parents using parental control software to test that it is working as they intend by performing a spot check of whether categories and individual sites are being appropriately blocked/allowed". They also recommend visiting the UK government backed Get Safe Online site which has lots of advice about online risks.
You can download the full report which offers much more detail on each of the products tested from the AV-Comparatives website.
Image Credit: Pressmaster / Shutterstock
As increasing numbers of government and other services go online, internet access becomes more important and mobile devices play a big part in that.
Yet according to charity Age UK there are 10.8 million people aged 65 or over in the UK but only three percent of them own a smartphone which could mean they're missing out on 'digital inclusion'. In order to make smartphones more accessible to older users, the new Amplicomms M9000 has all the benefits of an Android touch screen phone but with hardware and software specially adapted for the less technically adept.
Users of the phone can opt to use the standard Android 4.2 operating system or the Amplicomms operating system which features extra-large icons, intuitive menus and large, easy-to-read text along with built-in apps including a music player, calendar, email and internet browser. It's easy to switch between the two operating systems in the phone's menu.
The phone's hardware also has features geared to the needs of elderly users. It has a speaker volume of up to 40Db and a ringer volume of 90Db, it's also hearing aid compatible. On the back is an SOS button which can be programmed to call or text selected numbers in an emergency.
Standard phone features include 300K front and 5MP rear cameras, a 1.2GHz dual-core CPU, 256MB of RAM, 3G, Wi-Fi, GPS and Bluetooth. It also has dual SIM slots to make it easy to switch networks. The M9000 is available now in the UK from Hearing Direct.com. It's SIM free so you can use any network and costs £139.99.
If you're wondering what your elderly relatives might use a smartphone for there's a handy infographic guide to suitable apps from HomeCare Technologies reproduced below.
Almost two-thirds of companies plan on freezing or shrinking their software spend and 96 percent of organizations report that they're wasting money on software that is unused.
These are among the findings of a new report by Flexera Software in conjunction with IDC which looks at pricing and licensing. The biggest concern is that almost all businesses have "shelfware" that is never used.
The results show that 39 percent of companies report that 21 percent or more of their software spend is wasted on unused software. Yet at the same time software budgets are expected to remain the same or shrink over the next two years.
"It’s very easy for shelfware to accumulate when organizations don’t proactively implement best practices and technology to track, manage and optimize their software estates," says Amy Konary, Research Vice President -- Software Licensing and Provisioning at IDC. "Enterprises must have the ability to continually identify where software licenses are deployed, how those licenses are being used, and reconcile that data with the complex set of rules contained in the licensing agreements. By having this level of insight, CIO's can begin to identify shelfware, eliminate waste and reallocate their budgets more effectively".
Shrinking budgets are driving a shift in the way software is licensed though. The previously common perpetual software license is now only used for the majority of software by 45 percent of organizations. This is expected to decline to 36 percent over the next one to two years.
Instead businesses are switching to subscription (24 percent) or usage-based (17 percent) models. In response software producers are offering a wider variety of licensing options with only 35 percent saying that the majority of their revenue now comes from perpetual licenses.
"It doesn’t always make sense to pay up front for the full cost for software before the application has proven its value to the organization," says Steve Schmidt, Vice President of Corporate Development at Flexera Software. "In their drive to increase efficiency and cost effectiveness, some organizations prefer to pay for software in ways that allow them to better align their costs to value. That might mean paying over time via a subscription model, or by the features, functionality or capacity that they’re actually using, via a usage-based model".
The full report is available to download from the Flexera website.
Image Credit: Ilyarexi / Shutterstock
It seems like data breaches are seldom out of the news these days, but whilst that means we're more likely to be aware of their existence it also means there's a risk that individual threats begin to fade into the general day-to-day techy chatter and we don't give them the attention they deserve.
The growing number of breaches -- up 10 percent over last year according to a recent study by the Ponemon institute -- means they're less likely to catch our attention. Security training firm KnowBe4 refers to this phenomenon as "breach fatigue" and warns that it may be placing companies at risk.
"The increasing volume of customers affected by these data breaches may be causing a complacency that creates even more risk," says Stu Sjouwerman, CEO of KnowBe4. "For most companies, it is not a matter of if, but when, followed by a free year of credit monitoring. For users, the constant barrage of breach news can cloud their awareness of cyber-threats as it all becomes background noise".
The company warns that a careless attitude on the part of individuals can carry over to the business environment. This in turn leads to more risk of being hacked, phished or socially engineered into giving away company information.
Michael Bruemmer, vice president of the credit information company Experian's data breach resolution group which sponsored the Ponemon study, says that 80 percent of the breaches his group works with, "had a root cause in employee negligence." He goes on to say, "It could be from someone giving out their password, someone being spear-phished, it could be a lost USB, it could be somebody mishandling files, it could be leaving the door to the network operations center open so someone can walk in".
You can find out more about how KnowBe4's security awareness training can help employees stay alert to the risks on the company's website. It's also offering a free whitepaper charting the rise of ransomware.
Photo Credit: Suzanne Tucker/Shutterstock
Sending files to someone else has always been a bit of a problem. Often they’re too big for email, sharing via public cloud services raises security concerns and of course flash drives and DVDs can fall into the wrong hands.
Korea-based startup Send Anywhere has an answer to making file transfers easily and safely in the form of an updated version of its iOS app and a new app for Windows Phone.
Send Anywhere uses peer-to-peer file transfer technology. The way it works means that users don't need to sign-up, log-in, or even know their recipients' contact information. They simply select the files they want to send and get a six-digit one-time key that is only available for 10 minutes before it self-destructs. The code is then sent to the recipient who uses it to download the files.
The updated iOS version offers more complex encryption codes for better security along with a fresher, cleaner design. In addition it has a feature to make sharing the key easier, holding the center of the Send screen automatically copies the key to the clipboard. Pressing a Share button then gives easy access to email and messaging in order to send it.
The Windows Phone app currently offers just basic sending and receiving functions but the company says it will be used as a platform to develop the Windows offering.
Send Anywhere is also available on Android and as a web service, allowing files to be sent and received on any type of PC or mobile device. There's a plugin for Chrome browsers as well. Version 2.0 is available on the app stores from today.
Image Credit: dny3d/Shutterstock
According to data released by security company Trustwave which has analyzed evidence from almost 700 security breaches that took place in 2013, retail is the most compromised industry, accounting for 35 percent of attacks investigated.
The food and drink industry ranks second on 18 percent followed by hospitality on 11 percent. Perhaps not surprisingly e-commerce is most at risk, making up 54 percent of assets targeted whilst data centers account for only 10 percent. Point of sale breaches made up 33 percent of Trustwave’s investigations.
A little worrying is that the median time from an initial intrusion to its being detected was 87 days. Also over 70 percent of compromise victims didn’t detect the breach themselves.
The report looks at the top 10 vulnerabilities found in network penetration testing too. This reveals that weak passwords are still a major problem when it comes to security. During its penetration tests Trustwave collected 626,718 stored passwords and managed to recover more than half of them in minutes. 92 percent of the sample were able to be cracked in 31 days.
Weak or default passwords contributed to a third of the investigated breaches. The three most common passwords in order are "Password1", "Hello123", and "password". Password length is mostly around eight characters -- probably because many systems use that as a minimum.
The report suggests that administrators need to, "Educate users on the value of choosing longer pass-phrases instead of simple, predicable, easy-to-crack passwords". It also recommends deploying two-factor authentication.
More details of Trustwave's 2014 Global Security Report are available in interactive form on the company's website.
Image Credit: Africa Studio / Shutterstock
When the first iPhone went on sale in June 2007 expert opinion was very much of the view that it wouldn't have a significant impact. Steve Wildstrom of Business Week for example said, "The iPhone will never be a threat to the BlackBerry".
Proving that experts can be very wrong, the iPhone has of course gone from strength to strength and Carphone Warehouse in Ireland has produced a fascinating infographic charting its evolution up to the latest version.
There are more fun quotes from 2007, but there's also a detailed list of the technical specs of the various versions over the years. It looks at the apps that have been a big part of the phone's success too.
There's a fun look at the typical iPhone owner as well. Apparently they're more likely to be better educated, richer, older, taller and female compared to Android users. They also give more to charity, drink fancier coffee and watch the Simpsons. So, basically iPhone owners are a great bunch of people.
Finally the graphic looks at what we're likely to see when the iPhone 7 comes along. This includes things like better battery technology, flexible screens -- as opposed to bendy phones -- and 3D display technology.
You can view the full infographic below, and do let us know if you're a typical iPhone user, or if like the experts you thought it would never catch on.
Image Credit: KieferPix / Shutterstock
Ever since yesterday’s news of the Shellshock Bash bug broke cyber security experts have been lining up to make clear how bad it really is.
Unlike Heartbleed, which affected mainly servers, Shellshock leaves a whole host of systems vulnerable including Apple OSX systems and many internet of things devices with embedded code that’s based on Unix or Linux.
Professor Mike Jackson cyber security expert at the UK's Birmingham City University says, "Obviously everyone wants to know if they might be vulnerable to attack. If you are an Apple PC user then the immediate answer is 'Yes'. Apple's OS X operating system is Unix based and therefore vulnerable. Window’s users should not however be complacent. Your PC might be safe but what about the router you use for your broadband? Like as not it will use Unix-based software and therefore may be at risk of attack".
Because a great deal of the web relies on Apache which is also Unix based many internet sites are at risk too. This leads to general consensus that Shellshock is -- or at least has the potential to be -- worse than Heartbleed. Joe Siegrist, CEO and co-founder of LastPass sums up why, "The reason this could be potentially worse than Heartbleed is that with Shellshock you can make things run on a server, and get access to anything on that server, so in that way the exploits could be worse in terms of the actions that can be taken and the data at risk, and have worse consequences than Heartbleed."
The internet of things also represents a target rich environment for hackers thanks to this bug. Corero Network Security's Vice President of Product Management, Bipin Mistry says, "The Internet of Things or Machine to Machine could enable millions of network attached devices, both hardwired and mobile, to become bots for initiating amplification or high bandwidth attacks -- hackers and attackers know this quite well and are exploiting the vulnerabilities that are substantiated in IoT devices".
A huge number of IoT devices means the potential to create large botnets. To combat this Mistry suggests, "Above and beyond the threat protection, there is additional value in understanding the details of the attack from analytics and insight and then rapidly turn the visibility around and provide even greater threat protection for the business".
Daniel Ingevaldson, CTO of Easy Solutions warns that companies must remain vigilant, "Everyone should watch their logs carefully -- this exploit is noisily and easily logged -- and patch as soon as possible. In addition, given the risk that the patches may not be effective, organizations should consider monitoring to ensure their devices are not being used to host phishing or other attacks."
Ron Gula, CEO and CTO of Tenable is worried that some companies may struggle to deal with the problem. "Auditing systems for ShellShock will not be like scanning for Heartbleed. Heartbleed scans could be completed by anyone with network access with high accuracy. With ShellShock, the highest form of accuracy to test for this is to perform a patch audit. IT auditing shops that don't have mature relationships with their IT administrators may not be able to audit for this".
Quite how serious Shellshock is only time will tell but we’ll leave the last word to Birmingham City University's Mike Jackson, "Literally millions of websites could be open to the exploitation of the Shellshock bug. The damage it could cause is as yet unknown. The only safe prediction is that given the number of computers which are at risk that it will be years before this vulnerability is completely eradicated".
Photo Credit: Ollyy/Shutterstock
According to an IDG survey commissioned by information management specialist CommVault, private cloud adoption can lead to better IT services, greater agility and reduced risk for businesses.
In order to help companies make the most of these advantages CommVault is introducing a Private Cloud Services Design product that means customers can build a service-centric approach for data management supporting the private cloud in approximately six weeks.
"The benefits and barriers to private cloud adoption are causing organizations to seek strategic data management approaches that can maximize the value of their data and technology assets," says Robert Kaloustian, vice president, worldwide technical services at CommVault. "CommVault's new Private Cloud Services Design offering addresses cost, time and risk -- the Achilles’ heel of private cloud implementation -- to speed the transition to cloud infrastructure and help improve agility, business alignment and service level transparency".
The new design services combines best practices with the experience of CommVault's consultants to help enterprises ensure their cloud deployments are successful. It aims to work closely with IT and business management to make certain that cloud strategy chimes with business requirements.
You can find out more about Private Cloud Services Design on CommVault's website and see the results of the survey into the benefits of private cloud services in infographic form below.
Although it seems that the Heartbleed bug wasn't exploited before its existence was disclosed, that doesn’t mean the security world can rest on its laurels.
The latest problem to be revealed is a bug in the commonly used Bash command interpreter that poses a critical risk to Linux and Unix systems. And since these form the backbone of the internet and are in many other systems as well it's a threat to the rest of us too.
The bug called Shellshock, discovered by Linux specialist Stephane Chazelas, is present in versions of Bash up to and including 4.3 and has potentially been there for many years. It poses a particular risk to Apache web servers. CGI scripts that use or invoke Bash are vulnerable to remote-code injection. This includes any child processes spawned by a script. OpenSSH and some DHCP clients are also affected on machines that use Bash.
Systems based on Debian -- including Ubuntu -- shouldn't be at risk since they use Dash. However, it's possible versions of Bash may be present so it's important that admins check which interpreters are installed and patch them if needed.
According to Darien Kindlund of security company FireEye, "It's worse than Heartbleed, in that it affects servers that help manage huge volumes of Internet traffic. Conservatively, the impact is anywhere from 20 to 50 percent of global servers supporting web pages".
A further problem is that Apple systems use Bash as the basis of their command line Terminal program. In addition Robert Graham of Errata Security warns that, "Internet-of-things devices like video cameras are especially vulnerable because a lot of their software is built from web-enabled bash scripts. Thus, not only are they less likely to be patched, they are more likely to expose the vulnerability to the outside world".
Graham also notes, "Unlike Heartbleed, which only affected a specific version of OpenSSL, this Bash bug has been around for a long, long time. That means there are lots of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won't be, is much larger than Heartbleed".
Linux distros have responded quickly and patches are already available for most major flavors. Apple had yet to respond at the time of writing but advice on testing for and responding to Shellshock is available at StackExchange.
Security company Secunia has released an advisory saying that the patch issued by GNU -- the open source project behind Bash -- is ineffective but GNU is expected to "release another patch today due to the criticality of this vulnerability".
Security researchers Bromium Labs suggests that, "... this likely won't be the last vulnerability found in Bash. Application developers should try to avoid invoking shells unless absolutely necessary, or use minimalist shells where required".
Image Credit: Zhukov / Shutterstock
Windows XP is still in use in a surprisingly high number of businesses. A recent survey suggests that more than half of organizations are still running it somewhere.
The survey was conducted by systems management specialist Adaptiva among more than 100 TechEd North America attendees showed that 53 percent still had some XP systems.
Based on the company's experience in helping large enterprises migrate from XP using Microsoft’s System Center Configuration Manager (SCCM), Adaptiva has come up with five tips to ensure successful migration.
"It is very difficult for a large organization to move off of Windows XP completely, especially one with many operating locations around the globe," says Deepak Kumar, Founder and CTO of Adaptiva. "IT departments can begin taking steps now to ensure a smoother migration, whether moving from Windows XP or from Windows 7 to 8. Our 5 Tips come from successful enterprise migrations where they have reduced costs, slashed migration times, and improved success rates".
The tips for ensuring smooth migration are:
1 Optimize task sequences in order to plan for debugging and troubleshooting. Make use of logical phases -- called groups in task sequences -- so others can more easily monitor for success/failure, perform troubleshooting, and remediate. Plan ahead for debugging by saving log files to a network share, otherwise there will be no way to perform root cause analysis in the event of failure during the pre-OS phase.
2 Ensure the health of SCCM clients. The success of each migration depends on a healthy Windows system with a properly functioning SCCM client. Administrators need to be sure all the clients are problem-free in advance of migration to avoid delays.
3 Make friends with the network team and make them a part of the planning process. A good working relationship with the networking team will reduce political obstacles and accelerate troubleshooting.
4 Use hardlinking when possible to reduce reliance on network transfers during migration. Backing up a system’s user settings and data (state) on the system being migrated reduces the chance of the network becoming a bottleneck. This is much simpler with unencrypted hard drives, but can work on encrypted drives in some situations.
5 Set accurate user expectations. SCCM asset intelligence can ensure that users don’t lose capabilities. If the migration would cause a user to lose a personal or otherwise non-business-critical application, then it’s important to communicate that even though the change has no impact to the business. It is common to leave off some data, such as a user's "My Pictures" directory and it's important to let the user know early what won't be transferred.
To find out how add-ons like Adaptiva OneSite can further help to cut migration times and for more information on XP migration generally you can visit the company's website.
Photo credit: JNT Visual/Shutterstock
By virtue of the fact that we carry them around most of the time, mobile phones often get damaged and the iPhone is no exception. Insurance company Protect Your Bubble has analyzed its customer data to reveal the most common ways in which iPhones suffer problems.
Cracked screens are, as you might expect, the most common type of damage on 41 percent. Water damage accounts for 24.4 percent, though unfortunately no details are given on how this occurs or the exact nature of the liquids involved. We'd guess toilets are a factor in quite a few and Protect Your Bubble says it has had calls about phones damaged in Ice Bucket Challenge related incidents. It seems a high number of people manage to completely destroy their phone by smashing it into pieces too with nine percent admitting to running over their phone with a heavy object.
When asked how damage occurred 26 percent say they simply dropped the phone, 13 percent say their child damaged it and an intriguing nine percent are too embarrassed to say what caused the damage.
The company has also looked at the states that suffer the most damaged phones. Californians it seems are the clumsiest, accounting for 16.67 percent of damaged phones with New Yorkers, Floridans and Texans vying for second slot all on between 10 and 11 percent. New Jersey makes up the top five on 9.98 percent.
You can view the most common fates of Apple devices in infographic form below.
Photo Credit: Ammit Jack/Shutterstock
Key to the sales process is communicating with customers and often that means sales people being away from the office. Mobile technology means that there's no excuse for being out of touch though.
CRM specialist Selligy is launching a set of tools that allow sales professionals to manage their deals and update their sales forecasts quickly and accurately from their smartphones. IT uses information from the phone including location and calendar details to deliver relevant information when it's needed.
The latest update also includes the launch of Selligy Opportunity Manager. This is a tool that allows salespeople to quickly do their own 'what-if' analysis when setting and updating their sales goals. Using Opportunity Manager, salespeople can adjust all of their sales forecast numbers, preview the totals, make adjustments, see the new totals and then -- when ready -- record all the changes with a single save. Selligy estimates that with this feature, salespeople can perform forecasting tasks roughly 90 percent faster as performing the same task in traditional CRM systems may require navigating 30 to 40 pages of information.
"CRM was born in the 1990s, when the introduction of the laptop gave salespeople computing power on the road for the first time. In the past 20 years, CRM has not really changed," says Nilay Patel, Selligy's co-founder and chief executive. "Now, mobile is paving the way for a new breed of activity-based, mobile CRM applications that are upending traditional CRM. Just like the first wave of selling applications, these new applications are giving enterprises dramatically more visibility into their sales pipeline".
In addition to the new features this release sees Selligy become available for Android for the first time. You can find more information and request a free demo on the Selligy website.
Photo Credit: Kimberly Hall / Shutterstock
Whilst smaller businesses are keeping pace with mobile adoption trends they don't always have the security knowledge needed to protect themselves.
This is among the findings of a survey by Kaspersky Lab which asked 3,900 IT professionals worldwide about the challenges encountered by their businesses over the last year.
The results show 34 percent of very small businesses (VSBs) adopting mobile technology in the past year, almost as many as enterprises at 35 percent. VSBs actually reported six percent more mobile integration than small businesses with 26 to 99 employees and two percent more than large businesses with between 1,500 and 5,000 employees.
Yet despite these adoption rates only 31 percent of VSBs listed securing mobile devices as one of their top three priorities for the next year. Plus only 28 percent thought that BYOD brought increased security risks to their business as compared to 52 percent of large businesses.
Evan Munno, Manager of North America Public Sector Sales at Kaspersky Lab says, "Is it possible that VSBs are overlooking employee-owned mobile devices as a security risk? This seems like a particularly troubling possibility, given that VSBs and their limited budgets are most likely to view employee-owned devices as a cost-savings measure and gladly welcome these devices onto their networks. Common threats from employee-owned mobile devices include malware or rogue applications connecting to the company’s network via the employee's device, or company data disappearing along with a lost or stolen employee device".
To achieve mobile security on a limited budget, Kaspersky recommends that employees need to be educated to develop a security mindset and that basic anti-theft technology be used so that data can be wiped from lost or stolen devices. It also suggests that small businesses should keep things simple to avoid implementing complex security systems.
The full report is available on Kaspersky's website as is more information about the company's Small Office Security product.
Photo Credits: Slavoljub Pantelic/Shutterstock
We all know that the majority of our technology gadgets are produced in China, but the supply and manufacturing process isn't quite as simple as it might appear.
Apple more than most is a master at using the supply chain to its advantage, sourcing suppliers that can turn out parts in the most cost effective way whilst still adhering to the company's quality requirements.
The team at review website Comparecamp.com has been tracking Apple's supply chain to discover where it's made and how this affects the wider industry.
It estimates that an iPhone would cost $4 more if it was built in the US, but crucially for Apple it would also mean the company had to pay a lot more tax on its profits -- 35 percent as opposed to two percent. That's not to say the US isn't important to the business, however, with all of the design work still carried out there. Apple also supports over a quarter of a million US supply chain jobs.
In addition the findings reveal how Apple contracts have enabled its suppliers to invest in their own businesses. Foxconn, Apple's biggest supplier, for example has invested heavily in robotics to help it meet its production quotas.
Other emerging economies are getting in on the act too with iPhones now being assembled in Brazil. There are Apple suppliers in more than 30 countries around the world.
You can find out more with a full summary of Comparecamp's findings in infographic form below.
Brought to you by: [comparecamp.com] Author: Alex
Image Credit: Jozsef Bagota/Shutterstock
Performance is vitally important in ecommerce applications as customers won't wait around for a slow site to respond, they'll simply surf away and shop elsewhere.
This need for performance is as much about the back office systems handling inventory and orders as it is about the site itself. Cloud database specialist Clustrix is announcing the latest version of its ClustrixDB, purpose-built and optimized for fast growing ecommerce sites.
ClustrixDB aims to ensure zero downtime and latency along with continuous support for ecommerce transactions, with automated fault-tolerance even during hardware outages or upgrades to the database. It's flexible so it can cope with changes in capacity, customer numbers and the size of the product catalog.
The latest version is compatible with MySQL for easier reporting and offers performance enhancements for Magneto-based ecommerce setups. Distributed processing helps eliminate bottlenecks and ensures that the system can handle tens of thousands of users along with real-time catalog updates and live performance reporting.
Data is automatically rebalanced for maximum efficiency without harming the user experience. In addition it gets redistributed in the event that a single server goes offline in order to keep the system running.
"It's that time of year again -- the time when everyone starts speculating about how many sites will crash on Cyber Monday," says Mike Azevedo, CEO of Clustrix. "Many companies using MySQL are unprepared to handle website traffic spikes and don't realize they're at risk year round, not just during the holiday shopping season. Without a scale-out database to support peaks, your biggest sales day could become your last".
For more information on this latest release you can visit the Clustrix website.
Photo Credit: Nonnakrit/Shutterstock
All sizes of organization increasingly expect their employees to deliver against measurable objectives and part of the key to achieving this lies in providing accurate data.
With the launch of its Decision Insight product, data flow specialist Axway aims to supply the numbers needed for productivity by offering insight and intelligence into real time and historical information.
Axway acquired Systar in June 2014 to combine its expertise in operational intelligence and real-time viewability into data flows with Axway's leading data governance solutions. The result is Axway Decision Insight, previously known as Systar Tornado.
"Without visibility into day-to-day operations, businesses cannot proactively manage operations and are exposed to greater risk," says Dean Hidalgo, executive vice president, global marketing at Axway. "With Axway Decision Insight, business users can take advantage of both real-time and historical data to proactively achieve operational objectives and support broader organisation-wide goals".
Key features include personalized information available via a single user interface which can be customised to the needs of each employee. A code-free platform means non-technical business users are able to configure and create applications to quickly respond to changes. In addition a rapid configuration process replaces typical lengthy redesign and redevelopment cycles, letting business users configure new versions of dashboards in hours. Time-based analytics allow businesses to uncover warning signs based on past data patterns.
The software can be accessed via a web browser making for fast installation with no need for specialist client applications and allowing businesses to be up and running quickly.
Axway decision Insight is available from today and you can find more information on the company's website.
Photo Credit: Adchariyaphoto/Shutterstock
Driving sales and increasing the reach of their brand is seen as key to the marketing success of companies, and many are turning to social media to pursue their strategy.
New survey data from marketing software platform Offerpop shows that brands are increasing their investment in social media and focusing on using it to drive sales in the run up to the holiday season.
In contrast to the days when social media strategy was all about getting more fans, companies now see it as a serious part of their sales effort. Compared to last year, 67 percent of companies plan to spend more on social media in the 2014 holiday season. Facebook is the main beneficiary here, with 92 percent of respondents saying that they plan to spend the majority of their marketing budget on the platform.
As far as future trends go, 73 percent of marketers polled identified Instagram as the breakout social network of 2014 for brands, with Vine and Snapchat making up the remaining 27 percent. There's still wariness about untried networks though, with 48 percent having no plans to invest on emerging platforms like Snapchat.
"Offerpop's survey data shows that social marketing is maturing rapidly, with a new focus on driving commerce and increasing investment in proven revenue channels like Facebook", says Kevin Bobowski, vice president of marketing for Offerpop. "This holiday season, we'll see marketers testing Facebook and Twitter's new commerce capabilities and leveraging Instagram for holiday campaigns".
The full report is available for subscribers to Offerpop's free Holiday Marketing 365 content program. There's a summary of the findings in infographic form below.
Image Credit: Sarawut Aiemsinsuk / Shutterstock
Many businesses rely on CRM tools to store sales data, but the increased use of mobile devices has led to new demands for information to be available anywhere at any time.
Now Base which describes itself as an intelligent sales productivity platform, has added a range of new features to boost team productivity and make data available in real time.
"Base picks up where other CRMs have left off," says Uzi Shmilovici, CEO of Base. "Until now, legacy cloud Sales and CRM products like Salesforce have been accepted as 'the norm' by the enterprise market. However, recent advancements in big data, mobility and real-time computing reveal a need for a new generation of intelligent sales software that offers flexibility, visibility, and real-time functionality. If you're using outdated technology that cannot adapt to the advanced needs of modern day sales teams, your competition will crush you".
Base is designed for sales staff to use whether they're operating from their desktops, mobile devices or tablets. Its embedded communication tools automatically aggregate email, phone calls and appointments into a single contextual view that gives the user an immediate overview of all conversations, updates and history. Base therefore eliminates the tedious task of manually entering data into a CRM system as it captures relevant details automatically. This allows sales staff to concentrate on closing deals.
New features include real-time notifications allowing action to be taken at the appropriate time, scheduling of meetings and tracking of past meeting with clients. It also offers managers a rep performance dashboard that brings together staff performance indicators in one view.
In addition it uses stage duration analysis to measure how fast deals move through the pipeline and by employing sophisticated analysis can predict the likelihood of winning a deal based on its state of progress.
You can find out more about the product and sign up for a free trial on the Base website.
Photo Credit: Kimberly Hall / Shutterstock
Although mobile devices are becoming essential in many workplaces security budgets are failing to reflect the growing numbers of devices that need protection.
This is among the findings of a new report by electronics and systems specialist Raytheon. According to the research around one-third of employees use mobile devices exclusively to do their work and this is expected to increase to an average of 47 percent of employees in the next year.
Despite this anticipated growth, 64 percent of those surveyed claim they don't currently or expect to have sufficient budget to mitigate or curtail mobile device cyber security threats. A majority of respondents, 52 percent, say that security practices on mobile devices have been sacrificed in order to improve employee productivity. In addition 60 percent believe employees have become less diligent in practicing good mobile security.
Of the 618 IT and IT security professionals surveyed 75 percent say it's important to secure employees' mobile devices but only 50 percent are happy with their current solution. A virtualized approach is popular with 57 percent of respondents. The methods most often used are mobile device management and secure containers.
"This survey points to the fact that there is a struggle to find the right balance between the cyber security needs of an organization and the efficiencies demanded by employees to do their jobs," says Ashok Sankar, senior director of product management and strategy at Raytheon Cyber Products. "Mobile devices are becoming a dominant workplace tool, and organizations must adopt a mobile strategy with data security technologies that enable employees to work effectively without putting sensitive information at risk".
Despite the risks, allowing BYOD is seen as important for productivity. 48 percent of respondents say the biggest incentive for BYOD is ensuring employees are always connected. Interestingly 67 percent prefer to use a web-based approach to delivering services on mobile rather than develop native apps.
The full report is available via the Raytheon website and you can view a summary of the findings in infographic form below.
Image Credit: Anan Chincho / Shutterstock
As we all carry out more of our day-to-day transactions online and access the internet through a wider range of devices, we're opening ourselves up to greater potential risk.
Add in the constant battle of security providers to stay ahead of hackers and malware writers and it's easy to doubt if you can ever stay truly safe online. Joe Siegrist CEO of password management specialist LastPass thinks that although it's not 100 percent possible to hack-proof yourself, you can significantly reduce your risk, we spoke to him to find out how.
BN: What do you think is the greatest threat facing people online?
JS: The greatest online threat to consumers is identity theft and exposure of sensitive data caused by password reuse, as well as unnecessary data collection. You would never use the same key for all your locks, so why do consumers use the same password for all of their online logins?
BN: Do we rely too heavily on security products to protect ourselves and, perhaps, suspend our common sense as a result?
JS: At times, yes. The security of most companies relies heavily on knowing what your high school mascot is. That isn't security at all. Not practising client side encryption and giving companies the keys to encrypt your data places all trust in these companies to do the right thing -- which, unfortunately, they don't usually do. LastPass doesn't have your encryption key -- we have a zero-knowledge approach to our product.
BN: We all have to remember lots of passwords for our everyday lives. Isn’t it reasonable to reuse the same one for less important sites?
JS: No! Invariably you will use it on sites that expose large amounts of data about you. For example, sites like Amazon or Yahoo would expose your name, address, credit card, etc to the company. Using a tiered approach to password management and using easy passwords will always fail and expose your data. Studies have proven that our human-generated password "tricks" and "systems" are not nearly strong enough.
BN: What should you check before handing over your payment details to a website?
JS: Make sure this is a company you've heard of before and have dealt with in the real world. And make sure the URL is an 'https://' secured connection.
BN: Does using mobile devices like smartphones and tablets to access the web present greater levels of risk and what can you do to guard against it?
JS: It's actually quite the opposite. Phones are more likely to be locked down in sand-boxed environments.
BN: What would you say to a complete newcomer starting to use the internet for the first time?
JS: Make sure you start with well known, reputable sites. Don't download anything you're unsure of. Keep your browser and anti-spyware program up to date. Learn about the various scams and ways people can trick you into giving away your passwords like running security scans that install malware. Until you understand fully how people can take advantage of your online data, stay on the beaten path and use a password manager. Passwords you don't know can't be phished.
BN: Are we kidding ourselves if we think we can ever be truly secure online?
JS: Without client-side encryption, we can never be sure if we're secure online. If there are ways for companies to access your data, you can never be sure that they aren't revealing it to someone else.
Image Credit: Gunnar Pippel/Shutterstock
Not so very long ago virtual reality was the stuff of science fiction but it's increasingly emerging into the real world.
A new infographic produced by collaboration specialist PGi explores the current state of virtual reality and the possibility that it will soon be appearing in the world of work.
Key findings include that the virtual reality market is expected to grow into a $407 million industry with around 25 million users by 2018. Many of the major tech companies including Facebook, Apple and Google are investing billions of dollars into developing and releasing virtual communications, virtual reality and augmented reality. For example Facebook recently acquired Oculus VR for $2 billion.
Virtual reality has the ability to improve the workplace by providing the possibility of upgraded training techniques with fewer distractions and enhanced efficiency through virtualization of data. Technologies like 3D displays will allow for more immersive business collaboration, letting companies create virtual 3D conference rooms.
You can see more detail in the infographic below or on PGi's blog.
Image Credit: Nejron Photo / Shutterstock
By allowing companies to track and manage customer interactions, CRM (customer relationship management) systems are key to the success of sales and marketing teams. There are a lot of alternative systems to choose from though which can present a problem when it comes to picking the best option for the needs of a particular enterprise.
In order to help with this business software user review site G2 Crowd has produced its regular Grid report ranking 27 different CRM systems.
The report is based on more than 1,700 reviews and ratings from business professionals, including 500 new reviews since the last report in January. The Grid, G2 Crowd's software recommendation engine, factors in customer satisfaction as reported by users and vendor market presence determined from social and public data to rank products.
The top products are rated as Leaders or High Performers. To qualify as a Leader, a product must receive a high customer satisfaction score and have substantial market presence. Salesforce and Microsoft Dynamics CRM were named Leaders, with 13 additional vendors named High Performers.
Of the High Performers Nimble and Workbooks.com were tied with the highest customer satisfaction scores. Across all products reviewers reported the CRM software they use meets their requirements at an average rate of 82 percent, and on average reviewers said they were 81 percent likely to recommend their product.
The Grid is reproduced below and you can find out more, access the full report and read individual reviews of each product on the G2 Crowd site.
Photo Credit: Mikko Lemola / Shutterstock
Love it or hate it, you can't deny that Apple is a phenomenally successful company. But how has it managed to achieve this from a business that started in a garage?
Mostly it hasn’t been by innovation but by taking technology that already existed and turning it into the devices that people want to buy. Apple, more than any other company, has succeeded in making technology cool and desirable.
From the earliest Apple I to the latest iPhones and iPads, Apple has made gadgets accessible, even to people who don't really care about the underlying technology.
If you want to read more about how it did this and take a look at the milestone products that have made Apple the company it is today you can download my book, Game Changers: Apple's Breakthrough Moments free from the Kindle store today as part of a promotion for International Read an eBook Day.
If you’re shopping from the UK use this link.
Remember when floppy disks really were floppy? Or the joys of loading programs on a home computer from a C15 cassette? In just over 40 years storage technology has gone from these crude devices to cloud servers that put terrabytes of space in reach of anyone.
But where does the future lie? Hardware supplier Ebuyer has produced an infographic looking at the direction storage may take in the future.
Highlights include "Datastickies", a flash drive alternative that stores information on a thin sheet like a Post-it note that can be read by sticking it to a monitor equipped with a special surface. The sheets are made of Graphene, a revolutionary material that's made up of carbon atoms in a honeycomb lattice.
Other techniques to pack more data into smaller devices include sealing helium gas inside drives. This reduces friction and produces a drive that runs cooler and faster as well as using less power. Shingled Magnetic Recording (SMR) writes disk tracks closer together and overlaps them allowing more data in the same space. Seagate claims this could result in a 20TB drive by 2020.
Further down the track are technologies like liquid state storage where the metal inside a drive is kept in liquid form. There's also heat-assisted magnetic recording (HAMR) where a laser heats the disk to change its magnetic state, allowing more data to be stored per square inch.
Holographic storage is another technology with potential for the future, storing data in three dimensions using the full depth of the medium. Storing data in DNA is another possibility and has the potential to ensure information lasts forever.
And finally let's not forget our old friend the cassette. Sony has developed a new technology that can store 148GB per square inch of tape, potentially allowing a single cassette to store 185TB of data.
You can see more details of where storage has come from and where it's headed in the infographic below.
Image Credit: kavee29 / Shutterstock
Key to the sales process is communicating with customers and often that means sales people being away from the office. Mobile technology means that today there's no excuse for being out of touch with the data they need though.
CRM specialist Selligy is launching a set of tools that allow sales professionals to manage their deals and update their sales forecasts quickly and accurately from their smartphones. IT uses information from the phone including location and calendar details to deliver relevant information when it’s needed.
The latest update also includes the launch of Selligy Opportunity Manager. This is a tool that allows salespeople to quickly do their own "what-if" analysis when setting and updating their sales goals. Using Opportunity Manager, salespeople can adjust all of their sales forecast numbers, preview the totals, make adjustments, see the new totals and then -- when they're ready -- record all the changes with a single save. Selligy estimates that with this feature, salespeople can perform forecasting tasks roughly 90 percent faster as performing the same task in traditional CRM systems may require navigating 30 to 40 pages of information.
"CRM was born in the 1990s, when the introduction of the laptop gave salespeople
computing power on the road for the first time. In the past 20 years, CRM has not really changed," says Nilay Patel, Selligy’s co-founder and chief executive. "Now, mobile is paving the way for a new breed of activity-based, mobile CRM applications that are upending traditional CRM. Just like the first wave of selling applications, these new applications are giving enterprises dramatically more visibility into their sales pipeline".
In addition to the new features this release sees Selligy become available for Android for the first time. You can find more information and request a free demo on the Selligy website.
Image Credit: EDHAR / Shutterstock
We all say that we want privacy and security online, yet we indulge in potentially risky behaviors that put this in jeopardy according to a recent study commissioned by Trend Micro and released to coincide with the launch of its Internet Security 2015 product.
Activity like browsing suspect websites and allowing apps to access public information from their social media profiles puts people’s privacy at risk. Also 67 percent of people let their browser save passwords for websites. Trend Micro says saving passwords leaves them susceptible to being hacked, especially in light of recent retail security breaches.
Further findings are that 40 percent of mobile users don’t use a password to protect their devices, 28 percent of respondents allow mobile apps to access their social media profiles and 10 percent of mobile users believe they have downloaded a malicious app to their device.
The survey also finds that people continue to indulge in online behaviors that increase the risk of damaged reputation or identity theft. Some 74 percent of Internet users indicate they are concerned about sharing personal data via social media. 60 percent of social network users have removed a post from social media for fear of consequences in their personal life. 40 percent say they share the results of their game playing on social networks and 11 percent are "friends" with their boss online.
"Trend Micro Security 2015 provides protection against threats and privacy concerns regardless of the device or operating system," says Akihiko Omikawa, general manager of global consumer business at Trend Micro. "The solution protects users' personal information from being compromised by cyber criminals while maintaining privacy and protection of online activity. A simple step to protecting our digital lives begins with being mindful of the hazards to privacy and personal data the Internet presents. Each of us is a potential target for cyber criminals, but Trend Micro Security 2015 protects individuals anytime, anywhere, on any device, acting as a great deterrent".
To help combat risky behaviors the new product includes a secure password manager to save online passwords in an encrypted form. It also has a social network Privacy Scanner to scan LinkedIn, as well as Facebook, Twitter and Google+. This gives users technology to help them maintain privacy, security and positive online reputations.
"Managing privacy and security in this connected world is something that is often overlooked as we walk through life with our smartphones and laptops. To ease the concerns of Internet users regarding privacy and oversharing, Trend Micro Security 2015 enables users to maintain online privacy from strangers and cyber criminals while protecting their data," says Omikawa.
You can find more about Trend Micro Internet Security 2015 and download a free trial from the company's website.
Image Credit: iQoncept/Shutterstock
Monitoring of IT systems is only effective if you're able to interpret the data you collect and act on it in a timely manner. This is especially true when it comes to resolving incidents.
Operations performance management company PagerDuty is launching new advanced analytics tools to provide IT teams with insights into team and system performance. Using operational metrics like incident frequency and time taken to respond and resolve, companies can now drive even faster incident resolution. At the same time it gives managers the opportunity to understand and improve the key factors that drive uptime.
"Responders make real-time decisions throughout the lifecycle of an incident, but little of that institutional knowledge is saved to make systematic improvements. Advanced Analytics gives responders and managers the tools they need to identify, analyze and share trends about their resolution times and incident load," says PagerDuty Product Manager David Shackelford. "After gathering feedback from many top-performing Operations teams, we designed a set of highly flexible dashboards to expose these insights. Since technical reliability and scalability are incredibly important for us, we invested heavily in the infrastructure for Advanced Analytics, building a fully decoupled service that’s fast, highly reliable, and doesn't put our existing application at risk. We're excited to help our customers make smarter, data-backed decisions about their operations".
Advanced Analytics allows companies to see trends and peaks in response and resolution times, compare incident trends by team and monitoring service and drill down to individual incidents to see what drives spikes.
It achieves this with a service-oriented architecture that offers reliable reporting, separates analytics load from production load, and supports future reporting enhancements. Metrics can be stored to allow efficient queries and are continually recalculated to take account of production changes. All of which saves time spent on manual analysis.
You can find more information and sign up to try PagerDuty for free on the company's website.
Image Credit: Nata-Lia / Shutterstock
In the event of a major problem, whether it's a cyber attack, political unrest or a natural disaster, getting critical information to the right people in a timely manner is crucial.
To address this, Dell Software has formed a partnership with enterprise risk visualization software company, IDV Solutions to integrate Dell's AlertFind enterprise notification solution with IDV's Visual Command Center. The combined product will give companies the ability to monitor and respond to security threats by enabling communication with affected employees when a risk occurs (via email, text, voice, pager or fax) and track real-time status of message recipients to know who has responded and who may require assistance.
The IDV Visual Command Center offers businesses a single, integrated picture of their asset locations and risk events that may threaten them. This information is combined with things like floor plans, security systems and details of internal procedures to provide a single resource when disaster strikes.
Dell's AlertFind is a cloud-based service that provides communication with employees in the event of an emergency. It's scalable to meet the needs of large organizations and can deliver communication via a variety of routes with the ability to track responses. Features include automated escalation, text to speech conversion and conference call bridging.
Jonathan Wolf, director, product management at Dell Software says, "Dell is committed to helping organizations maintain business continuity during emergencies, even when communications infrastructure may be impacted. Integration with a risk monitoring platform is a natural extension of the value Dell AlertFind brings to the entire risk management process. We’re excited about the Dell AlertFind and IDV Solutions Visual Command Center integration. Not only do we use this integrated solution internally at Dell, but many of our customers -- particularly Global 500 organizations -- use or are evaluating Visual Command Center".
You can download a PDF with more details of the integrated solution from the Dell website.
The PaaSLane tool for assessing the cloud-readiness of applications has been available for two years and has helped many organizations transition their software smoothly. It's able to detect outdated architecture, weak security, platform issues and more.
Now Cloud Technology Partners has brought out a new release to allow Java and .Net developers to assess and optimize their source code for the cloud more quickly and efficiently.
PaaSLane 2.5 adds security by profiling locally with no need to upload source code to the cloud. It adds support for the Google cloud platform including the App Engine and Compute Engine. There’s enhanced .Net profiling too with more than 50 new rules for modernizing applications.
Rule management is improved overall too with easier to manage custom rule sets and report templates. The new version also includes over 100 new rules for modernization and cloud readiness across multiple categories.
The software can target specific platforms such as Amazon Web Services (AWS) or Google, and produce enhanced recommendations specifically for that platform. This allows it to be used as a "what if" tool to help decide which platform is the best fit for enterprises planning a new cloud strategy.
"Developing modern cloud applications without PaaSLane is complex and error-prone," says Ben Grubin, Director of Product Management for PaaSLane. "With PaaSLane, application developers and engineering leaders get deep visibility into the architectural improvements that are necessary before ever starting a project, as well as guidance on exactly how and why to make specific code changes. Having PaaSLane in your software development process means avoiding the pain of outdated, expensive to maintain, and inflexible applications in the future".
Two versions are available, PaaSLane Assess, which offers a one-time application assessment, and PaaSLane Optimize, an annual subscription service designed to integrate with software development life cycles.
The latest PaaSLane is available now, with prices starting at $500 per application. You can also request a free trial account via the company's website.
Photo Credit: everything possible / Shutterstock
The firewall is usually the first line of defense for any network, but most offerings are focused on access policy and application control which makes it hard for them to respond to zero-day and more advanced attacks.
Now networking company Cisco is launching what it calls the first threat-focused Next-Generation Firewall (NGFW). Cisco ASA with FirePOWER Services provides the contextual awareness and dynamic controls needed to automatically assess threats, correlate intelligence, and optimize defenses in order to protect networks.
The new product integrates the proven Cisco ASA 5500 series firewall with application control, and the industry-leading Next-Generation Intrusion Prevention Systems (NGIPS) along with Advanced Malware Protection (AMP) from Sourcefire.
It offers greater visibility thanks to enterprise-class management which provides users with dashboards and reports into which they can drill down for details of discovered hosts, applications, threats, and indicators of compromise.
Protection against known and unknown threats is offered thanks to big data analytics, continuous analysis and Cisco Collective Security Intelligence (CSI) working together to provide detection, blocking, tracking, analysis, and remediation.
Being platform based it can combine firewall and application control with intrusion prevention and breach detection on a single device. This means it simplifies an organization's security architecture and reduces its network footprint with fewer security devices to manage and deploy and needing no extra license subscriptions to extend functionality.
"In today's climate of industrialized hacking and sophisticated cybercrime gangs, we've entered an era in which legacy NGFW solutions are not enough to thwart attackers," says Christopher Young, senior vice president, security business group at Cisco. "Now more than ever, organizations need to be able to implement dynamic controls to manage the pace of change of their environments and address security incidents. Cisco ASA with FirePOWER Services is a major step forward for the NGFW market, empowering customers to deepen their protection from the data center, through the network, to the endpoint with the agility to identify, understand, and stop advanced threats in real-time and retrospectively."
New Cisco ASA units can be bought with a bundled FirePOWER license or existing customers can add FirePOWER to their current ASA 5500-X and 5585-X series firewalls. More information is available on the Cisco site.
For organizations that deal with large quantities of data, the NoSQL database is a popular choice. However, it can present problems for traditional database programmers.
For this reason developers are always on the look out for ways to build applications more easily and unlock the potential of unstructured data. With the release of its latest Riak Enterprise 2.0, NoSQL specialist Basho is addressing these needs.
The new version improves performance with a complete redesign of Riak Search, integrated with Apache Solr. The release also includes support for new distributed data types, enhanced configuration management and user security to enable faster development and simplified configuration. This new NoSQL database functionality provides enterprise application developers with enhanced usability and scalability for faster development of highly available, globally scalable applications.
"Our goal is to provide the most advanced NoSQL database system available that is innovative and constantly evolving," says Dave McCrory, CTO of Basho. "Riak is the only data platform supporting key value store, object storage and search. Riak 2.0 solves the usability issues that have slowed NoSQL developers for years. We have tightly integrated Solr, the popular high performance full text search platform and developed new data types that automatically address conflicts".
Among the new features in Riak Enterprise 2.0 are support for additional data types, plus updated searching enabling better integration with other software through client query APIs. Security is improved too with authorization and authentication now available to manage users and groups.
Configuration management is also simplified with information stored in an easy to parse transparent format. Tiered storage is available too so files can be optimized for low latency of the most accessed data.
Riak Enterprise 2.0 is available now, the technical documentation can be accessed on the Basho website and you can also request a trial license.
Image Credit: wavebreakmedia / Shutterstock
Despite the number of high profile attacks in recent months, many organizations are still lacking confidence in their ability to prevent a cyber attack or data breach.
These are the findings of a new survey from risk consultancy firm Protiviti which also shows that companies aren't properly preparing for crises and often don’t have adequate core data policies.
"Our survey results tell a story of gaps between where companies currently stand and where they should be in relation to fundamental elements of IT security. Some progress has been made since our last survey, yet many organizations still fall short of important standard protocols for IT security and privacy," says Ryan Rubin, managing director with Protiviti and UK leader of the firm's IT security and privacy practice. "Companies need to take more action in relation to the risks they recognize to better protect their crucial data".
The survey uncovers five main themes which indicate that companies need to improve their data policies. First is a lack of confidence in their ability to prevent attacks. Despite executive management having a higher awareness of the possibility of attack, the creativity of attackers leads to lower confidence among IT staff.
Secondly companies are not preparing for crises. The survey finds a year-on-year jump in the number of organizations without a formal and documented crisis response plan to execute in the event of a data breach or cyber attack.
Third, board-level engagement leads to better preparation. Organizations whose boards are concerned with how the organization is addressing its risks, have significantly stronger IT security profiles. However, the survey finds that one in five boards have low engagement.
Lack of policy is the fourth key theme. One in three companies doesn't have a written information security policy and over 40 percent lack a data encryption policy. One in four don't have acceptable use or record retention/destruction policies. These represent critical gaps in data governance and management, and they can carry major legal implications.
The final theme is inequality of data. The percentage of organizations that retain all data and records has more than doubled but this isn't necessarily a positive development. The report finds a relatively large number of organizations which don't prioritize data that is processed and governed in a specific way. Even fewer companies appear to prioritize data that is highly regulated such as payment and healthcare-related information.
There are some positive findings, principally that enterprises are becoming more aware of their data lifecycle -- how and where data is stored. Also CIOs are more likely to take primary responsibility for security than in recent years.
The full report is available on the Protiviti website and the results will be discussed in a webinar on September 30th. You'll also find a summary of the findings in infographic form below.
Photo Credit: Alexander Kirch/Shutterstock
New research by analysts at Gartner shows that more than 75 percent of mobile apps are set to fail basic security tests by 2015.
This is a particular worry for enterprises as employees may download software from app stores. These apps offer minimal or no security assurances but are able to access sensitive business data and violate company security policy.
"Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance," says Dionisio Zumerle, principal research analyst at Gartner. "Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security".
Existing security vendors will need to modify their approach and their products in order to adapt to these new threats. As well as testing the client layer -- the app on the mobile itself -- there's also a need to look at the server layer. Code and user interfaces of server side applications need to be tested to ensure that data isn't leaked.
"Today, more than 90 percent of enterprises use third-party commercial applications for their mobile BYOD strategies, and this is where current major application security testing efforts should be applied," says Zumerle. "App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully passed security tests conducted by specialized application security testing vendors".
Looking further ahead to 2017, Gartner predicts that the focus of security breaches will have shifted to tablets and smartphones. Already it says there are three attacks on mobile devices for every one on a desktop.
It also expects that by 2017 misconfiguration of apps rather than actual attacks will account for 75 percent of mobile breaches. Gartner recommends that enterprises focus on data protection on mobile devices by employing usable and efficient solutions like application containment.
The outlook for mobile security will be discussed at a Gartner Security & Risk Management Summit taking place September 15-16 in Dubai.
Photo Credit: lucadp/Shutterstock
The internet of things opens up a vast range of new opportunities for individuals and businesses. But as we saw yesterday with expert predictions on the impact of the Apple Watch it also brings additional risks.
Analysts at Gartner are predicting that by 2017 more than 20 percent of businesses will have security devices aimed at protecting services and devices in the internet of things.
"The power of an Internet of Things device to change the state of environments and of itself will cause chief information security officers (CISOs) to redefine the scope of their security efforts beyond present responsibilities," says Earl Perkins, research vice president at Gartner. "IoT security needs will be driven by specific business use cases that are resistant to categorization, compelling CISOs to prioritize initial implementations of IoT scenarios by tactical risk. The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security".
On Gartner's predictions the number of "things" -- which doesn’t include PCs, tablets, smarthones, etc -- will be around 26 billion by 2020. This is forecast to create a $309 billion opportunity for suppliers delivering IoT products and services.
"In an IoT world, information is the 'fuel' that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes", says Perkins.
Securing the IoT then brings new challenges in terms of the type and scale of technologies involved. As Perkins points out there is no, "guide to securing IoT" to provide CISOs with a framework. Even the definition of an IoT device is still open to interpretation.
Perkins concludes, "Gartner advises security leaders against over thinking IoT security by attempting to draft a grand strategy that encompasses all IoT security needs to this point in time. Instead, they should lower the residual risk of the IoT by assessing whether the particular business use case provides better control and performance. Lessons from these initial use cases will serve as building blocks for a broader strategy for addressing the security of the IoT".
Security solutions for the IoT will be discussed further at the Gartner Security & Risk Management Summit next week in Dubai.
Image Credit: PlusONE / Shutterstock
Four major factors will bring about dramatic change in the data center market by the end of 2016, according to a new report released by Gartner.
The factors are: highly disruptive competition, big cloud provider dominance, economic warfare, and nationalism. All of these will occur with different intensities over different time frames but will have a significant impact on the market.
"There are four market disruptions in play in the DC infrastructure market," says Joe Skorupa, vice president and distinguished analyst at Gartner. "Elements of them are already in play, and will become visible no later than early 2016; however, radical action by just one significant player could accelerate the market disruption of any of the factors".
Outlining the likely impact of each factor Gartner says that there are a number of potentially disruptive technologies that can spark changes to the business model. Things like software-defined networking (SDN) and software-defined storage, network function virtualization; extreme low-energy processors have the potential to release latent demand for improvements.
The dominance of big cloud providers like Amazon, Google, IBM and Microsoft is likely to see a shift away from traditional managed service providers as they find it harder to compete. This may well have a strong influence on the price of data center architecture.
Economic warfare may create an increasing east versus west divide. Gartner predicts that China, thanks to deep resources, increasingly respected brands and strong original design manufacturers, will improve its share of the data center market at the expense of western companies.
Finally nationalism, driven by the "Snowden effect" is likely to see a shift to locally developed and based providers as buyers lose trust in the ability of big players to protect their data.
Although the data center market looks set to grow it can't be assumed that existing predictions will hold true. Skorupa says, "Underneath this calm surface, increasing market pressures are driving a change in vendor behaviors, which, along with the four disruptive factors, make the market ripe for a period of major disruption. These behaviors will become more obvious as the pace of change increases".
Gartner will be hosting a webinar focusing on the data center market on October 14 as well as hosting summits in London in November and Las Vegas in December.
Photo Credit: dotshock/Shutterstock
The adoption of wearable technology is on the verge of becoming mainstream and that process can only be accelerated by the release of the Apple Watch.
A recent study by Acquity, part of the Accenture consulting group, shows that wearable fitness devices are already taking off. By the end of 2015 they’re expected to reach 22 percent adoption and 43 percent within five years.
Smart watches are set to be the second most popular according to the same study, with five percent of consumers planning to purchase in the next year for a total of eight percent adoption by the end of 2015, and 25 percent planning to own one in the next five years.
Most experts believe the launch of the Apple Watch will generate new momentum in the wearables market but that brings with it some additional hazards. Antoine Rizk, VP of Global Go-To-Market Programs at API management specialists Axway says, "As developers rush to meet the demands of the Apple Watch, we will see a proliferation in new apps, creating a new wave of data flow to information back-offices, and an influx of security challenges for businesses to manage".
In an increasingly connected environment it’s important that new services are brought to the market quickly but also remain secure. Rizk says that APIs are key to this. "Apple Watch apps will be calling on APIs that must be delivered in real-time and able to communicate instantaneously; our smart watches will be linked up to our smart cars, and data on location and battery level has to be communicated in real-time. To achieve the agility and instant communication required, API gateways will be a fundamental cog in the infrastructure".
The adoption of NFC and the ability to use the watch to make payments makes an interesting target for hackers and we may see the rise of the "digital pickpocket". Ken Westin, security analyst at Tripwire expects the Apple Watch to become a prime target. "In the same way the original iPhone became an immediate target for hackers, so too will any new device Apple releases. There will be a race to hack the Apple Watch. The device connects to iPhones and other iDevices, so that connection may be a potential attack vector. Even though Apple's security team will have vetted the product, whenever a new product is available to security researchers and hackers alike, weaknesses are discovered".
Westin points out that recent issues surrounding iCloud mean that security will be in people’s minds where the Apple watch is concerned. "How this device collects and stores data and how access is secured are key questions Apple needs to address to help allay consumer fears".
New technology always brings new problems and it will be interesting to see how the Apple Phone survives contact with the real world. Watch this space...
In a fast-changing world there's demand for new applications to be delivered quickly and traditional development processes often can't keep pace.
Seattle-based startup Shippable has announced a new version of its platform that helps developers to innovate and deliver more quickly using open source Docker containers. Docker -- in case you didn't know -- isolates resources of the Linux kernel to allow independent software containers to run on one Linux platform without the need to launch virtual machines. Docker containers can be run on any Linux machine whether on site or in the cloud.
"Container-based development is becoming essential for DevOps teams because it enables application development to move more quickly and efficiently," says Al Hilwa, program director, application development software at IDC. "Enterprises adopting agile practices and seeking options for continuous development and delivery will find that workflow containerization solutions like Shippable will ultimately lead to better software quality".
Shippable creates containerized, instant development and test labs which can help reduce an organization's cloud footprint by more than 50 percent. Each developer's code change is tested on a personal, dedicated environment that starts up in seconds and accurately replicates production topology.
This approach helps detect errors quickly and reduces reliance on weekly 'test passes' to find topology related issues. This improves developer efficiency by reducing the amount of time taken to rework code and fix bugs as a result. Developers will avoid the frustration and extra time spent fixing bugs that only occur on other systems.
"Docker is disrupting the virtualization space and enterprises are fast recognizing the value of containerizing their workflows. We believe that the first wave of adoption will be in dev and test workflows, and Shippable is focused on helping enterprises make that transformation," says Avi Cavale, co-founder and CEO of Shippable. "However, customers can use Shippable even if they have no plans to adopt containers into their workflow since Shippable is fully compatible with hypervisors and still delivers its continuous delivery platform to enable agile software development".
The Shippable platform is available as a hosted service or a dedicated host where the containers run on the customer's own machines but are managed in the cloud. A complete on-premise solution is currently in private beta.
You can find out more or sign up for a trial on the Shippable website.
Image Credit: Stokkete / Shutterstock
A warning has gone out to customers of Salesforce.com that the Dyreza trojan, previously targeted at banking sites, may be a risk to users of the CRM solution.
The malware uses social engineering techniques to get the victim to infect the system via email. Once installed it uses "browser hooking" to allow Dyreza to intercept content entered by the user into the web browser before that content is transmitted over the network to a web site. Critically this allows the interception to occur before the data is encrypted.
By siphoning off traffic in this way the attacker can access the victim's credentials including username, password and any additional two-factor authentication token values. The attacker can then use this information to impersonate a user and fraudulently access their account for Salesforce or any other SaaS services targeted by Dyreza.
Zulfikar Ramzan, the CTO of cloud security specialist Elastica, says in a blog post, "So far, none of Elastica's customers appears to have been impacted by this threat, but we are monitoring the situation closely. Elastica’s Detect, Protect, and Investigate applications all can provide protection capabilities against Dyreza and similar malware".
Salesforce itself offers additional means of protection such as IP address restrictions to ensure that access comes from within the corporate network or VPN. It also offers SAML (Security Assertion Markup Language) authentication to further secure access.
Because the trojan siphons off information before it reaches the legitimate servers, it's able to intercept two-factor authentication token values so the attackers can exploit them in real time. Customers therefore need to be alert to potential compromises.
Razman concludes, "As organizations house increasing volumes of sensitive data on SaaS applications like Salesforce, it is a certainty that attackers will find increasingly clever ways of going after this information. It is therefore important for customers to put multiple protection mechanisms in place and to have deeper visibility into how their SaaS applications are being accessed and used".
Image Credit: Sadik Gulec / Shutterstock
In the run up to Apple's latest eagerly anticipated launch event, mobile benchmarking specialist Crittercism has released an Apple edition of its Mobile Experience Benchmark Report.
Focussing on statistics gathered from over a billion users across more than 120 countries it looks at key performance metrics including crash rates across iOS versions and devices along with latency by carrier and Wi-Fi.
Highlights include the finding that 46 percent of iOS apps have a crash rate of over one percent and 30 percent a rate of more than 2 percent. For comparison, on the web the norm for crash rates is 0.1 percent.
Looking at crashes by operating system, iOS 7 and 7.1 have the highest crash rate at 2.1 percent. Broken down by hardware the iPhone 5s crashes least (1.9 percent) whilst the iPad Mini crashes most (2.4 percent).
Apps on iPhones generally seem to be more stable than on iPads, but game apps are the most likely to crash. Photo and video apps are the next most crash prone with health and fitness and business apps being least likely.
If you want the most responsive carriers you need to be in Japan, the USA rates only 5th but there are regional differences which we'll come to shortly. China is slowest for carrier response. Those who prefer Wi-Fi should move to France which has the fastest iOS Wi-Fi responsiveness of any G20 country with India being the slowest.
In the US you’ll find the fastest iOS carrier responsiveness in Raleigh and the slowest in Kansas City. For Wi-Fi Virginia Beach is the best place to take your iOS device while Cleveland is the worst. Overall across the US it's T-Mobile that’s the fastest carrier for mobile users with AT&T and Verizon tied for second place.
The full report is available from the Crittercism website. Ahead of the general availability of iOS 8 Crittercism has also released a performance tracker which will monitor how the new OS performs through the launch and beyond.
Image Credit: logolord / Shutterstock
A new malicious advertising network is affecting sites including Amazon, Yahoo and YouTube. Dubbed "Kyle and Stan" by the Cisco Talos Security Research group that uncovered it, the malware is able to mutate to attack both Windows and Mac systems.
Online advertising has relatively few major distribution networks, by getting ads onto one of these an attacker has the potential to get malicious content in front of large numbers of users.
Talos Security Research has found a major network doing just this. Because of the naming scheme of hundreds of its sub-domains such as "stan.mxp2099.com" and "kyle.mxp2038.com", Talos has named the malvertising group "Kyle and Stan".
There's no drive-by download, the malware relies on social engineering to get the user to click on an ad. Once they do though the software redirects depending on the type of system you're using, allowing it to infect both Windows and Mac systems.
Clicking on the ad downloads a legitimate application like a media player but one which is bundled with adware and browser hijackers.
The network was first detected in early May and has shown spikes of activity in June and July. The research finds that the attack is using more than 700 domains, allowing the attackers to use a domain for a very short time, burn it and move on to use another one for future attacks. This helps them avoid reputation based and blacklist-type security solutions.
The malware dropper also employs unique checksums and encryption to try to avoid detection. The researchers conclude, "All in all we are facing a very robust and well-engineered malware delivery network that won’t be taken down until the minds behind this are identified".
You can read more and find a full list of the sites known to have been targeted on Cisco's blog.
Image Credit: Sam72 / Shutterstock
We trust financial services organizations with some of our most precious data, but are these companies doing enough to protect the information?
According to a new survey by Kaspersky Lab and market research company B2B International, 93 percent of financial services organizations have experienced some form of cyberthreat in the past 12 months.
Yet despite the increase in attacks nearly one in three still don't provide protection of users' endpoints or implement specialized protection inside their own infrastructure. This lack of protection is causing a loss of faith with only 53 percent of businesses feeling that financial organizations are doing enough to protect their information.
It also finds that 82 percent of businesses would consider leaving a financial institution that suffered a data breach and that 74 percent choose a financial organization according to its security reputation. This is echoed in a separate consumer survey which shows that 60 percent of people prefer to use companies offering extra security measures to protect their data.
Of the financial services organizations themselves, 27 percent are willing to suffer the losses incurred by cybercrime because they believe the cost of prevention will be higher. This seems to be a flawed view given that 52 percent have a policy of fully reimbursing losses caused by cybercrime without investigation, and that the true cost of loss may amount to hundreds of thousands of dollars depending on the size of the organization.
Kaspersky uncovered some cause for hope though as 47 percent of financial businesses think the loss of credibility and damage to reputation that would occur as a result of a data breach is the worst consequence to the company.
Ross Hogan, Global Head of Fraud Prevention Division at Kaspersky Lab says, "While it is encouraging that financial services organizations recognize the damage to their reputation that can result from a cyberattack, it is concerning that many firms have not taken the necessary steps to implement proper security. We are seeing more and more cyberattacks targeting financial organizations and while many will take action to reimburse the financial losses as a result of cybercrime, the damage done to a financial organization's reputation isn’t as easy to repair. Based on these survey results, we expect to see more financial services organizations take the necessary steps to not only protect customer data and financial information, but to take the steps needed to ensure their important reputation remains intact".
The full results of the survey are available as a PDF from the Kaspersky site.
Image Credit: Rob Hyrons / Shutterstock
Business collaboration is most often organized by email, but it isn't always the most efficient way of ensuring things get done and it can be time consuming to deal with.
A recent survey by the McKinsey Institute shows that an average American spends 28 percent -- around 9 hours -- of their work week just dealing with emails. You can see how this time breaks down in infographic form below.
New team messaging platform Hooli aims to free workers from the tyranny of dealing with email by using simple, actionable commands that can be updated and received by all team members in real time.
Messages are sent instantly to all members of a group via a single live document and changes are color-coded so they're easy to spot. It offers a lean interface that's tailored to help online discussions run smoothly and make following up on actions easy.
Unlike chat collaboration tools like Slack and HipChat, Hooli can create actionable tasks from discussions and keep the whole team updated. It also allows progress updates to be made with a single click, so no need to write a long, detailed reply. Messages can be synced across desktop and mobile devices too.
You can try out Hooli free for up to three users and 100 meetings. Visit the company's website to find out more.
Photo credit: Alessandro Colle/Shutterstock
As summer draws to a close and people start to go back to school or back to work technology manufacturers like to tempt them with new and shiny kit.
Today is the turn of Dell as it launches its latest commercial PC range aimed at offering productivity, manageability and security for business users in smaller, thinner and generally nicer packages.
"Dell understands the complexity of supporting the wide variety of devices present in today’s evolving workforce environment," says Kirk Schell, vice president and general manager, commercial client solutions at Dell. "Our new portfolio enables businesses of all sizes to embrace sleek and innovative form factors their workforce will be proud to use day after day to accomplish their productivity goals. While they look like thin and light consumer devices, these commercial PCs are backed by the industry's best security and manageability that only Dell provides".
First up are new additions to the Latitude range including the Latitude 13 7000 series which claims to be the world's most secure 2-in-1, combining a lightweight business ultrabook and a detachable tablet in one powerful device. It will be available from mid-October starting at $1,199.
The Latitude 12 5000 offers a secure business laptop featuring a new design that's 20 percent thinner than the previous model. It offers all day battery life from a 4-cell battery, enhanced materials for durability and enterprise-class support and services. The range starts at $769 and will be available from September 25th.
New Latitude 14 and 15 3000 models for the Asian market are a more affordable package for smaller businesses. Again these are thinner and lighter than previous models with spill-resistant keyboards, all day battery life and up to a terrabyte of storage with prices starting at $640.
There's a new addition to the company's rugged range too with the Latitude 14 which has an outdoor-readable display and uses QuadraCool technology for performance at high temperatures. It also features a backlit keyboard so it can be used in a wide range of environments.
Dell hasn’t forgotten desktops and it's been busy making them smaller too. New Optiplex 9020 and 3020 Micro PCs have a chassis that's 67 percent smaller than Dell's previous desktops and offer a choice of mounting options. The OptiPlex 9020 Micro is aimed at environments where space is limited and security is a priority, while the OptiPlex 3020 Micro provides essential business class performance in a compact unit. The OptiPlex Micro range starts at $499.
In addition there's a new Chromebox for meetings, designed to offer an easy-to-use platform for managing video conferences. Costing $999 it comes equipped with an HD webcam, speaker phone and RF remote control, it's only available in the US initially though. Dell is also launching a standard Chromebox to provide a small, quiet desktop for smaller businesses. This will be available from September 26th starting from $179.
Rounding off the announcements are some new monitors including an outsize 55-inch model intended for meeting rooms and a 27-inch Ultra HD 5K model. The Dell 55 Monitor is available now at $1,049, the UltraSharp 27 will be along in the fourth quarter priced at $2,500.
More information on all of these devices will be available on the Dell website as they're released.
Security exploits aren't always aimed at computers or mobile devices. Often they target the infrastructure devices like ATMs and point of sale terminals that we take for granted in our everyday lives.
In order to protect against these threats, enterprise security specialist Trustwave has announced that it's enhancing its capabilities with the opening of an ethical hacking lab at the company’s Chicago HQ.
The lab's aim is to uncover weaknesses in devices like ATMs, point of sale keypads and security cameras that are regularly used by businesses but which may have hidden security flaws. By uncovering these problems ethical hacking can help companies take action before it's too late.
It can carry out assessments to determine if an existing device has been compromised as well as carrying out penetration testing for businesses to uncover potential problems in devices before they’re put to use.
The lab is also being used to carry out studies following security breaches to identify how the criminals broke in and which details have been compromised. It's currently working on a credit card skimmer planted at gas pumps to steal payment information.
If you've ever wondered what ethical hacking looks like, Trustwave has created a video to give you an insight. To be honest it looks pretty much like we expected it to, right down to the hairstyles.
Photo Credit: ra2studio / Shutterstock
With mobile malware showing a 68 percent increase over the first half of last year it seems that, as with the PC malware field, profit is the main driving force behind it.
New data released by security specialist NQ Mobile shows that infections were detected in 37.5 million Android devices in NQ Mobile's database of 136 million active user accounts worldwide, an increase of 78.6 percent over last year.
Some 62 percent of this malware falls into categories that aim to generate financial gain for the people behind it. Often this is through premium rate scams or data overcharges. NQ Mobile has also uncovered a new strain of encryption malware for Android.
Called 'Simpelocker,' the Trojan is packaged with genuine Android apps and infects the devices of unsuspecting users downloading the APK file from apps in third-party markets. Once installed, the app requests permissions to perform a variety of actions like writing to external storage devices. The Trojan can also scan the SD card for specific file types like photos and documents and attempt to encrypt them.
Privacy is another issue with 11 percent of mobile threats coming from a genuine or malicious app with the ability to gather and leak personal information without the device user’s knowledge or consent. This information can then be shared or sold on the dark web to cybercriminals who will attempt to use social engineering tactics to gain access to the consumer’s finances. Apps like 'Fake Play' which poses as the Google Play store can be used to intercept user data in the background.
Server side botnets remain a major concern too thanks to their ability to control infected devices and download more malicious material from a remote host.
You can read more on NQ Mobile's blog and there's a summary of the company's findings in infographic form below.
Image Credit: Paul Michael Hughes/Shutterstock
A few weeks back we reported on the launch of a free tool to help out CryptoLocker victims allowing them to retrieve locked files.
One of the companies behind the DecryptCryptoLocker tool, Fox-IT, has released some details of how well it's working. It has so far dealt with 2,900 requests for decryption keys and dozens more are being received on a daily basis.
Decryption requests have come in from around the world with most being from the US with 1,933 and the UK with 546. The most common file type being decrypted is PDF closely followed by .doc files.
Fox-IT's blog notes that new players are still trying to fill the vacuum left by the demise of P2P Zeus. "Parts of the inject code have reappeared in other botnets, we are tracking new malware variants being developed which appear to re-use or build upon parts of P2P Zeus and there is an upsurge activity from Gozi, Bugat and other existing malware variants. This means some of the high profile customers of P2P Zeus are looking for a new custom piece of malware while others customers simply joined other existing operations like Gozi".
It also points out that CryptoLocker made significant income for its operators which has led to a renewed interest in ransomware.
The DecryptCryptoLocker tool is still available for victims who need to unlock their files.
Photo Credit: BL/Shutterstock
The business of marketing has always been about understanding the customer, and the modern information-driven world means there's more potential to know what customers are up to than ever.
The trouble is that many businesses fail to properly exploit this due to lack of visibility into how their marketing efforts work. Cloud-based file distribution specialist Content Raven aims to change this with its new Marketing Raven tool.
Marketing Raven adds tracking and analytics to all common file types so users can determine how recipients have engaged with a document, how many times they viewed it, on what device, and more. This allows it to provide valuable insight to further customize and improve campaigns. In addition, Marketing Raven sends real-time alerts to sales and business development staff when a prospect is interacting with piece of content, enabling them to time contacts when the lead is most engaged and follow up with appropriate information.
It can also track when a piece of content is shared or forwarded, giving new insight into the customer’s decision making and opening up potential new leads.
"We are excited to launch Marketing Raven as a way to help marketers and salespeople better analyze and enhance their marketing campaigns and sales cycles," says Ronald Matros, CEO of Content Raven. "Data-driven marketing is quickly becoming the norm in the marketing industry and this new product allows us to tackle the biggest issues faced by enterprises today as they look to improve their sales cycle and gain insight into how their customers and prospects are consuming their content".
You can find out more on the Content Raven website, where you can also download a Five Blind Spots in Your Digital Marketing Strategy ebook and view a video demonstration of what the product can do.
Image Credit: donskarpo / Shutterstock
The results of a new survey from Kaspersky Lab show that the rate of mobile device theft is increasing but over the same period the time taken for IT departments to respond has increased.
Part of this is down to employees taking longer to report mobile loss or theft. Only half report the theft of a mobile device within a day with 38 percent taking up to two days and nine percent waiting between three and five days.
In 2014 25 percent of companies have experienced the theft of a mobile device, compared to only 14 percent in 2011. Most concerning though is that 19 percent of those surveyed say that mobile device theft has resulted in the loss of business data.
The survey of over 3,900 IT security professionals also finds that 52 percent are more concerned about mobile risks than in previous years, 43 percent believe that mobile working patterns pose too much risk, and 42 percent belive that BYOD policies pose increased risk to the business.
"The survey results clearly indicate that IT managers are dealing with multiple security challenges associated with a mobile workforce, and as the use of mobile devices in the workplace continues to grow, employees appear to be less engaged in helping secure mobile platforms," says Mark Bermingham, Kaspersky Lab's Director of Global B2B Product Marketing.
All of this highlights the need for businesses to have a mobile device management policy. Kaspersky also suggests that having an MDM policy managed through the same console as the company’s other endpoint security software can enable IT managers to enforce policies customized to each individual employee, including 'containerization' to keep business information on mobile devices encrypted and separated from personal data on employee-owned devices.
These results are part of Kaspersky's 2014 IT Security Risks Survey which is available on the company’s website where you can also find details of Kaspersky Security for Mobile.
Photo credit: cunaplus / Shutterstock
Fake mobile phone 'towers' dotted across the US could be listening in on unsuspecting smartphone users according to recent reports. And -- tin foil hats on, everyone -- nobody knows who's behind them.
Security company ESD America discovered 17 of the fakes called 'interceptors' whilst testing its secure Android phone. The towers can attack devices via the baseband chips that allow them to communicate with their networks and can, says ESD, eavesdrop or even install spyware.
These fakes use known technology and have existed in China for several years according to 360 Safe which has uncovered fakes masquerading as carriers, banks and other organizations to send SMS messages.
ESD America CEO Les Goldsmith told Popular Science magazine, "Interceptor use in the US is much higher than people had anticipated," Goldsmith says. "One of our customers took a road trip from Florida to North Carolina and he found 8 different interceptors on that trip".
The technology used targets the 'baseband' of the phone which sits in between the cellular network and the phone's OS. Baseband attacks are difficult to carry out as the technical details of the chips are closely guarded and the equipment needed is relatively expensive -- around $100,000.
"What we find suspicious is that a lot of these interceptors are right on top of US military bases." Says Goldsmith. "Whose interceptor is it? Who are they, that's listening to calls around military bases? Is it just the US military, or are they foreign governments doing it? The point is: we don't really know whose they are".
Documents leaked by Edward Snowden have revealed that the NSA has the ability to carry out baseband attacks to, for example, remotely activate a device's microphone. A similar type of attack is used by the 'stingray' devices employed by law enforcement agencies.
So, should you be worried that your weird neighbor is building a 50ft mast in his backyard? Maybe, although it's likely that these fake towers aren't permanent physical installations but something more mobile.
At the moment no one knows who's behind the fakes and the cost of something like a GSMK Cryptophone needed to detect them is thought to be around $3,500 dollars.
It's perhaps best just to assume, as many of us have been doing for years, that nothing you do on a mobile device is ever completely secure. In the meantime your conspiracy theories about who might be behind these fake towers are welcome below.
Image Credit: mikeledray / Shutterstock
Most of us prefer to stay with familiar consumer file syncing and sharing tools at work rather than use the alternatives provided by the IT department.
This is the finding of new research by global analyst company Ovum. The survey of 5,187 full-time employees shows that 89 percent are using consumer products and only nine percent are happy with the commercial tools on offer from their companies.
Of those that have adopted the technology 29 percent are using three or more different products in order to get their work done. However, 44 percent still aren't using file sharing products at all, relying on email or flash drives to move data around.
Richard Edwards, principal analyst at Ovum, says, "These figures paint an anarchic picture of file sharing and document-centric collaboration within the workplace, and support Ovum's thesis that while there may be an enterprise file sync and share solution to address almost every business need, there is no product that meets them all".
Ovum’s report, Selecting an Enterprise File Sync and Share Product, looks at 19 different offerings from vendors of all sizes, including Box, Citrix, Dropbox, Egnyte, EMC, Google, IBM, Microsoft, Salesforce.com, and WatchDox.
"No commercial product is dominating the workplace," says Edwards. "The wide-scale use of Dropbox among knowledge workers highlights the power and impact of IT consumerization, while the pervasiveness of Google Drive and Apple iCloud demonstrates the effects that mobile devices are having on the enterprise. And of course Microsoft is omnipresent in this market too".
The number of products competing for this market indicates the importance which vendors attach to it and the fact that each offers a slightly different approach. Edwards concludes, "As always, the challenge for CIOs and IT managers is to identify the solution that best meets the organization's current and future requirements, with regard to a broad set of employee roles and business use cases. Herein lies the problem, as no single product on the market today offers everything that a large enterprise is likely to need".
Image Credit: megainarmy / Shutterstock
Phishing attacks attempting to steal user credentials have become a common occurrence in recent years and made people wary of trusting anything they receive in email.
Fraud protection specialist Easy Solutions is aiming to help restore that trust by adopting the DMARC (Domain-based Message Authentication, Reporting & Conformance) specification to allow its customers to improve productivity and speed detection of phishing sites.
A DMARC industry group was formed in 2012 by a number of technology, financial service, media and retail companies. Its aim is to fight email fraud, helping email senders and receivers work together to better secure emails and protect users and businesses from abuse.
Using the DMARC technical specification email senders can authenticate legitimate messages and exchange information with email receivers about how to handle unauthenticated traffic by monitoring, quarantine or deletion.
The technology has been implemented by major email providers including Google and Microsoft, as well as large financial institutions and retailers, such as Amazon, Apple, Bank of America, eBay, Facebook, FedEx and more.
"Fraudulent email and orchestrated attacks have eroded trust in email as a communications medium to such an extent that it is nearly impossible for major financial institutions, retailers and marketers to authentically communicate with their customers," says Daniel Ingevaldson, CTO of Easy Solutions. "DMARC shows great promise, not only for securing email channels and reducing the amount of fraudulent or spoofed email but also for improving threat intelligence around targeted attacks. DMARC gives banks, retailers and other institutions the power to effectively project their own policy to the world on how fraudulent email is handled. We are pleased to offer our customers the ability to leverage this emerging standard to improve the health of email communication, reducing the asymmetry they face in this battle against fraudsters".
You can find out more about Easy Solution's fraud protection platform and how it can help businesses stay safe across a variety of channels and platforms on the company's website.
Photo Credit: Ivelin Radkov/Shutterstock
As the market for storing and sharing files in the cloud has grown, Box has become one of the most popular solutions. As a result lots of other add-on products have grown up around it offering added security, compliance and more.
The latest to join the Box ecosystem is backup specialist eFolder with its Cloudfinder product, a multi-platform cloud-to-cloud backup service.
Cloudfinder for Box provides an encrypted, tamper-proof SafeHaven and second-site location for Box and other critical SaaS data. It also reduces the administrative burden thanks to self-service point-in-time restores, cross-service instant full-text search and automated enforcement of corporate data governance policies.
"Businesses have adopted SaaS applications en masse," says Kevin Hoffman, CEO of eFolder. "Now, companies, small and large, are looking for ways to avoid data sprawl and ensure data retention across a host of SaaS business applications. Today, Cloudfinder spans across many of the most popular enterprise-grade applications to provide an additional layer of protection, archiving and discovery. Our integration with Box and other leading SaaS applications, position Cloudfinder as the central repository for the modern, cloud-based business."
Cloudfinder offers unified cloud-to-cloud backup and instant full-text search of Office 365, Google Apps and Salesforce, and now adds Box to its capabilities. From a single user interface, businesses can backup, search, restore and get a data overview across all of the SaaS services that are supported by Cloudfinder.
"The value of business data is priceless," says Marcus Nyman, founder of Cloudfinder and eFolder president. "It is a universally accepted best practice to have a second-location backup of all on-premises corporate data regardless of the robustness and reliability of the underlying storage. For data living in SaaS applications, it is no different."
Cloudfinder for Box is available from today and is free with unlimited storage for all businesses until January 1 2015. Go to www.cloudfinder.com/boxfree to find out more and register for the free trial.
Image Credit: alexmillos / Shutterstock
The ConnectWise system management platform is popular with managed services providers, with more than half of MSPs worldwide using it to enhance efficiency and control for their clients.
Now cloud backup company Zetta.net has announced that it's integrated its enterprise-grade cloud backup and disaster recovery platform with ConnectWise to allow MSPs to offer an extra layer of service.
This integration will give IT service providers a complete view of their customers' data usage, alerts, billing and other activities from within the ConnectWise platform, streamlining their management and administrative tasks. This will allow service providers to concentrate on the efficient running of their business and focus on better servicing their customers.
"We're excited Zetta.net's MSP strategy includes integration to ConnectWise," says Jeannine Edwards, Director, ConnectWise Platform at ConnectWise. "Their SaaS-based approach to protecting mutual partners' backup and recovery needs will make for a great addition to the ConnectWise Platform community."
Zetta.net uses an appliance-free approach to database and server image backups for both physical and virtual environments. Along with built-in WAN acceleration means it can deliver faster backup and recovery speeds with data transfer rates of up to 5TB in 24 hours.
Because there's no need for additional hardware on customer sites, backup solutions can be up and running quickly and be remotely managed from anywhere.
"We continue to drive simplicity and efficiency into our solution to help MSPs build a more profitable backup service", says Art Ledbetter, Director of Channels at Zetta.net. "The integration with ConnectWise enables MSPs to eliminate manual business processes and enhance visibility into their clients' backup activities to effectively manage their business".
Although it's currently aimed at service providers the solution could also appeal to large enterprises looking to streamline their backup strategy. You can find out more about Zetta.net's cloud backup solutions on the company's website.
Photo Credit: Andreas Weitzmann/Shutterstock
The leaking of celebrity photos which may have come from iCloud is just the latest in a series of high profile security and privacy breaches that are leading many people to question how safe their data is online.
For those who have decided enough is enough, secure transaction specialist Imprima has produced an infographic guide to "unfriending the internet" which covers how to take your personal profiles off the main social networking sites.
It explains how to remove yourself from Facebook, Twitter, Google+ and LinkedIn, as well as explaining the right to be forgotten on Google. It also covers useful stuff like the difference between simply deactivating your Facebook account and deleting it altogether.
If you want to cut yourself off from the world of social networking you'll find the full infographic below.
Image Credit: jurgenfr / Shutterstock
Despite continuing reports of its death, the desktop computer still has a place in the world, particularly amongst power users and gamers. It's these people that Intel has squarely in its sights with the new Core i7-5960X processor Extreme Edition.
Intel’s first 8-core desktop CPU features 16 computing threads which, along with support for the latest DDR4 memory, will enable some of the fastest desktop systems yet seen. Combine this with the new enhanced Intel X99 Chipset and you also have robust overclocking capabilities which will allow enthusiasts to tune their systems to extract maximum performance.
"We're thrilled to unveil the next phase in our 'reinvention of the desktop' we outlined earlier this year", says Lisa Graff, vice president and general manager of Intel's Desktop Client Platform Group. "This product family is aimed squarely at those enthusiasts who push their systems further than anyone, and we're offering the speed, cores, overclocking and platform capabilities they have asked us for".
Launched at the Penny Arcade Expo in Seattle, Intel used the event to demonstrate the new processor's ability with various gaming titles. It has been working with a number of OEMs, memory and motherboard makers and graphics partners to unlock maximum potential from the product.
Companies involved in the gaming industry are particularly excited by the new processor. Alienware's general manager, Frank Azor says, "It was an easy decision to work with Intel to bring its new eight-core extreme processor to our new flagship gaming desktop, the Alienware Area-51. Using new overclocking and monitoring features in Alienware Command Center 4.0, we've been able to really push the processors to the fullest extent and are seeing impressive overclocking headroom. This new Intel processor lineup is the perfect choice for gamers who demand the absolute best performance from their systems".
For those with slightly less need for speed, Intel has also announced a range of 6-core, unlocked enthusiast CPUs. All the new processors will be available from this week with prices ranging from $389 to $999. You can find out more about the line up on the Intel website.
More than 1.25 billion smartphones will be shipped worldwide in 2014, up 23.8 percent over last year, despite a slowing of growth in more mature markets, according to the latest data from IDC's Quarterly Mobile Phone Tracker.
Growth in mature markets has slowed to 4.9 percent but emerging markets are surging ahead with 32.4 percent growth. Since these emerging markets have accounted for more than half of smartphone shipments since 2011 this is perhaps not too surprising.
"The smartphone market, which has experienced runaway growth over the last several years, is starting to slow. Mature markets have slowed considerably but still deliver strong revenues with average selling prices (ASPs) over US$400. Meanwhile, many emerging markets are still barreling along, but with ASPs of less than US$250", says Ramon Llamas, Research Manager with IDC's Mobile Phone team. "The key for vendors now is to maintain a presence in the higher-margin mature markets, while establishing a sustainable presence within the fast-growing emerging markets. To enable this strategy, operating system companies are partnering with OEMs to provide low-cost handsets".
Looking ahead to the end of the year, IDC expects emerging markets to account for 73.5 percent of all smartphone volume shipped. This is being driven by Android devices which are expected to take up 88 percent of the volume. Further ahead, emerging market smartphone volume is expected to reach 1.4 million units by 2018, accounting for 79.5 percent of worldwide volume.
"The support that Google's Android platform has received from over 150 handset manufacturers has allowed it to gain the share it has in emerging markets", says Ryan Reith, Program Director with IDC's Worldwide Quarterly Mobile Phone Tracker. "The lack of constraints around hardware and software specifications has helped bring to market many low-cost products, a lot of which could be considered borderline junk. With Google's recent announcement of Android One, they hope to change this by laying out a set of standards for manufacturers to follow".
Aside from growth in volume shipments, IDC sees a move towards larger screen mobiles, or phablets, which it expects to grow from 14 percent of the market this year to 32.2 percent in 2018. Apple's expected entry into this field should give it the ability to drive replacement cycles in mature markets.
More information about the IDC Worldwide Quarterly Mobile Phone Tracker is available on the company's website.
Photo Credit: 3Dstock / Shutterstock
More than a quarter of British parents say they'll be buying new gadgets for their kids ahead of the autumn return to school, with an average spend of £329 per family making a massive nationwide total of £659 million.
This is among the findings of a new survey by comparison and switching site uSwitch.com which finds that the average school bag now contains around £130 worth of tech.
Ernest Doku, telecoms expert at uSwitch.com, says, "Kids today are learning to use gadgets even before they can walk, and parents are investing heavily in the latest tech for school too -- the new term has sparked a flurry of gadget purchases".
49 percent of children take at least one gadget to school. More worryingly, however, nine percent have had gadgets stolen at school and 14 percent have been bullied because of their gadgets -- usually because they're the "wrong" brand.
Technology is changing the pattern of study too. A third of homework is now typed rather than hand written and a quarter submit their work via email or via an online system set up by their schools. The majority (38 percent) use laptops to do school work, but tablets (24 percent) are now more common than desktops (20 percent).
The results show that parents are concerned about the move to technology. Whilst 82 percent recognize that it's an essential part of their children's lives, 43 percent are concerned that they lack the technical ability to help with homework.
Parents are also troubled about the effect of technology on their children's abilities. 66 percent worry about over reliance on spell check and 61 percent about the effect using computers has on their handwriting.
Kids are getting their gadgets at an earlier age too. The average age for getting a mobile phone is 9 years 10 months, whilst tablets come even earlier, British kids receiving their first one at 8 years 7 months.
Although 63 percent of parents say they restrict the time their children spend using gadgets, 70 percent admit to employing technology to keep children quiet. The average age at which parents start to distract their kids with smartphones or tablets is 5 years 8 months.
Doku concludes, "Although gadgets are great educational tools, it's important to monitor your child's usage to ensure they are safe online -- as well as actually doing their homework".
Image Credit: Pressmaster / Shutterstock
Big data analysis can open up valuable insights that are locked up in databases, but releasing that information without access to a team of data scientists isn't easy.
Analytics company Prelert is aiming to make big data accessible and valuable for all businesses with its anomaly detection engine, built using unsupervised machine learning technology. No human intervention is required to set parameters or tell it what to look for, once it's pointed in the right direction it will go to work on massive volumes of streaming data.
The latest stage of its development is today's release of a connector to allow deployment of the technology on Elasticsearch stacks. Offering an Elasticsearch connector, opens up the use of machine learning technology, providing tools that make it easier to identify threats and opportunities hidden within massive data sets.
"Prelert is dedicated to making it easier for users to analyze their data and drive real, actionable value from it", says Mark Jaffe, CEO of Prelert. "The amounts of data that companies and organizations have these days are simply massive -- too massive for humans to process and analyze. The release of our Elasticsearch Connector is the latest step toward making the analysis of large data sets possible, repeatable and valuable without a team of data scientists".
The Anomaly Detective can process large volumes of streaming data, automatically learn normal behavior patterns represented by that data and identify and cross-correlate any anomalies. Add in the ability to processes millions of data points in real-time and it can identify performance, security and operational anomalies so they can be acted on before they have an impact on the business.
The Elasticsearch Connector is written in Python and is available now via GitHub. Additional connectors for other big data technologies are set to be released in the coming months. Meantime you can find more about anomaly detection on Prelert's website.
Photo Credit: T.L. Furrer / Shutterstock
If you're an Android user you may already have been tempted to don your tin hat and descend to your bunker following today's earlier story about app hacking. Prepare to settle in for a long seige then as new research reveals that many of the most popular Android apps have SSL vulnerabilities that leave them open to man in the middle (MITM) attacks aimed at stealing personal information.
According to threat protection specialist FireEye a significant proportion of apps allow an attacker to intercept data exchanged between the Android device and a remote server.
A MITM attacker may simply "listen in" to data as it's transmitted, replace or modify it to inject malicious content into an app, or redirect traffic to a new application.
FireEye has looked at the 1,000 most downloaded apps in the Play store and found that around 68 percent have one of three major SSL vulnerabilities leaving them open to MITM attacks.
Of 614 apps that used SSL/TLS to communicate with a remote server, 73 percent didn't check certificates. Eight percent failed to verify the hostnames of servers making redirection possible, and of 285 apps using WebKit, 77 percent ignored SSL errors which could allow the exploit of Javascript vulnerabilities.
The company suggests that users can help protect themselves, "...by not accessing websites that require user login credentials when using public wi-fi networks. This in itself, with general vigilance in opening emails from unknown sources, will go a long way in protecting sensitive information from MITM attacks".
You can read more details of the research, which includes case studies of individual apps, on the FireEye blog. You might also want to sign up to beta test the latest Sophos security solution for Android.
Image Credit: Palto / Shutterstock
Worldwide spending on information security is set to top $71.1 billion this year, up almost 8 percent over 2013, according to forecasts by Gartner. It's also forecast to grow by a similar percentage next year to reach $76.9 billion.
Gartner says increased use of mobile, cloud and social services will drive new security technology through 2016. There's been a democratization of security threats too, driven by the easy availability of malware and infrastructure, via the underground economy, that can be used to launch targeted attacks.
"This Nexus of Forces is impacting security in terms of new vulnerabilities," says Gartner research director Lawrence Pingree. "It is also creating new opportunities to improve effectiveness, particularly as a result of better understanding security threats by using contextual information and other security intelligence".
Among Gartner's forecasts are that by 2015 around 10 percent of IT security for enterprises will be delivered via the cloud. This is higher for small and medium businesses which are expected to have around 30 percent of their security controls cloud based by 2015.
Increased regulatory pressure is also expected to drive spending with new data privacy and compliance legislation being introduced in several countries. By 2018, more than half of organizations are predicted to be using security services firms that specialize in data protection, security risk and infrastructure management to enhance their security positions. In addition Gartner predicts a rise in the number of infrastructure protection products bought in package form to 30 percent by 2015.
Finally it sees mobile security becoming a higher priority for consumers who at the moment don’t recognize that antivirus is important on mobile devices. Protection is expected to become a higher priority from 2017 onward, when new market opportunities for security providers are likely to emerge.
Security trends will be discussed further at Gartner Security and Risk Management Summits in Australia, London and Dubai in coming weeks.
Photo Credit: Sergey Nivens/Shutterstock
Researchers from the University of California Riverside's Bourns College of Engineering have identified a weakness in Android which allows personal data to be obtained from apps.
Tested against seven popular apps the method was between 82 and 92 percent successful on six of them, only Amazon with a 48 percent success rate proved more difficult to crack. Most vulnerable were Gmail and H&R Block at 92 percent, followed by Newegg (86 percent), WebMD (85 percent), CHASE Bank (83 percent) and Hotels.com (83 percent).
Although demonstrated on Android the researchers believe their method will work on iOS and Windows devices too because they share a key feature exploited in the Android system.
The attack works by getting a user to download a seemingly benign app, such as one to display background wallpaper on a phone. Once the malicious app is installed, the researchers can exploit a newly discovered public side channel, the shared memory statistics of a process, which can be accessed without any privileges.
Shared memory is an operating system feature commonly used to allow apps to share data. By monitoring changes that take place in it researchers are able to correlate them to what they call an "activity transition event," which includes such things as a user logging on to Gmail.
"The assumption has always been that these apps can't interfere with each other easily," Zhiyun Qian of the Computer Science and Engineering Department at UC Riverside says. "We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user".
The attack needs careful timing in order to work. "By design, Android allows apps to be preempted or hijacked," Qian says. "But the thing is you have to do it at the right time so the user doesn’t notice. We do that and that’s what makes our attack unique".
The Amazon app proved harder to attack because it allows one activity to transition to almost any other activity, making it more difficult to guess which activity the user is currently in.
Users can protect themselves by not installing untrusted apps, but in the longer term researchers say the operating system needs to be changed to better regulate side channels.
The full research paper is due to be presented at today's USENIX Security Symposium in San Diego. It's available to read online and there are some short videos demonstrating how the attack method works.
Photo Credit: Stuart Miles/Shutterstock
There's no doubt that security breaches are becoming more common. According to the US Government Accountability Office cyber incidents increased by 782 percent between 2006 and 2012.
But how does this impact the world at large? Security management company SRC Cyber has put together an infographic looking at some of the most infamous occurrences over the last decade and how they've affected the global cyber landscape.
It points out that security breaches can happen to anyone at any time. And whilst system problems and human error account for the majority of data breaches the most common single cause at 42 percent is malicious intent.
The infographic shows how three of the most high profile recent attacks have had an effect on security spending, attack awareness and in the case of the Target breach how it's hit the company's profits.
You can view the details below or on the SRC Cyber website.
Image Credit: Sergey Nivens / Shutterstock
We all know it's important to keep our PCs safe from online threats, but the range of options available to do that -- even from just one developer -- can be bewildering.
Symantec has recognized this problem and has announced that from this fall it will streamline its nine existing security offerings into just one flagship Norton Security product.
Norton Security combines the features of existing packages and will be available with or without cloud backup. This means that legacy products like Norton Internet Security, Norton AntiVirus and Norton360 will be retired.
Writing on Symatec's Information Unleashed blog, Fran Rosch, Executive Vice President of the Norton Business Unit says, "We are making it easier to select and buy the security products you need, and download and maintain them. As cybercriminals and the attacks they launch become more sophisticated, we're strengthening our advanced threat protection technologies and improving performance across your Android, Windows, Mac and iOS devices".
The product will also be made easier to use with improvements to the interface and cloud-based management features. Rosch says, "Norton Security will feel much more like a service and less like the software you used to 'set and forget'".
As it's cloud based it will be easy to add extra devices to your account. This also means it's backed by Symantec's threat intelligence network. The company is so confident in the level of protection offered by Norton Security that it will be offering a money-back 100 percent virus-free guarantee.
If you want to try out Norton Security ahead of its release a beta version is available to download now.
As IT teams face more demands from business units for new mobile applications they'll need to adopt practices that are different from traditional development techniques.
This is according to IT research company Gartner which says that users find it challenging to effectively describe what a mobile app needs to do and therefore the approach of sitting down with a business analyst to define requirements doesn't work.
Speaking at a presentation to IT leaders in China this month, Van Baker, research vice president at Gartner said, "There are several reasons these efforts don't succeed for mobile applications, even though they've worked historically. Firstly, mobile apps are a new category for most users and secondly, mobile apps are constrained by the nature of the platform and the size of the screen, so porting the workflow of a mature desktop app is not viable. Finally, the experience associated with mobile devices is significantly different from that of desktop devices, including shorter session lengths and limited presentation, due to screen size constraints that affect how mobile apps need to function".
Most complaints about mobile apps arise from bad user experience and this can be down to bad interface design, poor workflow or lack of responsiveness. To avoid this developers need to focus on the user experience and creating a flow that reflects the way users actually work.
"Letting the users experience what the application will look like and building the screens on the fly with the appropriate tools will ensure that the initial build of the app looks familiar to the users and is close to what they'll need once the application has been piloted or deployed", says Baker.
Testing is also a challenge for mobile developers as different devices and OS versions can behave in different ways. Testing on simulators is a start but the most popular devices need to be used too in order to reproduce real-world user experience.
The process doesn't end after an app is launched either. It needs to be monitored to see if user behaviors change and this puts added pressure on development teams. This is compounded by a more frequent release cycle.
According to Gartner a typical desktop app has an 18-month development time and may be maintained for five years, but Baker says, "Mobile apps are different. They need to be frequently revised to meet end-user expectations, and this agile development process especially requires operations to be on top of infrastructure and systems to support frequent mobile app deployments and pushed updates".
The pace of change in the mobile market seems unlikely to change in the near future so developers will need to learn to adapt. You can read more on the Gartner website.
Image Credit: Rafal Olechowski / Shutterstock
Encouraging the elderly to use the internet can not only help them keep in touch with friends and family and take advantage of the best deals, it can also reduce the likelihood of dementia.
The results of an eight-year study of 6,500 50-90 year-olds reveal that those who regularly go online experience less mental decline compared to those who don't use the internet. The study shows a significant improvement in delayed recall over time for those who were frequent online users, highlighting the role played by the internet in preventing the degeneration of mental abilities in the elderly.
Dr Tom Stevens, Consultant Psychiatrist at London Bridge Hospital says, "People over the age of 65 must remember the phrase 'use it or lose it', and the internet is a good way to ensure that older people are still able to use their mental faculties".
However, there is a need to educate older people about online dangers. Ben Williams, head of operations at open source ad control project AdBlock Plus warns, "...we mustn't forget that with more older people using the internet, they must be informed about the choices they have online. With no experience of online advertising, constant blinking banners and pop-up adverts could spoil the internet for them, making them think it is a tasteless and unmanageable jungle, and put them off the whole experience".
Older users are at more risk of being drawn into online scams and are likely to suffer more from the intrusiveness of ads such as pop-ups and banners that obscure their view and make it harder for them to use the internet effectively. Education is therefore an important factor in helping the elderly make the most of the internet and stay safe online.
Williams adds, "Plus, there are online risks that specifically target older users, such as phishing scams, or promotions of miraculous and discount medication, and low-cost insurance, and it is our responsibility to ensure that older people aren't ignorant about these. Basic lessons in how to stay safe and not put yourself in danger of online scams and viruses is essential".
You can read more about the study on the Journal of Gerentology website.
Photo Credit: Lighthunter/Shutterstock
Using managed services used to mean outsourcing complex IT projects to expensive consultants. Now though thanks to technologies like the cloud they're enabling businesses to focus on their core business while increasing their efficiency, reducing costs and taking advantage of new technologies.
Infrastructure as a service specialist GoGrid has compiled some industry findings that demonstrate the market opportunities and benefits companies can gain by using managed services.
Key points include a forecast that the global managed services market is expected to reach $256 billion by 2018 and is currently the fastest growing service segment. The findings also show that using managed services can increase overall efficiency by 50-60 percent and reduce recurring in-house IT costs by 30-40 percent.
In the long term they offer added flexibility and the ability to deliver predictable, measurable business results. You can view the findings in infographic form below.
Image Credit: Peshkova / Shutterstock
Though it's one of the most popular big data tools, Hadoop is still evolving and as a result doesn't always have the sophistication of more traditional databases, which can lead to higher support and operation costs.
A new product from big data security specialist Zettaset aims to streamline Hadoop deployment for the enterprise with software automation that eliminates many of the manual configuration processes.
Fast-PATH automates multiple Hadoop functions, including provisioning, installation, configuration, and testing of the software. As a result, cluster deployment can be achieved more rapidly, with much less IT intervention and associated cost.
"Hadoop and other Big Data technologies are complex and challenging to set up, sometimes generating large costs for support and maintenance. This is not a scalable model for customers who want to efficiently move Hadoop into production networks," says Jim Vogt CEO of Zettaset. "Fast-PATH provides Hadoop users with a powerful solution that accelerates time to deployment and simplifies ongoing management, without putting an unnecessary drain on limited IT resources. We believe this innovation will spur wider adoption of Hadoop and Big Data technology in medium-sized enterprises, as well as in IT organizations that are more highly resourced".
In benchmark tests the product is able to provision, install, configure and test 10 nodes in 45 minutes or 50 nodes in 140 minutes. This includes the installation of the Hadoop distribution, plus Kerberos, HBase, Hive, Encryption, Key Management, and patented High-Availability framework on all nodes.
Additional features of the Zettaset Orchestrator management platform include high availability with automated failover, strong security including data encryption, access control and policy enforcement, and activity monitoring for audit and compliance.
You can find out more about Orchestrator and Fast-PATH on the Zettaset website.
In ever more competitive global markets the success or failure of a business can rest on insights and solutions that allow it to operate more efficiently than its competitors.
If this information falls into the hands of a competitor advantage is lost. Yet the results of a new study by Kaspersky Lab show that one in five manufacturing businesses has suffered a loss of intellectual property in the last 12 months.
The main cause of this is malware, accounting for 23 percent of losses, but other factors including software vulnerabilities, theft of mobile devices and network intrusion were also given as the source of IP leaks.
Manufacturing industry understands the importance of this data. The survey finds that manufacturers ranked "Internal Operational Information" and "Intellectual Property" as the two types of non-financial data they fear losing the most. For businesses as a whole it’s customer and client information followed by financial details that have the highest fear of loss. But interestingly, manufacturers ranked the fear of losing customer and client information the lowest out of all business segments, possibly because manufacturing facilities are less likely to store this data in the first place.
This doesn't mean that financial services and ecommerce companies are immune to cybercrime. 48 percent of ecommerce businesses and 41 percent of financial organizations have reported losing some data to cybercrime in the past year. What's interesting is the pragmatic attitude they adopt to this, 52 percent of financial services businesses say they have a policy of reimbursing customers for cybercrime losses without investigation.
In addition 27 percent of businesses are willing to meet the costs of losses because they believe they'll be outweighed by the cost of protection. This is despite the fact that 82 percent of businesses say they'd stop dealing with a financial organization which suffered a breach.
You can read the full report into online fraud protection which also looks at what protection measures are being deployed, on the Kaspersky website.
Image Credit: Maksim Kabakou / Shutterstock
Work collaboration and project management specialist Clarizen's cloud based platform launched in its latest version, Clarizen v6, last year. Today it's announcing a number of enhancements many of which have been requested by customers.
Changes include new reporting, resource visualization, communication and usability enhancements. Charting changes include the introduction of bubble and scatter charts that can be shared inside and outside the organization. Bubble chart enables a "fourth dimension" with the x and y axis determining the plot location, point color, and the size of each plot point.
Action items can be created instantly from discussion posts using a hotkey. Resource Load view improvements allow users to more easily see the distribution of work among team members and redistribute tasks as required.
Personalized communication management allows users to receive daily digests of actionable items and shared ideas and these are now presented in a more user-friendly format. The five most popular discussions are picked out in a separate section so it's easy to keep up with the most critical threads. Users can also choose the time of day they want to receive the digest.
There's enhanced security too, the latest release gives admin users more options for password management, such as determining the number of authentication attempts, the lock out time length, password repetition options and more.
"Clarizen v6 was specifically created for the modern, real-time, multi-generational and ever-changing workplace. Our prime objective is to arm high-performance teams with the collaboration capabilities they need to drive their ideas to execution," says Avinoam Nowogrodski, Clarizen's founder and CEO. "Based on collaboration with our customers, Clarizen’s Summer Release is designed to improve team collaboration, project visibility and productivity, translating to increased business value for the enterprise".
You can read more information about the latest release on Clarizen's blog.
Photo Credit: Pressmaster/Shutterstock
From being an expensive technology and something of a niche, flash storage is shifting into the mainstream, particularly in enterprises.
According to new research by IDC, although the technology has been available for a while, the adoption of flash-based storage is only now showing real growth thanks to falling prices and a growing familiarity with the benefits it offers.
As part of its biannual Storage User Demand Study, IDC conducted a survey of more than 1,000 storage administrators across the globe. It shows that whilst the pace of flash adoption is on the rise as more offerings appear from leading storage vendors, there are some factors -- notably price -- holding it back.
"There are still plenty of end users who believe they do not have the workload demands or budgetary appetite for flash-based storage systems," says Natalya Yezhkova, Research Director, Storage Systems at IDC. "However, we anticipate that the increasing availability of flash-based products across a broader range of use cases, combined with improved vendor messaging and falling component prices, will mitigate the biggest concerns to enabling even broader adoption of flash in the future".
In some cases the benefits of adopting flash storage won't justify the price premium. However, IDC also notes that there's a lack of suitable mechanisms for businesses to accurately compare the performance impact of flash and the long-term cost of operation.
"To overcome the concerns of these users, vendors and their channel partners need to not only keep the focus on the performance benefits of flash, but they also need to expand their messaging to include the secondary economic benefits it can provide as it is deployed in higher capacities," says IDC's Jeff Janukowicz, Research Director, Solid State Drive and Enabling Technologies.
The full report is available for purchase from the IDC website.
Image Credit: Eugene Kouzmenok/Shutterstock
Despite the rise of other forms of communication, email remains one of the most popular options, particularly for business. No surprise then that there’s plenty of choice when it comes to mail apps for your mobile device.
According to data from app analytics company Distimo, the myMail app has passed other options to become the most popular alternative mail app for both Android and iOS, behind only Gmail and Yahoo Mail.
Since launching in November 2013, myMail has overtaken popular apps like Mailbox, Cloudmagic, and K-9 Mail, first taking the lead in iOS downloads in March. The latest figures show that the company's focus on design, usability, and mobile-centric email is paying off.
It's gained top position in many established markets including the USA, Canada, Germany, France, the UK, Brazil, Japan, India, Spain, Mexico and Australia. In India, Brazil, Mexico and others it has more than twice as many downloads as the next most popular mail app.
Dmitry Grishin, CEO and co-founder of Mail.Ru Group, maker of myMail, says, "The future of email is mobile, and we have worked hard to build an app and client that are ready for this future. To win the top two mobile platforms worldwide so quickly and in such a decisive way proves that we're moving in the right direction. We firmly believe that smartphones and tablets are the preferred platform for email, and we're aiming to deliver the best possible experience for our users and anyone who wants a sophisticated yet simple way to manage their inbox".
Designed to appeal to both casual and power mobile email users, myMail can manage messages in Gmail, Hotmail, Live, Outlook, MSN, iCloud, AOL, Yahoo mail and my.com accounts, and it supports all IMAP and POP3-enabled mailboxes.
You can find out more on the myMail website or download the app from the Google Play or Apple App Store.
Ransomware is on the rise according the the latest report from enterprise threat protection specialist Damballa, with an increase in average daily infections of the Kovter infection of 153 percent between April and May this year.
Kovter is "police ransomware" that displays fake legal warnings about pornography. At its peak of activity in June it was recording almost 44,000 infections per day. But while Kovter was thriving CryptoLocker was dealt a blow by the taking down of the GameOver Zeus botnet.
The report heralds the taking down of GoZ as a new era for cyber security and partnerships between public and private enterprises, but points out that the industry can’t be complacent. Already new variants of GoZ are appearing in an attempt to re-establish the botnet.
The report also looks at infection rates for enterprises and reveals that the size of an organization has no bearing on number of malware infections. In the second quarter of 2014 Damballa saw enterprises with 200,000+ devices experience only a handful of infections and those with under 600 devices have alarmingly high numbers of infections -- and everywhere in between.
On any given day the proportion of active infected devices ranged from 0.1 percent to 18.5 percent which in a large company could mean thousands of infected devices. But as the report points out, "Advanced malware is designed to be evasive. It may stop communicating to its Command & Control server at any time. That's why it's critical to observe a device’s activity over time to compile definitive of infections. If you rely on security prevention controls that only watch the attack vector, you can miss some criminal activity altogether".
You can access the full report in PDF form on the Damballa website and there's a summary of its ransomware findings in infographic format below.
Image Credit: Carlos Amarillo / Shutterstock
Much of the malware in circulation now focuses on using exploits in popular applications such as browsers and office packages in order to remotely execute code. Security suites and specialized anti-exploit tools are aimed at blocking these but how well do they work?
A new study by testing lab PCSL commissioned by Malwarebytes has set out to find the answer. It looks at the exploit mitigation capabilities of 12 different products: Avast Internet Security, AVG Internet Security, Bitdefender Internet Security, Enhanced Mitigation Experience Toolkit from Microsoft, ESET Smart Security, HitmanPro.Alert3, Kaspersky Internet Security, Malwarebytes Anti-Exploit Premium, McAfee Internet Security, Norton Internet Security, Panda Internet Security and Trend Micro Titanium Maximum Security.
Each product was tested against 58 different exploit samples in a range of payload configurations. Only two products managed to block more than 80 percent, Norton on 81.03 and Malwarebytes on 93.10 -- we should point out here that although Malwarebytes commissioned the research it didn't select the samples used.
In the mid range, ranked as "inadequate" by PCSL, Microsoft EMET scored 74.14 percent, Kaspersky 72.41 equal with Avast, and ESET scored 70.69.
The remainder of the products scored under 60 percent and were therefore classed as "failed". Lowest score came from AVG which blocked only 24.14 percent of the samples. McAfee and Panda both managed 29.31 percent, Bitdefender 31.03, Trend Micro 48.28 and HitmanPro 58.62.
Protecting against exploits is of course partly about keeping all of your software up to date as well as using security tools but even so these results are revealing. If you want to read more detail of the tests the full report is available to download as a PDF.
Photo Credit: Archiwiz/Shutterstock
Recent figures from Gartner put the value of the CRM software market at $20.4 billion. But does it really make a difference when it comes to converting leads into sales?
Sales software specialist Velocify has been trying to find out by using secret shoppers to submit requests through online contact forms to see how quickly companies would respond. The companies included in the study were picked from the customer section of CRM vendors' websites.
The results show that companies using sales CRM solutions sent email responses three times as fast as Fortune 100 companies and were nearly twice as fast to call up inquiring buyers. Even so only 20 percent of sales CRM users followed optimal contact strategy by calling prospects within an hour of their inquiry, while 35 percent sent an email within this timeframe.
Less than 60 percent of inquiring buyers received at least one phone call and one email, and the average wait time for a callback was two days. It also found that tech companies performed 40 percent better than non-tech companies in following optimal contact strategies.
Users of Salesforce scored higher compared to those of other CRM solutions with over 30 percent scoring 60 or more on a 100 point scale measuring lead response, compared to only 6 percent of companies using other packages.
All of this suggests that while CRM helps companies to respond many could do so more effectively. The report concludes, "Ultimately, companies purchase CRM systems in order to build lasting relationships with their customers. At the beginning of any relationship is a first impression. Potential buyers expect to hear back from companies in a timely manner and with appropriate persistence. When these expectations are not met, sellers inadvertently send the wrong message about their interest in the buyer and ultimately damage their brand perception and revenue potential. Having the proper lead response strategy not only helps companies convert more prospects into customers, it gives buyers a positive first impression that is at the foundation of a long and mutually beneficial relationship between buyer and seller".
You can find out more and request a copy of the report on the Velocify website.
Photo Credit: Mikko Lemola / Shutterstock
Almost all recent PCs have Absolute Computrace embedded in their BIOS. It's a product designed to allow companies to track and secure all of their PCs from a single cloud-based console.
But researchers at Kaspersky lab have revealed that it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine.
Kaspersky Lab researchers Vitaly Kamluk and Sergey Belov along with Annibal Sacco of Core Security demonstrated the flaw in a presentation at the Black Hat 2014 conference.
Kamluk first described Comutrace's vulnerability at a Kaspersky Security Analyst Summit in February, "The software is extremely flexible. It's a tiny piece of code which is a part of the BIOS. As far as it is a piece of the BIOS, it is not very easy to update the software as often. So they made it very extensible. It can do nearly anything. It can run every type of code. You can do to the system whatever you want. Considering that the software is running on these local system privileges, you have full access to the machine. You can wipe the machine, you can monitor it, you can look through the webcam, you can actually copy any files, you can start new processes. You can do absolutely anything".
Six months on Computrace is still exploitable and once it has been activated it's very persistent and difficult to turn off. It also doesn’t enforce encryption when it communicates and doesn't verify the identity of servers from which it receives commands, so could expose users to attacks.
The mystery is, who or what is activating Computrace? The researchers believe it may be down to manufacturers' testing of new machines to check for Computrace compatibility. Because it's a legitimate piece of code it's white listed by many antivirus programs.
They conclude that whilst there's no reason to believe Absolute Software or PC manufacturers are deliberately activating Computrace in secret, they do need to notify users of its presence and issue instructions on how to turn it off if users don't want Absolute's services.
Image Credit: Spectral-Design / Shutterstock
Today's IT managers are under pressure to deliver the sort of agility that's offered by the public cloud but with the security and cost benefits of using existing infrastructure.
California-based startup Platform9 has today unveiled an answer to this problem with its SaaS platform that transforms an organization's existing servers into an AWS-like agile, self-service private cloud within minutes. It significantly reduces the operational complexity for IT and offers a single point of management for Docker, KVM and VMware vSphere.
"We founded Platform9 because as early engineers at VMware, we observed how customers were struggling to achieve AWS-like efficiency with increasingly archaic management software," says Sirish Raghuram, co-founder and CEO of Platform9. "We believe that just like SaaS revolutionized the world of enterprise applications, it can do the same for enterprise datacenters. You can think of us as the Salesforce.com of private cloud management. Our customers come to our web site, sign up and transform their existing infrastructure into a private cloud within minutes. From there on, they can focus on using their infrastructure rather than babysitting the management software".
Because it's cloud-managed Platform9 means there’s no complex management software to configure and it offers a "single pane of glass" interface across infrastructures, locations and datacenters.
Existing servers and workloads can be imported with minimum disruption and Platform9 can pool together servers and storage to provide optimal hardware configuration and control use of resources.
For developers it offers UI and API-based access and is OpenStack compliant. It also makes collaboration between team members and across different teams easy and intuitive with native support for the creation of shared environments.
Platform9 is currently in beta with a dozen medium to large organizations. You can find out more and sign up for a free trial by visiting the company's website it will also be on display at the VMWare conference taking place later this month in San Francisco.
Image Credit: Bedrin / Shutterstock
Companies operating in industries like healthcare, financial services and retail inevitably come in for a hard time if they don’t take good care of their data.
Yet a new survey by Dimensional Research for Dell Software shows the rather startling result that almost all of the IT professionals surveys in these industries lack confidence in their organizations' ability to manage governance, risk and compliance.
Among the key findings of the study are that some 93 percent of respondents are concerned about their ability to prevent unauthorized changes being made and 83 percent believe their organization's security would be improved if the security and compliance teams worked more closely together and shared more information.
One of the main concerns is unauthorized access to data with 94 percent having worries divided between both internal and external access. 61 percent are concerned about both, 22 percent about internal access by employees and consultants and 11 percent about external access.
On compliance only 11 percent say they're "very confident" that they're capturing all of the data necessary and a third said they had no consistent process for adding new regulatory data as required. Less than 50 percent of the organizations surveyed proactively review, add or remove data sources that is no longer required -- putting these organizations at a much higher risk of security threats even though they may believe they are compliant and secure.
When it comes to improving the situation only 57 percent say that their security and compliance teams work together and only 14 percent say they share data all the time. No surprise then that 83 percent believe security and compliance would be improved by closer collaboration.
The survey talked to more than 200 individuals with responsibility for compliance in organizations with over 2,000 employees. You can read more in a white paper available on the Dell site.
Image Credit: donskarpo / Shutterstock
One of the problems with relying on technology for so many things is that you end up with a whole raft of user IDs, for work, banking, shopping, social media and more.
A new study by the Ponemon Institute and IT management specialist CA Technologies looks at the idea of simplifying things through the use of Bring Your Own Identity (BYOID) initiatives, where social networking or digital IDs are used for application login.
"In today's application-driven economy, access to applications has to be simple and secure. BYOID is an increasingly popular option for simplifying access. It can reduce the need to create new accounts for every site, which leads to registration fatigue and abandoned shopping carts," says Martin Ashall, Chief Technology Officer at CA Technologies, UK. "We are working to make sure we enhance BYOID security without adding friction or complexity".
Although BYOID use is still in its early stages there's strong interest from businesses, particularly those which engage with customers via the web and mobile devices. But there's a difference in perception of its value between IT and business users.
70 percent of IT and 38 percent of business users in the study agreed that an important reason for BYOID adoption in their organisation was to strengthen the authentication process. However, business users place greater emphasis on improving the customer experience and increasing marketing effectiveness.
When asked about the social ID that was of most interest to their organization, IT users ranked PayPal as their preferred identity provider. For business users though Amazon edged out PayPal and Microsoft. When asked what social ID respondents preferred as a consumer, Google was highest ranked among both IT users and business users.
"A holistic examination of the attitudes uncovered in the research show two clear views of identity," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "IT continues to take a traditional risk-based, security view of dealing with identities, while the business side takes a more value-based, customer-centric view of identity. In order to gain the most value from any BYOID initiative, these two groups must collaborate and become allies for secure business growth".
The full report is available on the CA website and there's a summary of its findings in infographic form below.
Image Credit: Gunnar Pippel/Shutterstock
As all Windows users will know, the second Tuesday in each month means it's patch time. So that system admins don’t get caught out Microsoft has published its advanced notification ahead of August's Patch Tuesday.
So what can we expect to see in this round of updates? There are nine bulletins in total for software including Internet Explorer, Windows and Office. Two are rated "critical" as they allow for remote code execution.
Bulletin 1 is the most important as it affects all versions of Internet Explorer from 6 up to 11. Wolfgang Kandek CTO of network security company Qualys writing on his company's blog says, "Since browsers are the attackers favorite targets, this patch should be top of your list. An attacker would exploit this vulnerability on your users through a malicious webpage. These pages can be on sites that are either set up specifically for this purpose, requiring him or her to attract your users to the site or are on sites that are already under control of the attacker with an established user community, such as blogs and forums".
The second critical bulletin is for Windows 7 and 8 plus the Media Center pack for Vista. Kandek believes it addresses a problem in the graphics processing pipeline that could trigger a vulnerability via a malicious web page.
Other bulletins in this round address a file format vulnerability in Office 2007's OneNote application, elevation of privilege vulnerabilities in SQL Server and Windows, a SharePoint Server 2013 issue, and security feature bypass problems in .NET and Windows.
Microsoft also provided some details of a new Internet Explorer capability that allows the browser to block out of date ActiveX controls. This works with IE versions from 8 through 11, initially it's focused on outdated Java versions but will no doubt be extended to other controls in the future.
Image Credit: alexskopje / Shutterstock
It seems that allowing employees to use their own devices is an inevitable trend for most businesses. Yet a new survey by Software Advice finds that only 39 percent of workplaces have policies in place to cope with BYOD.
Businesses need to deal with the risks that BYOD brings. This includes the loss of visibility once company data is transferred to a personal device, privacy and legal concerns and the threat that devices could be compromised.
Over half of respondents to the survey said they'd transferred company files to their own devices, 35 percent said they never transferred anything sensitive, but may well be deciding what "sensitive" means for themselves.
When it comes to keeping devices patched, only 49 percent said that they implemented security updates when they were released. A worrying 11 percent say they never install updates.
Software Advice recommends that a BYOD policy should ensure devices are protected by a password and that these must be of minimum length. It should also bar the downloading of apps other than from an approved list.
Mobile device management (MDM) solutions can add an extra layer of protection beyond BYOD policy by enabling password rules to be enforced and devices to be remotely wiped in the event of problems.
It's important to note that mobile devices pose less of a risk than PCs. Rick Doten of enterprise mobility firm DMI Inc says, "Mobile users won’t 'infect' a network like a PC can. There isn't a concept of mobile 'malware,' it's really only malicious apps that access data on the phone (which you unknowingly allow it to), or features on the phone, like your microphone or camera".
The malware risk from PCs is greater since they're often used for handling more sensitive data. Doten says that a virtual desktop may be the best solution for BYOD users, "It provides the user with a virtual environment that keeps all data on the server, and the user interacts with it like a mainframe. Nothing is stored on the user’s device, and the session is gone when they log out".
You can read the full report and recommendations on Software Advice's Intelligent Defense blog.
Photo credit: Alessandro Colle/Shutterstock
A new study by the UK's communications regulator Ofcom finds that the "millennium generation" of 14-15 year olds are the most technology aware group but as we get older digital knowledge begins to decline.
The study of 2,000 adults and 800 children measured confidence and knowledge of communications technology to calculate a Digital Quotient (DQ) with the average UK adult scoring 100.
Today's 14 year olds have a DQ of 113 and are the first generation to have grown up with the benefits of broadband, probably never knowing the pleasures of dial-up internet. People in their 40s have a DQ in the high 90s, around the same as a modern six-year-old. Over 70s score a DQ in the 80s. You can try this out for yourself and see how you compare with a quick three minute taster test.
These differences manifest themselves in various ways. Most communication by 12-15 year olds for example is by text (94 percent) with just three percent spent on voice calls. By contrast adults spend 20 percent of their communications time on the phone and 33 percent on email.
At all age groups we're communicating more than ever. An average UK adult now spends more time using media or communications (8 hours 41 minutes) than they do sleeping (8 hours 21 minutes -- the UK average). It's the 16-24 group who spend the most time on media and communications. They manage to cram over 14 hours of media and communications activity into 9 hours 8 minutes each day by multi-tasking, using different media and devices at the same time.
Device use is shifting away from the PC with 44 percent of surveyed households now owning a tablet, up from 24 percent last year. This applies across age groups with 28 percent of over 55s owning a tablet and many saying it's their main computing device.
Despite our love of digital technology though we're reluctant to give up our physical media. Books were owned by 84 percent of UK adults in April 2014, down from 93 percent in 2005. 80 percent have DVDs (down from 81 percent) with music CDs showing the biggest decline, 79 percent this year, down from 92 percent. The average size of a book collection fell by three books to 86 per person, while the average size of a music CD collection declined by six CDs to 84. Age makes a big difference here though, 16-24 year olds are much less likely to own CDs whereas 90 percent of 45 to 55s have them.
You can find out more about the results of the survey on the Ofcom website.
Photo Credit: Pressmaster / Shutterstock
A recent report by Juniper on mobile ad spending estimated that it’s set to reach $40 billion a year by 2018. It's easy to understand why since the data it's possible to collect from a mobile device is valuable to marketers.
In a move to unlock this information media analytics company Visible Technologies has announced a new set of geo-location capabilities for its Visible Intelligence platform that give marketers the power to pinpoint specific locations of consumer social media posts anywhere in the world.
"The popularity of mobile devices for social media has significantly increased the amount of social data available to marketers. This data presents a new opportunity to understand and reach specific consumer audiences and evaluate markets with Visible's geo-location capabilities," says Richard Pasewark, CEO of Visible Technologies. "Global brands can use these types of insights to assess the voice of a customer at a specific location, analyze marketing impact, and make decisions on spend and consumer engagement".
The data can be used to target offers to active audience members in precise locations, allowing marketers to, for example, differentiate between locals and tourists to deliver appropriate messages.
Other capabilities in the platform include "Sticky Dates" which allow users to quickly change time periods for social media measurement with one click, including the flexibility to override the entire dashboard using named campaign or calendar dates. It also now scales to support large exports of 10,000 to 20,000 sites or authors at a time to allow deeper analysis to be carried out and help marketers report on larger sets of data.
You can get more details of Visible Intelligence and the insights it can provide on the company's website.
Image Credit: Tashatuvango / Shutterstock
The boom in numbers of mobile devices offers an opportunity for enterprises to change the way they do business, but a majority are failing to take advantage.
A new white paper produced by IDC and sponsored by enterprise mobility specialist Kony looks at how companies are using mobile technology to boost their business.
Based on a survey of over 400 IT decision makers, its findings show that companies that make enterprise-led strategic investments in mobility are getting higher levels of meaningful business benefits than those that have a business unit-led or departmental-led mobile approach. However, only 16 percent of companies take a clear, enterprise-led approach to mobility. Yet, 93 percent of companies with such an approach rated their success with mobile deployments higher than those using other approaches.
Around half of organizations using a mobile solution said it gave them key benefits including: smarter, faster decision making, improved organizational efficiency, cost savings, better customer interaction and increased revenue.
Only 41 percent of companies have an ongoing enterprise-wide mobile budget. These companies also have the highest mobile budgets, which tends to provide for strategic investments in mobile staff or to augment resources with outside support. 31 percent of companies have a comprehensive mobile technical staff augmented with external support and another 30 percent have a mobile development/architect group.
On the challenges of implementing mobile, almost 40 percent of respondents cite security and compliance issues as the biggest issue.
"With the number of mobile applications downloaded from app stores expected to increase by a 31.7 percent CAGR by 2017, enterprises are realizing that a mobile strategy is no longer a nice-to-have but a must have," says Thomas E. Hogan, chief executive officer of Kony Inc. "But bringing the goals of IT and the business into proper alignment is difficult when it comes to a mobile strategy. The results of the survey are further proof that those organizations that practice a mobile-first business model will improve business performance while engaging customers, business partners, and employees in new ways. Developing a clear mobile strategy is not something enterprises can ignore any longer".
More information and the full report is available on the Kony website.
Image Credit: Sergey Nivens / Shutterstock
Storing data in the cloud is convenient and makes for easy sharing and collaboration but it inevitably raises security concerns, especially when using public services.
Content Raven produces a cloud-based file distribution toolkit which adds an extra layer to provide content control, security and deep analytics to files stored in the cloud. It already integrates with Box and Dropbox but from today adds support for Google Drive too.
It allows users to protect, control and track all common file types shared online, including images, videos and PDFs. Using Content Raven with Google Drive can address security concerns by adding watermarks to files and videos. Users can also place limits on file viewing, printing and forwarding and get engagement and activity analytics. It can be used to prevent unauthorized access to data and stop screenshot taking, credential sharing, and other data leakage risks.
"The addition of Google Drive to our existing list of vendor integrations will further Content Raven’s market position as a leading value added service for file sharing platforms," says Ronald Matros, CEO of Content Raven. "Seamless integration with partners such as Content Raven will be an indispensable asset to file sharing vendors looking to combat commoditization, as well as enterprises looking to prevent data leaks and improve analytical tracking capabilities".
Google Drive users can start a free 21-day trial by downloading Content Raven from the Chrome Web Store. Once installed Google Drive users can simply right click a file and select Protect and Track with Content Raven.
Pricing options for teams and enterprises are available on the Content Raven website.
Photo Credit: Slavoljub Pantelic / Shutterstock
The Cryptolocker ransomware has had something of a checkered history, from the news that its GameOver Zeus botnet had been taken down by the authorities to a new strain of the malware appearing in June, it's seldom been out of the news this year.
Now though the story has taken a new twist and victims of the malware -- estimated at around 500,000 people -- can recover their encrypted files without the need to pay a ransom.
Security companies Fox-IT and FireEye which were involved in the effort to take down GameOver Zeus have created a tool to decrypt files locked up by Cryptolocker.
The companies have set up a Decrypt Cryptolocker online portal to provide the private key required so files can be unlocked for free. Users need to upload a file to the site and will receive a key and a link to download a decryption tool. Running the tool on their system with the key provided will unlock the files.
There's no need to register or provide any contact information beyond an email address though users are advised to submit a file that doesn't contain personal information.
"We are excited to work with Fox-IT to offer a free resource that can help thousands of businesses affected by the spread of CryptoLocker over the last few months," says Darien Kindlund, director of threat intelligence at FireEye. "No matter the type of cyber breach that a business is impacted by, it is our goal to resolve them and get organizations back to normal operations as quickly as possible".
Image Credit: albund / Shutterstock
As we rely more and more on mobile devices and an increasing number of businesses adopt BYOD strategies, security and privacy risks become a greater concern.
A new report by risk management specialist Appthority looks at the hidden risks presented by the 400 most popular iOS and Android apps. It identifies the ten most risky behaviors that threaten enterprise security, at least one of which is found in 99 percent of popular free apps.
According to the study which tested 100 free and 100 paid apps for each operating system, paid apps are safer but not by much. 78 percent of the top paid Android apps and 87 percent of the top paid iOS apps have at least one risky behavior. Risks include location tracking, used by 82 percent of top free Android apps and 50 percent of top free iOS apps.
Accessing the user's ID is carried out by 88 percent of free and 65 percent of paid Android apps but only 57 percent of free and 28 percent of paid iOS apps.
Risky behaviors are on the increase too with 71 percent of free Android apps sharing data with advertising networks, up from 58 percent earlier this year. In-app purchases are another concern with 58 percent of free Android and 55 percent of free iOS apps allowing them.
"As enterprises navigate how best to leverage the power of 'mobile' they have to confront the fact that user data and corporate data live side-by-side on mobile devices. Many mobile apps collect and share sensitive personal and corporate data without the user even being aware," says Domingo Guerra, president and co-founder of Appthority. "The first step toward mitigating this risk is to have full visibility into what risky behaviors are hidden in mobile apps, so that you can design acceptable use policies that protect your organization".
The report also highlights the fact that there are 85 developers behind the top 100 apps, making it harder for companies to keep control by sourcing their software from just a few trusted companies. On a more positive note it finds that malware infects only 0.4 percent of mobile apps and wasn't present in any of the top 400.
The full report is available to download from the Appthority website.
Image Credit: logolord / Shutterstock
Backup specialist Intronis has announced that it’s integrating Bare Metal Restore into its ECHOplatform for small and medium businesses, which offers a flat-fee unlimited cloud and local storage pricing model.
The BMR functionality offers complete physical-to-physical (P2P) bare metal recovery and physical-to-virtual (P2V) BMR recovery options for greater flexibility and performance. Available at no extra charge to Intronis channel partners it allows recovery back to the original system or to a replacement machine.
It's also possible to recover to a specific point in time to overcome corruption or malware issues. Physical images can be restored to virtual drives or virtual machines and recovered images can be mounted as a drive to carry out individual file restores.
"By integrating BMR right into the Intronis ECHOplatform and U2 pricing plan, we’re taking away the headache and added expense channel partners bear in having to 'rebuild, restore, reboot,'" says Chuck DeLouis, vice president of product management at Intronis. "With our BMR solution channel partners have access to a much simpler, highly-automated complete recovery process that virtually eliminates configuration errors, reduces expenses, and speeds recovery time".
The ECHOplatform delivers a secure, scalable, and comprehensive cloud backup and data recovery solution -- supporting a variety of in-demand services, plug-ins, and extensions such as physical imaging, VMware and Hyper-V, as well as SQL and Exchange backup.
At the same time the U2 Plan simplifies pricing for channel partners by offering unlimited cloud and unlimited local storage at a fixed monthly cost. Neal Bradbury, Intronis' vice president, channel development says, "Add to the mix our new partner enablement resources and it's easy to see how Intronis is helping our channel partners better market, sell, and support best-in-class cloud backup and data protection solutions that are simple, secure, and can easily scale to meet the needs of their clients".
You can find out more about the ECHOplatform backup and recovery solutions on the company's website.
Image Credit: Oleksiy Mark / Shutterstock
The way that many enterprises use data places heavy demands on storage, both in terms of capacity and performance. Whilst SSDs can solve the performance issue they don’t always offer the capacity required.
California-based BiTMICRO is a pioneer of SSDs having been involved with them since 1999. With the launch of its new MAXio E-Series PCIe drives it's aiming to deliver capacity, performance and reliability for companies that need to support high volume application workloads.
Based on the company's Talino ASIC Architecture the drives offer high capacity with a starting point of 1.5TB which is higher than most competitors. They also ensure integrity of the data with full Data Path Protection technology, from the moment data arrives at the host interface until it's stored on the NAND flash chips.
The range is aimed at enterprise applications with heavy load demands including video-on-demand, video streaming, online transaction processing, non-linear editing, gaming, file servers, web applications and cloud services.
"For years we have proven the value of our SSD technology in high-demand military and industrial computing environments such as air and space, military systems and mobile industrial solutions," says Zophar Sante, Vice President of Worldwide Marketing and Sales at BiTMICRO. "Now we are bringing this expertise to enterprise and mid-market customers. With MAXio E-Series SSDs, organizations of every size can achieve faster storage performance, greater reliability and true business availability".
Features of the drives include dynamic wear leveling to maximize the life of the flash drive’s chips for up to five years, protection of data at the firmware level for minimum overhead, and easy to use management software allowing users to optimize drive settings.
The MAXio E-Series is available now in capacities from 1.5 to 6TB, C-Series models with capacities up to 12TB will be available next year. For more information on the range you can visit the BiTMICRO website.
The sales process is all about making effective connections with customers and potential customers, so any tool that can help with that process will make meetings run more smoothly and profitably.
A new web app and iOS app from Refresh is aimed at giving sales staff deeper insight into their contacts. The app syncs to the sales person’s calendar to provide instant information on the people they’re meeting.
It works by analyzing data from more than 100 sources around the web, including Twitter, LinkedIn, Facebook, Yelp, Google+, Instagram and Foursquare. It then collates this public information into a handy guide to help make the most out of business meetings, interviews and conversations.
"At Refresh, we’re focused on creating a tool that helps everybody build stronger relationships, and in the past few months, we've used data to understand what's critical for connecting and making conversation," says Bhavin Shah, CEO and Co-Founder at Refresh. "With that information, we took an informed position on which details are the most critical to know. We reorganized our insights to prioritize what's most useful, while also making it easier for users to find specific facts to build trust and rapport".
The apps offer the ability to provide context by revealing shared interests and multiple connections, push notifications to deliver the right information before a meeting, and the ability to take notes linked to an individual's profile.
New features include delivering recent news about people and companies, email notifications, and more powerful and visually-focused details with logos, faces and icons.
You can find out more and try out the beta version of the web app on the Refresh website. It's only web and iOS at the moment but there's an Android version in the pipeline.
There has been rapid growth in the number of mobile devices attached to corporate systems in recent years and this shows no signs of slowing down.
A new survey sponsored by Oracle shows that not only are enterprises more committed to mobility, but that the rate of development, deployment and spending for support of mobile applications and devices is set to increase dramatically.
Mobile related expenditure is set to receive a 54 percent boost over the next two years. Average IT department spending per device, per employee is expected to grow to $242 from $157 today.
But while the survey reveals a high commitment to mobility, it also shows little consensus about methods of mobile development and deployment. 44 percent of respondents indicated that their app portfolio is internally developed. However, cloud technologies like platform-as-a-service were seen as important by 75 percent.
The survey also shows that there are increasing concerns from IT executives over mobile security and integration with back-end systems. The results reveal that 29 percent of IT development time is spent on front-end mobile app development, but more than 70 percent is spent on integration, security, quality assurance testing and design work.
Security is the top concern and 93 percent of respondents cited worries over data loss and other security breaches related to mobile devices with BYOD. As a result organizations are turning to centralized management solutions, respondents say that in the next two years they'll be focusing more on device data encryption, centralized updating and troubleshooting, remote wiping of data and locking down of features.
"Mobility has been ubiquitous for a while but only 10 percent of enterprises have an enterprise wide deployment of mobile. Its impact and importance are gaining importance today. This survey is reassuring in that enterprises see potential for great payoff from making a strong mobile commitment. They are recognizing that mobile applications provide a new way to develop and maintain relationships with customers," says Suhas Uliyar, Vice President, Mobile Strategy & Product Management at Oracle. "Oracle's mobile solutions allow organizations to develop, connect and secure their own mobile applications. Our comprehensive mobile strategy simplifies enterprise mobility for any organization."
The full survey report is available from Oracle's website.
Photo Credit: 3Dstock / Shutterstock
SAP is the world's most popular ERP (enterprise resource planning) system, but a recent survey by HCL Technologies shows that integration with their existing solutions was the biggest obstacle to 45 percent of SAP users when implementing cloud technologies.
Integration company Jitterbit has announced a new SAP Connector that lets businesses integrate their existing processes with SAP whether they're on-site or in the cloud. Certified by SAP and running on Jitterbit's Harmony cloud platform it offers faster integration and is compatible with SAP's latest HANA in memory appliance.
"Businesses are clamoring to bring on new cloud technologies, but integrating them with existing solutions and on-premise systems in an efficient and secure manner has proved to be an enormous headache," says Jitterbit Vice President of Marketing and Business Development Andrew Leigh. "The Harmony SAP Connector will empower companies to embrace new technologies and realize amplified value from their existing applications by offering the only integration solution delivered on a unified cloud platform, which is both easy to use and quick to get up and running."
The new Connector is optimized for SAP customers operating in specific industries, including manufacturing, retail, automotive, and energy. It allows companies in these sectors to streamline critical business processes like customer service and field service, breaking down departmental barriers across the organization. Businesses will also be able to get increased value from their back-office SAP systems by connecting them with new technologies that make use of cloud, mobile, and social media innovations, as well as the internet of things.
It's the only integration tool for SAP that runs on a unified, multi-tenant cloud platform, allowing customers the agility, speed and support that the cloud offers. It also offers a graphical interface which means business users can set up and manage connections without the need for specialist API support.
You can find out more on the Jitterbit website.
Photo Credit: Vallepu / Shutterstock
We're constantly being told that the internet of things is set to revolutionize the world we live in. Gartner has predicted that it will have around 26 billion units by 2020, but with this rapid growth comes added risk.
A new study from HP shows that 70 percent of the most commonly used internet of things (IoT) devices contain vulnerabilities, these include password security, encryption and personal data issues.
As manufacturers rush to bring IoT devices to market they open the door to threats ranging from code vulnerabilities and denial of service attacks to weak passwords and scripting vulnerabilities.
HP used its Fortify on Demand product to scan 10 of the most popular IoT devices, uncovering on average 25 vulnerabilities per device. Items tested included TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.
Of the devices tested -- including their cloud and mobile software components -- 8 out of 10 raised privacy concerns surrounding collection of personal data. 90 percent of those devices tested collected at least one piece of personal information either via the device itself or its associated software.
Weak passwords was another problem with 80 percent of tested devices failing to require passwords of adequate length or complexity. Not encrypting data in transit affected 70 percent of devices. 60 percent didn't use encryption when downloading software updates. This meant that in some cases downloads could be intercepted and extracted allowing the software to be analyzed.
Insecure web interfaces were a problem for 60 percent of devices, poor session management, weak default credentials and credentials transmitted in clear text all being concerns. Of those devices with cloud and mobile components 70 percent would enable a potential attacker to determine valid user accounts through account enumeration or the password reset feature.
"While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface," says Mike Armistead, vice president and general manager, Fortify, Enterprise Security Products at HP. "With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats".
Full details of the study are available on the HP website and the company will be addressing the latest security trends at the Black Hat USA 2014 conference taking place next month.
Image Credit: Jurgen Priewe / Shutterstock
In an ideal world there wouldn't be any viruses at all but, since there are, the next best scenario is to have an antivirus program to protect you. But what happens once it's too late? If you get a virus infection how good are antivirus and clean up tools at repairing your system?
Independent testing organization AV-TEST set out to resolve this question with a comprehensive 10-month test using 17 different software packages.
It tested paid antivirus solutions from Bitdefender, ESET, F-Secure, Kaspersky and Norton, plus free antivirus tools from Avast, AVG, Avira and Malwarebytes along with Microsoft Security Essentials. In addition it tested seven specialized cleanup and recovery tools, Avira Cleaner, Hitman Pro, Disinfect2013, F-Secure Removal Tool, Kaspersky Removal Tool, Panda Cloud Cleaner and Norton Power Eraser.
Each solution was tested multiple times over a 10 month period from September 2013 to June 2014, repeatedly testing malware families to see how the software coped with their evolution. Tests looked at whether the malware was detected, if components were completely removed and whether all changes to the system were completely reversed leaving it fully restored.
Test results
Results are divided into four categories. In the first, looking at detection of known malware all products should have passed as the researchers established beforehand that the malware samples used were known to all of the solutions. However, both Microsoft Security Essentials and Avira Free Antivirus managed to miss known malware.
The second category looked at active malware components not removed. Of the 10 security packages, the freeware solutions from Avira, Avast and AVG, as well as Microsoft Security Essentials failed to remove active components in the system between one and seven times. The paid software products and the freeware Malwarebytes Anti-Malware Free all cleaned error-free. Of the cleanup tools Hitman Pro, Panda Cloud Cleaner, Avira Cleaner and the F-Secure Removal Tool were unable to remove between one and 11 active components. Only the Kaspersky Removal Tool, the Norton Power Eraser and Disinfect2013 removed everything.
The third category looked at whether any residual harmless components were left on the system. Security packages from Bitdefender, F-Secure, Kaspersky, Norton and ESET left small file remnants and insignificant entries in the registry between 1 and 9 times. Malwarebytes achieved a perfect removal. Of the cleanup tools Kaspersky Removal Tool only missed removal of a harmless file in one instance. Norton Power Eraser fell short of a perfect clean-up 11 times, and Disinfect2013 48 times, all it left behind though was digital garbage with no dangerous components.
The last category looked at whether removal was complete, leaving a fully cleaned and repaired system. Of the security packages only Malwarebytes Anti-Malware Free had 100 percent success leaving the system completely cleaned and repaired after 60 tests. Bitdefender came close behind with successful cleanups in 59 tests followed by F-Secure and Kaspersky on 56. Of the clean up tools none left the system completely clean. Kaspersky Removal Tool turned in the best performance, leaving behind just one harmless file.
In the final analysis Malwarebytes, Bitdefender and Kaspersky put in the best performance of the security packages. Of the freeware cleanup tools the researchers recommend Kaspersky Removal Tool and note that while the Norton tool and Disinfect2013 left behind a lot of garbage they didn't miss any active components. You can see the full results on the AV-TEST website.
The good news to take away from this is that if you are unlucky enough to contract a virus there are effective options that can clean your system without you having to resort to a complete reinstall. The even better news is that the most effective tools are free.
Image Credit: Sergey Nivens / Shutterstock
A newly uncovered flaw in Google's Android OS could leave large numbers of mobile devices at risk from malicious apps that appear to be from trusted developers.
Named 'Fake ID' by Bluebox Security who uncovered it and notified Google of its presence, the vulnerability lets malicious applications impersonate specially recognized trusted applications without any user notification. Although a patch was issued in April it's likely that many devices are still at risk.
The flaw can can be used by malware to escape the normal application sandbox and take one or more malicious actions. For example it could insert a Trojan horse into an application by impersonating Adobe Systems, gain access to NFC financial and payment data by impersonating Google Wallet, or take full management control of the entire device by pretending to be 3LM.
Fake ID has been present in Android versions from 2.1 to 4.4, although it was fixed in April as part of the latest patch, Google bug 13678484. Android KitKat is immune due to a change in the webview code. Millions of unpatched devices could still be at risk, however, Google's own statistics indicate that more than 80 percent of Android users are running older versions of the OS.
Fake ID works by exploiting a problem in the way Android uses digital IDs. Whilst the OS checks to see if an app has the right ID before granting privileges it doesn't check to see if that ID is properly issued, allowing forged ID codes to be used. It's also possible for a single app to carry multiple IDs making it possible to carry out several attacks.
Writing on Bluebox's blog chief technology officer Jeff Forristal says, "The problem is further compounded by the fact that multiple signers can sign an Android application (as long as each signer signs all the same application pieces). This allows a hacker to create a single malicious application that carries multiple fake identities at once, taking advantage of multiple signature verification privilege opportunities to escape the sandbox, access NFC hardware used in secure payments, and take device administrative control without any prompt or notification provide to the user of the device".
Bluebox has released a Security Scanner app that checks to see if your device is exposed.
More than six months on from the Target breach hitting the headlines retailers are still not properly protecting their data according to risk management specialist BitSight.
Writing on the company's blog CTO and co-founder Stephen Boyer says, "BitSight has continued to observe evidence of system compromise inside hundreds of retailers over the course of the year. Based on our data and analysis, we observed that there were many retailers with poor performance and that this downward trend has continued into the second half of 2014".
The blog goes on to highlight a number of instances since the Target breach where customer and credit card details have been compromised. It also points out that there are likely to be many more incidents that have gone unreported and are not likely to be revealed.
Boyer says, "The data here compels us to reiterate today what was expressed back in January: the evidence strongly suggests that organizations in the list above are not alone and does not bode well for the rest of the year".
He points out the importance of industry and peer benchmarking in helping companies improve their security. Measuring performance helps businesses gain insight into changes in their posture, and leads to better understanding of what actions are helping to improve their ratings. Benchmarking against the top-performing industries and comparing security practices can help set strategy and encourage the adoption of new standards.
Retailers need to adopt some of the techniques used by the financial industry in terms of continuous monitoring, regular risk assessments and responding quickly to emerging threats. They also need to make IT security a board level issue. Boyer concludes, "As retailers begin to adopt more of these measures and follow the best practices of top performing peers, we will likely see the number of breach incidents decline".
Image Credit: Andrea Danti / Shutterstock
We've all had bad sales experiences at some time or another and they inevitably have a negative impact on our view on the company concerned.
A new study by mobile sales enablement specialist Showpad reveals that it can take years to recover from the damage caused to the customer relationship by a bad sales experience.
The survey also reveals a difference in perception between sales and marketing on the value of marketing material. A majority of sales professionals (64 percent) think marketing content is neutral to ineffective, while 76 percent of marketing people, unsurprisingly, rate their collateral as effective.
"We have seen that the cost of a bad sales experience is high, with most companies leaving millions on the table. Fortunately there are powerful solutions to help companies to overcome these challenges," says Pieterjan Bouten, co-founder and CEO, Showpad. "Delivering the right content, in context, at the right time has proven to be critical to avoid a bad sales experience. Our mission at Showpad is to arm sales people with the right marketing collateral on any device so they can sell -- successfully -- anytime and anywhere".
In order to combat the problem of bad sales Showpad is announcing a partnership with analytics platform GoodData to deliver improved insight into the content that resonates with customers and prospects, enabling sales staff to close more deals.
This allows marketing teams to learn how well their message resonates with prospects and customers. At the same time sales teams are armed with the best content to convert leads anywhere and at any time.
You can find out more about the partnership and the survey results on the Showpad website and there's a look at the cost of bad sales experiences in infographic form below.
Image Credit: Onypix / Shutterstock
Independent reviews and opinions are a valuable commodity for marketers as they can often be key to purchasing decisions. Now content management specialist InPowered is launching a new product to help companies find out what experts are saying about them.
Called Expert Ranking it identifies the top experts on any topic and allows brands to discover what these experts are writing about them. It then lets the brand promote those opinions via their web, social and mobile channels.
Pirouz Nilforoush, Co-Founder and CEO of inPowered says that opinion about a brand or product is far more compelling coming from a credible third-party, "Ultimately, people trust experts far more than they trust brands. inPowered is the only platform capable of ranking the top experts on any topic, discovering the content those experts have written about your brand, and highlighting the specific, positive expert opinions you should promote for the greatest business impact with customers".
Expert Ranking works by measuring how people react to someone’s knowledge based on depth, consistency and validation. It first looks for people that write in-depth articles on the few topics that they have the most knowledge on, rather than people who write basic articles on a lot of topics.
After that inPowered looks for people who actively and consistently share their knowledge about a given topic. Someone writing several articles per week about a particular topic is seen as more knowledgeable than someone that writes only one story per month on that topic, even if more people read that one story.
Finally, the software looks for people that have a loyal following who consistently share their content. For example, if someone consistently has 100 people sharing their content on a particular topic, that person is deemed more knowledgeable than a person who has one article that was shared by 1,000 people.
You can read more about how inPowered helps you find and promote what experts are saying about your brand on the company's website.
Image Credit: iQoncept / Shutterstock
Securing IT is essential for any modern business, but according to a new study carried out for security company Kaspersky Lab around one in four IT security experts have little or no understanding of the security options for virtual environments.
Almost half of respondents (46 percent) said that virtual environments can be adequately protected by conventional security solutions and 36 percent believe that security concerns in virtual infrastructures are significantly lower than in physical environments.
The study finds that IT security professionals may not have a clear understanding about the different virtualization security approaches that are available. Only one out of every three IT security experts have a clear understanding of light agent and agent-based virtualization solutions, and only one out of every four understands agent-less virtualization security.
Kaspersky points out that although conventional security solutions may be 'virtual aware' they can create performance problems when used with virtual environments. Agent-based security can overwhelm resources when scanning and may leave protection gaps when updates are required.
Mark Bermingham, Virtualization Evangelist at Kaspersky Lab North America says, "Businesses today face an ever-evolving threat landscape and cybercriminals are increasingly looking at virtual environments as the next frontier of sophisticated attacks. The survey results highlight a clear disconnect between what organizations believe is optimal security for a virtual environment when contrasted with the robust capabilities delivered via agentless and light agent solutions. With many businesses turning their attention to securing virtual environments, it is critical that they execute these initiatives and understand their options for securing these business-critical environments".
But while many organizations may not have a clear understanding of virtual security options 64 percent agree that security should be a priority when rolling out virtual infrastructure. Also 52 percent agreed that virtual environments are becoming key to their business infrastructure and securing them would be a priority for the next year.
The report concludes that businesses need to measure the performance costs of security, assign the right solution to each environment and limit 'virtual sprawl' by shutting down virtual machines when they're no longer in use. You can read the full report on Kaspersky's website.
Photo Credit: Sergey Nivens/Shutterstock
Googlebots are essential to the smooth running of the search engine, ceaselessly probing websites to ensure that Google stays up to date with the latest developments and site changes.
But for every 25 genuine Googlebots that visit your site you'll also be visited by a fake Googlebot -- more than 23 percent of which are used for DDoS attacks, hacking, scraping and spamming. This is among the findings of security company Incapsula's 2014 Search Engine Study.
The study is based on over 400 million search engine visits to 10,000 sites over 30 days and shows Google is the most active search engine. Googlebots are responsible for more than 60 percent of all page crawls, the second in line the MSN/Bing bot notches up only 24.5 percent. What's also interesting is that there's no correlation between the number of human visits to a site and how often it’s crawled by Googlebots. Google pays just as much attention to the backwaters of the web as it does to popular sites.
The study does note though that content-heavy and frequently updated websites were more thoroughly crawled. This behavior was most notable in the cases of big forums, news sites and large-scale shop sites with a wide array of frequently updated products.
Most interesting and concerning though is the number of fake Googlebots. The study shows that over 4 percent of bots using Google's HTTPS user agent aren't what they claim to be. The benefit of this to hackers is that site owners generally allow unhindered access to Google's crawlers in order to protect their search results.
Incapsula's logs reveal that fake Googlebots are used mainly for DDoS attacks but also in spamming and hacking activity. Security solutions that don't use case-by-case traffic inspection are unable to spot the real bots from the fakes.
To remain secure, sites need to use a security solution that combines heuristics and IP and ASN verification to identify bots based on their origin.
You can read more about Googlebot and fake bot activity on Incapsula's blog and there's a summary of the report's findings in infographic form below.
Photo Credit: Gunnar Assmy/Shutterstock
When you send a file to someone else there’s always a risk that it could be copied or forwarded, even if it's intended to remain private -- as many a snapper of naked selfies has found to their cost.
There have been attempts to solve this problem in the past of course with services like Snapchat and Yahoo's Blink, that allow content to be viewed for only a short time, but none of these are aimed at business users.
That's about to change with the launch of Digify a self-destructing, view-only content protection service to let professionals privately share their business content. Files shared using Digify can't be forwarded, downloaded, copied, saved or uploaded elsewhere, and can be set to self-destruct in any time from one minute to one month.
It works on iOS and Android -- a desktop version is due to launch later this year -- and is integrated with cloud storage services including Dropbox. So, for example, users can browse and send a Dropbox file straight from the Digify app. On iOS devices, if recipients try to take a screenshot, the sender will be notified and the file unshared. On Android screenshots are blocked completely. Statistics in the Digify app show who has viewed the content, for how long and how often.
Augustine Lim, co-founder and CEO of Digify says, "Before Digify, there were many tools for sharing files but no easy, inexpensive way for most professionals to protect and track access to information once it was sent to someone else. After downloading files a recipient was able to forward or upload them anywhere on the web. Digify enables users to effectively share, control and protect ideas and content from wherever it is stored with the comfort that they will not go beyond the intended recipient".
It works by converting files to an intermediate format for temporary display by Digify's viewer via document streaming. Recipients are unable to download content to their own devices, or share it with others. The original is deleted from Digify's server after conversion and once the file self-destructs all copies are deleted.
Files are protected by 256-bit encryption both on the server and in transit. Screenshot tools and other means of capturing information are blocked. The process works with Word, Excel and PowerPoint files as well as photos and PDFs.
Digify is available now via the Apple App and Google Play stores or you can find out more on the company's website.
Image Credit: iQoncept / Shutterstock
Cybercriminals are constantly targeting end users via phishing and social engineering attacks in attempts to access sensitive information or corporate data and bypass traditional endpoint security. Often these attacks are delivered from devices outside the enterprise, belonging to customers or suppliers for example.
Internet security specialist Comodo is launching a new product aimed at plugging the security gap and guarding against, keylogging, SSL sniffing, remote screen viewing, memory scraping, man-in-the-middle attacks, zero-day malware and more.
Comodo SecureBox is a secure desktop application designed to protect and run only trusted applications. It always assumes that the host environment is hostile or malware-infected. This unique approach to containerization differs from traditional containment solutions that seek to sandbox only malicious or untrusted applications.
"SecureBox is particularly well-suited for businesses who need to ensure the security of third-party endpoints that are beyond the control of their IT organization," says Kevin Gilchrist, Comodo's Vice President of Product Management. "Financial services companies, healthcare or health insurance companies, or any company that has a large supply chain where the supplier represents a possible vector for malware would benefit from SecureBox".
Features of SecureBox include securing mission critical data in transit by creating a secure tunnel between client and web server. It also protects against keyloggers by bypassing the Windows input subsystem, and intercepts remote takeover attempts by detecting attempted screen captures.
It also has anti-SSL sniffing technology to guard against man-in-the-middle attacks, plus it containerizes applications to prevent memory scraping. Finally there's a cloud-based virus scan to detect and terminate any virus activity on the host device.
Comodo can custom build SecureBox for large organizations so that it can be company-branded and tailored for specific security needs. For more information visit the SecureBox website.
Image Credit: VERSUSstudio / Shutterstock
Data makes the modern world go round and by being able to use it effectively companies can gain a competitive advantage, improve customer experience and enhance operational efficiency.
Database specialist Oracle has combined a number of its offerings including the newly acquired BlueKai Audience Data Marketplace to form Oracle Data Cloud, a platform that provides customers access to world-class data-as-a-service (DaaS) offerings to allow companies to exploit marketing and social media data.
"Unbundling data from SaaS applications has enhanced a business user's ability to activate insights gleaned from external data sources, leading to more engaging and personalized customer experiences," says Omar Tawakol, general manager and group vice president of Oracle Data Cloud. "The Oracle Data Cloud brings together a best-in-class data platform with the world's largest data marketplace to drive smarter decisions for marketing and social, and it will eventually include other enterprise functions such as sales and service".
Oracle DaaS for Marketing is designed to help organizations enhance the cross-channel customer experience through targeted marketing engagement that brings together customer and audience intelligence from across the enterprise. With access to more than a billion profiles globally, Oracle DaaS for Marketing is the world's largest data marketplace and allows companies to deliver relevant content across a range of platforms.
DaaS for Social helps enterprises benefit from the vast pool of data generated across social platforms and helps them make sense of unstructured social and enterprise data. By applying powerful text processing techniques it can help to generate business intelligence from raw data culled from public and private sources.
You can find more information about Oracle's data-as-a-service offerings on the company's website.
Photo Credit: Blend Images/Shutterstock
With today's increasingly complex network environments it's often hard to pinpoint the exact cause of problems. According to a new survey by network specialist Emulex this often leads to incorrect reporting to management.
The study of 547 US and European-based network and security operations professionals found that 45 percent of IT staff monitor network and application performance manually, instead of implementing network monitoring tools.
This has resulted in 77 percent of those surveyed having reported information to their management teams that turned out to be wrong. 79 percent admitted to attributing the cause of network events to the wrong IT group.
A staggering 87 percent found that they'd had to report the cause of a network event without having the information to be completely accurate. Also 73 percent of those surveyed said that they had currently unresolved network events.
This is against a background of increasing security events with 81 percent saying they'd experienced some sort of breach in the past year, and more demands for mobility with 84 percent having implemented BYOD over the last 12 months.
Yet 26 percent of European respondents said they have no plans to monitor their network for performance issues related to BYOD. When added to the fact that 45 percent of organizations are manually monitoring the performance of their networks, Emulex says the growing amount of mobile device-generated traffic is on pace to overwhelm enterprise networks.
"IT is facing new challenges related to the growing use of software-defined networking, virtualization and higher performing networks, as well as increasingly more sophisticated attacks on company IT assets," says Shaun Walsh, senior vice president of marketing at Emulex. "The clear message from this survey is that one of the best tools for SecOps and NetOps professionals to have at their disposal is 100 percent network visibility that is tied to their detection management systems and it’s the combination of proactive management and the ability to do forensic analysis that will give these IT professionals the right tools to maximize application delivery, protect their corporate assets and avoid the IT blame game".
The full study is available on the Emulex site and there's a summary of the findings in infographic form below.
Image Credit: zwola fasola/Shutterstock
We're constantly being told that the PC market is in terminal decline, but sales figures from different parts of the world continue to defy the predictions.
The latest figures from market intelligence provider IDC for the Asia/Pacific region show a two percent rise over last quarter and a total market for the second quarter of 2014 at 24.3 million units, slightly up on predictions.
Various factors have had an influence on these figures. Uncertainty surrounding Thailand’s coup resulted in a steep decline as sales channels were reluctant to take new shipments. On the other hand shipments to a large education project in India came in earlier than expected, boosting figures by around 100,000 units.
"The ongoing economic slowness in the emerging markets sets the tone of the overall PC demand and inhibited the region's year-on-year growth", says Handoko Andi, Research Manager for Client Devices Research at IDC Asia/Pacific. "There are pockets of optimism coming from mature markets like Australia and New Zealand, Singapore, and Hong Kong, where smartphones and tablets near saturation. However, the region's growth has been adversely impacted with the rise of large-screen smartphones in China and most ASEAN (Association of South East Asian Nations) countries”.
Looked at by manufacturer, world market leader Lenovo retains its top spot here on 26.6 percent of the Asia/Pacific market, thanks to a strong second quarter following the Chinese New Year and a back-to-school campaign boosting its sales in India.
Dell holds second spot on 10.5 percent and showed strong growth in India and Thailand due to a new focus on the consumer sector. HP is just behind in third place but Acer has overtaken ASUS for fourth spot thanks to its strong entry-level product range.
For more information on IDCs market tracking you can visit the company's webpage.
Image Credit: Kheng Guan Toh / Shutterstock
The holy grail of marketing is to be able to understand what your customers want and then to adapt your communications accordingly to make them more effective.
Achieving this of course isn't easy so companies are always on the lookout for ways to learn more about their customers. Boston-Based QuickPivot (formerly called Extraprise) is launching a new marketing platform to allow marketers in any industry to derive customer insight, listen to brand interactions and then adapt campaigns with highly optimized messages and offers.
QuickPivot CEO Michael Shanker says, "Instead of operating at the traditional 'speed of marketing,' B2B and B2C organizations that leverage our newest offerings are able to market at the right speed of the customer -- combining technology, insight, creative, channel mix and operational agility, to make every touch count at any point in the customer journey".
The product supports a wide range of devices and channels such as email, mobile, web, social and print, all of them in real time. So it allows cross-channel marketing, database segmentation to provide answers fast, and accurate reporting of campaign effectiveness. It's cloud-based too so teams can access it from anywhere they need to.
In addition, QuickPivot has many years of experience in providing marketing technology and services for some of the world’s largest B2B and B2C brands. The company will combine its platform with a complete range of database, analytical and reporting services. This will let users optimize and measure campaign effectiveness in real time at every stage of the process across campaigns, channels and geographical regions.
You can find out more about QuickPivot and how it works on the company's website.
Photo Credit: Arkady/Shutterstock
Email is often cited as the killer app which popularized the internet. You might think that by now we'd have moved on but a new survey of 1,000 US email users from mail app provider My.com suggests we're just as in love with our inboxes as ever.
There are currently around 3.9 billion email accounts worldwide and the number is expected to increase by around 27 percent this year. We're also spending more time on our email these days with 46 percent of users admitting to spending an hour or more a day reading their messages.
We have more accounts too. Only 33 percent of respondents have a single account with 27 percent having three or more.
Mobile devices of course means you can be in touch with your email at all times and 70 percent of those surveyed check their mail on mobile devices with 67 percent using push notifications to get instant alerts.
It seems we check our mail more often too. 74 percent check their email first thing in the morning, which is fair enough, but email also intrudes on our other activities. 48 percent check during lunch, 27 percent check during dinner, 33 percent during movies and 56 percent check before going to bed. Then there's the 8 percent who admit to checking straight "after sex" -- though there's no indication of how many of these also checked before they went to bed.
The main problem with email of course has always been spam and that isn't going away either. Despite improved filtering 60 percent of respondents admit to losing important messages due to spam. Also a remarkable 64 percent say they've closed an email account in frustration because of excessive spam.
You can check out a more detailed summary of the findings in infographic form below.
Photo Credit: Shumilina Maria/Shutterstock
The large number of devices out there means that Android is becoming an increasingly popular target for malware writers. Ransomware which has previously been a mainly Windows problem is becoming an issue too.
The latest piece of malware discovered by mobile security specialist Lookout attempts to extort money with a scary message claiming to be from the FBI. It claims the user has broken the law by visiting pornography and child abuse websites.
Called ScarePakage, the malware masquerades as well-known apps, like Adobe Flash and a number of anti-virus applications, and pretends to scan your phone when launched. After completing the fake scan it locks your device. You can't navigate away and if you try to reboot, the FBI message will be the first thing you see when you turn back on.
It demands several hundred dollars in the form of a MoneyPak voucher to release your device. ScarePackage tries to prevent normal use of the device by blocking the victim's actions. Using a Java TimerTask, which is set to run every 10 milliseconds, the application will kill any other running processes that the user interacts with that are not the malware itself or the phone's settings application. The malware also uses an Android WakeLock to prevent the device from going to sleep.
Should you manage to switch the device off a boot receiver class resumes ScarePakage's takeover when you turn it back on, shutting down all other processes. It doesn't need root in order to take over the phone, but it does need device administrator access.
Lookout's blog, which includes screen shots of the malware, says, "ScarePakage is likely created by Russian or other Eastern European authors given language cues used in the application that we observed". For now the malware seems to be targeting only users in the US.
Advice for avoiding infection includes, not awarding device administrator rights to applications unless you're sure of what they do, only downloading apps from known and trusted developers and using a security application to detect threats before they're opened.
Image Credit: wavebreakmedia / Shutterstock
When Microsoft discontinued support for XP it left a large number of businesses, around 25 percent, needing to make a transformation of their IT environment.
As well as switching to a new desktop OS many are also moving applications to the cloud, changing hardware and introducing BYOD. In order to help IT decision makers with these choices, Israel-based software analytics specialist SoftWatch has introduced a new SaaS product.
OptimizeIT Premium Suite aims to support CIOs in the decision making process as they switch to new environments. It makes it easy to identify heavy and light users as well as those with specialist requirements like ERP and CRM or power applications like CAD/CAM.
By identifying applications and usage patterns it can guide IT decision makers in reducing operational costs. It allows them to build an end-user computing environment that fits the user profile, utilizing various combinations of hardware and software.
The end result will be a flexible and cost-effective hybrid cloud architecture accommodating the needs of different users at optimal cost. While power users may continue to use advanced applications using powerful workstations, others may be better off with relatively low-cost tablets and cloud-based applications.
"We continue to extend our services to enable IT decision makers to make informed decisions and optimize their end-user computing environment based on application usage analysis," says Uri Arad, Co-CEO of SoftWatch. "We strongly believe that the default decision to migrate to the next Microsoft OS and the 'one size fits all' approach are no longer serving the interests of enterprises. The availability of application usage information allows enterprises to obtain a thorough analysis of their readiness to embrace cloud based services, manage the transition and enjoy tremendous economic and technological benefits".
You can find out more about OptimizeIT Premium on the company's website.
Photo Credit: Melpomene/Shutterstock
Conventional security wisdom says that you should use complicated passwords which are impossible to remember and have a different one for each and every website that you visit.
However, a new paper published this month by Microsoft Research says we should go back to having a bad, easily remembered, password and using it on lots of sites. Okay, that's a bit of a simplification, but what the researchers are saying is that in order to be able to remember the difficult passwords for your bank, etc it's better to reuse simpler passwords on low-risk sites.
The report acknowledges the difficulties of having a large number of passwords and the benefits of reuse as a coping strategy. The authors say, "Despite violating long-standing password guidance, writing passwords down is, if properly done, increasingly accepted as a coping mechanism. Other strategies to cope with the human impossibility of using strong passwords everywhere without re-use include single sign-on, use of email-based password reset mechanisms, and password managers".
However they point out that whilst password managers may reduce some risk they can be vulnerable to malware attacks either against the client device or cloud servers. Storing passwords only on the client also sacrifices portability.
The research suggests dividing your passwords into two groups, the first those with high value and low probability of compromise and secondly accounts of low value and high compromise probability. The first group would include your bank, email accounts and so on. The second would be websites and forums where you perhaps need to sign in to comment but don't carry out financial transactions.
The report’s conclusion is that, "...to be realistic, efficient password management should consider a realistic suite of attacks and minimize the sum of expected loss and user effort." It also says, "We note that while password re-use must be part of an optimal portfolio strategy, it is no panacea".
You can read the full report on the Microsoft Research website. Meantime if you’d like to comment you can be safe in the knowledge it’s fine to sign in with a weak password that you've used on other sites.
Image Credit: Africa Studio / Shutterstock
If you want to send images, videos or music to your TV from another device the obvious choice might seem to be Google's Chromecast. However it's not the only game in town, the Tronsmart may not be a name you've heard of but at $24.09 it's around $10 cheaper than Google's alternative, so is it worth considering?
First impressions are good, it's made of a nice smooth matt plastic and the design is tidy if unexciting. The unit plugs directly into the HDMI port of your TV or projector and it offers 1080P resolution, though can be switched to 720P for older TVs. The T1000 will work with Android (including Kindle Fire HDX), iOS or Windows devices, you just need to download the right software.
The T1000 is a bit bulky, so depending on the design of your TV you might need an HDMI extension cable to connect it comfortably. On the Hannspree set we used to test it for example a lip on the bottom edge meant that though you could connect the T1000 you didn't have room to plug in the combined USB and Wi-Fi antenna lead at the other end. It needs a USB connection for power so if your TV doesn’t have a USB port you'll also need a power adapter.
Once you've downloaded the appropriate EzCast software for your client from the web you're ready to get started. Run the software and you can connect to the T1000, this is a bit frustrating if you're wirelessly connected to the internet as unless you have two adaptors you'll need to drop your web connection. However, once up and running you can connect the Tronsmart to your router so that it acts as an access point.
The T1000 allows you to mirror the display from your Android mobile device or PC to the TV screen using Miracast so in theory anything that displays on your device you can show on your TV. This isn't yet available for iOS users though. Alternatively the EzCast app lets you use your device as a remote control to play local content to the TV.
The printed instructions seem to have lost something in translation but the EzCast software is pretty straightforward once you get started.
It's a little cheaper than a Chromecast and it's potentially more versatile as it supports more devices and has more options. But the setup is a bit fiddly and it's generally a less smooth user experience. It is cheap though so if you’re looking for a budget streaming device for occasional use it might be worth a look.
The Tronsmart T1000 costs $24.09 (£14.84) from Gearbest.com.
Photo Credit: Ian Barker
Effective sales campaigns are all about personalizing the message so that it's relevant to the customer. But generating this content can be time consuming.
Sales communication specialist Tellwise is launching a new Smart Message feature that helps sales professionals to more effectively communicate in a multi-channel and multi-device world.
Smart Message lets sales professionals generate a highly personalized content and collaboration portal for each of their customers as easily as creating an email. The messages can also be shared across social media sites like LinkedIn, Twitter and Facebook all from the same dashboard. This allows companies to stay in touch with a highly mobile and socially connected customer base.
They allow the sender to monitor how well a campaign is working as well thanks to intelligent notifications, collaboration features and behavioral analytics. A new interface lets sales staff manage all communications from one screen, putting sales reps in charge of their own campaigns.
"Today the sales journey is now defined by the buyer. We target helping our customers speed up the sales process while making interactions more meaningful by understanding the buyer point of view," says Conrad Bayer, co-founder and CEO of Tellwise. "As part of making communicating as simple as possible for both parties, we added these social, smart messaging capabilities to create a better multi-channel experience and help both parties get what they need in a more efficient manner".
The software allows existing content to be embedded and then promoted to almost any channel from a single location. It works across multiple devices too, allowing content to be delivered in mobile-friendly layouts.
Tellwise with Smart messages is delivered on software as a service form priced on a per user, per month basis. For more information visit the company's website.
Photo Credit: EDHAR/Shutterstock
In the past IT departments have always been about crunching numbers and processing data. But emerging technologies are beginning to take IT into unfamiliar areas that in turn have an impact on the wider operation of the business.
Research specialist Gartner has identified six areas that it sees as potentially being adopted by business and which CIOs need to consider.
Speaking at Gartner's CIO Forum in China this week vice president and Gartner Fellow Hung LeHong says, "The IT organization is used to owning and supporting 'back office' and infrastructure technologies. Digital business technologies support the 'front office' and operations and may be emerging technologies that are not commonly part of the IT agenda".
The six areas Gartner says CIOs need to consider are; the internet of things, 3D printing, human augmentation and wearables, robotics and autonomous machines, cognitive machines, and cybersecurity.
"Regardless of the eventual stance, we believe CIOs should have an opinion, and should participate in innovating and in testing the business cases for these technologies in the early stages," says LeHong.
The internet of things is likely to create tensions between different business areas according to Gartner, but as there are few legacy deployments IT departments and CIOs have the chance to influence outcomes and contribute to technology selections at the outset.3D printing has a potential to transform business that Gartner says shouldn’t be underestimated. It can for example disrupt the supply chain by eliminating the need to import components.
Wearable technology can improve employee effectiveness, safety and health. However, bring-your-own-wearable issues will need clear policies. CIOs therefore need to consider human, legal, social and ethical issues, particular for future technologies that may involve things like implants or brain interfaces.
Robotics have been used in manufacturing industry for a long time. However, new lower cost machines with better sensors are taking robots into new areas. This may lead to reduced downtime, labor savings and more. This goes a stage further with cognitive machines that may be capable of taking over simple decision making tasks that once needed human input. They may have a role in initial problem diagnosis for example which means their use has an impact on the front line operation of the business.
Finally Gartner identifies cybersecurity. Although not a technology in itself this will have a greater impact as innovation moves into more areas of operation. Security responsibility for these areas will need to be addressed in the same way as IT security. Gartner sees a deeper integration developing between IT and physical security, infrastructure and services.
"The extent to which CIOs will 'own', operate and support digital business technologies is undefined, so the time is right to evaluate and pioneer new approaches," says LeHong.
More analysis can be found in the report How CIOs Need to Think About Digital Business Technologies on Gartner's website.
Photo Credit: nopporn/Shutterstock
There are a number of reasons why businesses might move data to the cloud. To reduce storage costs, improve accessibility or simply reduce the need for on-site equipment. But how can you be sure that moving data to the cloud is the correct decision?
We looked at how businesses can approach this earlier today. Now archiving specialist DocuLynx is using the Microsoft Worldwide Partnership Conference in Washington to launch a new product aimed at making cloud storage decisions easier.
Azure Agent is an assessment tool that looks at server data and produces customized reports to help IT executives evaluate the cost effectiveness of using DocuLynx's Azure and StorSimple products for second-tier storage. Using its return on investment calculator it's possible to work out potential savings over a number of years.
"In many organizations, data is typically increasing 30 percent year over year, and costs are mounting. Second-tier data storage costs are approximately 25 percent of on-premise storage costs, and 65 percent of data stored on primary storage is inactive," says Michael Liess, DocuLynx's President and CEO. "As storage solutions become targets for 'refresh,' the time is right to consider Cloud storage. By differentiating data based on its external attributes, DocuLynx Azure Agent helps CIOs identify which data should be moved to secondary storage -- the goal of any CIO looking to achieve significant cost savings with the least risk".
Beyond the initial analysis Azure Agent can be used to monitor data on a continuous basis and can be integrated with DocuLynx's other storage platforms.
CIOs can request a free assessment of their network file shares to assess the potential for savings. To find out more visit the DocuLynx website.
Image Credit: Modella / Shutterstock
Mobile security specialist Lacoon has released details of a new vulnerability in the Gmail app for iOS that may allow hackers to view or modify encrypted communications.
It allows attackers to use a Man-in-the-Middle (MitM) technique to impersonate a legitimate server using a spoofed SSL certificate.
This type of threat is usually prevented using certificate pinning where the app developer codes the intended server certificate within the app. This means if communication is re-routed the mobile app will recognize the inconsistency between the back-end server certificate as coded within the app, and the certificate returned from the fake server.
Lacoon has found that the Gmail iOS app doesn't perform certificate pinning. As a result a MitM attack could open up encrypted communications and the user would see no indication of suspicious activity.
Certificate pinning is implemented in Gmail's Android app so it looks like this could be an oversight. Yet although Google was informed of the vulnerability at the end of February and validated its existence it was still present at the time of writing.
Michael Shaulov, CEO and co-founder of Lacoon Mobile Security says, "Several months after providing responsible disclosure, Google has not provided information regarding resolution and it still remains an open vulnerability. This vulnerability leaves iPhone and iPad users at risk of a threat actor being able to view and modify encrypted communications through a Man-in-the-Middle attack".
Until such time as a fix is released, enterprises are advised to check the configuration profiles of devices to ensure they don't include root certificates, ensure that a secure channel like a VPN is used when accessing corporate resources, and perform network and device analysis to detect MitM attacks.
You can read more about the vulnerability on Lacoon's blog.
Image Credit: Pavel Ignatov / Shutterstock
An international operation involving law enforcement and private sector organizations has been set up to combat the Shylock banking trojan. Shylock, which gets its name because the code contains lines from Shakespeare's The Merchant of Venice, is thought to have infected at least 30,000 Windows computers worldwide.
To date Shylock has targeted the UK more than any other nation so the country's National Crime Agency (NCA) is coordinating the international effort. This also includes the FBI, Europol, BAE Systems Applied Intelligence, GCHQ, Dell SecureWorks, Kaspersky Lab and the German Federal Police.
Shylock typically infects its victims via a malicious link which installs the code, it will then seek to access funds stored in private or business bank accounts and transfer them to its criminal controllers. The enforcement operation is aimed at disrupting the system which Shylock relies on to operate by seizing servers and taking control of the domains it uses to communicate. These operations are conducted from the European Cybercrime Centre in The Hague.
Andy Archibald, Deputy Director of the NCA's National Cyber Crime Unit, says, "The NCA is coordinating an international response to a cyber crime threat to businesses and individuals around the world. This phase of activity is intended to have a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cyber crime impacting the UK".
Users with Windows updates turned on should be safe from Shylock and don't need to take further action. If you don't have automatic updates running you can find more about checking for and removing infection on the Microsoft site.
There’s more information on the UK government's Cyberstreetwise website. The last word here though really should belong to Shakespeare's Shylock, "And if you wrong us shall we not revenge?"
Image Credit: Rob Hyrons / Shutterstock
Cloud storage is an increasingly popular way of storing and sharing data, but when using public services there's always a concern about how safe your information is.
But now a new startup aims to provide controlled sharing of data via an intelligent private cloud network. Sher.ly integrates your existing hard drives into a private, tightly controlled cloud network. Rather than have to send out open links to files or share copies across a public cloud, organizations and individuals can have the security of invite-only, limited-access file-sharing that keeps data on the devices that produced it.
It also offers simple access management with robust reporting and easy to use auditing tools so that management can track who has access to what.
"Sher.ly is faster, safer, simpler, and more efficient than protocols used in traditional cloud software platforms," says co-founder and CEO Blazej Marciniak. "It's an entirely new way to think about data storage. The principle is still the same, but the foundation is radically different".
Because it doesn’t rely on public services Sher.ly overcomes the worry of third-party providers exposing your data. "Given what we’ve learned about the NSA, and the extent to which third party providers were betraying the trust and privacy of their users, there is frankly no good reason to do business over a public cloud network," says Marciniak. "If you're handling anything like sensitive information, the truth is you can't afford to expose yourself to that risk. And, now with Sher.ly, you really don’t have to".
The software uses VPN connectivity and peer-to-peer communication technology to restrict data flow to secure end points, as opposed to relaying it through central servers. Users can access information stored behind their own firewall, share data streams across remote work groups and collaborate on documents and edits, all with the guarantee that private files never leave the safety of their native hard drives.
You can find out more about Sher.ly and sign up to take apart in the beta trial on the company's website.
Photo Credit: Marynchenko Oleksandr / Shutterstock
We looked yesterday at the ten most serious security breaches of recent years, but the threat landscape is constantly changing. So what will happen in the future and which threats should we be most concerned about?
A new report by PewResearch, as part of its series marking 25 years of the internet, looks at how things might be in 2025. More than 1,400 experts in various fields were canvassed for their views on future threats.
The outlook is generally positive, with 65 percent believing that there will be no significant changes for the worse and hindrances to the ways in which people get and share content online. However, most believe that, thanks to mobile and other changes, billions more people will have internet access by 2025. Many of those questioned also believe that the web may be threatened by new trends.
The report identifies four main threat themes. First that actions by countries looking to maintain security and political control will lead to more blocking, filtering, segmentation, and balkanization of the internet.
Not all the experts agree on the outcome though. Paul Jones, a professor at the University of North Carolina and founder of ibiblio.org, responded, "Historic trends are that as a communications medium matures, the control trumps the innovation. This time it will be different. Not without a struggle. Over the next 10 years we will be even more increasingly global and involved. Tech will assist this move in a way that is irreversible. It won’t be a bloodless revolution, sadly, but it will be a revolution nonetheless".
The second theme is that trust will evaporate in the wake of revelations about government and corporate surveillance and likely greater surveillance in the future. Peter S Vogel, internet law expert at Gardere Wynne Sewell says, "Privacy issues are the most serious threat to accessing and sharing Internet content in 2014, and there is little reason to expect that to change by 2025, particularly given the cyber terror threats confronting the Internet users and worldwide businesses".
The third threat is that commercial pressures will endanger the open structure of the web. Technology futures expert Marcel Bullinga's response cites existing legal frameworks as a problem, "Sharing is hindered by ridiculous 19th century laws about copyright and patent. Both will die away. That will spur innovation into the extreme. That is the real singularity".
And finally there's the threat that efforts to fix the problem of having too much information might actually hold back content sharing.
Joel Halpern, engineer at Ericsson says in his response, "The biggest challenge is likely to be the problem of finding interesting and meaningful content when you want it. While this is particularly important when you are looking for scientific or medical information, it is equally applicable when looking for restaurants, music, or other things that are matters of taste. While big-data analysis has the promise of helping this, there are many limitations and risks (including mismatched incentives) with those tools".
Jonathan Grudin from Microsoft Research predicts this will lead to the emergence of a new breed of "personal information trainers" who will help people find the information they need.
You can find the full report and read the responses from many more of the experts by visiting the PewResearch Internet Project site.
Photo Credit: Anneka/Shutterstock
Security breaches happen all the time but it's the biggest ones that hit the headlines and send ripples through the IT community. Security consultancy TSC Advantage has looked at the top ten breaches from the last five years and what effect they've had.
Top of the list is the Adobe hack of 2013, made possible by weak password requirements and affecting 152 million customers. In second place comes the recent eBay hack involving stolen employee credentials and affecting 145 million users.
We go back to 2009 for the number three slot and the Heartland Payment Systems attack which exposed the payment card information of 130 million customers. In fourth place is our old friend Target and the 2013 attack that exposed the data of 110 million customers and cost an estimated $420 million.
Fifth is the 2010 attack against Google by Chinese hackers which exposed the identities of Chinese Gmail accounts that were under surveillance. In sixth comes the 2011 Epsilon attack which exposed customer names and addresses and led to the payment of $225 million in damages.
The 2011 Sony attack that left the Playstation Network down for 23 days takes seventh slot, followed in eighth by the US Department of Veterans hack in 2009 that exposed 70 million records.
Rounding out the top ten are the 2014 Global Payments attack which exposed 1.5 million sets of credit card numbers, and finally the AOL attack, also this year, which potentially exposed the details of 120 million customers.
For more information on recent breaches, what can be learned and what can be done to combat them, visit the TSC Advantage website. There's also a summary of the top ten, their causes and impact in infographic form below.
Photo credit: Tashatuvango/Shutterstock
Security company F-Secure has uncovered a new malware attack that blends together elements of two earlier threats in an attempt to compromise enterprise networks.
CosmicDuke includes elements from the MiniDuke advanced persistent threat (APT) Trojan combined with the info-stealing Cosmu family. MiniDuke first appeared last year and was used in attacks against NATO and some European government agencies.
F-Secure has published a white paper which describes how CosmicDuke uses files and emails in a phishing attack to get users to compromise their system. Once installed it begins to gather information using keyloggers, screenshot grabbers and other techniques. This is then transmitted to remote servers so that attackers can use it to compromise more of the network and install more malware.
Sean Sullivan, security advisor at F-Secure says, "CosmicDuke isn't advanced in the way that MiniDuke was. But this is interesting as it moves towards a 'commoditized' not-for-profit info-stealer with connections to the existing crimeware ecosystem".
What's particularly worrying about CosmicDuke is that it overlaps elements of cybercrime with state-sponsored espionage. Sullivan adds that it could be, "...an organized actor (a 'contractor' perhaps?) who is gathering information to sell to a government. At the moment, crimeware which targets consumers is under attack by international law enforcement -- it is quite possible that the displaced crimeware vendors found a new buyer of information".
Decoy document names uncovered by F-Secure include titles referencing gas pipelines and the Ukraine which suggests this malware may be targeted against specific industries.
This is a very organized and professional attack and Sullivan advises businesses that, "You are a target. Keep calm and secure your stuff".
More details can be found in F-Secure's white paper or on the company's blog.
Image Credit: Brian A Jackson / Shutterstock
A new report from research specialist Gartner says that the physical location of data is becoming increasingly irrelevant and that by 2020 a combination of legal, political and logical location will be more important.
Gartner research vice president Carsten Casper says that the number of data residency and data sovereignty discussions has soared in the past 12 months, and that this has stalled technology innovation in many organizations. Originally triggered by the dominance of US providers on the Internet and the Patriot Act, the perceived conflict has since been fueled by revelations of surveillance by the NSA made public by Edward Snowden.
"IT leaders find themselves entangled in data residency discussions on different levels and with various stakeholders such as legal advisors, customers, regulatory authorities, employee representatives, business management, and the public," says Casper.
Gartner identifies four data locations for the new era. Physical location has in the past been associated with control but, now that data can be easily accessed remotely, Gartner advises that concerns about physical location should be balanced against other risks.
Legal location is determined by who controls the data, though there could be other organizations, such as service providers, that process and store it. Political location takes into account factors such as law enforcement access requests, cheap labor and international political balance. Gartner argues that these are only really important to public sector bodies or companies whose reputation is already damaged. Casper says, "Unless you fall into one of these categories, you can discount media reports on data residency concerns. While public outrage is still high about data storage abroad, there is little evidence that consumers really change their buying behavior".
Finally comes logical location which is determined by who has access to the data. All this can lead to quite complex situations where data can be in four places at once. As Gartner points out, what happens if a German company signs a contract with the Irish subsidiary of a US cloud provider that has its information physically stored in a data center in India? While the legal location of the provider would be Ireland, the political location would be the US and the physical location would be India but, logically, all data could still be in Germany. Confused? Thought so.
"None of the types of data location solves the data residency problem alone," says Casper. "The future will be hybrid -- organizations will be using multiple locations with multiple service delivery models. IT leaders can structure the discussion with various stakeholders, but eventually, it's the business leader who has to make a decision, based on the input from general counsel, compliance officers, the information security team, privacy professionals and the CIO".
You can read more in the report The Snowden Effect: Data Location Matters available on the Gartner website. The issue will be discussed further at a series of Security and Risk Management Summits, held in Sydney, London and Dubai in August and September.
Photo Credit: Andy Harbin/Shutterstock
Given the amount of hype surrounding it you could be forgiven for thinking that big data is the answer to most business and scientific problems.
But a new survey by database specialists Paradigm4 reveals that almost three-quarters of data scientists believe that big data has made their research harder. The reason for this is not, as you might expect, the volume of data but the variety.
The results, from a survey of 111 US data scientists, show that 40 percent say they struggle managing new types and sources of data and 36 percent say that getting answers from big data takes too long.
Hadoop comes in for criticism too with 76 percent saying it's too slow, takes too much effort to program or has other limitations. So much so that 35 percent of scientists who have tried using Hadoop or Spark say they have now stopped using it.
Problems cited include 39 percent saying it takes too much effort to program and 37 percent saying it's too slow for interactive ad-hoc queries. 30 percent also say it's too slow for performing real-time analytics.
It seems that despite all this, however, big data still has a key role to play. 91 percent of those surveyed say they’re using or plan to use complex analytics on their big data within two years.
If you want further insight into the trials of being a data scientist, you can get hold of the full survey results on the Paradigm4 website or there's a summary of the findings in handy infographic form below.
Image Credit: aslysun / Shutterstock
One of the biggest concerns that businesses have about the increasing use of mobiles and BYOD is how to keep their data secure. Traditional security tools were built to cope with desktop devices rather than the on/off existence of mobile connections.
Mobile platform specialist Kinvey aims to help mobile developers to seamlessly secure mobile, tablet, and responsive Web apps with its newly-launched Mobile Identity Connect product.
Using already proven mobile standards, Mobile Identity Connect eliminates the complexity of authenticating mobile apps with existing enterprise security systems. It manages the mobile security layer and provides single sign-on using Kinvey's AuthLink Connector technology to bridge existing enterprise identity into a mobile-friendly OAuth-2 authentication flow.
By using secure pre-built mobile ID management it frees developers to concentrate on the user experience. It gives IT departments a controlled and secure self-service platform for app development which has the four key features required for all mobile applications: identity management, data services, business logic, and engagement services.
"Most enterprise-grade identity and single sign-on systems were designed in a pre-mobile world, and don’t take the unique challenges of mobile technology into account," says Sravish Sridhar, CEO of Kinvey. "Kinvey Mobile Identity Connect provides enterprise mobile developers an OAuth-to-anything connector to enable enterprise-grade security with authentication protocols designed with mobile in mind. Mobile developers don’t want to deal with the complexity of tying directly into identity systems that were not designed for mobile every time they build an app".
By managing the handshake between the mobile app, the identity system, and enterprise data, Mobile Identity Connect ensures that existing security policies are maintained and data can be consumed by the mobile app in a consistent manner across identity and data sources.
For more information Kinvey's backend as a service mobile development platform and Mobile Identity Connect, visit the company's website.
Image Credit: bloomua / Shutterstock
Last year around seven percent of all data was stored in the cloud, but by 2016 it's estimated that 36 percent of data will be in cloud storage, generating a potential revenue of over $4 billion. Of current storage users, 38 percent say they already use the cloud with 34 percent planning to do so.
Salesforce and Google Drive linking specialist Cirrus Files has been looking at the three main public cloud providers, Dropbox, Box and Google Drive to see how their services compare in this fast-growing sector.
The good news for security is that all three services support the storage of encrypted files. In other areas though they differ quite a lot. When it comes to supported mobile platforms, Google only works on Android and iOS. Box and Dropbox both work on BlackBerry, but only Box supports Windows Phone and only Dropbox has a Kindle Fire version.
Based on the time taken to load a 13Kb publicly shared file, Dropbox is fastest, closely followed by Google with Box taking almost twice as long.
Google is the clear winner in terms of free storage though, offering 15GB compared to Box's 10GB and Dropbox's rather disappointing 2GB -- though you can earn more.
You can see the results of the comparison in infographic form below.
Photo Credit: Sakonboon Sansri/Shutterstock
Technology users are putting themselves at risk by ignoring how their personal information is being stored and the potential security risks that go hand in hand with digital devices.
This is the conclusion of a round table panel of security experts put together by hosting company UKFast. According to the panel the buzz of social media and the ever-evolving digital scene has created an ignorant culture of technology consumers.
Panelist Hugh Boyes from the Institution of Engineering and Technology at the University of Warwick, believes consumers need to realize exactly what their device is capable of, and precisely what information it holds. "People don’t understand exactly what these devices can do. Take a fitness band, for example. The product isn't actually the wristband; it's the data that is inside it. Yet no one is aware of this. The internet is everywhere, and so in turn, we give our personal information out everywhere. Things like social media, loyalty cards and GPS tracking for instance -- these things all require our personal information. No one hesitates in giving it away if it means being able to use a particular app".
This giving away of information is driven by a culture of convenience says Robert Fuller, director of Innevate, "Because things often seem to happen seamlessly, it doesn't lend itself to people having to think about what processes are involved".
This is echoed by Lawrence Jones, CEO of UKFast, "People are obsessed with speed and usability -- the faster and easier they can achieve something, the better. Even if that means storing your card details, passwords and personal details in the same place or using the same password for everything. It may be more convenient but it's significantly less secure".
Zain Hyed, director of security at Hybrid believes if consumers understood the risks, they would take greater care when handing out their personal details, "After all the Heartbleed media coverage, only 4 in 10 people actually changed their passwords. You'd expect everyone to change their passwords just to make sure they were secure, but unfortunately that wasn't the case. It’s the culture we are living in today -- no one understands the dangers".
The panel offers a number of tips for consumers to ensure that they stay secure. These are:
* Make sure that you install all patch updates and keep your software up to date.
* Have different passwords for each account, then if hackers get old of one password they can’t access your other data.
* Use long passwords, numbers/symbols and full phrase passwords are most effective.
* Read the news -- find out if any services or companies you use been hacked and what you need to do about it.
* Find out where your data is stored and how safely before trusting an organization with your information.
Videos of this and previous round table discussions can be found on the UKFast.tv website.
Image Credit: JJ Studio / Shutterstock
In recent days we've seen DDoS attacks hit some major names like Feedly and even force the CodeSpaces hosting service out of business.
In a bid to combat the threat presented by DDoS attacks, security specialist Corero Network Security has announced a powerful web-based analytics portal.
Corero SecureWatch Analytics delivers turn-key visibility into DDoS attacks and cyber threats with comprehensive and easy-to-read security dashboards. Using Splunk software for big data analytics and advanced visualization, Corero has made security intelligence much more accessible and easier to act on. This means that companies are able to react to threats much more quickly.
"Extracting meaningful information from volumes of raw security events has been a virtual impossibility for all but the largest enterprises with dedicated security analysts. Corero SecureWatch Analytics provides this capability in a turn-key fashion to enterprises of all sizes," says Nirav Shah, Director of Product Management at Corero Network Security. "Big data analytics engines are empowered by valuable raw data. By combining sophisticated event data generated by our industry leading First Line of Defense security appliances with the Splunk platform, we have created a solution that quickly finds the needles in the haystack of security events".
The portal's real-time dashboards provide easy-to-use visibility into an enterprise's network and security activity enabling rapid response in combating threats. Additionally, SecureWatch Analytics supports archived security event data to allow forensic analysis of past threats and compliance reporting of security activity.
SecureWatch Analytics is included with the purchase of Corero's SmartWall Threat Defense System and DDoS Defense System security products. For more information visit the Corero website.
Photo Credit: Duc Dao / Shutterstock
A new report from SEO and content marketing specialist BrightEdge reveals that although almost 60 percent of American adults own smartphones and 40 percent own tablets, more than a quarter of websites aren’t mobile friendly.
This leads to a massive loss of potential traffic and if marketers rectify this misconfiguration, the report discovered they stand to boost smartphone traffic by 200 percent.
"With smartphone website traffic growing at 10 times the rate of desktop, mobile websites are quickly becoming the cornerstone to content marketing and customer engagement," says Jim Yu, CEO and founder of BrightEdge. "We know that mobile will play an integral role in the future of marketing and want to help brands navigate the challenges that mobile presents. This report will help businesses understand the best ways to create mobile-optimized sites in terms of traffic and search rank, boosting customer engagement and, more importantly, ROI".
The report also shows the differences between desktop and mobile. It reveals that 62 percent of searches show different results depending on whether the search was performed on a desktop or smartphone and mobile ranks are typically half a position lower than desktop. Since click-through rates are sensitive to rank this can lead to a significant drop in traffic.
With smartphone traffic expected to grow by 50 percent in 2014 companies need to ensure that they pay attention to the performance of their sites on mobile devices. BrightEdge identifies three different approaches to providing mobile sites.
Responsive sites deliver the same content across all devices with only the presentation changing. Dynamic sites vary the HTML according to the device used although the URL remains the same, however, the report warns that if not well implemented this can look like the type of 'cloaking' used by malicious sites. The final approach is to have completely separate desktop and mobile versions of the site.
The report concludes, "As enterprises cater to the growing mobile market, BrightEdge data shows that all three approaches to mobile website configuration rank about the same for a given keyword if implemented correctly. We believe many brands will take on responsive design as their choice of mobile configuration, but what we've found in talking with customers is that one mobile configuration is not necessarily a one-size-fits-all solution".
You can find out more and download the report from the BrightEdge website.
Image Credit: bloomua / Shutterstock
A cloned banking app which steals user login credentials has been discovered on the Play Store this week. Mobile security company Lookout discovered the app and informed Google which immediately removed it.
The malware, called BankMirage, targets the customers of an Israeli bank called Mizrahi Bank -- the fourth largest in the country. The authors of the app placed a wrapper around the bank's legitimate app and redistributed it on the Google Play store, pretending to be the financial institution.
Once opened the app displays a login form which siphons off the user's ID as it's entered in a classic phishing attack. Oddly though it captures only the ID and not the password. Once it has the ID the app returns a message to the user saying that the login failed and to, instead, reinstall the legitimate banking app from the Play Store.
Banking malware is, so far, less common in the US than it is in Europe and the Far East. Korean malware PlayBanker, for example, pretends to be Google Play and sends out push notifications to lure victims into downloading rogue banking apps. Another piece of malware, BankUn, will check for the presence of eight major, legitimate Korean banking apps and then attempts to replace them with rogue ones.
The problem with an app finding its way onto the Play Store is that turning off Unknown Sources on your phone isn't going to protect you. Lookout recommends that you be wary if apps you want to download have duplicates as this may indicate illegitimate copies, and that you have an up to date app scanner on your device.
Image Credit: mama_mia / Shutterstock
Cloud-based sales platform specialist Seismic is launching a new version of its product aimed at giving marketing teams a deeper insight into how their material influences actual sales.
It's focused on increasing conversion rates for B2B sales, shortening sales cycles and boosting customer retention rates.
"Given marketing automation's rise in the last five years, today's B2B sales funnel is half in the light and half in the dark", says Doug Winter, CEO of Seismic. "Sales and marketing teams have almost perfect visibility into how leads interact with the top half of the funnel and the insights needed to improve the marketing process, yet they remain blind to how content is supporting sales reps in the bottom half. Seismic's latest release illuminates the bottom half of the sales funnel -- a blind spot for most marketing teams who send sales materials over the proverbial 'Chinese Wall' -- providing them with the information and content delivery platform their sales teams need to accelerate sales and increase close rates".
Features of the new release include sophisticated content analytics with drag and drop simplicity to provide a holistic view of effectiveness. This is supported by content creation tools which allow marketers to quickly deliver on generating materials for team and individual tasks.
A LiveSend feature means sales reps will be notified when prospects view content and can even see how much time has been spent on each page of an attachment. This not only helps show which content is most effective but also provides material for follow up conversations.
In addition LiveShare makes it possible to instantly share screens with prospects in order to increase engagement. Combined, these features in Seismic's platform give marketing teams the ability to measure and analyze how prospects interact with content sent by sales reps. Armed with this information they can determine which content is the most engaging and create a successful sales strategy that puts personalized content in front of the customer.
For more information on the latest Seismic release or to request a demo of the product you can visit the company's website.
Photo Credit: EDHAR / Shutterstock
Social media is increasingly important to brands, both as a marketing tool and in terms of managing their image. But fully monitoring and understanding social trends is impossible using only human analysts.
Data intelligence specialist Bottlenose has launched a solution in the form of Nerve Center 2.0, which gives brands the ability to act on social and media-driven trends in real time using automatic trend detection and alerts, emotion and demographic analysis, and open APIs.
"The automatic trend detection in Nerve Center 2.0 alleviates the need for constant attention from human analysts. Now, without having to monitor the platform 24/7, users can be alerted of any important trends such as breaking news, emerging influencers, viral content, bursting topics and hashtags, and spiking sentiment", says Bottlenose CEO and co-founder Nova Spivack. "This eliminates the choke point of humans in the process of real-time comprehension of patterns in vast amounts of data. And that's just the beginning. In the future, our platform will be able to spot a growing repertoire of complex patterns and trends in data streams. We are automating the analyst, one skill at a time".
Key features of Nerve Center include automatic trend detection with customizable alerts to remove the need for constant human monitoring. Advanced emotion profiling and demographics using sample profile data for 350 million social media participants leads to 95 percent average accuracy. The underlying platform, StreamSense, can analyze over three billion messages per hour.
Customers can use the software to identify audience characteristics including occupation, age, family status, brand affinities and more. Bottlenose is also releasing APIs for developers and customers who want to use trend intelligence for visualization, process automation, advertising, and new analytics applications.
You can find out more about Nerve Center on the Bottlenose website.
Photo Credit: ra2 studio/Shutterstock
Search analytics specialist Elasticsearch has announced the 2.0 release of its Hadoop connector, bringing advanced search techniques to the popular big data platform.
It's also now certified for Cloudera Enterprise 5. This means Elasticsearch is now compatible across all Apache-based Hadoop distributions, helping businesses extract immediate insights regardless of where their data is stored.
Using Elasticsearch in conjunction with Hadoop, organizations no longer need to run a batch process and wait for hours to analyze their data. Elasticsearch for Apache Hadoop can make data available for indexing as it's being generated, making it available for search and analysis in a matter of seconds.
Steven Schuurman, co-founder and CEO of Elasticsearch says, "Hadoop was created to store and archive data at a massive scale, but businesses need to be able to ask, iterate, and extract actionable insights from this data -- which is what we designed our products for. With today's certification from Cloudera, Elasticsearch now works with all Apache-based Hadoop distributions, and with it, solves the last mile of big data Hadoop deployments by getting big insights, fast".
Key features of the new release include the ability to read and write data between Hadoop and Elasticsearch which lets businesses get immediate, actionable insights using real-time search and analysis. There's native integration and support for popular Hadoop libraries so users can run queries natively on Hadoop through MapReduce, Hive, Pig, or Cascading APIs. A Snapshot/Restore feature also makes it easy to take a snapshot of data within Elasticsearch -- perhaps a year's worth -- and archive it in Hadoop. At any time, this snapshot can be restored back to Elasticsearch to carry out extra analysis.
You can register for a webinar set to take place on August 20 which will discuss the features and benefits, or go to the Elasticsearch website to find out more.
Image Credit: alphaspirit / Shutterstock
Email may have revolutionized business communication, but if you need a signature on a contract or business document in most cases you still have to send it through the post or use a cumbersome e-signature app.
Until now that is, Barcelona-based startup Signaturit has a new solution that enables you to request handwritten signatures through any email client.
The technology complies with the EU and US e-signature laws and spares users the need to visit third-party websites or download apps.
After signing up all it takes to request a handwritten signature through Signaturit is sending a PDF file using your preferred email client and adding ".signatur.it" to the end of the signatory's address. The platform not only keeps a record of the email address, the name of the file, the location and the exact time it was signed by a Time Stamping Authority (TSA), but also uses a state-of-the-art biometric authentication system and the same encryption standards used by banks and government agencies to ensure the integrity and validity of each signature.
Juan Zamora, CEO of Signaturit says, "While e-signature is a tried and true technology, the increasingly demanding regulatory and legal requirements for binding electronic signatures threatens the easy-to-use nature of the solutions available in the market. That is why Signaturit not only provides the simplest solution by allowing users to request signatures through their email client of choice, but does so in compliance with the most demanding data protection requirements".
The technology allows deals to be closed faster and saves on traditional document costs by eliminating the need for printing and scanning. It offers real-time reporting along with a dashboard where users can view the status of each transaction.
The service is available now and there are pricing models for various sizes of business. You can get more information and try out the service for free on the Signaturit website.
Most information security scares come and go with relatively little fanfare, some though make a splash and catch the attention of the public and media.
Heartbleed was the latest to fall into the latter category and sent the IT world into a bit of a frenzy. But how bad was it really? Security specialist Secunia rates vulnerabilities on a one to five scale and given the amount of publicity it received you might expect Heartbleed to be at the top end.
In fact Secunia only rates it as a "moderately critical" three, a score usually used for denial of service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction.
Secunia's Director of Research and Security, Kasper Lindgaard explains, "It gets this rating because it enables information retrieval from remote without any user interaction or authentication requirements".
He goes on to point out that the extremely critical rating is reserved for, "Remotely exploitable vulnerabilities that can lead to system compromise, where successful exploitation does not normally require any interaction and exploits are in the wild".
The company does acknowledge though that the effect of Heartbleed depends to an extent on the size of the vendor. Lindgaard says, "Small vendors didn't have such a big ordeal with the vulnerability, however for larger vendors like Cisco, IBM and HP, it was -- and is -- a very different story: they will be hard at work on this one, for some time yet. Thus the costs and implications for large vendors is what will make the Heartbleed bug a long term problem".
You can read more on Lindgaard's blog and Secunia has produced an infographic charting the timeline of the bug which you can see below.
As with cyber security generally, the mobile threat landscape is constantly evolving. So although businesses may have invested heavily in solutions like antivirus and mobile device and application management they can’t afford to relax.
Mobile security specialist Zimperium, the company that uncovered the recent LinkedIn flaw has released a whitepaper looking at the attack vectors that specifically target mobile devices.
The whitepaper highlights a number of attack vectors that specifically affect mobile devices. The main focus of these is network attacks and, as of today, existing solutions in the market do little to address these threats.
The market highlights Apps as one of the most dangerous threat vectors, with huge recent increases in mobile malware targeting Android likely to top the million mark by the end of the year. Although significant in volume, other types of attacks have the potential to cause significantly more impact to organizations.
Zuk Avraham, CEO and co-founder of Zimperium, says, "apps are seen as the most dangerous threat, but if you're sent one at random it's unlikely you're going to install it. Network threats, links or files like PDFs that hide malicious content are in fact more dangerous".
Enhancing network protection becomes more important as more companies adopt BYOD or CYOD policies. The mobile arena is still quite immature in terms of intrusion prevention systems and the report highlights the need for a robust solution to supplement first-generation protection technologies. It also points out that when it comes to advanced network threats both Android and iOS share the same risks.
For a more detailed look at the threat landscape you can download the whitepaper from the Zimperium website. You can also check out the company's ZANTI mobile penetration testing toolkit.
Image Credit: Anan Chincho / Shutterstock
Companies spend a lot of time looking for the best marketing tools to reach their customers and convert communication into sales. Part of this involves collecting information about people's preferences.
Online form specialist Formstack recently published its Form Conversion Report on what makes people fill in online forms. Based on the data from this it's now released some predictions on the future of digital marketing.
The first and most important is that mobile marketing is becoming essential, not just an option. With growing numbers of people who exclusively use their phones to access the Internet, businesses need to embrace this trend.
Online forms can help capture information to generate leads but Formstack predicts that it’s the quality of the information which will become key. As personalized content becomes a more common part of our online life, customers will begin to expect a customized experience from marketers rather than a one-size-fits-all solution.
Features like "smart" forms are likely to play a part in this. Smart logic lets marketers hide sections of their web forms. These hidden questions are only revealed when a user selects certain options. This lets marketing teams obtain relevant information without scaring away customers with a long form.
Finally it predicts that marketers will need to take advantage of third-party apps to generate more leads. Integrating data collection with popular marketing apps will create more tailored lead generation. This can then be followed up by triggering actions through email marketing platforms or CRM systems so that every customer is engaged in a unique way.
The future of digital marketing then is in data collection and management. As marketers gain more information about their customers, they will be increasingly able to reach them with desirable content. You can find out more on Formstack's website about how the company's offerings can help.
Image Credit: 3Dmask / Shutterstock
Wouldn't it be useful to know there is someone at the door when you're out in the garden or even when you're away from home completely?
The people behind the i-Bell, which launches its crowd funding campaign this month, obviously had the same thought. A Wi-Fi enabled doorbell, it lets you use your smartphone to see and even communicate with whoever is at your door. You can tell the delivery man to hang on a second or leave the package in a safe place for example.
Designed in the UK, the i-Bell can be used with any PC, tablet or smartphone. Its integrated 1080p camera, speaker and microphone means you can screen callers and high security brackets mean it will stay attached to your front door.
Graham Kershberg, co-founder of i-Bell, says, "there's nothing quite like i-Bell on the market right now. It's going to revolutionize daily life for a lot of individuals and businesses. Arranging deliveries around working hours or getting an unexpected visit from a relative who gets no answer at the door can really disrupt an individual's plans. But now it's possible to communicate directly with the person ringing the doorbell, let the postman know where to leave a package, or telling Aunt Mabel that you'll be home as soon as possible without even being on the premises. Fun to use and practical, i-Bell makes it possible to answer the door from any corner of the world, whether that’s five minutes down the road on the school run or from a sun lounger overseas on a long awaited holiday."
You can find out more and pre-register to get information as the product moves towards launch by visiting the i-Bell website.
You might recall that we recently reviewed the ChargeKey and ChargeCard USB charging gadgets. These are now being relaunched with an updated design using more durable materials and have had a name change to NomadKey and NomadCard -- though we’re guessing they won't recharge your camel.
There's also an extra product, the carabiner-style NomadClip that you can fit on your key chain, belt or anywhere else to ensure you’re never without a charger. It’s non-load bearing but with a steel frame and polycarbonate outer shell it should be tough enough to survive life's day-to-day knocks.
As with the other devices it's available in Apple Lightning connector -- MFI certified by Apple to work with their products -- and microUSB format for most Android and many other devices. To celebrate all of this the company is offering readers a 25 percent discount for the next week on pre-orders of the new products.
Use the code LIVESIMPLE when ordering from the hellonomad.com website to claim. Shipping is free to the US, Canada, Australia and the UK with a $5 flat rate anywhere else in the world.
Visit the revamped Nomad website for more information.
Business security specialist Bromium has released the results of a survey of over 300 IT security professionals looking at endpoint threats.
It finds that the majority believe end users to be the biggest security headache, that existing security solutions are unable to stop endpoint infections, and that antivirus can’t stop advanced, targeted attacks.
Previous research has found that most attacks are aimed at user devices so it’s understandable that 72 percent of information security professionals believe users are their biggest security problem. User devices can be compromised by drive-by downloads, system vulnerabilities and email attachments, yet it can be time-consuming and expensive for information security teams to fix these problems.
More than 84 percent believe that their current security doesn't stop all endpoint infections and a similar percentage believe that their existing antivirus solution doesn’t stop targeted attacks like spear phishing.
"The reality today is that existing endpoint protection, such as AV, is ineffective because it is based on an old-fashioned model of detecting and fixing attacks after they occur," says Rahul Kashyap, chief security architect at Bromium. "Sophisticated malware can easily evade detection to compromise endpoints, enabling cyber criminals to launch additional attacks that penetrate deeper into sensitive systems. Security professionals should explore a new paradigm of isolation-based protection to prevent these attacks".
Other findings from the survey are that two-thirds (65 percent) of information security professionals are looking for endpoint protection that is able to stop both known and unknown threats. Also 75 percent said they would sleep better at night knowing a user could click on anything at any time without risk of infection.
"Despite the challenge in protecting end users, it is encouraging so many security professionals are aware of the shortcomings of existing technology," adds Kashyap. "The recognition that the status quo is broken is the first step toward changing it for the better".
You can read more details of the report on the Bromium blog.
Image Credit: Robert Kneschke / Shutterstock
One in five adults in the US aged between 25 and 34 have used an online dating site and mobile apps have opened up a new channel for these services to reach their clients. But this does raise concerns about the level of privacy and how user data is being protected.
Mobile security specialist nVisium has looked at the features in 30 of the most popular dating apps for iOS and Android. It found that 80 percent of the apps leaked personal information to third-party services and that 70 percent had issues that would allow a user's real identity to be disclosed.
Other findings include the fact that 60 percent of apps send information across the internet without protection and 50 percent store information on the device without security.
To use a dating app you generally need to tell it a lot about who you are, information like addresses, dates of birth, phone numbers and so on. Leaking one or more of these things can give away your real identity and leave you open to social engineering or worse.
Half of apps were found to be storing user login credentials in an unencrypted form, potentially allowing them to fall into the wrong hands, and only six percent offered in-app passcode locking.
If your information does leak you're going to need that GSOH, so to protect yourself nVisium recommends that you turn off location sharing and advertisements in the app settings. You should also remove the geolocation data from the Exif information of files that you share. Finally you should set a passcode on your device as a first line of protection and take care not to leave your phone unattended.
You can see the findings of the study in infographic form below.
Image Credit: Nomad_Soul / Shutterstock
Amazon Web Services is the world's most popular infrastructure as a service (IaaS) platform and is built to suit enterprises of all sizes looking to reduce their computing costs by shifting to the cloud.
One of the key considerations in such a move is keeping data secure and AWS has various free and chargeable mechanisms to help with this. A new report from NSS Labs looks at the advantages of AWS as well as some of the challenges organizations face when moving to an (IaaS) environment.
Among the findings of the report are that Amazon is gaining popularity thanks to offering key baseline security attributes and controls as well as the availability of security options from Amazon and other vendors.
Report author Rob Ayoub writes, "The deployment of IaaS is straightforward -- customers purchase access to virtual machines directly in the cloud. However, this simple act opens up a host of opportunities for outsourcing, allowing organizations the ability to practice true utility computing -- adding or subtracting servers, storage, and other services on demand".
AWS offers basic security controls including a firewall, groups and virtual private cloud infrastructures, but doesn’t yet offer a full suite of security tools. However NSS notes that many end users don't fully understand the security implications of moving their operations to an IaaS provider and may not be implementing secure practices.
It also says that it isn't enough for organizations to simply port applications and data to the cloud and assume that compliance will be addressed.
Recommendations for companies moving to AWS include assessing the security controls offered by AWS and evaluating the additional controls available from third-party technology partners. This will ensure that security policies will remain consistent as data is shifted to the cloud.
It's also important to evaluate and understand the gaps in security between on-premise systems and IaaS. Enterprises should incorporate AWS implementations into the life cycle management process used for other systems.
Companies need to have procedures in place to ensure end users aren’t creating AWS instances without IT approval. Finally they need to ensure any regulated data moved to AWS is still in line with compliance policies.
If you're considering the use of AWS for your business, or you're using it already, you can access the full report on the NSS Labs website.
Photo Credit: Marynchenko Oleksandr / Shutterstock
Relying on search engines or social networks to discover things you're interested in on the net can be a bit hit and miss. The things you see on your Facebook feed for example are influenced by your friends' interests as well as your own.
Flipora aims to change the process of following your interests online by using artificial intelligence to make recommendations related to the things you really want to see.
It analyzes your browsing and social media activity via a browser extension and learns the kind of things you're interested in. It will then recommend other articles and sites based on what it finds. Because it's constantly monitoring what you look at its recommendations evolve over time allowing it to make "mood aware" choices without you having to do anything.
Jonathan Siddharth, Flipora's co-founder says, "Facebook isn't targeted and nor is Twitter but 99 percent of people use these for web discovery. Flipora looks at all the web not just sites you share with your friends and so is able to make better recommendations based on your current interests".
Flipora 2.0 has a sleek new interface and works automatically without you having to specify what you're interested in. As soon as you login to the site with Facebook it will begin to analyze your timeline and suggest topics to follow.
Install the browser extension -- available for Chrome, Firefox and Internet Explorer -- and it will also look at your browsing history to improve its accuracy. For example, if you've been looking at sites related to the World Cup it will recommend other football content via a side panel or a slider in the corner of the page. If your interest wanes when the tournament is over Flipora will quickly adapt as you visit these sites less.
You also have the option to share your website discoveries with people who have the same interests rather than putting them on other social networks where they'll risk getting lost in the background noise.
Flipora 2.0 launches today and you can try it for yourself at flipora.com, the company hopes to have 40 million users by the end of 2014.
One of the major concerns of mobile use in the enterprise is keeping company data secure. BlackBerry Messenger (BBM) already offers a reliable messaging service with millions of users worldwide, but now with the launch of a new service it lets employees benefit from speedy, reliable and private business communication.
The new BBM Protected service offers enhanced security for messages sent between BlackBerry devices by adding an extra layer of encryption to the standard BBM which encrypts messages in transit.
BBM Protected incorporates three layers of security in transit. Messages between users of the system are protected by encryption using unique public/private keys. A 168-bit key is used to encrypt and authenticate messages, and TLS transport layer encryption helps protect against eavesdropping in transit. It also protects data on the device, building on the existing BlackBerry security model.
A key feature of BBM Protected is that it's seamless for the end user. The same app is used for both company and personal BBM messages, if the recipient is also a Protected user the extra encryption is automatically applied. This means it can be used to chat securely to BBM Protected users at other companies too without any extra configuration being needed. It also offers notifications so that you can be sure the recipient has read your message.
Because it's designed for mobile from the outset it offers better performance than other enterprise IM clients that originated as desktop solutions.
For companies that are already using BlackBerry Enterprise Server, BBM Protected can be easily deployed via the existing management console. It offers full logging and auditing features to ensure compliance too.
You can find out more and see the full system requirements on the BlackBerry website.
Image Credit: Diego Cervo / Shutterstock
One of the best ways for businesses to cope with the demands of mobile usage and BYOD is to use a mobile device management solution to allow the IT department to stay in control.
Security specialist Comodo has announced a range of new features to enhance its existing MDM product and make it more attractive to administrators needing to secure and manage large-scale deployments of mobile devices.
Comodo MDM has an integrated antivirus engine and allows admins to define device and identity certificates. It allows asset and application management but unlike some other solutions Comodo licenses users rather than devices, allowing each individual to protect up to five devices. This makes administration easier as although you may not know how many devices are in use you should know how many users you have.
New features in the latest version include an application catalog for Android allowing admins to define recommended or mandatory applications which can be managed via an enterprise store. A similar application management feature is available for iOS systems.
Admins are able to define stricter policies on Samsung SAFE supported devices. This allows them to define Wi-Fi and VPN configurations, remove options like screen capture, copy/paste, USB connections and more. An access control feature allows restrictions on devices that can access the company mail server.
There's also enhanced group management and a better GUI plus improved communication speeds and the whole thing can be administered from a central console.
You can find out more about the product’s features and download a free trial version on Comodo's website.
Image Credit: jannoon028 / Shutterstock
It may not have escaped your notice that the FIFA World Cup tournament has started in Brazil this week. This is of course an excuse for every PR agency to come up with football related ways of promoting their products.
Business collaboration specialist Huddle has chosen to focus on the teamwork aspect which does at least have a relevance to its product. It helpfully points out that on the field players have to work together to achieve success and the same is true of the workplace.
Huddle’s CEO Alastair Mitchell says, "Collaboration is a team sport. It means many different things to different people, but collaboration essentially involves a group of individuals working together across boundaries to achieve a common goal. In today’s workplace, the network of people that an individual has to work with on a regular basis extends far beyond their own organization’s four walls and includes customers, partners and contractors. One of our customers, for example, works with more than 1,000 other companies in its Huddle workspaces. For people to get their jobs done effectively and be truly productive, all relevant parties have to be able to seamlessly work together on content regardless of where they are based or the devices they are using".
The serious point about this is the need to collaborate outside as well as inside the organization. Figures from Huddle's client base show that 85 percent of its customers use the service for external collaboration. And 47 percent use it to collaborate with more than five other companies.
This is backed up by recent Forrester research which shows that in a survey of almost 5,000 North American and European information workers 57 percent say they regularly collaborate and communicate with customers, colleagues or business partners. Only 12 percent work exclusively with their colleagues.
You’ll be over the moon -- or possibly sick as a parrot -- to find that all of this is summarized in the inevitably soccer-themed infographic below.
Image Credit: dotshock / Shutterstock
Back in 2012 Facebook estimated in its official company filings that almost nine percent of the accounts on its system broke the service's rules in some way. That may not sound like many but the sheer number of Facebook users means it accounts for some 83 million problem accounts.
Some of these might simply be duplicates but others have a more undesirable purpose like spamming, distributing malware or grooming minors. Until now the only way of steering clear of the fakes was by keeping your wits about you and looking for tell tale signs like recent join dates or unfeasibly model-like profile pictures.
Now though a newly released beta online tool called FakeOFF can analyze your timeline and alert you to possible fake activity.
FakeOFF analyzes usage patterns and assigns each "friend" an easily intelligible 1-10 ranking for likely fraud. Users can create "suspect" lists and receive automatic notifications regarding suspicious activity. FakeOFF also scans photos to determine if they are genuine, and it guarantees its users full privacy and control of their usage.
"The internet is a tremendous platform for networking and for connecting socially, but many of the same things that make it so useful also undermine its safety," says FakeOFF Founder Eliran Shachar. "A lot of people are wary about the interactions they or their loved ones are engaging in on sites like Facebook, and that is with good reason. You wouldn't let just anyone into your house, right? But people are much looser with their online behavior, even though the level of access people can gain to your life just through a Facebook account is considerable".
FakeOFF relies on a sophisticated algorithm to assess user activity -- including feeds, likes, photos, shares, and responses -- going back as far as 365 days on your timeline. The system then sends back a straightforward numbered score, along with a basic chart to help the user interpret it. Users pick the friends whose identities they are unsure of, and can track their activity using real-time security updates.
The basic version is free to use, and allows for timeline scans going back 10 days. For a $1.99 fee, the Advance One package allows for a single but comprehensive investigation that includes 365-day timeline and activity analysis and unlimited photo assessments using FakeOFF's Image Fraud Scan program. A regular subscription at $9.99 gives users unlimited access.
Sachar says, "Sometimes all you need is to look into one person: a potential romantic interest, for example. And in other cases, users like concerned parents will be interested in more comprehensive coverage. FakeOFF is flexible in that sense".
You can find out more and try out the free version by visiting the FakeOFF website.
Backup specialist Spanning Cloud Apps has made two announcements to help cement its position as a trusted SaaS backup and recovery provider.
The first is an update to its backup product for Salesforce. This includes on-page Salesforce data restore which makes it easy for end users to quickly and easily compare and recover previous versions of Salesforce data objects, such as Accounts, Opportunities and Contacts. As before the backup product is delivered entirely via the Salesforce interface.
It lets users initiate the restore process by simply clicking the Restore button within a record and then comparing and selecting individual fields to restore within object records, such as phone numbers, activity logs or attachments. The process requires little or no training for the user and, says the company, is completed more quickly and more accurately than any other available methods. Spanning Backup for Salesforce enforces field-level security, ensuring that users only see and restore data they are authorized to edit.
More interesting to most people though will be the launch of a Google Apps 100 percent restore guarantee. Through this offer, the company guarantees that customers who use Spanning Backup for Google Apps to backup their data will be able to restore lost data back to its original state 100 percent of the time. If it fails they will receive ten times their money back for each failed restore operation for that user account.
Spanning Backup for Google Apps has proactive status reporting to ensure that customers are alerted if any data isn't properly backed up on a daily basis. This helps to ensure that all files are protected and always available if ever data is lost.
"SaaS applications provide users with reduced cost, increased flexibility and higher business productivity," says Jeff Erramouspe, CEO of Spanning Cloud Apps. "Nothing disrupts productivity more than data loss events, which happen far more often than most companies realize. Spanning is committed to maintaining productivity by ensuring that lost data is restored quickly and accurately by the end user without the need for IT intervention. Losing data is something that Spanning customers don't need to worry about when using Google Apps or Salesforce".
The update for Spanning Backup for Salesforce is available to customers from today in the Salesforce AppExchange as a free 14-day trial and costs $30 per-user, per-year for a subscription with unlimited storage.
Spanning Backup for Google Apps can also be had as a free 14-day trial and costs $40 per-user, per-year with unlimited storage. Visit the Spanning website for more details.
Image Credit: Modella / Shutterstock
As we become more and more reliant on mobile gadgets it's inevitable that running out of battery life on your phone or tablet will become a regular occurrence.
Since we don't tend to carry chargers around with us all the time this can be a bit of a problem. If you have access to a USB port, however, your problems may be over.
The Nomad ChargeKey attaches to your key ring and means you'll always have the ability to charge your smartphone from a PC or an in-car USB port. It's available in iPhone 5 and micro USB formats. The latter should cope with most Android smartphones and tablets as well as many MP3 players and other gadgets. The ends are molded in hard plastic and the middle bit is a flexible rubbery material so it will adapt to different positions and it's robust enough to survive day-to-day life.
Unlike the Lumsing battery pack that Mark reviewed yesterday, however, the ChargeKey isn't suitable for use as a murder weapon -- unless you could get your victim to choke on it.
Its sister product the ChargeCard does the same job but is in a credit card-sized format that can be slipped into your wallet. This feels like a rather less elegant design as you have to bend the USB connector back over itself in order to connect it. It works well enough but we'd be a bit worried about its longevity.
Both products are available direct from Nomad and are priced at $29 each regardless of format. If you're in the UK you can order them from Amazon where they cost £20 each.
If you suffer from what the electric car world calls range anxiety with your smartphone or tablet then it's worth thinking about adding one of these gadgets to your key ring or wallet. We'd opt for the smaller and more elegant ChargeKey but either will do the job.
The biggest threat to both organizations and individuals online comes from zero-day exploits that aren't picked up by conventional antivirus protection.
In many cases an infection starts with a phishing email which can appear legitimate but contains links to malicious content.
Protection specialist Votiro already provides a free data sanitization service to scan for malicious code in files but it’s now extending its service to guard against spear phishing and other email-based attacks.
It allows users to forward questionable emails to the service and runs the same anti-virus scanning and active process on the email contents along with any links and attachments. This ensures immediate protection and enhanced usability.
"Statistics consistently show that nearly all cyber attacks begin with a spear phishing email that appears to be innocent, although its contents, links or attachments are tainted with hidden malware and similar advanced cyberthreats," says Itay Glick, Founder and CEO of Votiro. "Our mission is to position our customers with a security posture that automatically identifies and eliminates the growing range of unknown and ongoing cybersecurity threats. By extending our free service, we are allowing enterprises and organizations to sample the strengths and benefits of our new spear phishing protection capabilities that are being incorporated into our overall solution".
Votiro's free service is intended to demonstrate the strengths of the overall solution, which automatically stops spear phishing and file-based attacks before these exploits have the opportunity to reach an internal network.
The scanning service doesn't affect the usability of a file and the solution can be seamlessly integrated into an organization's IT infrastructure.
The free file sanitization service is available at https://cloud.votiro.com/ and spear phishing protection can be accessed by forwarding suspicious emails to cloud@votiro.com.
Photo Credit: Ivelin Radkov/Shutterstock
System outages remain a major problem for businesses, with over half suffering critical problems in the last three months according to a new report.
The latest annual Service Availability Benchmark Survey conducted by risk management specialists Continuity Software is based on responses from 155 IT professionals across a range of industries and regions.
The report is designed to allow business continuity and disaster recovery professionals to compare their company’s practices and performance with their peers. Key findings are that 59 percent of companies had an outage in the last three months and 28 percent in the past month. Of those surveyed 41 percent had missed their service availability targets for mission-critical systems at some point in 2013.
It does seem that the problem is being taken seriously though, with 66 percent of respondents saying that they have initiatives in place for improving service availability in 2014. Businesses are also keen to prevent problems before they become serious. Proactive identification of risks is seen as being the top challenge in ensuring system availability by 20 percent of respondents.
"It is discouraging to see that such a high percentage of organizations continue to miss their service availability goals, despite the tremendous effort and investment made across the infrastructure", says Doron Pinhas, CTO of Continuity Software. "IT teams are finding themselves in a never-ending chase to keep up with the pace of change across the IT landscape. As the survey results show, IT organizations are increasingly recognizing that a proactive approach to risk identification is more effective for outage prevention than playing catchup".
The full 2014 Service Availability Benchmark Survey is available to download from the Continuity Software website.
Image Credit: alphaspirit / Shutterstock
Big data is all the rage at the moment but when it comes to security it shouldn't be treated in isolation from the rest of the organization.
According to a new report from research specialists Gartner, policies need to take account of all forms of data if security problems are to be avoided.
"Businesses have traditionally managed data within structured and unstructured silos, driven by inherent requirements to deploy relational database management systems, file storage systems and unstructured file shares", says Brian Lowans, principal research analyst at Gartner. "However, the advent of big data and cloud storage environments is transforming the way in which data is stored, accessed and processed, and CISOs need to develop a data-centric security approach. Unfortunately this is not common practice today, and its planning is critical to avoid uncoordinated data security policies and management".
Gartner recommends that CISOs need to collaborate with trusted team members across the organization to develop and manage their enterprise data security policy. This needs to define data residency requirements, stakeholder responsibilities, business needs, risk appetite, data process needs and security controls.
Access to public cloud services complicates things further with a growing need to monitor and audit data access. Most current security solutions don't offer the data-centric audit and protection (DCAP) approach needed to work in the same way across all data silos.
"First, CISOs need to evaluate current implementations of DCAP solutions against data security policies that address database, unstructured, cloud storage and big data silos", says Lowans. "Second, they need to identify gaps in the current implementation of their data security policies and review the risks with business stakeholders against potential DCAP solutions".
This will need stakeholders to take on ownership of the data in many cases and work with security teams to ensure that it's properly protected. Which in turn may mean putting in place new management structures to ensure accountability.
Gartner subscribers can access the full report and the security outlook will be discussed further at a series of Security and Risk Management summits to be held at various venues around the world later this year.
Image Credit: Jojje / Shutterstock
Mobile workforces demand devices that are powerful enough to perform a range of functions but still retain maximum portability.
Convertible PCs that can play the role of laptop and tablet by flipping the screen around are an obvious choice. HP's latest announcement though takes a slightly different approach with a tablet that detaches completely from the keyboard to offer added flexibility.
HP claims that the HP Pro x2 612 is its first commercial detachable PC designed from the ground up for enterprise users. It features a 12.5-inch display, a choice of Intel Core i3 and i5 processors, and dual HD webcams. Security features include HP Client Security, HP Sure Start and an optional fingerprint reader.
"While the use of technology in business has allowed a blurring of the line that separates work and life, many businesses require updated technology that delivers a secure and satisfying experience to its employees," says Enrique Lores, senior vice president and general manager, Commercial PCs at HP. "HP continues to innovate secure business devices that allow employees to be productive and stylish wherever work -- or life -- takes them".
The Pro x2 612 will be available in a number of configurations. You can start off with the Pro Tablet 612 on its own. This can be teamed with a slim, back-lit travel keyboard featuring a USB 3.0 port, combo audio jack and a power connector.
Alternatively you can opt for the full-size HP Pro x2 612 Power Keyboard with embedded battery. This features VGA, RJ-45, DisplayPort and two USB 3.0 ports along with a side docking connector for the optional HP UltraSlim dock. In this configuration you have the advantage of two batteries one in the tablet and one in the keyboard. These provide a claimed eight hours and 15 minutes of battery life for the tablet and up to 14 hours and 15 minutes for the tablet and keyboard combined.
There's also the option of a battery-free Wacom pen to allow users to write and draw accurately on the screen.
The HP Pro x2 612 is expected to be on sale from September. No pricing is available at the moment but you can sign up to be notified of availability via the product page on the HP site.
Android may be the dominant force in the smartphone market, but according to mobile advertising specialist Vserv Windows is surging forward as a mobile OS.
As prices of smartphones continue to fall, making them more popular across global markets, this is good for the whole market and Vserv sees the adoption of the next generation of Windows-based phones as being all but guaranteed.
Windows Phone shipments are expected to reach 121 million by 2018 with Nokia leading the way. There's also an increase in developer interest in the Windows platform with a higher percentage saying they plan to adopt Windows than any other platform. There are already some 250,000 apps available on the Windows store and there have been more than 4 billion downloads to date.
Microsoft's collaboration with Nokia has seen the Finnish brand become the leading hardware for the Windows Phone OS. The Vserv blog notes that, "While the journey has been tough, the collaboration with Nokia paved way and led to a great 2013, with analysts expecting the Windows Phone platform to cross 100M devices by 2014 and become the 3rd largest OS in the world. The OS has outsold iPhone in 24 markets including India, Malaysia and South Africa which stands as a clear indication that it is set to take this space by storm".
The company has created an infographic charting the rise of Windows Phone and where it's headed which you can see below.
The best way to keep data from emails and attachments from falling into the wrong hands is to use some form of encryption. But it needs to be easy to use if it's going to be effective.
Systems integrator and network consultancy BrightPlanIT has announced a partnership with DataMotion that will see it reselling cloud-based solutions for secure email, file transfer, customer contact and forms processing.
For Microsoft customers DataMotion's cloud-hosted services protect email and file attachments from accidental exposure and data theft, and are also offered as an on-premise or hybrid solution.
For some organizations email encryption is a legal requirement to enable them to comply with privacy legislation -- in the healthcare sector for example. DataMotion's solutions feature compliance-grade encryption without the need to install special apps or exchange encryption keys. They enable users to send secure messages and attachments with a single mouse-click, so there's no temptation to look for insecure alternatives and leave the organization open to data loss and fines from regulators.
The partnership with BrightPlanIT focuses on integrating encryption solutions with Microsoft Exchange Server and Office 365.
"We’ve had a relationship with BrightPlanIT for a while, and not only do we have great respect for each other's work, we realized that by capitalizing on our strengths and focusing our combined efforts we could offer Microsoft customers something truly unique," says Bob Bales, CEO of DataMotion. "With this partnership, new and existing customers can spend more time handling their business instead of being tied-up in the purchasing process and IT issues".
Skip Gould, CEO of BrightPlanIT says, "This is about getting the job done right, the first time. Concern over data loss is at an all-time high and many new, inexperienced vendors have emerged because they see the market potential. DataMotion has been doing this for a long time and their services protect companies worldwide. We’re versed in both DataMotion and Microsoft solutions, can have a customer up-and-running fast, and our experience enables us to support IT in a way that would otherwise consume a great deal of time and effort".
You can find more about DataMotion's SecureMail system on the company's website.
Image Credit: Pixel-3D / Shutterstock
We reported last week on how misconfigured apps are likely to account for many security breaches. This is a particular problem for companies that allow BYOD as it may put corporate data at risk.
Cloud-based mobile security specialist Mojave Networks has a solution in the form of a new application reputation feature to provide enterprises with detailed insight into the applications that are being run on employee mobile devices.
"The 'bring your own device' (BYOD) trend is transitioning to 'bring your own applications' (BYOA) as users download more and more apps to share data, increase productivity and stay connected," says Garrett Larsson, CEO and co-founder of Mojave Networks. "If any application running on a mobile device connected to the network is insecure, it can put highly sensitive corporate data at risk. Our new application reputation feature can help enterprises improve their mobile security posture by eliminating the risk of insecure applications".
Mojave's new feature includes integration with device management and network security; tracking of applications by platform, user and device; categorization of apps based on level of risk, and customizable analytics.
According to data collected by Mojave Threat Labs, a typical mobile device has about 200 apps, including pre-installed and user downloaded applications. Each one has an average of nine permissions that users must agree to before use, and five of those permissions are considered moderate to high risk as they allow the app to gain access to documents, logins, passwords and other sensitive data, which potentially pose a major security risk to an organization's private data.
"On the surface, an application may seem safe, but there are always hidden risks," says Ryan Smith, Mojave's Lead Threat Engineer. "Approximately 50 percent of applications fall into our category of medium risk, meaning that they have the ability to access large amounts of sensitive data, and while they may not be obviously malicious, they still have a potential risk of data loss or compromise. With the detailed data we collect about each application in the Mojave Threat Labs, we are able to properly identify and reduce the risk of malicious attacks and data theft".
The application reputation feature is available from today as part of Mojave's professional and enterprise services. Mojave Networks currently supports Android and iOS and there's a free trial period available via the company's website.
Image Credit: logolord / Shutterstock
User generated content is an important factor in getting consumers to trust online business. But not every enterprise has the time or the skills to build and manage a presence across multiple social media sites.
Customer profile management specialist Janrain has introduced a new product that allows users of any site to introduce and share social content.
Janrain User-generated Content (UGC) lets customers comment, share across social networks, chat, create original content, and see activity streams that automatically appear across a brand’s mobile and desktop experiences.
"Janrain UGC turns any site into a highly engaging social experience and gives consumers compelling reasons to share their social data with their favorite brands," says Larry Drebes, chief executive officer of Janrain. "When attention is the most valuable commodity, brands have to craft highly personal social experiences that people will want to share with their friends and return to again and again. Janrain is putting a suite of tools in the hands of digital marketers who want to build a lively interactive brand identity that draws people into a brand experience, gives them reasons to create accounts and relationships with these brands, and keeps them coming back".
Features include allowing visitors to publish comments on site content and monitor site activity filtered by individuals, social network friends or site wide. Companies can host real-time conversations for events like product launches, plus content from social media can be integrated into news feeds.
By allowing greater interaction with a site Janrain UGC helps improve customer engagement. The data collected can help marketers create personalized brand experiences which in turn gives visitors reasons to keep coming back and interacting with the site.
More information on what Janrain UGC can do is available on the company's website.
Image Credit: Oleksiy Mark / Shutterstock
Since its launch in April 2012, Bitrix24 has become one of the fastest growing online collaboration platforms, used by more than 180,000 companies.
It's now launching a new, free instant collaboration tool called Bitrix24.Network, allowing companies to work together without leaving their familiar corporate portal.
"Internal communications have been revolutionized by social intranets and enterprise social networks in the recent years. Intra-company communications, however, are still in the twentieth century, done mostly via emails. Our network fixes that," says Bitrix Inc president Dmitry Valyanov.
The new product is connected to, but is independent of, Bitrix24 itself and it allows people from different corporate intranets to communicate and collaborate in the same way they do inside their own company intranet.
It allows users to create temporary collaboration work spaces that are similar to throw away email addresses. Send a link to people you need to collaborate with, they log in with their Facebook or Twitter accounts and you start collaborating immediately. Once the task is over you have the option to abandon the collaboration space or keep using it for future projects. The service is free for all parties involved.
Currently Bitrix24.Network supports unlimited instant messaging, private and group chats, audio and video calls free of charge. File sharing, online document editing and other tools already available in Bitrix24 will be added to the network in the coming months.
New features are being added to the main Bitrix24 product too. There's now an email server inside Bitrix24 accounts, thanks to partnership with Yandex. Duplicate search and quotes have been added to the CRM module and the mobile app now supports extranet users.
Valyanov says, "We never believed that email is dead. Yes, social communications are effectively replacing email inside the company, but in order for a collaboration solution to be 'whole', you need to have social, chat, audio, video, telephony and email in one place. The addition of mail server inside Bitrix24 effectively completes the collaboration circle that we envisioned when we launched the service two years ago. We can now concentrate on polishing the existing tools and developing Bitrix24.Network, because it’s obvious that the next revolution is about how companies communicate with each other".
Bitrix24.Network is available from today and you can join a webinar of the launch at 11am EDT.
Photo Credit: Pressmaster/Shutterstock
Security incidents originating from mobile devices are currently pretty rare. But with 2.2 billion smartphones and tablets set to be sold in 2014 and PC sales in decline, the focus of security breaches is likely to shift towards mobiles in future years.
According to research specialists Gartner by 2017 misconfiguration of applications will account for 75 percent of mobile security breaches.
Dionisio Zumerle, principal research analyst at Gartner says, "Mobile security breaches are -- and will continue to be -- the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices".
An example would be the use of public cloud services to store enterprise data which may lead to leaks that the company is unaware of. To do significant damage though malware needs a device that has been altered at the admin level.
"The most obvious platform compromises of this nature are 'jailbreaking' on iOS or 'rooting' on Android devices. They escalate the user's privileges on the device, effectively turning a user into an administrator," says Zumerle.
Rooting or jailbreaking devices can open them up to attack by removing app-specific protection. It may also make them more vulnerable to brute force attacks on pass codes.
For businesses the best defense is to keep devices in a fixed configuration via mobile device management (MDM) policy, supplemented by shielding apps and using containers to protect key data.
Gartner's recommendations for IT managers include requiring set length and complexity for pass codes and strictly enforcing retry and timeout standards. Specifying platforms and operating systems and disallowing any that can't be updated or supported. Restricting the use of unapproved app stores and enforcing a no jailbreaking/no rooting rule. IT departments also need to use network access control methods to deny enterprise connections for devices that exhibit potentially suspicious activity.
"We also recommend that they favor mobile app reputation services and establish external malware control on content before it is delivered to the mobile device," says Zumerle.
The future of mobile security will be discussed further at the Gartner IT Infrastructure & Operations Management Summit 2014 taking place on June 2-3 in Berlin, Germany and June 9-11 in Orlando, Florida.
Image Credit: Moon Light PhotoStudio / Shutterstock
One of the greatest threats faced by online businesses is the DDoS attack. Recent research by application delivery service Incapsula shows that DDoS attacks are up 240 percent and DNS attacks are also on the rise.
In response to this the company is launching significant updates to its DDoS Protection Services to stop the onslaught of attacks and protect even the largest enterprise customer.
The solutions prevent DDoS attacks against unprotected DNS servers and direct-to-IP address attacks on an organization's infrastructure. The new services complement Incapsula's existing web DDoS and security offering.
DNS DDoS attacks are an evolving trend, with attacks increasing in size and frequency in just the last few months. By targeting DNS servers that resolve domain names to IP addresses, attackers can effectively take down websites and cloud applications. The new Incapsula solution has a hardened DNS proxy service that shields the customers' own DNS servers, preventing DNS DDoS attacks from reaching them.
In addition direct IP range attack prevention stops attackers from mounting a direct volumetric attack on a single IP address or a range of IP addresses, preventing exploits on internal websites, email servers, FTP servers and other applications. It works by rerouting traffic through Incapsula's network where it’s scrubbed clean and sent back to the customer’s systems.
New custom-built packet filtering hardware named "Behemoth" has significantly increased the volume of traffic that can be cleaned via the company's network.
"We can now protect any IP network via our cloud service, and shut down very aggressive attacks aimed not just at websites and applications, but at core infrastructure," says Gur Shatz, Incapsula CEO and Co-Founder. "The Behemoth is at the core of our network expansion, geared towards stopping the inevitable Terabit-scale DDoS attacks to come".
The enhanced DDoS protection features are available now and you can find out more on the Incapsula website.
Image Credit: sibgat / Shutterstock
It's easy to assume that security threats hit all industry sectors equally. However, a new report by security data analysis specialists BitSight shows big differences in effectiveness and performance across four key industries.
The report looks at S&P 500 companies in the finance, utilities, retail, and healthcare sectors from April 2013 to March 2014. It includes data on the average number of security incidents, the most prevalent types of malware, and how long they take to fix.
Based on the data BitSight assigns a security rating score to each company and sector. The finance industry does best with an overall rating of 782. Although the number of incidents involving finance company networks increased over the survey period, it was quicker to detect and respond to them than other industries.
The utilities industry is also vulnerable to cyber attacks but the major players are good at protecting their internet-facing assets. The sector is highly regulated and has strong guidelines, it gets a rating of 751.
Partly thanks to last year's large scale data breaches at Target and elsewhere, the retail industry does less well. The number of security events in this sector increased by almost 200 percent over the survey period. The industry gets a rating score of 685 though the report notes that 14 of the S&P 500 retailers showed significant increase in their security ratings with a median rise of 60 points.
Bringing up the rear comes the healthcare and pharmaceuticals industry with a rating of 660. This sector saw the largest percentage increase in security incidents over the survey period. Unlike the finance and utility companies healthcare businesses don't view cyber security as a strategic business issue. The sector has also had a number of problems with theft and physical loss of laptops, servers and other devices that hold patient and personal data.
The report concludes that whilst no sector is immune to cyber attack some industries are taking the threat more seriously than others. BitSight’s CTO, Stephen Boyer says, "Effective risk management and detailed security plans are becoming selling points, making information security a competitive differentiator".
For more information on the report and how to reduce your security risk visit the BitSight website.
Photo Credit: Levent Konuk/Shutterstock
Backup is something that all businesses need to take seriously, but for smaller enterprises the cost and complexity of professional backup tools can be daunting.
The problem gets even more acute with the use of virtual machines. Backup and recovery specialist Paragon Software has the answer in the shape of a new product that will be available free until the end of June.
Paragon Hard Disk Manager 14 Hyper-V Preview offers a reliable tool to handle the full IT management cycle, including protection of virtual machines hosted by Microsoft Hyper-V. It can operate at the virtualization layer, employing MS VSS (Volume Shadow Copy Service) to provide agentless backup and restore of any guest machine on Hyper-V.
The Paragon tool doesn’t require an agent on a target virtual machine to create its point-in-time copy. This enhances backup performance while minimizing the load on target machines and the hypervisor during the process. It makes administration easier too as there’s no need to provide credentials for every guest to do backups.
Hyper-V guest machines can be backed up directly to pVHD (Paragon Virtual Hard Drive), VMDK, VHD, or VHDX virtual containers. Using pVHD brings additional options like high-level compression, encryption and image splitting. Virtual backup containers can be stored on local disks, network shares or UNC paths.
If the worst should happen a backed up machine can be restored to a new location. Backups can be selected by time stamp and there’s the option to restore individual files via Connect VD and File Transfer Wizard.
Paragon Hard Disk Manager 14 Hyper-V is a preview version of the full commercial product and is available to all SMBs for free download until June 30th, 2014. It requires Windows 8.1, Windows Server 2008 R2 or Windows Server 2012 R2 with the Hyper-V role installed.
Image Credit: Modella/Shutterstock
In the light of recent events at eBay and Avast, when an Important Notice to Our Users appeared on the Spotify streaming music service's official news feed today you might have been forgiven for fearing the worst.
Oska Stål, CTO of Spotify writes, "We've become aware of some unauthorized access to our systems and internal company data and we wanted to let you know the steps we’re taking in response. As soon as we were aware of this issue we immediately launched an investigation". Read on, however, and you discover that only one user's data has been accessed and this didn't include any password, financial or payment details.
Kudos to Spotify then for going public on something that they could easily have kept to themselves. But as Stål goes on to say, "We take these matters very seriously and as a general precaution will be asking certain Spotify users to re-enter their username and password to log in over the coming days".
As a further step it will also be prompting Android users to upgrade their app, from which it's no great leap to deduce that the compromised data belonged to an Android user. It apologizes for the fact that offline playlists will need to be downloaded again in the new version.
It also warns that users should only download the app from the official Google or Amazon stores or direct from Spotify.
Stål concludes, "We have taken steps to strengthen our security systems in general and help protect you and your data -- and we will continue to do so. We will be taking further actions in the coming days to increase security for our users".
Given all of the security breach stories of recent days you could almost have forgiven Spotify for rolling out the upgrade and keeping quiet, so full marks to the company for owning up.
Oh, and if you were the one person affected please let us know!
With more and more demands to go mobile and allow employees to use their own devices, the challenge for businesses is to keep their data secure.
Following a recent survey which showed that 84 percent of organizations allow access to public cloud services like Dropbox and 65 percent don’t encrypt data between cloud and mobile devices, security specialist Sophos is launching Sophos Mobile Control 4.0.
This it claims is the first Enterprise Mobile Management (EMM) solution to include individual file encryption, integrated AV and web filtering. Available on premise or as-a-service, SMC provides a simple and differentiated approach for small and medium organizations to manage and secure mobile devices, content and applications. The software solution helps IT professionals implement BYOD policies and provides users the flexibility they need to stay productive and safe. It supports iOS, Android and Windows Phone 8 devices.
SMC 4.0 offers a number of key features for protecting mobile devices. With Mobile Content Management for iOS devices, it's the only EMM solution to offer file-level encryption to protect the data in the office and on the go. It also delivers integrated security against malware and malicious web sites for Android devices, which account for 80 percent of smartphone operating systems worldwide as well as the majority of mobile malware threats.
With web protection for Android, IT administrators can select web site categories to control access as well as blocking data-stealing or inappropriate web pages. SMC 4.0 also provides unique integration with Sophos UTM (Unified Threat Management), Checkpoint and Cisco to provide network access control. Compromised devices can be isolated from the network, protecting the organization's assets from malware on mobile devices. SMC is designed to simplify administration too. Thanks to an intuitive web-based management console, IT administrators can provide their users with a self-service portal to change passwords, register devices and report lost or stolen mobiles.
Dan Schiappa, SVP and GM of Sophos' Enduser Security Group, says, "SMC 4.0 extends the Sophos commitment to delivering comprehensive data protection, offering solutions to manage, secure and protect not just the mobile devices themselves, but also the content and applications on those devices. SMC 4.0 takes data protection beyond the office door by ensuring persistent mobile encryption on devices. Additional network access control based on device compliance status makes mobile device management, content management and mobile security simple and effective".
You can find out more about Sophos products on the company's website. The results of the mobile data survey results are summarized in the infographic below.
Photo Credit: lucadp/Shutterstock
The growth of the Internet of things is set to place much greater demands on the web as a whole with thousands of extra devices needing to connect.
Not least of the challenges is ensuring that everything stays secure. IoT pioneer KAAZING has used the HTML5 Developer Conference in San Francisco to launch its new secure gateway.
KAAZING Gateway 4.0 JMS Edition with Enterprise Shield aims to deliver secure enterprise messaging systems. Based on the HTML5 WebSocket standard it provides a scalable full duplex solution with near-zero latency.
Capabilities of the system include enterprise-grade SSL/TLS Termination, Single Sign-On, native support for SPNEGO-based Kerberos authentication, fine-grained JMS authorization and unique Shield Agent functionality for B2B security without the need for VPN.
For the benefit of people who aren't security anoraks what all that means is Enterprise Shield offers enterprise-grade protection to protect "things" and their users from gaining unauthorized access to enterprise back-end systems.
"Enterprise Shield, IoT-ready security and JMS/Java API-friendly capabilities advance our award-winning KAAZING Gateway 4.0 to help enterprise software developers prepare for the onslaught of the Internet of Things and rapidly deploy highly interactive, real-time Web and mobile applications," says KAAZING Co-Founder and President Jonas Jacobi. "Using KAAZING Gateway, businesses can extend their enterprise messaging systems to mobile users, marketplaces and machines. The result is fast, scalable and secure enterprise Web communications that enable companies to take advantage of what we call the Internet of Many Different Things."
Key features include a dashboard that makes it easy for operations teams to track, measure, and monitor data and message delivery metrics. Performance enhancements to improve latency and reduce CPU usage by up to 25 percent. There’s also a last-value cache so the latest data is always available to all users, no matter when they connect to the application.
You can find out more about the latest gateway products on the KAAZING website.
Image Credit: PlusONE / Shutterstock
It's a tough life being an early adopter. Having to seek out all the latest developments to make sure that you’re first in line with the beta versions.
For those who really must be at the bleeding edge, test management specialist Centercode is launching Betabound, a sort of online dating service to bring together companies and early adopters.
With an intuitive, mobile-friendly interface, Betabound connects companies that have new and interesting products with 90,000 of the savviest early adopters and beta testers available.
"We envision Betabound as the center of the beta world, a sophisticated yet intuitive space that brings together cutting edge products with a cultivated pool of testers and early adopters," says CEO Luke Freiler. "It's everything both parties are looking for, backed by Centercode's unparalleled industry recognition".
Whilst it provides companies with access to a pool of testing talent to help develop their products, it also gives the early adopter and beta tester community a one-stop shop for new and interesting products that span across industries.
Anyone on the internet can go to Betabound and find an extensive list of curated announcements. These can be filtered based on personal interests and preferences so users only see the things they're interested in.
On the other side of the coin companies are able to manage tests, survey participants, open private forums, receive feedback, and more. They can collect details of bugs and feature requests allowing them to improve their products.
Centercode's Director of Sales Mario Sancho says, "Companies looking to advertise a new product or test can expect their announcements to reach thousands of the most enthusiastic testers on the web, a network that will only continue to grow on Betabound. For companies, Betabound means better feedback and the right kind of early adopters to jumpstart a launch".
You can find out more about Centercode's test management solutions on the company's website.
Image Credit: Naypong / Shutterstock
The humble API has been around for a long time, enabling applications to exchange data. But in the world of mobile computing and BYOD the role of the API is under greater scrutiny.
This is one of the things that's been under discussion at the recent Gartner Application Architecture, Development and Integration Summit. At the end of last year there were some 10,000 publicly listed APIs, and now it's reckoned that around 24 percent of web applications and 15 percent of mobile applications use them. But what benefits are they bringing to the enterprise?
According to Mark O'Neill, VP of innovation at integration and web services specialist Axway, "The most positive angle is that they enable access. The API is decoupled from the client so different operating systems can connect to corporate data through the same API".
This means that tasks like checking stock and tracking orders can be carried out via a mobile device as an alternative to using heavyweight corporate portals.
The use of APIs enables innovation too, by putting out an API a company ensures that other people can build apps around its data. The uses aren't just about mobile either, entertainment systems, the internet of things and technology like smart meters all benefit.
There are security pluses too as the data remains on the corporate servers and isn't copied to the device itself. O’Neill explains, "Hackers are after data whether it's healthcare, government or finance. The important thing about using APIs is that the data isn't stored on the mobile device, it’s provided to the app as needed".
The downside of this is that the device needs to be online but in an increasingly connected world that's becoming less of a problem. An added advantage is greater visibility of how data is being accessed and from where. This gives admins a kill switch at the API level so there's no need for the complexity of partitioning or encryption on the device itself.
Ultimately APIs can offer significant benefits for enterprise users. Businesses can launch in new markets and reach more customers simply by sharing their API. This can lead to better provision of services to customers, but also opening the API within the company can encourage internal innovation, or opening the API to the broader developer community can spur the development of new apps.
You can find more about Axway's approach to API management on the company's website.
Image Credit: Kirill_M / Shutterstock
You can’t have failed to notice by now that eBay has had a bit of a problem relating to leaked user data. The mainstream media was all over the story yesterday -- you know things are bad when the TV news takes notice of IT matters.
To reprise the facts it seems that attackers gained access to a number of eBay employee login credentials which allowed them to access the auction site’s systems. This may have happened as long as three months back but the company only became aware of it around two weeks ago.
According to a post on eBay's corporate pages, "The database, which was compromised between late February and early March, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information".
This in itself is bad enough as it means hackers could have been busy on decrypting passwords for weeks. What makes it worse though is the way eBay has handled the problem.
Hints that something was wrong started to appear yesterday morning -- early afternoon here in the UK -- when a post appeared on the PayPal Forward blog. This disappeared again fairly quickly, leading industry watchers to believe it may have been posted in error as part of test of security procedures.
A couple of hours later though it was back for good, along with the eBay corporate post. That sparked the interest of the media but at this point the company wasn't doing anything to alert its 128 million users.
As of 4pm EDT yesterday there was no warning on the eBay homepage, there were no emails to customers, there was no forced password reset when you logged in. There was information on the site but you had to click through several links in order to find it.
Today it seems eBay is finally starting to get its act together. There's now a prominent banner on the site, click it and you're taken to a message from Devin Wenig, President, eBay Marketplaces. This advises that next time you visit the site you should, "Take a moment to change your password. You can do this in the 'My eBay' section under account settings. This will help further protect you; it’s always a good practice to periodically update your password. Millions of eBay users already have updated their passwords".
That's a start, but it really should be enforcing a password change not just asking nicely. And it should be informing users by email rather than waiting for them to login. It sends out marketing emails regularly so we know it has the mechanism in place.
Finally it's about time eBay offered two-factor authentication via a mobile phone. Currently the only way you can get 2FA on eBay is if you’ve signed up -- and paid -- for a PayPal security key gadget. Odd that because the PayPal site itself allows you to use your mobile as an alternative.
The message here for all companies is that when a major security problem occurs you need to take a proactive approach to alerting customers. Letting the story slip out via stealth and triggering a media storm before you inform your customers really isn't good enough.
Image Credit: PathDoc/Shutterstock
An announcement on the PayPal Forward blog says that eBay will be asking users to change their passwords later today.
It says that this is due to, "...a cyber attack that compromised an eBay database containing encrypted eBay passwords and other non-financial information".
It goes on to say, "Extensive forensic research has shown no evidence of unauthorized access or compromise to personal or financial information for PayPal customers. PayPal customer and financial data is encrypted and stored separately, and PayPal never shares financial information with merchants, including eBay.
"In addition to asking users to reset passwords, eBay Inc. said it will also encourage any eBay user who used the same password on other sites to change those, too."
We'll keep you updated with more information as it emerges.
Image Credit: goldenangel / Shutterstock
Accessing data on the move has become essential for business travelers. The days of being unable to do something because you were out of the office are long gone.
Demand for reliable, cost effective data access means that more business people are looking for ways to access Wi-Fi on the move rather than use expensive mobile data services.
Mobile service specialist iPass is addressing this with the launch of its latest cloud-based Business Traveler Service 2.0. It aims to offer cost-effective and convenient Wi-Fi access to over 2.7 million hotspots in airports, airplanes, hotels and public areas worldwide via a single login.
It's also released its Business Traveler Connectivity Report showing that business travelers on average carry three mobile devices, and that 80 percent have a "Wi-Fi first" mentality, preferring to use Wi-Fi over mobile data when working outside the office.
36 percent of free Wi-Fi users have little confidence in the security of the service, and 32 percent objected to dealing with intrusive advertising. 63 percent also find credit card-based Wi-Fi users to be overpriced, and 27 percent hate the hassle of constantly having to enter credit card details.
"The wireless landscape has been disrupted by the rapidly increasing availability of Wi-Fi, which is now the dominant form of wireless access. This phenomenon has spawned a 'Wi-Fi first' generation that uses cellular data only when Wi-Fi isn’t available," says Evan L Kaplan, President and CEO of iPass. "Business travelers are especially reliant on Wi-Fi, but they are also increasingly frustrated by the hoops they must leap through to navigate a complex and challenging Wi-Fi ecosystem that can include advertising, logins and payments with each session, frequent timeouts, and unpredictable and expensive fees. Our Business Traveler Service 2.0 gives business travelers the reliable Wi-Fi access they are looking for, without the hassle -- so that they can simply get on with what they need to do, wherever they are in the world".
iPass Business Traveler 2.0 service, removes the need for employees to use credit cards, while ensuring business travelers have access to high quality, advertising-free Wi-Fi. Available on iOS, Android and Windows devices it keeps users informed by messaging about the service and about any hotspot problems.
There’s a summary of the survey findings in infographic form below and you can access the full report on the iPass website.
Photo Credit: Ilin Sergey/Shutterstock
The more we do online the more passwords we have to remember and it's tempting to take shortcuts. A new survey by security specialist F-Secure reveals that 43 percent of respondents use the same password for more than one important account.
The sheer number of accounts we have is a problem also. 58 percent of poll respondents say they have over 20 password-protected online accounts or simply too many to keep track of -- 27 percent have between 11 and 20 password-protected accounts and 15 percent have under 10. Despite this though only 40 percent use a password manager to keep track of them.
Poor password choices such as using pet names are still common, but encouragingly 57 percent of respondents say they changed their passwords after Heartbleed.
If you have a lot of accounts, setting a unique, strong password for each one can seem to be a daunting task which is why many people fail to do it. Sean Sullivan, security advisor at F-Secure suggests, "Identify the critical accounts to protect, and then make sure the passwords for those accounts are unique and strong".
This takes account of the fact that you may have accounts where little important information is stored. "If you created an account for some website and there's hardly anything more in there than your username and password, then that's probably not a critical account," says Sullivan. "But your Amazon account with your credit card info, your bank account, your primary email accounts, the Facebook account with your life story, these are examples of the critical ones. If you don’t have time or inclination to tackle everything, at least take care of those".
Particularly critical are email accounts that are used as password reset addresses for other services. For these "master key" accounts it's a good idea to use two-factor authentication if possible.
The company suggests using a password manager like its F-Secure Key which is free for a single device or can synchronize using a secured connection for a monthly fee.
Image Credit: Africa Studio / Shutterstock
In the first quarter of 2014 the worldwide market for personal and entry-level storage declined by 6.9 percent, according to IDC's storage tracker.
It's not all bad news though, the entry-level segment which targets mainly home office and small business users experienced 14 percent growth compared to the same quarter last year.
Liz Conner, Research Manager Storage Systems at IDC says, "The personal and entry-level storage market finished the first quarter of 2014 with 18.9 million units shipped. While shipments declined compared to the first quarter of 2013, this decrease is not an indication of market weakness but rather an unfavorable comparison with the unusually high shipments seen in 2013 in the aftermath of the HDD shortage and subsequent recovery".
She puts the growth in entry-level devices down to, "Increased vendor offerings, continued inclusion of enterprise level storage features, improved customer understanding/marketing, and average selling prices that more closely align with personal storage than enterprise storage all contributed to growth in this segment".
Single bay storage devices remain the most popular choice with 97.2 percent of units shipped in the first quarter. Two-bay units are in decline though and most of the growth in the entry-level sector has come from units with four bays or more.
Physically smaller drives continue to be more popular too with 3.5-inch drives losing ground to the more portable 2.5-inch format. When it comes to capacity 1TB devices captured 56.1 percent market share in the 2.5-inch segment. For the entry-level market, capacity ranges are more varied due to multiple bays and vendors' ability to partially populate devices. However, 4TB devices hold the most market share with 25.1 percent of units shipped.
USB remains the most common interface across the PELS market though Ethernet is the preferred choice for entry level business use with a 93.8 percent market share. Thunderbolt continues to gain ground with 25.1 percent year-on-year shipment growth, though it starts from a small base.
More information about IDCs tracker research is available on the company's website.
Image Credit: Be Good/Shutterstock
Businesses are increasingly allowing employees to choose their own devices or use personal kit to access corporate networks.
This brings a number of support challenges, not least in keeping corporate data safe. However, a recent study by Gartner shows that people are paying little regard to security when using their own devices for work.
According to the results, although a quarter of business users in the US owned up to having a security issue with their private device last year, only 27 percent of those felt it worth reporting to their employer.
Meike Escherich, principal research analyst at Gartner says, "The threat of cyber attacks on mobile devices is increasing and can result in data loss, security breaches and compliance/regulatory violations. One of the biggest challenges for IT leaders is making sure that their users fully understand the implications of faulty mobile security practices and to get users and management to adhere to essential steps which secure their mobile devices. For many organizations, overcoming BYOD security challenges is a full-time task, with a host of operational issues".
Using a personal device for work-related tasks carries an inherent risk of security breaches. That leaves IT departments struggling to come up with the right mix of defenses to balance protection, compliance and usability.
California recently attempted to legislate for a "kill switch" that would allow a phone to be remotely shut down and the hardware rendered unusable. This failed to make it into law, but Jeff Rubin, VP of Strategy at security specialist Beachhead Solutions says, "A company's BYOD policy probably gets a little murkier with a hardware kill switch. Does the business control the kill switch? Does the employee? It would be harder to see the company wrestling control of it, since users would be reluctant to cede that power to something that they own. So, the only reasonable answer for ownership of the hardware kill switch in a BYOD setting is the user themselves. The company's option, though, could be to get that data on employee's device securely containerized, so that the company may can be able to only kill those applications that contain corporate data. In this case, the company still owns a kill switch (for the subset of applications it cares about), it's just not a switch that determines the fate of the whole phone -- that decision can be left to the employee".
Ryan Kalember, the chief product officer of WatchDox, a provider of secure mobile productivity and collaboration solutions is positive about the kill switch idea, "Generally speaking, enterprises worry about their mobile users' email, calendars, contacts and files -- proper enterprise mobility solutions will be able to keep that data synced with a server so that IT can wipe it from the device without touching the personal content or losing anything important. In that sense, a device kill switch provides a nice fail safe for the corporate mobility tools, as people are probably more likely to report a stolen device to the police before they inform their IT department".
The idea of having separate personal and company areas on the same device is common to many BYOD protection solutions. Omer Faiyaz CEO of device management specialist Remo Software says that, "A segment on the device can be used to separate company and personal data. It's also a good idea to use features like Remo MORE's family app store to ensure that only approved apps can be installed".
We've seen hardware manufacturers taking the threat of lost mobile devices more seriously too with this week's announcement by SanDisk of a self-encrypting drive. This protects against data loss from lost or stolen devices and allows for central management by the IT department.
There are plenty of solutions available to make BYOD work in a safe and secure way, but it seems that businesses need to take the threat seriously and put appropriate policies and tools in place.
Gartner's Ms Escherich concludes that currently, "...BYOD laptop, smartphone and tablet security policies are still incomplete in many companies, and contain gaps and other inconsistencies that don't measure up to business obligations. Many enterprises (especially in the smaller and midsize sector) lack the proper organizational structures to create these policies and must reorganize to provide the necessary governance for a successful mobility implementation".
If this has sparked your interest BYOD security threats and trends will be discussed at the Gartner Security & Risk Management Summit which takes place on June 23-26 in National Harbor, Maryland.
Photo Credit: Stuart Miles/Shutterstock
Enterprise resource planning and other business functions like financials and customer relationship management are increasingly shifting to the cloud.
NetSuite is one of the main players in this market offering a broad suite of applications. To allow NetSuite customers to get the most from their software and gain greater operational efficiency, business intelligence specialist Birst is launching a free analytics module.
Birst Express for NetSuite helps NetSuite users understand their operational data in new ways and uses highly interactive visualizations that are unavailable in standard implementations of the software or using standard reporting tools.
Embedding Birst’s cloud BI platform within NetSuite's business software suite offers customers no-cost access to powerful analytics covering areas such as booking and billing. It includes Birst Visualizer, which combines Google-style search and Amazon-style recommendations to provide faster answers to questions.
For example it allows companies to compare conversion rates across products and customer types, understand billing trends and identify bottlenecks, as well as eliminate manual reporting to assist in faster decision making.
"Birst Express for NetSuite is designed to help companies understand their operational data in new ways using sophisticated analytics and interactive visualizations," says Brad Peters, Birst's chairman and chief product officer. "By embedding Birst's business intelligence platform within NetSuite’s software suite, we can help NetSuite customers optimize business processes, ultimately driving better performance throughout the organization. This is a no-brainer for NetSuite customers because all they have to do is start using it when they are using their NetSuite software".
The free module includes a pre-built library of more than 50 operational metrics and attributes, with historical and dimensional views. It also offers visualizations, enterprise dashboards and over 20 pre-built reports giving insights into key areas.
You can find out more about Birst and what it can do for business users on the company's website.
Mobile workforces and a changing threat landscape means that corporate data is more at risk than ever before.
A study last year by research specialist Forrester shows that 32 percent of all data breaches were due to the loss or theft of corporate laptops. In addition between June 2012 and June 2013, business travelers lost over 10,000 laptops, smartphones, tablets and other personal electronic devices in seven of the world's largest airports.
To help companies keep their information safe, storage specialist SanDisk is launching the company's first self-encrypting solid state drive. The X300s SSD uses an AES 256-bit FIPS 197 certified hardware crypto engine to enable full-disk encryption with minimal performance penalty. It's built to be compatible with TCG Opal 2.0 and Microsoft Encrypted Hard Drive technologies and is compliant with key security specifications including IEEE 1667. It also has a new admin dashboard to make audit and compliance management easier.
"Businesses of all sizes want computers that are reliable, secure, built to last and are easy to support remotely," says Kevin Conley, senior vice president and general manager, client storage solutions at SanDisk. "For the enterprises that deploy hundreds or even thousands of laptops, it’s essential that their IT departments be able to centrally and securely manage these devices. The X300s, designed with SanDisk's world-class flash, helps corporate IT leaders not only deliver the heightened performance and lower TCO that flash is known for, but also addresses data protection and security needs, without business disruption".
The drive also comes with a coupon code for a free download of Wave EMBASSY Security Center to deliver local management. You also get a free 30-day trial of Wave Cloud 2014 which allows an administrator to remotely set up and manage several self-encrypting drives.
The SanDisk X300s SSD will be available in June via the company's Commercial Business Channel. It will come in two form factors, conventional 2.5-inch 7mm and M.2 2280 single-sided edge-connector format. Capacities range from 64GB up to 1TB. Up to 512GB will be supported on the M.2 2280 single-sided design form factor, enabling thinner computing designs.
You can visit the X300s's product page on the SanDisk website for more information. For a look at the benefits of self-encrypting drives see the infographic below.
In today's ever more connected world consumers have much higher expectations of the companies they deal with.
They want businesses to understand their preferences and deliver a personalized, rewarding experience. What's more they expect this all the time not just at the point of sale.
To help organizations deliver for their customers IBM is using its Smarter Commerce Global Summit in Florida to unveil ExperienceOne, an integrated portfolio of cloud-based and on premise offerings to bring together marketing, sales and service practices and help create deeper, more valuable customer engagements.
IBM ExperienceOne draws on innovation from IBM research as well as more than $3 billion invested in organic development and acquisitions. It's also built on best practices drawn from IBM's experience of working with over 8,000 organizations across the globe.
"Smarter Commerce is about helping clients continuously reinvent themselves around the customer experience," says Craig Hayman, General Manager, Industry Cloud Solutions at IBM. "IBM ExperienceOne provides a secure and simplified portfolio -- including innovation from more than 1,200 partners -- to help clients design and deliver more valuable customer engagements. With cloud, on premise and hybrid options, IBM ExperienceOne quickly scales to engage every customer in the moment while protecting their privacy".
New capabilities help to improve understanding of customer relationships, maximize sales by directing the right offer to the right customer, and make use of mobile and social media to deliver better customer experience. Combining ExperienceOne with SoftLayer cloud infrastructure IBM is also able to offer customer data, customer analytics and digital commerce as a service.
The company is aiming to bring similar levels of customer insight to the B2B sector as well with the launch of new partner and supplier engagement software via its Smarter Commerce initiative. This includes a Multi-Enterprise Relationship Management (MRM) platform for better collaboration. IBM Sterling B2B Services Reporting and Analytics to monitor transactions and help business spot trends and make informed decisions. Plus other tools offer better adherence to compliance standards and faster and more efficient sharing of data.
"Now more than ever, the fate of any business is deeply intertwined with the success of its network of partners and suppliers around the world," says John Mesberg, Vice President, B2B & Commerce Solutions at IBM. "By orchestrating these complex engagements with extraordinary precision and insight, organizations can create new gateways to trade that enable businesses to deliver exceptional customer experiences. With today’s news, IBM fundamentally transforms these dynamics with partners and customers to drive faster time to revenue across the extended value chain".
You can find more about IBM ExperienceOne on the company's website. There's also an infographic on how Smarter Commerce can deliver better customer engagement below.
Image Credit: Sergey Nivens / Shutterstock
The UK Information Commissioner's Office has published a new report highlighting the eight most common vulnerabilities that have led to organizations failing to keep data secure.
The threats were identified as part of the ICO's investigations into data breaches caused by poor security practices. Many of these have led to financial penalties being imposed on the organizations involved.
These include the £250,000 fine issued to Sony Computer Entertainment Europe after the company failed to keep its software up to date, leading to the details of millions of customers being compromised during a targeted attack.
The top eight vulnerabilities picked out by the report are:
* Failure to keep software security up to date
* Lack of protection from SQL injection
* Use of unnecessary services
* Poor decommissioning of old software and services
* Insecure storage of passwords
* Failure to encrypt online communications
* Poorly designed networks processing data in inappropriate areas
* The continued use of default credentials including passwords
ICO's Group Manager for Technology, Simon Rice, says, "In just the past couple of months we have already seen widespread concern over the expiry of support for Microsoft XP and the uncovering of the security flaw known as Heartbleed. While these security issues may seem complex, it is important that organizations of all sizes have a basic understanding of these types of threats and know what action they need to take to make sure their computer systems are keeping customers' information secure".
Rice highlights the fact that many organizations are not addressing the basics of IT security, "Our experiences investigating data breaches on a daily basis shows that whilst some organizations are taking IT security seriously, too many are failing at the basics. If you're responsible for the security of your organization’s information and you think salt is just something you put on your chips, rather than a method for protecting your passwords, then our report is for you".
The full report, including good practice guidance on avoiding problems, can be downloaded as a PDF from the ICO website.
Rice will also be publishing a series of blogs over the next few days looking at the ICO's findings and recommendations in more detail.
Photo Credit: watcharakun / Shutterstock
Big data places enormous demands on storage and in many cases conventional technologies are struggling to keep up.
In an effort to deliver improved economics and at the same time enable organizations to access and process any type of data, on any type of storage device, anywhere in the world, IBM has unveiled a portfolio of software defined storage products.
Codenamed "Elastic Storage" (insert your own drapery joke here) the portfolio of products offers higher performance, infinite scale, and is capable of reducing storage costs up to 90 percent by automatically moving data onto the most economical storage device.
"Digital information is growing at such a rapid rate and in such dramatic volumes that traditional storage systems used to house and manage it will eventually run out of runway" says Tom Rosamilia, Senior Vice President, IBM Systems and Technology Group. "Our technology offers the advances in speed, scalability and cost savings that clients require to operate in a world where data is the basis of competitive advantage".
Developed by IBM Research Labs the software is ideally suited for the most data-intensive applications which require high-speed access to massive volumes of information. It provides a set of capabilities to automatically manage data both locally and globally, offering faster access, easier administration and greater scalability.
IBM Research has demonstrated that Elastic Storage can successfully scan 10 billion files on a single cluster in just 43 minutes. It has its roots in the technology used for the Jeopardy! TV match with IBM's Watson supercomputer.
Among its capabilities Elastic Storage can exploit server-side flash to give up to a six times increase in performance compared to standard SAS disks. It recognizes when a server has flash storage and uses it as cache memory to boost performance. Storage is virtualized allowing multiple systems to share common pools. It's not reliant on centralized management and so can ensure continuous access, working around software and hardware failures.
It features native encryption and secure erase options as well as supporting OpenStack cloud management to allow customers to spread data across private, public and hybrid clouds.
For more information on IBM's software defined storage visit the company's website. There's an overview in infographic form below.
Photo Credit: T.L. Furrer / Shutterstock
The millennial generation (18 to 33 year olds) is a demographic that marketers love. We saw last week that they are more likely to use their mobiles whilst shopping but that's just part of the equation.
The reason this group excites the marketing men so much is because its members have a lot of spending power and crucially because they create buzz on social media. Brand engagement specialist PunchTab has released a new report looking at millennials' activity when shopping for fashion and accessories.
Focusing on customer loyalty programs it finds that 63 percent would join a program if offered some kind of incentive. Once signed up they're more likely to connect with the brand on social media and post comments and reviews. This is crucial because 96 percent say that user generated content plays a part in their purchase decision. When rewarded or offered an incentive millennial women are three times more likely to post comments about their purchase on a brand or store Facebook page. Millennial men are less engaged but are still two to three times more likely to connect to a brand on Facebook or Twitter and to share brand related content than other generations.
Exclusivity is important to millennials and a majority do join loyalty programs because they like to feel like elite shoppers. 74 percent of women surveyed and 52 percent of men are members of fashion-related loyalty schemes. Of those who don't join one of the key reasons they give for not doing so is the fear of being spammed by retailers.
The moral for retailers then is that if you want to be "liked" by the millennial generation and be part of the online buzz they create you need to offer an incentive.
You can download the full whitepaper on millennial fashion shopping behavior from the PunchTab website and there’s a summary of the findings in the infographic below.
Image Credit: Hasloo Group Production Studio / Shutterstock
Traditional retailing models have come under pressure from the internet, in particular the habit of 'showrooming' which involves browsing in store and buying online.
But according to point of sale specialist Merchant Warehouse there's a reverse effect called 'webrooming' which sees consumers browsing online but actually buying in bricks-and-mortar stores.
Men are more likely to webroom with around 75 percent doing it, while 53 percent choose to showroom. Female buying habits show 63 percent making in-store purchases after browsing the web and 40 percent doing the reverse. Additionally, 9 out of 10 showroomers have also webroomed, but only 6 out of 10 webroomers have showroomed -- are you following this okay? Don't worry there's an infographic at the end.
Merchant Warehouse says that retailers can capitalize on this trend by focusing on what makes consumers choose webrooming in the first place. Motivations for browsing online and buying in store include avoiding shipping costs and the instant gratification of not having to wait for delivery.
Allowing in-store pickup and online checking of stock levels are easy ways for high street stores to tap into this demand. Being able to pay online prices for in-store products is important to 36 percent of consumers too. A similar percentage would choose webrooming on the grounds that it's easier to return a product if they need to.
Making better use of mobile is important for retailers too as we saw in the case of millennial shopping habits earlier this week. About 80 percent of all local searches performed on mobile devices result in actual purchases. Crucially though roughly 73 percent of these purchases are carried out in bricks-and-mortar stores. Providing online reviews for the store and the shopping experience can help drive customers to the door.
You can find out more about the webrooming phenomenon and how retailers can take advantage of it in the infographic below.
Photo Credit: ZINQ Stock/Shutterstock
The latest Security Intelligence Report from Microsoft reveals that malware infection rates soared in the final quarter of last year thanks mainly to three threats.
Infection rates measured in computers cleaned per thousand (CCM -- yes M, it uses the Latin for thousand) rose from 5.6 in Q3 to 17.8 in Q4 of last year on the back of the Win32/Senfit click fraud bot, along with two new distribution methods. Win32/Rotbrow, a program claiming to protect from browser add-ons, and Win32/Brantall which acts as an installer for legitimate applications but also bundles less welcome things.
It was Rotbrow that was most responsible for the dramatic increase in the CCM metric in 4Q13. Because the Browser Protector software had existed since at least 2011 without exhibiting any malicious behavior, many security software vendors had not configured their products to block or remove it.
An interesting side effect of this is that Vista and Windows 7 showed higher CCM rates than XP for the quarter. The report shows an infection rate of 25.9 percent for Windows 7, 32.4 percent for Vista and 24.2 percent for XP. Microsoft has normalized the figures to take account of differences in numbers using each OS.
This doesn't mean that you should rush off and downgrade all your systems to XP though. Microsoft is quick to point out that, "In general, infection rates for more recently released operating systems and service packs tend to be lower than infection rates for earlier releases, for both client and server platforms. In 3Q13, this pattern is clearly visible, with Windows XP displaying an infection rate significantly higher than any other supported Windows client platform, and Windows 8 RTM -- at the time the most recently released platform -- displaying the lowest".
Looking at threats by type, the report shows that miscellaneous Trojans are still the most commonly encountered threat. Trojan downloaders and droppers grew to become the second most encountered category in the fourth quarter though thanks to Rotbrow and Brantall. The encounter rate for worms fell slightly as did that for exploits.
In terms of geography you're more likely to encounter a Trojan in Brazil, Russia or Italy than elsewhere in the world. Ransomware distribution is particularly sensitive to geography with all encounters taking place in Europe, western Asia, and the wealthy English speaking regions of North America and Oceania. Ransomware is virtually unknown in Latin America, Africa, the Middle East, and eastern and southern Asia.
If you need some bedtime reading you can download the full 152 page PDF report, which covers much more including spam levels and the differences between home and enterprise threat patterns, from the Microsoft website.
Image Credit: micic/Shutterstock
Spear phishing attacks are becoming more commonplace and with each major data leak, like that of earlier this year at Target, the number of people at risk of falling victim to one increases.
By their very nature spear phishing attacks are highly targeted and seek to trick users into visiting malicious URLs by appearing to come from a trusted source.
In response to the risk, cloud email management specialist Mimecast is adding Targeted Threat Protection to its portfolio of services. This scans all URLs found in inbound email every time they are clicked by the end-user to ensure the linked site is clean and risk free. If the user attempts to visit an 'at risk' site, they are warned or automatically barred from viewing it.
Because it's in the cloud, the protection is in place from any device used to access an enterprise email account including smartphones and tablets. It makes life easier for admins too as it’s controlled from the Administration Console along with other Mimecast services.
Orlando Scott-Cowley, Director of Technology Marketing, Mimecast says, "Spear phishing is a new frontline in the battle to protect enterprise systems and data. Mimecast Targeted Threat Protection stops spear phishing in its tracks. The threats to an end-users' inbox are constantly changing and have moved far beyond the daily barrage of spam and virus content on their work desktop. We have to protect their work and personal desktop, laptop, tablet and smartphone as today each device is used for enterprise email. IT teams know their end-users are one of their weakest security links and can be specifically targeted to get access to critical systems and valuable corporate data".
Spear phishing attacks often attempt to pass through existing security gateways by having embedded URLs that are initially inactive and therefore clean when scanned. Phishing web content is activated later when the attacker knows all gateways have passed the email and link. Mimecast combats this by rewriting the link at the gateway so when it gets clicked, it's directed to the Mimecast cloud where the original link is checked for risks before being opened. This has the added advantage that the link is scanned every time it's clicked not just the first time, so uses won't be caught out by dormant links that become active at a later date.
It's seamless for the end user as if a link is safe it will simply open as normal in the browser. If a link is bad a clear warning can be displayed along with advice based on the user's security profile. For the IT team it offers seamless protection with no need for extra infrastructure or staffing.
For more information on Mimecast and how it can manage email for Microsoft Exchange and Office 365 environments visit the company's website.
Image Credit: Maksim Kabakou / Shutterstock
With business becoming more global and having remote offices in different locations, network performance is more than ever a key issue for administrators, especially when performing system updates.
System management specialist Adaptiva has launched a new version of its SCCM (System Center Configuration Manager) tool OneSite, aimed at improving WAN performance and scalability as well as making the most of Windows 8 environments.
OneSite 4.0 is scalable to sites of up to 400,000 workstations, enabling large enterprises with multiple offices around the globe to run Microsoft SCCM environments with less effort, infrastructure cost and time from IT staff. It provides support for a Unified Extensible Firmware Interface (UEFI) to take full advantage of Windows 8 environments, as well as powerful new visual scripting capabilities.
Other key features include a WAN pause and resume facility allowing admins to stop and start network traffic at the click of a button, a NetBoost feature to improve performance and responsiveness where bandwidth is restricted, and predictive bandwidth harvesting with a flow equalizer. The latter allowing files to be sent to distributed machines across the WAN ensuring coordination between locations to make the best use of the network.
It also offers secure, enterprise class P2P communication which is infinitely scalable. This includes Adaptiva’s proprietory Zero Footpring Chaching to cope with large volumes of data. OneSite's P2P content transfer efficiently handles large packages -- such as when pushing updates to remote machines -- while consuming fewer client resources. IntelliStage automatically selects the best-suited machines at a site to store the content and AutoStage perpetually maintains a minimum number of copies of the content, ensuring redundancy and load balancing.
"We are seeing unprecedented demand in very large global, Windows environments where inconsistent WAN connections and the need to perform widespread operating system or SCCM upgrades is a huge challenge for IT," says Deepak Kumar, CTO and Founder of Adaptiva. "The scalability and performance improvements we’ve made in the new version of OneSite are specifically designed to meet these business needs, and directly based on feedback we've received from the largest banks and manufacturers in the world".
You can find out more about the latest version of OneSite on the Adaptiva website.
Photo Credit: Palto/Shutterstock
As businesses shift more of their operations to the cloud so the demand for reliable, scalable services and platforms increases.
To address these needs HP is launching a new portfolio of cloud products and services called HP Helion. This incorporates existing HP cloud offerings with new OpenStack technology-based products, professional and support services in a single portfolio to help meet customers' specific business needs.
In addition the company is extending its commitment to OpenStack technology and hybrid IT delivery -- spanning traditional IT, public, private and managed clouds. HP plans to invest more than $1 billion over the next two years on cloud-related product and engineering initiatives, professional services and expanding HP Helion's global reach.
"Customer challenges today extend beyond cloud. They include how to manage, control and scale applications in a hybrid environment that spans multiple technology approaches," says Martin Fink, executive vice president and chief technology officer at HP. "HP Helion provides the solutions and expertise customers need to select the right deployment model for their needs and obtain the greatest return for their investment".
The Helion portfolio includes several new products and services. Highlights are a commercial version of OpenStack, delivered tested and supported by HP. The HP OpenStack Community Edition is a free version for testing, proof of concept and basic systems and is available now. A commercial edition to address the needs of larger enterprises will be released in the coming months.
There's also a Platform as a Service (PaaS) development platform based on Cloud Foundry to allow developers to build, deploy and manage applications quickly and easily. An OpenStack Technology Indemnification Program protects qualified customers using HP Helion OpenStack code from third-party patent, copyright and trade-secret infringement claims directed at OpenStack code alone or in combination with Linux code.
To provide support Helion OpenStack Professional Services will make an experienced team of consultants, engineers and cloud technologists available to assist customers with cloud planning, implementation and operational needs.
You can find out more about HP Helion on the company's website. You can also register to watch the official launch webcast at 11:30am ET today (7 May 2014).
Research specialist IDC has released the latest results of its Worldwide Semiannual Software Tracker showing that the software market grew by 5.5 percent in 2013, reaching a total size of $369 billion.
IDC divides the market into three segments: Applications; Application Development and Deployment (AD&D); and Systems Infrastructure Software. These segments all grew between 5.4 and 5.6 percent, meaning that none of them had a significantly better performance in 2013.
Some specific types of software, though, showed high growth rates. Growth in the AD&D segment was largely driven by the performance of structured data management along with data access, analysis, and delivery software with 7.3 and 6.0 percent growth rates, respectively. Advanced analytics software and database management systems (DBMS) solutions are pushing the growing trend for these markets because of increased big data and analytics adoption. Oracle continues to lead the AD&D segment with a steady market share of 21.5 percent, followed by IBM, Microsoft, SAP, and SAS. Among these vendors, Microsoft and SAP stood out by gaining the most market share over the last year.
In the Applications market -- which accounts for half of total software revenue -- collaborative applications and content applications stood out with year-on-year growth rates above 10 percent. Whilst the first is being driven by the adoption of enterprise social networks and team collaborative applications, the latter is down to search and content analytics, which grew at 13.2 percent. Big data and related analytics adoption is largely responsible for this. Microsoft leads the applications market with a 14.1 percent share in 2013.
Whilst Systems Infrastructure Software grew by only 5.5 percent the system software sub-segment grew by eight percent, driven by the launch of Windows 8 along with virtual machine and cloud system adoption. Microsoft has 29.3 percent of this segment followed by IBM, Symantec, EMC and Vmware.
Looked at by region, Latin and North America showed the most growth, followed by Western Europe. The Japanese market showed an 11.6 percent decline on the effects of devaluing the yen.
You can read more about what's covered by IDC's software tracker on the company's website.
Image Credit: Peshkova / Shutterstock
With targeted attacks on the rise and cybercriminals becoming more ruthless, traditional security solutions are struggling to cope with the number of incidents and false positives, leaving organizations vulnerable.
In a bid to provide improved security Symantec has announced a roadmap of solutions aimed at providing what it calls Advanced Threat Protection.
This centers on two new offerings, Symantec Managed Security Services -- Advanced Threat Protection and Symantec Advanced Threat Protection Solution, these correlate alerts and intelligence across a range of security technologies to deliver more comprehensive attack prevention.
"To successfully defend against the types of targeted attacks we're seeing today, you need to expand the focus from prevention to detection and response," says Brian Dye, senior vice president of Symantec Information Security. "Network security alone isn't going to solve the problem. Adversaries are targeting all control points from the gateway to email to the endpoint. Organizations need security across these control points working together, with incident response capabilities and global information intelligence, to beat the bad guys. Symantec is bringing that powerful arsenal to market".
The first new product, available from June this year, is Symantec Managed Security Services -- Advanced Threat Protection (MSS-ATP), a managed service that significantly reduces the time it takes to detect, prioritize and respond to security incidents by producing integration between its endpoint security and third-party network security vendors' products. It works with a number of products from partners including Check Point Software Technologies, Palo Alto Networks and Sourcefire (now part of Cisco).
In the next six months Symantec will launch two more products, an Incident Response service, providing customers with immediate access to critical capabilities, knowledge and skill sets, and an Intelligence service, providing unmatched threat visibility and analytics.
To tie all this together there will be an Advanced Threat Protection Solution, which is scheduled to be in beta testing within six months and generally available within the next 12 months. This will offer a complete end-to-end solution to integrate Advanced Threat Protection across the endpoint, email and gateway to provide customers with critical detection and response capabilities at each point.
Advanced Threat Protection will be supported by two technologies, the first being Symantec's Dynamic Malware Analysis Service which is a cloud-based sandbox environment where behavioral analysis of active content can be used to quickly maximize threat identification. The second is Synapse, which enables smooth communication between the endpoint, email and gateway to improve response. It's also backed by a Global Intelligence Network that collects data from customers and sensors around the clock to allow Symantec to detect attacks, monitor attacker networks and develop predictive, proactive technologies to deliver threat protection.
Jon Oltsik, senior principal analyst at Enterprise Security Group says, "Symantec is well positioned to deliver an end-to-end advanced threat solution by building on the technologies it offers today, integrating across its portfolio, and delivering it as a service enhanced by an evolving partner ecosystem. By leveraging its global intelligence and building-in completely new incident response capabilities, Symantec can really address a multitude of enterprise cybersecurity requirements".
Image Credit: Symantec
We all know that technology is changing the way we shop through the ability to buy more of our needs online.
But a new study of millennial shoppers by point of sale technology specialist Merchant Warehouse shows that this particular generation has higher expectations from the shopping experience and is more likely to use mobiles in the process.
Nearly three-quarters of millennials read reviews on their mobiles, and half of people in this demographic use their mobile device to check into stores in order to earn rewards. The rise of price matching websites has also led to them being more likely to check prices whilst out shopping.
Some 44 percent also say they scan QR codes in store to learn more about products and manufacturers.
Retailers though don't seem to be taking advantage of the opportunities this shift in habits offers. Half of retailers say that their mobile marketing efforts aren't targeted. Coupons play a big part, around half of millennial consumers indicated that they would visit a store if they were offered a 20 percent discount. One-quarter of respondents would need a 50 percent discount as an incentive to visit a store.
Loyalty programs are important too. Three-quarters of shoppers would consider switching to a different retailer if they were offered real-time promotions through a mobile application or website. Again retailers are missing the boat, only 27 percent offer mobile coupons and less than 12 percent of retailers offer daily deals through a discount website.
You can read more about the results of the survey in the infographic below.
Image Credit: Art Allianz / Shutterstock
The recent Heartbleed bug, in addition to a general rise in cybercrime activity, has led to companies scrambling to re-evaluate their online security. But how can organizations ensure that have a consistent and reliable approach to protecting themselves?
We spoke to Tanya Bragin the principal product manager at ExtraHop Networks, a global leader in real-time wire data analytics for IT operational intelligence, to find out.
BN: How can organizations ensure that they're properly protected in the wake of Heartbleed?
TB: Cataloging all affected servers can be an onerous audit task, especially for a large or distributed IT organization. In one case, we heard from the CISO of a large online company who had spent the 48 hours since the vulnerability came to light running port scans on all of the company’s systems. While the CISO reported that the scans had thus far been successful because none of their systems had gone down (the fear of the DevOps team), every passing minute without a complete understanding of the vulnerabilities in their architecture exposed them to risk.
While traditional approaches to security monitoring, visible in the previous CISO use-case, certainly play an important role in detecting threats, the Heartbleed vulnerability underscores the limitations of these systems. The port scans performed by these systems impose a considerable burden on the network, and take time to identify vulnerabilities. In this situation, the most scalable way to understand what systems are affected is to evaluate communication choke points, rather than individual hosts. Wire data is the most comprehensive source of visibility into these choke points because it offers an unbiased view of all traffic moving across the wire. Employing solutions that provide this deep, cross-tier visibility are crucial in making sure that Heartbleed and other vulnerabilities are detected rapidly and without impacting network performance.
BN: What if your web servers are outsourced to a third party?
TB: If your infrastructure is outsourced, your options may be limited since you are now reliant on the third party provider to evaluate and monitor their servers for this vulnerability. Selection criteria for managed services need to include access to tools that provide uniform visibility into an environment. Ideally, the solution in place is an easily extensible platform, able to monitor a variety of environments in a vendor-agnostic manner and be adjusted to handle unexpected use cases.
BN: Have recent events dented consumer confidence in ecommerce and what can be done to rebuild it?
TB: In the wake of recent high profile security breaches, consumer confidence in ecommerce companies has diminished. While these breaches should have motivated consumers to be more careful with what data they expose and how they protect it (ie strengthening and diversifying their passwords), ecommerce companies still bear significant responsibility for protecting the data consumers entrust to them.
Between the blow to consumer confidence and the subsequent lawsuits resulting from these data breaches, ecommerce companies, regardless of whether they have been affected, need to take a critical look at their security protocols. Internally assigning blame -- with the operations team blaming security, security blaming operations, and everyone trying to point the finger at the security vendor -- is not going to improve confidence. Instead, these companies must adopt a proactive, integrated approach by taking security into account at all levels, from development and test through to day-to-day IT ops.
BN: What is the main lesson that businesses should take away from Heartbleed?
TB: The threat landscape is constantly evolving, and vulnerabilities may crop up in the places you least expect them. Heartbleed is a prime example of this. In order to deal with new, advanced and persistent threats, IT teams need to rethink their approach to security for their networks, data and applications. Keeping security siloed from operations is no longer an option. Much like development/test and operations have become increasingly interconnected in recent years, resulting in DevOps, operations and security teams benefitting from a more collaborative approach. The reality is that security and operations teams share a common goal -- maintaining the integrity and availability of the organization's IT assets. If security is compromised, so is availability. Simply notifying the security team when a potential breach is detected is not sufficient. Operations needs to take a more active role in identifying the genesis of the breach, and then work collaboratively with the security team to remediate it.
BN: How do you see the overall threat landscape changing? How much of this is driven by new service models like BYOD?
TB: The complexity, dynamism and decentralization of today’s IT environments not only opens the door for new vulnerabilities and exploits, it makes preventing, detecting and neutralizing potential threats a complex task. BYOD is a good example. As individuals increasingly demand to use their personal devices in the workplace, controlling which devices access the network, data and applications, is no longer simple. In order to prevent a potential breach, IT teams need the means to pervasively and persistently monitor which devices are connecting and from where, and then track how and to what extent they are accessing applications and data. If, for example, the NSA was equipped with a way to monitor which data Edward Snowden was accessing (and how much of it), they might have been notified of the anomalous behavior before it turned into one of the most infamous security debacles in history.
Likewise, things like public cloud are also transforming the way organizations are thinking about security. Hosting applications in public clouds like AWS make many IT teams nervous, knowing that they will lose a certain degree of control over the performance, availability and security of those applications. As with the BYOD problem, the resolution really comes down to visibility. Solutions like CloudWatch exist to help internal IT teams monitor their workloads running in AWS. A wire data analytics platform like ExtraHop can be deployed to extend the functionality of CloudWatch to deliver real-time, pervasive monitoring of applications running in the cloud, thereby enabling IT and security teams to detect anomalous behavior early.
BN: Are there additional risks associated with businesses moving to the cloud and to SaaS platforms?
TB: Yes. That risk is "uniformity". Economies of scale in SaaS and cloud necessitate streamlining and homogenizing solution stacks and environments in order to deliver infrastructure and services in a cost-effective manner. However, from the perspective of an attacker, their job just got easier! They now have to find vulnerabilities in a much smaller subset of software. By infiltrating one cloud or service provider, they gain access to numerous organizations’ resources and information.
Photo Credit: watcharakun / Shutterstock
It looks like the growth of the tablet market may be starting to slow down according to a new study carried out by research specialist IDC.
Tablets and 2-in-1 shipments slipped to 50.4 million units worldwide in the first quarter of 2014 according to IDC's Quarterly Tablet Tracker. This represents a decline of 35.7 percent from the high-volume holiday quarter and just 3.9 percent growth over the same period last year.
The slowdown has been seen across all operating systems and screen sizes and IDC suggests that it points to an even more challenging year ahead for the sector.
"The rise of large-screen phones and consumers who are holding on to their existing tablets for ever longer periods of time were both contributing factors to a weaker-than-anticipated quarter for tablets and 2-in-1s," says Tom Mainelli, IDC Program Vice President, Devices and Displays. "In addition, commercial growth has not been robust enough to offset the slowing of consumer shipments".
Looked at by manufacturer, the figures show that Apple has maintained its lead in the market having shipped some 16.4 million units worldwide. However, that figure is down from 26 million units in the previous quarter and 19.5 million in the same quarter of 2013. Apple's market share has held up though at 32.5 percent compared to 33.2 in the previous quarter.
Samsung grew its market share from 17.2 percent in the last quarter of 2013 to 22.3 percent in the first quarter of this year on the back of 11.2 million shipments. Amazon tablet sales showed a year-on-year decline from 1.8 million units in Q1 2013 to just one million this year.
The biggest growth comes from Lenovo which shipped only 600,000 tablets in Q1 2013 but leaped ahead of Amazon this year moving 2.1 million tablets in the first quarter.
iCharts
Android continues to dominate the tablet market with around a two-thirds share, but Windows is starting to gain ground. Jitesh Ubrani, Research Analyst, Worldwide Quarterly Tablet Tracker says, "Although its share of the market remains small, Windows devices continue to gain traction thanks to sleeper hits like the Asus T100, whose low cost and 2-in-1 form factor appeal to those looking for something that's 'good enough'".
So what does all this mean? Are we losing our love of tablets? Or is it simply as Mainelli says that having found a device they like people are hanging onto it rather than upgrading to the latest model? The latter seems most likely as, unlike smartphones, tablets aren't bought on contract so represent a more significant spending commitment.
Image Credit: vinzstudio / Shutterstock
We're hearing more and more about the internet of things at the moment, but what are the technologies that are doing most to make it a reality?
Entrepreneur’s group TiE Global has produced an infographic highlighting industry insights and predictions for the top internet of things technologies for this year.
It names the five key technologies making the IoT a reality as smartwatches, the automated home, health and fitness tracking, connected retail, and virtual and augmented reality. Some of these like smartwatches, and fitness tracking are heading towards the mainstream. Others like augmented reality -- Google Glass for example -- have yet to fully take off but are likely to have a big impact when they become available to consumers.
Connected retail systems, allowing you to pay with your mobile phone using NFC for example, are predicted to account for 19 percent of retail sales by 2016. Automated home technology has started off slowly but the market is expected to be worth over $35 million by 2016.
You can read more on the infographic below.
Image Credit: lucadp / Shutterstock
The average private user PC in the UK has 76 different programs from 26 different vendors, which leaves users struggling to keep everything up to date.
Vulnerability management specialist Secunia has published a report on the state of security among PC users in the UK based on scans from Secunia Personal Software Inspector between January and March 2014.
It finds that 58 percent of identified vulnerabilities originate from third party programs, 29 percent from Microsoft programs and 13 percent from operating systems. More worrying is that 12 percent of users are using unpatched operating systems, a figure that's likely to rise following the end of support for XP.
Just over one in ten third-party programs on the average PC are unpatched compared to just over three percent of Microsoft programs. This, says Secunia, suggests private individuals respond to the single update mechanism for Microsoft programs but struggle to master the other update mechanisms required for the other vendor's software. Also 4.6 percent of installed programs have reached end of life and are no longer being patched by the vendor.
Morten Stengaard, CTO at Secunia says, "Good security management means removing programs that aren't used and regularly patching those that are. However, cybercriminals know that most private users in the UK consider regular security maintenance hard work".
The top 10 most exposed programs based on their market share and the percentage that remain unpatched despite patches being available are as follows:
1 Microsoft XML Core Services (MSXML) 4.x
2 Oracle Java JRE 1.7.x / 7.x
3 Apple QuickTime 7.x
4 Apple iTunes 11.x
5 VLC Media Player 2.x
6 Adobe Reader X 10.x
7 Microsoft .NET Framework 3.x
8 Microsoft .NET Framework 2.x
9 Adobe Shockwave Player 12.x
10 Microsoft .NET Framework 4.x
You can read Secunia’s full UK country report on the company’s website. You can also check how vulnerable your system is by downloading the free Secunia PSI scanner program.
Image Credit: alexskopje / Shutterstock
As networks become larger, faster and more complex, they become harder to monitor. This presents a security risk as it's more difficult to capture behavior for incident analysis and to spot suspicious behavior.
Network specialist Emulex has released the results of a survey which looks at the impact of growing networks on visibility and monitoring, network and application performance, security, and compliance.
The number one network performance challenge, cited by 43 percent of respondents, is monitoring/managing network performance between groups of web, application, and database servers in the data center. The second largest is maintaining performance to endpoint devices connected via public networks or WANs.
These concerns reflect a changing environment with increasingly mobile workforces that require wider boundaries for endpoint device management.
Security issues include struggling to capture network behavior for incident detection, mentioned by 38 percent, monitoring network flows for anomalous behavior (35 percent), the ability to capture and analyze logs from network and security devices (29 percent), and being able to to establish a baseline of normal network behavior (27 percent).
More than two-thirds of respondents state that they expect the number of requests to capture network data (including metadata and packet-level data) to increase dramatically. These requests are also coming from more places including network, security, compliance, audit and application teams.
Faster networks are a problem too as 54 percent of respondents say that their existing monitoring tools can’t cope with the increased throughput of 10GbE networks.
"The results of this survey point to exactly why enterprises need the ability to collect and monitor all network traffic -- to improve network performance, security, and availability and to maintain regulatory compliance," says Mike Riley, senior vice president and general manager of the Endace division of Emulex. "The impact on the enterprise bottom line of network outages and security events is very large, and will only continue to grow. By implementing comprehensive network visibility architectures, organizations will be better prepared to ensure network performance, security, and compliance, and to dramatically reduce the time to find and fix critical problems".
The full study is available as a PDF from the Emulex website and you can see a summary of the findings in the infographic below.
Photo Credit: dotshock/Shutterstock
A majority of enterprises are using software that they've unintentionally failed to pay for according to a new report by Flexera Software prepared in conjunction with IDC.
The report reveals, among other things, that 85 percent of organizations are out of compliance with their software license agreements. In addition 63 percent were audited by their software vendors in the last 18-24 months (58 percent by Microsoft, the most aggressive auditor), and 56 percent were handed bills to regularize their licenses.
"Software license audits are a legitimate way for vendors to ensure they're getting paid for their software that’s actually being used. However, CFOs can be unaware of software contract provisions permitting these audits, which can result in an unexpected budget shock when IT staff present them with a true-up bill," says Amy Konary, research vice president -- software licensing and provisioning at IDC. "The cost of these true-ups can be significant, so CFOs should take the necessary steps to reduce their risk by implementing software license management processes and technologies to help ensure continual compliance".
All of the big software vendors use audits as a means of capturing extra revenue from non-compliant customers, but the report suggests that some are more aggressive than others. Microsoft is the most active with 58 percent having been audited by the company in the last year. Over the same period 29 percent report having been audited by Adobe, 23 percent by IBM, 21 percent by Oracle, 12 percent by SAP and 8 percent by Symantec.
Of the accidental pirates, 42 percent say that more than 10 percent of their software spend is associated with applications that are out of compliance.
"Software vendor audits are a fact of life today, as are the large checks CFOs are writing to their vendors to pay unbudgeted true-up fees," says Jim Ryan, Flexera Software’s Chief Operation Officer. "Best practice processes and technology are being implemented by prudent organizations to help ensure continual software license compliance. With these reasonable measures now so readily available, IT managers should no longer have to present their CFOs with six-, seven- or eight-figure true-up bills".
The report is available to download from the Flexera website and you can see an overview of the findings in the infographic below.
Image Credit: Feng Yu / Shutterstock
UK media regulator Ofcom has published the results of its latest Adults' Media Use and Attitudes report studying the media habits of people aged 16 and over.
Among the findings are that younger people spend more time online and that the number of over 65s accessing the web has increased by 27 percent between 2012 and 2013.
Internet access among under 35s is now almost universal with 98 percent going online. Among 45 to 54-year-olds 91 percent now go online (up from 84 percent in 2012) but the biggest increase is among over 65s. Ofcom suggests that this is due to the increased use of tablets by older people up from 5 percent in 2012 to 17 percent in 2013.
Computers are still the most popular way to access the internet, used by 78 percent, but two-thirds of adults also use other devices, such as tablets or smartphones, to surf the web.
Use of tablet computers to access the internet among all adults has almost doubled from 16 percent in 2012 to 30 percent in 2013. Nearly two-thirds (59 percent) of people now access the internet through a mobile phone, up by six percentage points since 2012.
What's also interesting is that more adults across all age groups are playing games, 42 percent compared to 35 percent in 2012. This is likely to be driven by increased internet access as well as the availability of smartphones and tablets.
Ofcom also finds that among smartphone users more than half of downloaded apps are redundant. On average users have downloaded 23 apps but only use 10 of them. When it comes to selecting apps more than three-quarters rely on recommendations from friends and family with under 20 percent relying on any form of advertising.
When asked about the technology they'd miss, TV comes out on top with 42 percent of all adults saying they'd notice the lack of the haunted fish tank most if it was taken away. There is big variation by age though, 47 percent of 16-24-year-olds say they'd miss their smartphone with only 13 percent naming TV, however, among over 65s the telly remains king with 68 percent saying they'd miss it.
Despite an enduring love for TV, the consumption of DVDs and Blu-Rays has fallen, only 55 percent watching them in 2013 compared to 63 percent in 2012. Just over half of internet users say they watch TV programs online.
More information on the findings of the report is available on the Ofcom website.
Do these findings reflect your experience? Which piece of technology would you miss the most? Let us know via the comments.
Image Credit: Ljupco Smokovski / Shutterstock
Coding applications in the traditional way is starting to look very 20th century, as in recent months we've seen more and more platforms launched with the aim of streamlining the development process.
Texas-based Backendless is the latest to enter the fray with a backend-as-a-service offering for desktop and mobile developers that's now leaving its beta phase.
By removing the need for writing code on the server-side, Backendless lets users develop applications around 50 to 100 percent faster than normal, giving developers the chance to focus more on the process logic and the client-side of the applications.
It takes care of server-side functions with easy-to-use APIs allowing developers to spend more time on business logic and user experience. Built-in services take care of user logins and session management as well as handling data and file management. Backendless can also handle push notifications, media streaming and geo-location services.
"We're passionate about Backendless because it is a paradigm shifting technology. It could have a profound impact on the whole generation of software developers and completely change the way applications are built," says Founder and CEO, Mark Piller.
The SDKs developed by the company are available for iOS/Mac OS X, Android/Java, Windows Phone/.NET, JavaScript, and ActionScript developers. There is also a REST (REpresentational State Transfer) interface suitable for any application. Backendless is language agnostic and can create standalone applications without any cloud dependencies.
In addition, the company is planning a release to integrate its services with Google Glass. By using code generation techniques and model-driven development, Backendless simplifies the process for developers building apps for Glass. Users will be able to easily customize and enhance their apps with custom voice commands to tap into Backendless services.
You can find out more about how it works and sign up for a free trial on the Backendless website.
Developing for in-house mobile platforms can sometimes be a bit of a poor relation in the allocation of resources, as it may be important to front-line departments like sales but is less so for IT.
A solution could be at hand from Irish tech company FeedHenry which has launched the latest version of its cloud platform, allowing companies to simplify the building of mobile apps for their employees.
FeedHenry 3 accelerates the development and deployment life cycle, helping enterprises to seamlessly create and manage company-wide mobile app projects. The latest version has significant new mBaaS (mobile back-end as a service) and API management, role-based development, and team collaboration features, along with support for a wide range of app development frameworks including Backbone, Angular and Xamarin.
"The reality is that mobility projects are no longer the sole remit of IT, and have become much more complex to manage and scale," says Cathal McGloin, CEO of FeedHenry. "FeedHenry 3 addresses many of the challenges companies face as they become mobile first. We're making it easier for multiple business units and IT to collaborate on mobile app development -- allowing the business to innovate on mobile while IT supports the centralized control of security, policy management and back end integration".
FeedHenry 3 uses an open, scalable architecture employing the cloud and RESTful APIs to make mobile app development more agile, sustainable and affordable compared to current industry standards.
Other features include collaborative workflows and support for native developer toolkits so that apps can be built for iOS, Android, BlackBerry, Windows Phone and the web. Developers have access to self-help capabilities and self-discovery of APIs, they can also create their own backend APIs in Node.js and share them across multiple projects.
"RESTful APIs have become the new standard for how software and devices interact," adds McGloin. "Traditionally, API Management has been all about control. With FeedHenry 3, our goal is to make APIs more accessible to developers to allow businesses to quickly and easily develop apps with the scalability that the cloud affords".
For more information or to request a demo take a look at the FeedHenry website.
Thanks to mobile devices, the cloud and the internet of things Cisco reckons that by 2020 there will be 50 billion digital endpoints.
This volume of connected devices offers huge potential for business. But as 85 percent of enterprise data still sits on in-house systems like ERP packages and secure databases its potential is hard to release.
Integration specialist Jitterbit has announced full availability of its Harmony Integration Cloud Platform which aims to simplify the integration of a new generation of endpoints with existing enterprise systems.
It uses a graphical "Clicks Not Code" approach to empower business analysts to connect applications in days and create connected business processes that open new channels of revenue and streamline manual tasks.
Companies can quickly integrate business processes, such as connecting cloud front-office applications to on-premise ERP to provide order and billing detail for a call center rep who needs to resolve customer billing issues. Harmony provides a visual studio so that non-technical users can easily design innovative processes that connect multiple endpoints, devices, geographies, and partners.
Other features include the ability to connect to hundreds of applications, smart migration across different environments, intelligent mapping of fields and a built-in library of business formulas. It also offers secure team and individual access and complete audit trails.
"We are thrilled to deliver the biggest product release in our 10-year history to the general public," says George Gallegos, CEO at Jitterbit. "The Harmony Platform is the realization of our commitment to give customers and partners the power to use integration to amplify the value of their applications with the most modern and fastest Cloud integration platform in the market".
You can find out more and watch a video demo of Harmony on the Jitterbit website.
Image Credit: Stokkete / Shutterstock
Much reporting of business metrics is still rooted in the era of static graphs and infrequent use. It's cumbersome and the information gets out of date fast.
Business planning and performance management specialist Tidemark is looking to bring reporting into the mobile and cloud era with the launch of its new Playbooks product.
Playbooks allows users to create a highlight reel of information so executives can better understand the complete narrative of their company's performance and act on potential problems as well as model new solutions.
"Modern businesses are looking to CFOs for new ways to drive growth in an era of increasing velocity, mercurial challenges and intensifying margin pressures," says Christian Gheorghe, founder and CEO of Tidemark. "We are continuing our strategy to bring innovation that helps our customers reap success and transform their organizations".
Any content within Tidemark can be added to a Playbook and shared throughout an organization. This offers a simpler approach than existing dashboard packages and lets employees add content in just a few clicks.
"Tidemark Playbooks are extremely innovative and we see a lot of opportunity to leverage them quickly," says Kristi Duncan, senior vice president of Finance at Ernest Health. "We envision using Playbooks to replace our Budget Binder and many of the other reporting books we currently use".
In addition to Playbooks, Tidemark is expanding its platform with features including self-service configuration and advanced in context analysis. There's also a business method framework offering straightforward, configurable options for tasks like tax calculations and currency conversions. A flexible modeling tool allows planning without being tied to a rigid model.
More information on Tidemark’s latest updates can be found on the company's website.
Image Credit: EDHAR / Shutterstock
Recent high profile stories like the Heartbleed bug have turned the spotlight on IT security. A new report by the Information Systems Audit and Control Association (ISACA) highlights how a skills crisis is putting more pressure on security teams.
ISACA surveyed enterprises to understand the level of attacks and their security preparedness. Key findings include that one in every five enterprises has suffered an advanced persistent threat attack, but that one in three of those don't know where it came from.
It also highlights that according to Symantec there has been a 62 percent increase in the number of data breaches in 2013. Also on Cisco's figures there's a worldwide shortage of 1 million security professionals.
To help address this growing skills crisis ISACA is launching a Cybersecurity Nexus (CSX) program. Developed in collaboration with chief information security officers and cybersecurity experts from leading companies around the world, CSX fills a need for a single, central location where security professionals and their enterprises can find cybersecurity research, guidance, certificates and certifications along with education, mentoring and community.
"Unless the industry moves now to address the cybersecurity skills crisis, threats like major retail data breaches and the Heartbleed bug will continue to outpace the ability of organizations to defend against them," says Robert Stroud, ISACA international president-elect and vice president of strategy and innovation for IT Business Management at CA Technologies. "ISACA is proud to help close this gap with a comprehensive program that provides expert-level cybersecurity resources tailored to each stage in a cybersecurity professional’s career".
The CSX program marks the first time in ICASA's history that it will offer a security-related certificate. There are four qualifications on offer needing both an exam and proof of work experience. This makes them ideal for recent university graduates and IT professionals seeking to change fields.
"Enterprises cannot rely on just a handful of universities to teach cybersecurity. With every employee and endpoint at risk of being exploited by cyber criminals, security is everyone’s business. We need to make cybersecurity education as accessible as possible to the next generation of defenders," says ISACA International President Tony Hayes.
You can find out more about the CSX program on the ICASA website and see more details on the cybersecurity skills crisis in the infographic below.
Image Credit: wavebreakmedia / Shutterstock
The Heartbleed OpenSSL vulnerability has sent tremors down to the very foundations of the IT world. But now that we're over two weeks on from the news of the bug first breaking what have we learned and has anything really changed? We talked to some leading security experts to find out.
There’s little doubt of the seriousness of the problem, Technical Manager at security firm Cigital, Amit Sethi says, "This is indeed one of the worst vulnerabilities in the history of the web. It has been present in OpenSSL for over two years, during which time it has made it into a lot of software. Unlike many other vulnerabilities in SSL implementations that we have heard about in recent years, this one does not require the attacker to be positioned between your computer and the server. The attacker can go directly to the server and get any information that you recently exchanged with it over a secure channel".
However, Sethi does take a positive from the news in terms of the industry's response, "...high-profile websites have been addressing the issue very quickly either by fixing it or by taking down their applications while they create a mitigation plan".
Heartbleed has the potential to affect everyone who uses the web. Sean Sullivan, Security Adviser at F-Secure says that smaller businesses may not be able to fix the problem themselves. "SMBs are typically not running their own web server or are using Apache that someone has set up for them. This is not an issue for small businesses themselves but they may be vulnerable through third parties".
Because Heartbleed mainly affected servers -- though it could be in some versions of Android too -- it meant that you were vulnerable whatever operating system you were running. Most vulnerable servers will have been patched by now and the speed with which major companies reacted has been impressive, but Alex Balan Head of Product Management at BullGuard warns that, "SSL is used by devices like load balancers and even some wireless routers which will need a firmware update".
Balan also believes that, "Heartbleed teaches us a good lesson about the state of the internet in 2014. People are more security aware and take a more proactive approach to patching servers". He also thinks that password managers will become more popular as people become more aware of security.
The need for better password security and avoiding the temptation to use a single password for multiple sites is underlined by Joe Ferrara, President and CEO of Wombat Security Technologies, "To avoid using information people could easily guess you can create a password family and also make passwords easy to remember. For example you could create a password family around automobiles. Bl&ckVo1vo (Black Volvo) might be for secure use such as your online banking and then R3dF#rr$ri (Red Ferrari) might be for more risky activities such as online shopping".
Although there has as yet been no major leakage of information captured from Heartbleed, it's still possible that we'll see attacks using stolen details in the weeks and months to come. The full extent of the problem may never be known, but at least we can take some comfort from the way that security professionals and the IT industry generally have responded and from the increased awareness of good password practice.
If the implications of Heartbleed still worry you or you think there’s anything else the industry could be doing to offer greater protection do let us know in the comments.
Image Credit: zakalinka / Shutterstock
Despite more and more aspects of business moving online, many tasks still need to happen in the real world. In fact some things like vehicle fleet operations have arguably become more important as increasing numbers of us shop online and have our goods delivered.
Operating vehicles can be a major part of a company's costs so anything that can help control them is worthy of management consideration.
SaaS fleet management specialist Fleetmatics has released its FleetBeat report which shows the value of vehicle-based telematics in cutting transport running costs. Some 12.6 percent of all commercial vehicles in the US and Canada currently have telematics installed allowing managers to track where they are and how they're used, and according to the report this has a major impact on running costs.
Fleetmatics estimates a saving of 573 million gallons a year in fuel arising from telematics use, adding up to a saving of $2.2 billion. This also means a decrease in CO2 emissions of 5 over million tons annually. Even with a small fleet of just five vehicles it estimates that savings of almost $75,000 a year are possible for operators.
You can find out more about the FleetBeat report on the Fleetmatics website and view a summary of the findings in the infographic below.
Image Credit: Mmaxer / Shutterstock
Whatever message you want to get across, whether it's in an advert, an infographic or a presentation, how it looks is key to success.
Maryland-based Easy WebContent has relaunched its Presenter tool under the name Visme aiming to make it a "Swiss knife for visual content".
Developed with input from 35,000 beta users and using a drag-and-drop interface the online tool aims to make visual content generation easy, fast and more efficient. Thousands of free images and icons are included so users can get started quickly and it enables motion and mobile/web friendly text to be added to any presentation element.
"Visme epitomizes everything we strive for. At the core we are a visualization tool and our mission is to simplify the ability for anyone to easily transform their thoughts and ideas into engaging visual content," says Easy WebContent founder Payman Taei.
The company says the most common uses of Visme are presentations, infographics, banners and short animations and teasers. Users can easily publish and share Visme content online, embed it to websites or blogs, or download it as Image, PDF or a HTML5 file.
The tool runs within your browser and a simplified interface improves the user experience and allows faster creation of content. You simply select the type of content you want to create, choose a theme and you’re into the editor. Motion can be added to any element to make animated banner ads for example.
Taei says, "You shouldn't need to be a multi-million dollar company to produce compelling visual content. And even if you are, why would you pay some exorbitant rate to bring in a third party to do something you could just as easily handle in-house? With Visme, we put the work on the back-end of our product so that producing and editing visual content is the intuitive, creative experience it should be. Our guiding principle is that complex software and esoteric coding should never get in the way of translating thoughts and ideas to visual content".
You can sign up for a free account to try the beta version for yourself on the Visme website.
Moving systems to the cloud is usually seen as a safer and more secure option than running them on site. However, the findings of a new report suggest that there's no room for complacency.
The Spring 2014 Cloud Security Report from security-as-a-service provider Alert Logic reveals a significant increase in attacks carried out against both cloud and on-premises systems.
The report draws on data collected from a 2,200 customer base between April and September last year and reveals a significant increase in activity across both cloud and in-house hosted environments compared to last year's findings. Brute force attacks climbed from 30 to 44 percent of customers, and vulnerability scans increased from 27 to 44 percent.
These two types of incident have historically targeted on-site environments but are now appearing at almost equal rates against cloud systems too.
"Our intelligence suggests that the observed increase in cloud attacks is correlated to the growth of cloud adoption in the enterprise," says Stephen Coty, Chief Security Evangelist at Alert Logic. "As more enterprise workloads have moved into cloud and hosted infrastructures, some traditional on-premises threats have followed them. This reinforces the necessity for enterprise-grade security solutions specifically designed to protect cloud environments".
Alert Logic also deployed honeypots in public cloud infrastructures around the world to observe attack types and frequencies. Interesting findings from this are that honeypots sited in Europe received four times the number of attacks of those in the US, and more worrying that 14 percent of the malware discovered was considered undetectable by 51 percent of the top antivirus vendors.
You can read more about the report and the deployment of honeypots on the Alert Logic website.
Image Credit: Oleksiy Mark / Shutterstock
Much of the buzz in the tech world at the moment surrounds the internet of things, the idea that every piece of electronic kit might one day be connected via the web.
There are plenty of benefits from this but it also presents a number of challenges. Home automation specialist Custom Controls has released an infographic showing what needs to happen for the internet of things to work.
These include improved standards which will mean that companies and developers will need to work together in order to ensure that their devices speak a common language to enable them to exchange information. Security is also important to prevent information leakage and to prevent hackers from interfering with your TV or your fridge.
Speed is a factor too, with more than 50 million devices predicted to be online by 2020 there will be a greater need for fast and reliable internet connections. There's also the issue of service as much of the world is still unable to access high speed internet.
You can read more about the problems and solutions presented by the internet of things on the Custom Controls blog and view the infographic below.
Image Credit: Black Jack / Shutterstock
Business intelligence is all about making dry figures accessible and useful to managers and others within an enterprise.
Canadian company Panorama Software is aiming to create a better data discovery solution with the launch of its new Necto 14 product. It allows users to explore, measure, track, and share critical data visually to gain knowledge, boost collaboration, and make smarter business decisions.
"The vast majority of business users consider current BI tools too complex and difficult to use. All types of people are demanding easy self-service access to more types of data, and a more intuitive way to represent and communicate their critical business metrics," says Eynav Azarya, CEO at Panorama Software. "Panorama Necto 14 offers a fresh new way for both business users and power users to review, present, and track data using context-specific visual images rather than confusing, complex graphs and reports".
Necto 14 produces infographics to present complex data in a clear and straightforward way. These are directly linked to the data and so can reflect changes in real time, making them ideal for applications like call center dashboards. They can also be used in self-service applications allowing staff to extract the data they need to do their jobs.
It offers what the company calls a 'single vision of truth' that lets users mash up data from various sources and collaborate throughout the decision making process. Other key features include a drag and drop user interface to simplify queries, a notification system to send alerts via email or dashboards and open database connectivity.
Necto 14 is available from today, for more information visit the Panorama website.
According to a new report by security company Black Lotus the average size of a DDoS attack in the first quarter of this year was 2.7 gigabits per second (Gbps).
But the company is warning that a new type of DrDoS (distributed reflected denial of service) attack will see the threat of 800 Gbps or more attacks in the next year to year and a half.
Reflected attacks send out requests to large numbers of machines using the address of the victim as the source, so that the target is flooded by replies. It's a bit like the spoofing of reply addresses in spam emails but on a larger scale.
The threat report, covering DDoS attack data between January 1 and March 31, 2014, shows that service providers have been heavily impacted by security threats, including SQL injection attacks, NTP DrDoS attacks, and most recently the Heartbleed bug. All of these threats have had a profound effect on the ability of service providers to operate safely and protect their customers.
Attackers have been using DrDoS methods to bypass the DDoS defenses of well-prepared companies by targeting upstream carriers. In January 2014, Black Lotus recorded several incidents in which tier 1 carriers in multiple US regions were saturated due to DrDoS attacks, resulting in packet loss rates as high as 35 percent even to customers that weren't themselves targeted by the attacks.
The biggest DDoS attack observed in the quarter was 421 Gbps and 122 million packets of data per second (Mpps). Some 19.5 percent of attacks observed were categorized as severe. More than 50 percent of those targeted individual applications, most commonly HTTP servers and domain name services.
"Historically, service providers have been able to operate without providing substantial security services to customers. That’s no longer viable, as threats proliferate and attackers find new ways to amplify the volume of their efforts," says Jeffrey Lyon, founder of Black Lotus. "To protect themselves and their customers, service providers must now also become security providers by offering integrated hosting and security services such as DDoS mitigation, intrusion defense, and incident response and remediation".
The full report is available to download from the Black Lotus website.
Photo Credit: Fabio Berti/Shutterstock
When Dell acquired SonicWALL in 2012 it was heralded as a significant step in providing greater security to the company's enterprise customers.
It's now announced a partnership with email encryption specialist DataMotion to allow users of SonicWALL email security to encrypt their sensitive emails and attachments.
The alliance will provide compliance-grade encryption capabilities for all emails and file attachments with just a simple mouse-click from within the Outlook client. The combined DataMotion-Dell SonicWALL solution helps prevent confidential data leaks and regulatory violations thanks to advanced compliance scanning, management and email encryption thus ensuring the secure exchange of email containing sensitive customer data or confidential information.
"We were very focused on partnering with a cloud-based email encryption solution that offered the best end-user experience on both desktop and mobile platforms. After evaluating the leading email encryption providers, it was clear that the DataMotion solution was the best choice for us," says Patrick Sweeney, executive director of product management at Dell. "Their encryption technology complements our existing email security portfolio very well, and the DataMotion team was really easy to work with and willing to accommodate our specific needs and requirements".
Encrypted email is now a legal requirement for some organizations in order to comply with privacy regulations like HIPAA (Health Insurance Portability and Accountability Act). The DataMotion platform allows Dell to offer its customers a powerful but easy to use, cloud-hosted service that can guard emails and attachments against data theft or accidental exposure.
"It is extremely satisfying to have our cloud-based email encryption technology recognized and adopted by a world leader in email security appliance solutions," says Bob Bales, CEO of DataMotion. "I am particularly pleased that Dell recognized not only our technical prowess, but also our agility and strength as an organization to support their offer worldwide. We are thrilled to be a part of the Dell Software partner family".
You can find out more about SonicWALL security products on the Dell website.
Image Credit: Pixel-3D / Shutterstock
The internet has been responsible for changing the way we go about many of the tasks in our day-to-day lives. Not least it has changed the way we shop.
Customer experience specialist Baynote has released a new infographic map showing the growth of e-commerce across the world.
Interesting highlights include the fact that in the US e-commerce is growing at four times the rate of retail and in China it grew by 51 percent in 2013. India's e-commerce market is expected to increase from $13 billion in 2013 to between $50 and $70 billion by 2020.
The graphic also highlights the hotspot cities that play host to major players in the e-commerce world. Seattle, home of Amazon, for example accounts for more that $61 billion in online sales. However, this is dwarfed by Hangzhou in China, home to the Alibaba site which manages more transactions than Amazon and eBay combined.
Another interesting trend is that 60 percent of E-commerce shoppers now use social network sites and tools in order to interact with brands showing that our online lives aren't neatly pigeon-holed.
Click on the image below to view the full size map and see how e-commerce is spreading across the globe.
Photo Credit: Nonnakrit/Shutterstock
Manufacturing businesses are always looking to improve the customer experience and enhance their marketing effectiveness.
In recent years this has meant moving from a product-centered model to a more customer-focused approach. To help with this process ERP specialist Oracle is launching a flexible industry-specific marketing tool in the form of Oracle Eloqua for Manufacturing.
The latest addition to the Oracle Marketing Cloud, this new product provides marketers with a full overview of the buying process including insights into customer behavior which ultimately results in higher quality sales leads.
Eloqua for Manufacturing also includes product registration capabilities that help deliver efficient product maintenance and subscription renewals and enable manufacturers to keep in touch with customers after they’ve made a purchase. This means there's a better chance of repeat business and retaining customers for the long term.
"Manufacturing organizations want to improve engagement with customers and prospects across digital channels so that they can gain better visibility into their sales pipeline and grow their businesses," says Steve Miranda, executive vice president, Oracle Applications Development. "With capabilities developed specifically for manufacturers including pre-built templates and leading business intelligence, Oracle Eloqua for Manufacturing helps manufacturers improve marketing effectiveness and drive revenue".
Key benefits include fast, accurate targeting, improved personalization from profiling interactions across social media as well as the sales process. Better lead management and more effective means of getting customers to register products and sign up to maintenance plans.
All of this means that customer data is more accessible to marketing teams and can be used to increase loyalty and generate additional leads. Because it's based in the cloud it also means mobile sales staff can access pre-approved content and templates for campaigns whilst on the move.
You can find out more about Eloqua for Manufacturing on the Oracle website.
Photo Credit: Jirsak/Shutterstock
In recent years the threats faced by both individuals and businesses have changed thanks to the adoption of new technologies like the cloud, a shift towards social engineering attacks, BYOD and more.
We spoke to Egemen Tas, vice president of engineering for leading certificate authority and security software provider Comodo to get his view on current threats.
BN: How has the threat landscape for PC users changed in recent years?
ET: In the last 15 years, just like everything else, there has been an evolution of cyber-threats. In the past, we used to deal with viruses designed for a variety of purposes, from those written to annoy people to viruses that allowed attackers to control PCs. Then came the worms that were designed to spread and inflict large-scale damage to victims' networks. Today, we are dealing with viruses that act as cyber-weapons and extortion tools. While the old threats still exist, an average PC user now has much more to worry about including: secure online banking and shopping, online extortion, social media privacy and pervasive third party surveillance.
BN: What are the risks posed by increased adoption of the cloud to store data?
ET: Simply put, users' data is a password away from anyone. Previously, physical access was required and now the cloud has changed this. For consumers, they may think that the data they store is only about the file they upload to services such as Dropbox, but in reality, they are putting a lot more data into the cloud. For example, social media is an indirect data storage medium and there are genuine privacy problems in this area.
BN: Is social engineering now a bigger risk than more 'traditional' malware attacks, are people always the weakest link in the security chain?
ET: People are now more connected than ever. So there are more channels to reach people and do social engineering. In the end, viruses need to propagate and social engineering through email (i.e. spamming) is an effective method. Users can stay protected by just following a few basic security practices such as recognizing executable files and not opening the ones coming as email attachments.
BN: How can businesses ensure that their security isn't compromised by BYOD?
ET: In terms of security, compliance and enterprise data protection are two major problems of the BYOD paradigm. Much of the research and innovation is now focusing on enabling BYOD users to access enterprise data securely. Most vendors, including Comodo are focusing on containerization of enterprise applications. These applications run inside a hardened container, which provides various security features such as, encrypted data storage and encrypted communication over the internet. Admins are then able to secure only enterprise data while enabling users to use their own devices to access mission critical company data. Mobile device and data management products can be used for this purpose.
BN: As Windows has become more secure are other systems like Apple and Linux at greater risk and is complacency a factor?
ET: Microsoft's trusted computing initiative has really made a significant difference in Windows' security. However, most modern malware is targeting Windows platforms due to the fact that Windows devices are pervasive. I do not see Apple approaching security in the way that Microsoft approaches it. Apple favors a closed platform approach, where only Apple-approved applications can run. Most people are under the impression that there are no viruses for Apple's platforms. For IOS, this is currently true. However, for MAC OS X, this is not true. I think that Apple needs to build partnerships with antivirus vendors to improve the security of their platforms.
BN: Will the recent Heartbleed OpenSSL bug make online businesses take security more seriously?
ET: It has to. Since this bug was revealed, the potential for its exploitation is very high. An attacker who can steal your private keys is just like a thief who has the keys to your publicly accessible safe. At Comodo, we have many SSL customers, and we are offering them free regeneration of their certificates if they want to do so. More information about the Heartbleed bug can be found on Comodo's blog.
Image Credit: watcharakun/Shutterstock
With tablets becoming more common in the workplace, the problem with normal models is they're not robust enough to cope with the demands of utility workers and field service operatives.
We saw Dell address this market a few weeks ago with a tough convertible system and now rugged systems specialist Getac is launching a new Windows 8 tablet specifically aimed at mobile field workers.
The Getac T800 has an 8.1-inch screen, is 24mm thick and weighs 0.88Kg. It uses a quad-core Intel N3530 2.16GHz processor and is designed to offer the toughness needed for mobile use without sacrificing power and performance. It has MIL-STD 810G and IP65 ratings, meaning the device can handle shock, drops and vibration to military grades while also being sealed against dust and water.
In addition it uses Getac's unique SnapBack expansion system which lets users add expansions to the T800 such as an extra battery, increasing the operational use to greater than 16 hours, or a 2-in-1 RFID and Smart Card Reader. The screen uses Lumibond, Getac's proprietary technology, that offers excellent touch control and sunlight readability without placing too much drain on the battery.
The T800 also provides a wide range of connectivity options. It can be configured with 4G LTE cellular data with an auto tunable 8-band antenna capable of quickly switching between bands. It also includes the latest 802.11ac Wi-Fi for data transfer speeds up to three times faster than 802.11n products. An optional SiRFstarIV GPS offers double search capacity, faster location positioning and improved accuracy.
Peter Molyneux, President of Getac UK says, "The T800 gives the best performance of any fully rugged Windows 8 tablet in the market today. Our customers have given us tremendous feedback on the T800's thin and light design, while offering high levels of integration and field performance. We always target to give our customers the latest in fully rugged computer technology with no compromise on performance, and again we feel confident we have achieved this in the T800".
You can find more information on the T800 on the Getac website.
In-app adverts provide a useful revenue stream for developers, allowing them to monetize what would otherwise be free products.
With Gartner predicting that over 94 percent of app downloads will be free by 2017, revenue from in-app ads is likely to become even more critical in the future.
Israel-based digital platform specialist ironSource has announced that in the two months since its launch in February of this year Stickeez, which uses the company's mobileCore native ad format, has boosted developer ad revenues by 20 percent.
Unlike other mobile advertising systems, Stickeez provides developers with a non-aggressive, ad delivery system that can integrate seamlessly with the look and feel of their app. It presents users with an engaging animation that displays mobileCore offers or other apps available to download once clicked.
"In today's predominantly free app market, developers need to find creative ways to monetize their product, but they also have to protect their user's in-app experience," says Itay Riemer, General Manager, mobileCore at ironSource. "Stickeez offers developers a highly-effective means of generating revenue without compromising on user experience".
Developers can choose images from a Stickeez gallery or incorporate their own characters. Currently mobileCore creates custom branded Stickeez for advertisers to promote specific apps, this customization capability will soon be rolled out for every developer using the format. Because it uses the existing mobileCore Developers Panel it also offers maximum flexibility.
"ironSource has always been committed to solving problems and providing solutions for software developers -- whatever platform they are working on," says Tomer Bar Zeev, CEO and Co-Founder. "Both Stickeez, and mobileCore in general, are designed to empower the developer to monetize more effectively so they can focus on the thing they do best -- developing great products".
For more information on Stickeez visit the mobileCore website.
Image Credit: Sergey Nivens / Shutterstock
Allowing employees to use their own mobile devices for work has led to a number of new challenges, particularly when it comes to keeping devices and data secure.
We talked to PJ Gupta, CEO of mobile security specialist Amtel about the risks BYOD presents to enterprises and what they can do to ensure they remain safe.
BN: Are businesses becoming more vulnerable as a result of implementing BYOD strategies?
PJG: This question is always asked whenever new technologies and paradigms are introduced into enterprise IT environments. Did networking make the enterprise vulnerable? Doesn’t Wi-Fi access to corporate data expose the company to security breach?
The short answer is, yes. Risks and vulnerabilities increase when you introduce external variables to a well-controlled system. When employees bring in their own mobile devices to work, the risks rise but the flexibility, efficiency and productivity gains from such technologies and initiatives make it worthwhile to embrace the advances and manage the risks.
BN: What are the risks presented by third-party apps on employee devices?
PJG: Typically, on a BYOD device, there may be platform apps, enterprise apps and public apps. Platform apps, widgets and tools come with the device from vendors such as Apple, Google, Samsung and major Carriers. Enterprise apps are created by your company or a trusted partner (an example may be Salesforce.com or Workday). Public apps are downloaded by the user from a public app store such as the Apple App Store or Google Play.
Despite efforts by Apple and Google, the sheer volume of public apps makes it very hard to verify that such apps do not bring security and data leakage risks to an enterprise. For example, using a personal Dropbox account to store corporate data can jeopardize data security. In addition, risks associated with uncontrolled use of social media, streaming and game apps can waste time, hit employee productivity and cause HR policy compliance headaches.
BN: In addition to protecting their networks, companies need to safeguard their intellectual property. What steps can they take to minimize the risks BYOD presents in this area?
PJG: Companies need to protect confidential data and intellectual property that may be stored on enterprise systems, applications and email. The key to protection is authentication of users, access control and encryption of confidential information.
Companies need to put password policies in place for strong authentication of users. Integrate with Active Directory and LDAP for managing access control to corporate email and applications. Adopt Single Sign On (SSO) and two-factor authentication for application access for simpler and better security. They should also make sure remote access via Wi-Fi or wide area networks is secured through virtual private network (VPN) technology.
In addition they can protect sensitive information by encrypting the data at rest and in transit (on the wire or wireless transport). Secure containers on BYOD devices themselves can be encrypted too. Putting in place data loss prevention policies such as remote location and selective wiping of mobile devices and data leak prevention that thwarts copy and paste to and from secure containers helps keep data safe.
BN: Does BYOD present additional problems when it comes to compliance?
PJG: Compliance is a thorny issue for BYOD. Security and compliance with regulations such as HIPAA, SOX and PCI require complete accountability, traceability and audit trails. On the other hand, BYOD is a personal device but the company’s privacy policy needs to be honored and Personally Identifiable Information (PII) needs to be protected. For example, regulatory compliance may require that you track a device at all times, but personal privacy mandates that you don’t track a device when the employee is not at work (either onsite or offsite).
The answer is a delicate balance between regulatory compliance and personal privacy. Perhaps GPS tracking can be forced on during work hours and become optional after hours as employees wish. Location based policies via geofencing technology will provide more flexibility in a BYOD environment. For example, public app access and device features such as camera and NFC can be restricted within work location boundaries, but can seamlessly be enabled outside.
BN: How can businesses minimize the risk of data leaks from devices that are lost, stolen or simply fall into someone else’s hands?
PJG: There are two prescriptions for loss prevention of corporate data if a device is lost or stolen. The first one is location tracking, remote locking, and selective or full wipe of the device. This can be accomplished so long as the device is managed with a mobile device management app installed.
The second imperative, as mentioned earlier, is to protect sensitive information by encrypting corporate data in a secure container on BYOD devices. Enterprise apps and mail server must share corporate information only in the secure container which can be automatically wiped when the user exits the enterprise app or corporate location (as determined by geofencing).
BN: What happens when employees move on to another role or leave the company altogether?
PJG: Again administrators can selectively wipe a corporate container on the device while leaving personal content intact. They can also manage credentials and access control with Active Directory (AD) integration so that access privileges are removed when AD is updated with an employee exit event.
A tricky aspect is when a sales rep, sales engineer or partner rep leaves the company. Company policy should ensure that third-party contact information is saved in company databases (such as Salesforce.com for example) not just on the individual’s BYOD device.
BN: Can BYOD ever work in a completely safe way?
PJG: BYOD can never be 100 percent safe. In business you take calculated risks for the sake of operating efficiency. BYOD brings clear benefits of flexibility and efficiency. BYOD risks can be managed to realize the benefits.
Image Credit: PlusONE / Shutterstock
The unveiling of the Heartbleed OpenSSL flaw this week has led to major ripples through the IT industry and the online community.
There has been all kinds of advice on offer about changing passwords -- but only after the site in question has been made safe. To be certain you're doing the right thing you therefore need to either check the site yourself or wait for some official confirmation that it's been patched.
But if you wait for a prompt you then, of course, need to avoid the inevitable raft of phishing emails trying to trick you into giving away your password on fake sites.
To make life a bit easier, VPN specialist IVPN.net has released an infographic showing which major sites have been affected, which ones have been patched and whether you need to change your password.
With all of the information flying around at the moment this is a handy way of cutting through the confusion.
Image Credit: Spartak/Shutterstock
Business IT is increasingly expected to operate on a 24/7 basis which means that system admins need fast access to information should anything go wrong, whether it’s a security incident or a system failure.
Enterprise mobile specialist OpenMarket has launched a suite of solutions aimed at helping to ensure continuity, security and improve support management.
OpenMarket's Mobile Engagement Platform enables enterprise IT and security leaders to develop and customize a variety of mobile messaging services to meet their business needs. This includes messaging for network and system outage alerts and emergency notifications, escalation alerts for support tickets, and security messages including two-factor authentication, fraud alerts and password change reminders.
Jay Emmet, General Manager at OpenMarket says, "By deploying a flexible and customizable mobile engagement platform, enterprises can implement cost-effective mobile messaging solutions that support IT and security needs, plus a wide variety of other functional use cases across the entire organization".
Mobile is the most effective means of delivering mission critical messages as, according to OpenMarket, research shows that over 90 percent of text messages are read within three minutes of receipt.
The OpenMarket Mobile Engagement Platform is a SaaS-based solution, allowing enterprises to easily create and deploy messaging solutions. It can be accessed via a web-based GUI or directly via service APIs.
You can get more information on OpenMarket’s Mobile Engagement Platform and SMS solutions on the company's website.
Image Credit: Sergey Nivens / Shutterstock
Yesterday the IT world went a little bit crazy over the disclosure of the Heartbleed bug and the chance that encrypted information could potentially be intercepted by hackers.
We know that some big sites, notably Yahoo, have been exposed and Google was quick to apply the necessary patches to its servers. If you’re still worried, a number of sites have sprung up allowing you to check if a site has been patched -- thanks to Bob Grant on the comments thread to yesterday’s story for highlighting that one.
Since then some sites have been sending out emails advising users to change their passwords and a raft of experts have been urging the same thing.
But let's take a step back for a second. Heartbleed has been around for two years, so if your information was going to leak there’s a good chance it would have happened already. Also the disclosure of the bug seems to have been done in a very measured way, as neatly satirized on Twitter:
☑ register [t.co] domain ☑ get custom graphic designed ☐ disclose to distros in advance ☑ disclose to public Priorities
— keyist (@keyist) April 8, 2014
The problem is that Heartbleed doesn’t leave a trace, so there’s no way anyone -- other than the bad guys -- knows whether anything has been stolen or not. And because it's a problem on the server there's little you as a user can do about it, except stay offline. This also means that as far as the end user is concerned it's operating system agnostic too, it doesn't matter whether you’re using Windows, OS X, iOS or Android, your data is equally vulnerable.
What then is an end user to do? The first thing is not to panic, this doesn’t affect every single website. In fact for once Microsoft comes up smelling of roses because its Internet Information Services (IIS) server software doesn't use OpenSSL.
Codenomicon which broke the news of the bug reckons that around 66 percent of sites do rely on open source servers that run OpenSSL and are therefore potentially at risk. Even then some of these sites will have used the Perfect Forward Secrecy feature that will have limited how much data could be exposed.
If you feel the need to do something then changing your password isn't a bad idea, it's something you should do occasionally anyway -- though most of us don't -- but do check that the site has been patched first otherwise you're just giving the new password away.
However, this isn't like other recent high profile breaches where lists of stolen data have been posted online. Yes there's a moderate risk that your passwords may have been compromised but you don't need to rush off and start resetting the passwords on every site you use. By all means change them next time you log in, but don't let Heartbleed ruin your day.
Image Credit: happydancing / Shutterstock
Cloud-based business planning specialist Anaplan has launched a new territory planning and quota management tool on the Salesforce1 App Exchange.
Anaplan provides real-time analytics, allowing sales managers to adjust their planning to produce better results.
"Top performing companies such as HP and McAfee are already using the Anaplan platform to optimize sales processes and drive revenue and margin improvements," says Fred Laluyaux, CEO, Anaplan. "With the Salesforce1 AppExchange, we are putting the game-changing capabilities of the Anaplan platform into the hands of more users, and we are getting closer to salesforce.com’s world-class enterprise cloud computing ecosystem".
The application gets continuous updates from Salesforce so that plans can be constantly optimized and updated based on the latest information. This results in a 'living plan' where each member of the sales organization has a tailored view of their activities.
Frontline sales reps, district managers, and higher levels of management can see which accounts make up their patch and what the account level targets are by product and service lines. Using Anaplan’s HyperBlock planning intelligence system teams can explore 'what if' scenarios and understand the impact of changes and disruption.
Key features on offer include account segmentation, division of sales territories, capacity planning and quota management.
"Companies are looking to transform the way they connect with customers, partners and employees to thrive in the today’s connected world," Ron Huddleston, senior vice president, Global AppExchange & Partner Program at salesforce.com says. "By leveraging the power of the Salesforce1 Customer Platform, Anaplan provides customers with the proven social, mobile and connected cloud technologies to accelerate business success".
Planning and quota management is available now on the Salesforce1 App Exchange.
Image Credit: EDHAR / Shutterstock
If all of your system adminstrator friends are looking worried today it isn't the usual post Patch Tuesday blues, it's because of a bug in something that you may never have heard of, but which almost certainly affects your everyday use of the web.
OpenSSL is a cryptographic library that is used to secure large chunks of the internet. If you use sites or apps that send and receive encrypted data then it’s very likely they use OpenSSL to do it. It's used by open source web servers like Apache as well as by mail protocols including SMTP, POP and IMAP.
Thanks to a bug uncovered by Google Security that researchers are calling "Heartbleed" it's possible to fool OpenSSL systems into revealing part of the data in their system memories. This might be things like credit card transactions but it’s potentially even more serious than that.
Security specialist Graham Cluley writing on his blog says, "...it could also disclose the secret SSL keys themselves. These are the 'crown jewels', and could be used by malicious hackers to do even more damage, without leaving a trace".
If you want a detailed look at the flaw and how hackers may be able to exploit it, Elastica's CTO Dr Zulfikar Ramzan has posted a detailed walkthrough on his company's website. He stresses that the flaw is not inherent in the SSL/TLS protocol itself but in the specific OpenSSL implementation.
Finnish security specialist Codenomicon has a Heartbleed website with details of the bug and which lists vulnerable versions. It also lists operating systems that have shipped with potentially vulnerable OpenSSL versions, these include major Linux distros like Debian and Ubuntu.
It advises that site admins need to update to OpenSSL 1.0.1g immediately, and regenerate private keys. If an update to the latest version of OpenSSL isn’t possible it advises developers to recompile OpenSSL with the compile time option OPENSSL_NO_HEARTBEATS.
The bug has been in OpenSSL since December 2011 though it was only publicly announced yesterday. Whilst it isn’t known if it’s been exploited in the wild, Heartbleed leaves no trace in the server’s logs so it’s hard to know if a system has been compromised. The official security advisory is available here.
Image Credit: Linda Parton / Shutterstock
Cybercriminals are increasingly plotting for longer to pull off big heists rather than carrying out quick hits for smaller rewards.
Symantec's latest Internet Security Threat Report shows a significant shift in criminal behaviour as some of the most damaging attacks in history were carried out in the last year.
The report shows that in 2013, there was a 62 percent increase in the number of data breaches from the previous year, resulting in more than 552 million identities being exposed.
"One mega breach can be worth 50 smaller attacks," says Kevin Haley, director of Symantec Security Response. "While the level of sophistication continues to grow among attackers, what was surprising last year was their willingness to be a lot more patient -- waiting to strike until the reward is bigger and better".
The report notes that each of the top eight security breaches in 2013 resulted in the loss of tens of millions of records, where in the previous year only a single breach reached that level. Also targeted attacks increased by 91 percent and lasted an average of three times as long compared to 2012.
Interestingly personal assistants and those working in public relations were the two most targeted professions as cybercriminals see them as a stepping stone toward higher-profile targets like celebrities or business executives.
"Nothing breeds success like success -- especially if you're a cybercriminal," adds Haley. "The potential for huge paydays means large-scale attacks are here to stay. Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture".
You can find the full 2014 Internet Security Threat Report on the Symantec website. More information on mega breaches and how you can protect yourself and your business is in the infographic below.
Image Credit: zimmytws/Shutterstock
Only a couple of days ago we reported on the CryptoDefense ransomware conveniently leaving behind its decryption key.
But today Stu Sjouwerman CEO of security training specialist KnowBe4 is warning that, flawed though it is, CryptoDefense represents a serious threat.
The ransomware targets text, pictures, video, PDF and Office files and encrypts these with a strong RSA-2048 key which is hard to undo. It also wipes out Shadow Copies which are used by many backup programs. This gives it the potential to cause major, major problems.
The cybercriminals behind CryptoDefense charge $500 in BitCoins to unlock the system, increased to $1,000 if you fail to pay up within the first four days.
"There is furious competition between cybergangs," says Sjouwerman. "They did their test-marketing in countries like the UK, Canada and Australia and are now targeting the US. CryptoDefense doesn't seem to be a derivative of CryptoLocker as the code is completely different, confirming this is a competing criminal gang".
The malware at first installed through programs that pretended to be flash updates or video players needed to view online footage. It has since moved on to a variety of different phishing attacks in the form of emails with a zip file directing recipients to "open the attached document" which was supposed to have been "scanned and sent to you".
"It is obvious that this is a social engineering ploy and that effective security awareness training will prevent someone from opening these infected attachments when they make it through the filters (which they regularly do)," says Sjouwerman. "Once infected, the only way to fix this relatively fast is to make sure you have a recent backup of the files which actually can be restored. Even then, it can take several hours to restore the data".
Sjouwerman also points out that the flaw which left behind CryptoLocker’s key has almost certainly been fixed by now. You can find out more about how to avoid getting caught by ransomware on the KnowBe4 website.
Image Credit: Carlos Amarillo / Shutterstock
If you use Microsoft System Center Configuration Manager (SCCM) you're probably aware that support for the 2007 version ends in July.
In response to this, systems management specialist Adaptiva is launching a Content Push Policy to its OneSite product, aimed at simplifying and cutting the costs of migration to SCCM 2012. It will also allow newcomers to SCCM to deploy the package more quickly.
"With the end of life for SCCM 2007 nearing, it’s imperative for companies to make the move to SCCM 2012," says Deepak Kumar, founder and CTO of Adaptiva. "System migration involves a lot of data. Content Push Policy simplifies and speeds migration, in most cases by orders of magnitude. It also substantially accelerates new SCCM 2012 installations".
OneSite does away with the need for SCCM servers at remote locations by aggregating spare processor and disk capacity into virtual servers. Benefits of the Content Push policy include, easily switching clients to a new environment, allowing software to be downloaded, unpacked and distributed outside SCCM, and an Office Push feature that automatically selects the most suitable machines for content delivery.
Using Adaptiva's OneSite feature admins can also benefit from predictive bandwidth harvesting (PBH). This looks at when the WAN will be congested and sends data only when it won't interfere with other business-critical traffic. Content already cached at operating locations in the 2007 environment will remain in the 2012 environment, avoiding massive "re-downloading" and so reducing WAN traffic. Users also benefit from an intelligent virtual storage area network (SAN) at each location, without requiring new disk capacity or taking up disk space from end users.
More information on OneSite and SCCM migration is available on the Adaptiva website.
Photo Credit: RAJ CREATIONZS/Shutterstock
As computers become essential tools for more and more jobs they often need to work in harsh environments that would damage a conventional machine.
Dell is launching two new Latitude Rugged Extreme systems that are purpose-built to withstand hazards such as dust, moisture, drops, vibration, extreme temperatures and other punishing conditions faced by users in fields such as military service, public safety, manufacturing and first response.
The Latitude 12 Rugged Extreme is the industry's first fully rugged convertible notebook that easily transforms into a tablet, the Latitude 14 Rugged Extreme is a notebook that's built for demanding conditions.
"With new ground-up design and industry-first innovations, the Latitude 12 and 14 Rugged Extreme mark the beginning of a renewed and expanded commitment by Dell to the rugged space," says Kirk Schell, former officer in the United States Navy and vice president, commercial PCs, client solutions group at Dell. "The Rugged Extreme line is backed by the Latitude promise of reliable, secure and manageable commercial PCs and can move easily from the boardroom to the battlefield or wherever the job takes you -- an assurance unmatched by the competition".
The machines are built using impact-resistant polymers and sturdy magnesium alloy. Data is protected from the elements with sealed doors and compression gaskets while enabling performance at high temperatures with fourth-generation QuadCool thermal management.
Both systems feature a Direct-View outdoor display that's designed to be readable in bright sunlight and reduces reliance on backlighting to prolong battery life. Resistive multi-touch on the Latitude 12 means it can be used even when wearing gloves. A sealed backlit keyboard allows work in low lighting conditions.
Each offers up to 16GB of RAM and 512GB of solid-state storage. There's also a full HD webcam with a privacy shutter and the Latitude 12 features an eight megapixel bottom camera with flash.
Prices for the Latitude 12 Rugged Extreme convertible notebook start at $3,649 and it will be available from May 6. The Latitude 14 Rugged Extreme begins at $3,499 and will go on sale in mid-May.
Use of the cloud is close to becoming universal as enterprises increase their adoption of both private and public services.
This is one of the main findings of the 2014 State of the Cloud report released today by RightScale. It also finds that as cloud use matures security concerns lessen and attention increasingly shifts to managing the ongoing challenges of compliance, cost management, and performance.
"Enterprises are adopting cloud computing in record numbers and have leveraged growing experience to overcome many of the early challenges including security," says Michael Crandell, founder and CEO of RightScale. "Large enterprises are complex and understandably deliberate in cloud adoption, yet with increased adoption they continue to unlock more value".
RightScale surveyed more than 1,000 IT executives and found that 94 percent of organizations asked are running SaaS applications or experimenting with infrastructure-as-a-service. 87 percent of organizations are using public cloud services.
As companies come of age in their understanding of the cloud they deploy more and different uses. Test and development applications top the list, with more than 85 percent of cloud-focused companies deploying them in the cloud. Customer web apps and internal web apps follow, however social apps have seen fewer cloud deployments at 18 percent, down from 23 in last year's report.
A number of respondents report significant benefits from their cloud usage, these include improved availability and better geographic reach as well as cost savings. Respondents in more cloud focused organizations report that issues require ongoing attention -- compliance, cost and performance -- have become more important than security worries.
Looking ahead, many enterprises see hybrid and multi-cloud implementations as their goal. 74 percent of enterprise respondents say they have a multi-cloud strategy, and 48 percent are planning for hybrid clouds. In addition, 15 percent of enterprises expect to use multiple public clouds, and 11 percent are planning for multiple private clouds. Companies are also embracing DevOps to enable faster production of software as well as moving towards self-service IT.
The report also notes growing competition in the public cloud space. Amazon Web Services continues to dominate on 54 percent but offerings from Google and Microsoft are gaining the interest of cloud users, with Azure leading among enterprises and Google Cloud Platform among small and medium organizations. Rackspace Public Cloud is second within the SMB segment.
In private clouds OpenStack looks set to knock VMware off the top slot whilst Microsoft System Center is a strong third among enterprise users.
The survey provides an interesting overview of how cloud usage is changing as the technology matures and enterprises learn how to make it work for their needs. If you want to read more the full report is available to download from the RightScale website.
Photo Credit: everything possible / Shutterstock
DNS software specialist Nominum has revealed that DNS-based DDoS amplification attacks have significantly increased in the recent months, targeting vulnerable home routers worldwide.
The research reveals that more than 24 million home routers have open DNS proxies which potentially expose ISPs to DNS-based DDoS attacks.
In February of this year more than 5 million of these routers were used to generate attack traffic. DNS is the most popular protocol for launching amplification attacks and during an attack in January more than 70 percent of total DNS traffic on one provider’s network was associated with amplification.
The attraction for the attacker is that DNS amplification requires little skill or effort but can cause major damage. Using home routers helps mask the attack target making it harder for ISPs to trace the ultimate recipient of the waves of amplified traffic. The amount of amplified traffic can amount to trillions of bytes every day, disrupting networks, websites and individuals and leading to additional costs.
"Existing in-place DDoS defenses do not work against today’s amplification attacks, which can be launched by any criminal who wants to achieve maximum damage with minimum effort," says Sanjay Kapoor, CMO and SVP of Strategy at Nominum. "Even if ISPs employ best practices to protect their networks, they can still become victims, thanks to the inherent vulnerability in open DNS proxies".
To address the gap in defenses Nominum has launched its Vantio ThreatAvert product to enable ISPs to neutralize attack traffic.
Kapoor says, "ISPs today need more effective protections built-in to DNS servers. Modern DNS servers can precisely target attack traffic without impacting any legitimate DNS traffic. ThreatAvert combined with 'best in class' GIX portfolio overcomes gaps in DDoS defenses, enabling ISPs to constantly adapt as attackers change their exploits, and precision policies surgically remove malicious traffic".
More information about amplification attacks and Nominum's solution can be found on the company's website.
Image Credit: Georgii Shipin / Shutterstock
Locking up a user's PC and demanding a payment to release it has proved very profitable for the cyber crime community.
So much so that malware authors have been turning their hand to new variants. Security software specialist Symantec has been taking a closer look at one such, the CryptoDefense trojan that it first detected in February.
Symantec estimates that CryptoDefense has earned its creators some $34,000 in its first month and describes it on its official blog as, "...a sophisticated hybrid design incorporating a number of effective techniques previously used by other ransomcrypt malware authors to extort money from victims".
CryptoDefense locks up user's data with a 2048-bit RSA key. The private key needed to decrypt the content is then sent back to the attacker's server until the ransom is paid. However, the program's developers seem to have overlooked the fact that the key is also left in a file folder on the victim's machine. Symantec says, "...the malware author's poor implementation of the cryptographic functionality has left their hostages with the key to their own escape". It’s rather like the jailer leaving the key to your cell on a hook just next to the bars.
The malware is being distributed in spammed emails as an attached zip file. Symantec says it has blocked over 11,000 CryptoDefense infections in more than 100 countries since its discovery, the majority in the US.
It is of course unlikely that if you'd fallen victim to this infection you'd have the technical ability needed to take advantage of the flaw to disable it. Still, it's nice to know that sometimes the malware writers make mistakes.
Image Credit: albund / Shutterstock
Deceiving the user into downloading and installing malicious software is one of the most common ways of attacking endpoint systems.
A good web browser can be an effective aid in blocking these social engineering attempts and the latest research from NSS Labs looks at the leading contenders plus three browsers from China to see how good they are at keeping you safe.
The eight browsers on trial are: Apple Safari, Google Chrome, Kingsoft Liebao, Microsoft Internet Explorer, Mozilla Firefox, Opera, Qihoo 360 Safe Browser, and Sogou Explorer. NSS tested their ability to block socially engineered malware based on over 650 samples captured over 14 days in the company's live testing.
The clear winner is Microsoft's Internet Explorer which successfully blocked 99.9 percent of the malware included in the test. Both it and Chrome -- which blocked 70.7 percent -- use a combination of URL filtering and application reputation technology to provide content agnostic malware protection (CAMP).
Splitting the two is the Chinese Liebao Browser which, despite its lack of CAMP technology, managed to block 85.1 percent of the test samples. Liebao pulls off this trick by using the same cloud-based file scanner as Kingsoft Antivirus. Another Chinese browser, Sogou Explorer, comes fourth on 60.1 percent.
Thereafter it's a fairly sorry tale, with Opera on a 28.8 percent block rate followed by 360 Safe Browser on 6.3, Firefox on 4.2 and Safari on just 4.1 percent.
"Selecting a browser with robust socially engineered malware protection is one of the most critical choices consumers and enterprises can make to protect themselves. Microsoft’s SmartScreen Application Reputation technology continues to provide Internet Explorer the most effective protection against socially engineered malware," says Randy Abrams, Research Director at NSS Labs. "This year NSS added three browsers from China. The Kingsoft Liebao browser displaced Chrome from second place by using a combination of URL filtering with the cloud-based file scanning technology that Kingsoft uses for their antivirus product. Sogou Explorer, another browser from China, was the only other tested browser to exceed 50 percent protection against socially engineered malware. Firefox and Safari failed to achieve 5 percent effectiveness and leave less technical users at considerable risk".
So, what have we learned from all this? It seems that if you want to stay safe from socially engineered malware you need to use Internet Explorer, or maybe move to China. NSS recommends that for maximum protection users should learn to identify SEM attacks and exercise caution in clicking and sharing links.
The full report is available to download on the NSS Labs website.
Photo Credit: Lasse Kristensen/Shutterstock
It's sometimes said that big data is like teenage sex, everyone talks about it but few are actually doing it. To which you could add that those who are doing it aren't really sure if they’re getting it right.
In an effort to find out how big data is being used in the real world, we spoke to the heads of three startup companies which are employing it in unique ways to pursue specific business opportunities.
Qbox
BN: Introduce yourself and your company.
MB: I am Mark Brandon, CEO and Co-Founder of StackSearch, the proprietors of the Qbox.io Hosted Elasticsearch platform. We help customers store, process, analyze, search, filter, and otherwise make meaning of their large data sets. I am passionate about data and IT because more often than not, it is felicity with data that has separated the winners from the losers over the last 30-40 years. I love helping customers get the edge, or to catch up. It's an arms race, and it's exciting.
BN: How are the tools you offer different from other options available? What backend sources do your tools have in common?
MB: Qbox provides hosted instances that can be spun up in the cloud over a dozen data centers across the globe, whereas our competitors usually offer 1-3. We have 4 officially trained Elasticsearch developers on staff, and of course, like to think our support is better too. Though I won’t badmouth our competitors here since I have never provisioned an instance from them. Technologically, Qbox does not have a "noisy neighbor" problem brought about by a container-based deployment. Elasticsearch is a technology where a bulk indexing can completely hoover up available RAM and even if you spin up resources immediately, there will be a lag of a few minutes where your customers will have an awful experience. We learned this the hard way. The container-based deployments are in a shared environment. Our resources are dedicated.
We use NGINX web server. Our site was built in Ruby on Rails with Bootstrap. The provisioning library and deployment scripts are a combination of chef, vagrant, and some from-scratch code. When we build front-end experiences for clients, and with our demos, we will often use AngularJS.
BN: What's the most unique application of your services you've come across so far?
MB: We liked a StackOverflow application that was built a little while back. We bought it and put it up on our site as a demo. The application processes in real time over 17 million tags on StackOverflow, allowing users to see trends on particular topics. For example, you should put the tag "elasticsearch" in the search box, see the trends, see the popular questions, the top answerers, and the top questioners. Then, compare Elasticsearch to the incumbent technology "Solr" that it is quickly eclipsing (the pun is fully intended).
BN: Is big data a good catch-all for what you're actually working in? What are some myths/misconceptions that you’d like to see clarified?
MB: What Mongolab is for MongoDB, Cloudant is for CouchDB, RedisToGo is for Redis, we are to Elasticsearch -- providing managed and hosted instances of the popular open source data exploration and analytics platform. We are working in big data. Elasticsearch is a technology for users whose data set and processing needs require more than 1 server (a "cluster").
MineWhat
BN: Introduce yourself and your company.
JG: I'm Janakram Ganesan, CEO and Co-Founder of MineWhat. I am a dreamer. A few years back, the grind, the routine, the same old work, food and sleep cycle finally got to me. I decided I wanted to make a difference in people's life so I chose entrepreneurship. My interest in data came about during the eCommerce boom around 2010. Focusing on ecommerce, MineWhat uses big data analytics to turn visitors into customers. The company offers an easy to navigate solution for ecommerce operators so that they can get precise information about their visitors. Gathering information like what products sell best in different regions and even how a competitor is doing, it offers actionable predictions that can be used to increase overall sales.
BN: How are the tools you offer different from other options available? What backend sources do your tools have in common?
JG: As far as backend sources go, our data collection method is quite similar to most other current analytical tools. We collect data with an asynchronous JavaScript tag, customers insert this tag into their web page code and the tag then sends data to our servers. For data processing our multi-tenanted architecture stores each customer's data on Cassandra and MongoDB clusters independently. Currently our servers are hosted in AWS, but we've been considering installing location specific data servers in the EU/APAC regions so we can reduce the response time for our collection scripts.
Our system is built so that most actions on the user end are automated. Most analytical tools require the users to write extra code to track any events. An example of this would be if you were to track an in-page dynamic element. On most tools today, you would have to write custom code for that. On MineWhat, this is bypassed. The major differences lie in what we do with the data next. Other tools help with finding out what happened, we help with understanding why.
Say I run an online store and I have to make a decision on how to spread my marketing budget across a few ad platforms (FB, Google, twitter). What web analytics will give me is how much revenue each of these generate. While I can make a decision based on that alone, the decision would be quite uninformed because I don’t know the "why" of it all -- did the Facebook shoppers see something that didn't appeal to their casual intentions?. I also don’t know what I need to do next -- which products should I display to FB shoppers?
That’s where we fit in.
BN: What's the most unique application of your services you've come across so far?
JG: Oddly enough, we hear our collaboration feature has helped set up a few dinner dates. One thing we quite hoped for, but weren't sure would happen, was to see the product being used by more than just analysts. We’ve been seeing category managers and the like creating their own custom dashboards to stay on top of their tasks.
BN: Is big data a good catch-all for what you’re actually working in? What are some myths/misconceptions that you'd like to see clarified?
JG: Mining big data is like a never ending search for hidden gold, and that's all it usually ends up being without a good way to interpret what you find. An ecommerce domain will need to take a very different approach than a finance one to get any real value from big data. We've found that vertically focused analysis is the key to derive insights out of huge volumes of data.
Info Assembly
BN: Introduce yourself and your company.
AG: I am Aditya Goel, Co-Founder of Info Assembly, an intended data discovery platform focusing on market and investment research. InfoAssembly takes both structured and unstructured data to give investors better insights on emerging market trends. An investment researcher would traditionally have to spend valuable time making sense out of mountains of unstructured information like government filings, media reports, blogs and social data. With InfoAssembly they can easily filter out unreliable information and quickly graph trends to determine the best investment opportunities.
BN: How are the tools you offer different from other options available? What backend sources do your tools have in common?
AG: Info Assembly offers a context aware visual search and analysis platform with an intuitive interactive visualization that quickly connects and identifies people, organizations, locations and high level themes and topics in thousands of documents. We aim to speed up the research process through the right mix of machine learning and user interaction experiences so that the end user can get an overview quickly and dig deeper in an interactive manner.
We use D3.JS, one of the most robust and flexible rich JavaScript based frameworks for visualizations. Our backend is run on Stanford NLP and other open source machine learning framework in Java and Python. Our Server side application in Node.JS ties up well with Angular.JS as our front end framework. Also we use Elastic Search for free text search
BN: What's the most unique application of your services you've come across so far?
AG: The most unique application of Info Assembly is how an investment analyst was able to quickly come up with over 50 investment ideas by just pushing in over 40,000 news articles on the global macroeconomics and consumer packaging goods sector. We're working to make the experience much smoother and so we can validate these ideas a lot faster.
BN: Is big data a good catch-all for what you’re actually working in? What are some myths/misconceptions that you'd like to see clarified?
AG: The biggest misconception is that you can plug in lots of information and big data just happens like magic. The most important step in any big data/machine learning application is to get clean data input in the right format. The primary effort and a lot of success depends on pre-processing. Remember that a smaller amount of data with better quality is always better than "just more data". A really good data scientist is one who knows how to pre-process the data first.
Image credit: David Gaylor /Shutterstock
In the post-Snowden world it's hardly surprising that many people believe that their every online move is being watched.
A new global poll carried out by GlobeScan on behalf of the BBC World Service reveals just how widespread these feelings are. Having polled over 17,000 people across 17 countries it finds that 52 percent believe the internet is an unsafe place to express opinions.
However, while one in two are wary of expressing opinion, 67 percent say the internet brings them greater freedom. Government surveillance is a major worry though with 36 percent saying they don't feel free from it.
Broken down by country 54 percent of Americans and 51 percent of Germans say they don't feel free of government surveillance. This contrasts sharply with China where 76 percent say they feel free of surveillance. Majorities in Russia (61 percent) and Indonesia (69 percent) also say they feel free of government snooping.
The poll also looked at media freedom, finding that the number of people who believe that their country's media was, "free to report the news accurately, truthfully and without undue bias" has dropped by around a third over the last seven years. In the US and UK a minority of respondents now believe their media is free compared to a majority in 2007.
"The poll suggests that two of the underpinnings of modern democracies are at risk -- a media seen as free and fair; and an internet safe for the free expression of views." says GlobeScan Chairman, Doug Miller. "The results also suggest that many of the personal freedoms that Western democracies have championed in the world are actually fairly well established in the minds of citizens across these particular 17 countries. Ironically, it is in some of these very democracies where citizens give relatively poor ratings of some freedoms".
Polling was carried out face-to-face or by phone between December 2013 and February 2014 in the following countries: Australia, Canada, China, France, Germany, India, Indonesia, Kenya, Mexico, Nigeria, Pakistan, Peru, Russia, South Korea, Spain, the UK, and the USA. The results have been released as part of the BBC's Freedom 2014 event which looks at what freedom means in the modern world.
If you feel safe to express your views on these results the comments thread below is available for your use.
Image Credit: Andrea Danti / Shutterstock
Moving data to the cloud and running software as a service can make businesses complacent about backup as they feel their data is already safe with their provider.
However, a recent report by Forrester warns that organizations relying on cloud services may be at risk, "SaaS is an increasingly popular method of deploying new services, but many organizations don't realize that they could be at risk of losing critical data. Many SaaS providers will not restore lost data for users or will only do so for an exorbitant fee".
Leading backup provider Backupify already supports Google Apps, Salesforce.com, PipelineDeals, and Smartsheet. It's using World Backup Day to announce that in 2014 it's set to add 13 other cloud services to its platform by the year end. Slated for release this year are cloud-to-cloud backup solutions for Box, Dropbox, Netsuite, GitHub, Zendesk, Concur, ServiceNow, JIRA, Workday, Asana, Egnyte, Office 365 and Basecamp.
The company also has a set of open APIs allowing developers to create backups for other cloud applications quickly and easily.
"We know companies are rapidly moving to the cloud and migrating critical company information into cloud applications," says Rob May, CEO of Backupify. "With that exponential growth, customers are increasingly thinking less in terms of any one single application -- they want a 'single pane of glass' in order to more efficiently and effectively protect all their data across a growing number of different applications. We’re responding to our customer’s needs by taking a more integrated approach to managing their data".
Backupify will allow companies to log in to a single platform to backup and manage the data they store across multiple SaaS applications.
You can get more information, sign up for a free trial and download the full Forrester report on the Backupify website.
Image Credit: Lightspring / Shutterstock
Although you weren't ever likely to be the subject of a dawn raid from the Sweeney for doing it, until now it has been illegal under UK copyright law to make copies of digital media.
From this summer though the government is changing the current legislation so that you'll be able to transfer music to your MP3 player or make backup copies of your movies without any risk of getting your collar felt.
In a guidance document for consumers released yesterday the Intellectual Property Office says, "Copyright law is being changed to allow you to make personal copies of media (CDs, ebooks etc) you have bought, for private purposes such as format shifting or backup". It goes on, "You will be permitted to make personal copies to any device that you own, or a personal online storage medium, such as a private cloud. However, it will be illegal to give other people access to the copies you have made, including, for example, by allowing a friend to access your personal cloud storage".
The government doesn't expect copyright holders to suffer significant harm from these changes, though they could generate extra revenue for technology companies such as those offering cloud storage.
At the same time new rules on "fair dealing" are being introduced to allow quotations and extracts to be used more widely. Currently quoting without permission is only allowed for criticism, review or news reporting. These provisions will also make it easier to use material for parody or pastiche without needing to gain permission from the rights holder.
The changes will come into force in June, so you still have a couple of months to enjoy the frisson that comes with an illegal rip.
Image Credit: Marcos Mesa Sam Wordley / Shutterstock
Keeping systems secure is more difficult than it was a year ago and this is partly down to human error. So says a new study by security awareness company KnowBe4.
The rise of ransomware, the adoption of BYOD, and rapid changes in technology all make it harder for enterprises to guard against threats both inside and outside the organization.
The study, carried out among IT managers, finds that 51 percent of respondents are finding security harder to maintain now than a year ago while 40 percent find it's about the same. Less than 10 percent say are finding it easier.
Many of the risks come from human error. BYOD in particular is more difficult for IT managers to monitor and secure. User smartphones, tablets and laptops can create potential for undetected entry to a corporate network. "The human factor is a leading source of security threats for today’s IT Manager," says Stu Sjouwerman, CEO and Founder of KnowBe4. He advises, "To maintain security, every company should adopt the 'defense-in-depth' strategy and create a strong first layer that includes up-to-date security policies, procedures and security awareness training as this affects every aspect of an organization's security profile".
In the government sector, insider threats are seen as nearly as great a problem as external ones. In the survey 53 percent of defense IT pros named careless and untrained insiders as their top security threat. KnowBe4's study shows 60 percent of IT Managers are looking to Security Awareness Training to help solve security issues in addition to using it to support compliance.
Sjouwerman stresses how important it is to educate employees to recognize potential network security threats, "Cybercriminals are constantly devising cunning new ways to trick users into clicking their phishing links or opening infected attachments".
KnowBe4 offers a free test for companies to see what percentage of their employees are susceptible to phishing attacks.
Image Credit: Robert Kneschke / Shutterstock
New research by website security specialist Incapsula looks at the impact of DDoS traffic on the internet with data collected over a five month period looking at over 154 million DDoS bot sessions.
It reveals some startling statistics, the main one being that at the application level DDoS bot traffic is up by 240 percent. More than 25 percent of all botnets are located in India, China and Iran, whilst the US ranks fifth in the top ten attacking countries.
The attack landscape is interesting too. 29.9 percent of DDoS bots can execute JavaScript and 40 percent of botnets attack more than 50 targets per month.
At network level, large scale SYN floods account for over half (51.5 percent) of all attacks and almost 81 percent of attacks are multi-vector threats.
The results show a shift towards so called "hit and run" attacks, relying on short bursts of traffic at frequent intervals, designed to exploit vulnerabilities in protection systems. The growth in multi-vector attacks is also being used to create "smokescreens" where one attack creates noise to divert attention away from the main vector. The first part of 2014 has also shown a rise in NTP (Network Time Protocol) amplification attacks which in February became the most commonly used method of large scale DDoS attack.
Whilst the volume of attacks is increasing, DDoS bots are becoming more sophisticated too. In the fourth quarter of 2013, Incapsula reported the first encounter with browser-based DDoS bots that were able to bypass both JavaScript and Cookie challenges -- the two most common methods of filtering bots. This trend has continued into 2014 with 30 percent of the encountered bots able to accept and store cookies.
In order to infiltrate systems bots are using spoofed user-agents. These help to bypass low-level filtering solutions, based on the assumption that bots which identify themselves as search engines or browsers won't be screened out.
You can read more and download the full report on the Incapsula blog or see an overview of the findings in the infographic below.
Photo Credit: Duc Dao / Shutterstock
The internet and social media mean that there is more information available to consumers than ever before. But which opinions do we actually trust?
A new study from Nielsen commissioned by content specialist inPowered seeks to understand how consumers use digital content when it comes to researching and making purchases.
The findings show that consumers place great store by the credibility and unbiased nature of content. 85 percent say they regularly or occasionally seek out trusted expert content, such as third-party articles and reviews, when considering a purchase. Some 69 percent of consumers like to read product reviews written by trusted experts before making a purchase and 67 percent agree that an endorsement from an unbiased expert makes them more likely to consider buying.
"With so many companies spending so much money on content marketing, we wanted to clarify what kind of content is actually impacting consumers and helping them make their decisions," says Peyman Nilforoush, co-founder and CEO of inPowered. "This isn't about disproving any particular type of content, it’s about identifying the most effective blend of content types to help effectively educate and inform consumers".
In research carried out with 900 consumers and with nine products across different categories, expert content was found to be more effective than branded content or user content (like Amazon reviews) at all stages of the purchase cycle. In particular it was shown to lift purchase intent 38 percent more than branded content and 83 percent more than user reviews.
"It became clear throughout the study that, while exposure to each type of content did provide a lift across different categories, credible content from experts was the only content type that performed consistently across all stages of the purchase process," says Tommy Cheng, VP, Innovation Solutions at Nielsen.
Based on the findings inPowered concludes that companies need to use content from reliable third-party experts as the basis of building trust with the consumer. Once this is established branded content can be used to spread the word and the message can be reinforced by encouraging consumers to leave their own reviews.
Nilforoush concludes, "...by beginning with a solid foundation of trust built on trusted content from credible, third-party experts, all other content will have a greater impact".
To find out more you can download the full report as a PDF from the inPowered website.
Image Credit: donskarpo / Shutterstock
Microsoft's SharePoint, just in case you aren't familiar with it, is a set of web technologies with an Office-like interface that's designed to allow non-technical staff to build business apps.
SharePoint is typically employed to provide internet and intranet sites as well as enterprise document and content management. Now business application specialist K2 is aiming to help SharePoint users build better applications without the need for any coding.
The release of K2 for SharePoint lets enterprises build and use applications using forms, workflow data and reports. Key features include the ability to create workflows that span lists and libraries on different SharePoint sites and across different versions, both on-site and in the cloud. In addition customized forms and workflows can be created to integrate existing business data. Users can build web and mobile apps that use SharePoint data but run independently of the environment. Also components like forms and workflows can be built once and shared across applications both in and out of SharePoint.
"It is now easy to deliver powerful workflow and forms-driven apps on SharePoint," says Adriaan van Wyk, CEO and co-founder of K2. "Our customers now have the ability to create scalable and secure no-code apps that span on-premises, cloud and hybrid SharePoint environments, without sacrificing capability or control. It is an exciting time".
Most development platforms tie users to a specific structure and outline within their fabric. Using K2 for SharePoint, enterprises can build completely tailored, fully-functional applications and web-based forms to look and feel just like SharePoint -- or have a completely unique approach.
For more information on K2 for SharePoint, a full list of features and a look at what it can do with an online demo visit the K2 website.
Image Credit: Rafal Olechowski / Shutterstock
We run more and more of our lives online today, with multiple accounts for different services. But many of those sites rely on the same few personal identifiers.
Things like your date of birth, social security number and mother’s maiden name may be common to many of your logins, and that’s a problem. If one site's security is breached then your personal identifiers are compromised.
A new report by NSS Labs looks at the fact that half of the ten biggest breaches of the past decade occurred in 2013. These have exposed 512 million records and repeatedly compromised the personally identifiable information (PII) of around 319 million Americans.
The report's authors, Research Director Stefan Frei and Chief Research Officer Bob Walder, say in their introduction, "Enterprises that conduct any part of their business online should be prepared to bear full responsibility for the consequences of data breaches. At present, that responsibility is typically limited to a financial burden, whereas the true consequences of modern breaches are more far reaching than that implies. The loss of what is known as 'unique' or 'static' personal data, that which is truly personal (such as DOB or SSN), is far more serious than the loss of 'transient' personal data (such as pass codes, security questions, and credit card numbers) that is more easily changed following a security event or that is readily discernible in the public domain".
While individuals bear responsibility for the information they put in the public domain, on social networking sites for example, they often can't avoid entering unique personal data to log in to some websites.
The report notes that, in the US, social security numbers are regularly "squandered" in the name of authentication whereas in the UK National Insurance numbers are never used in this way. Indeed in Europe in general digital IDs are becoming more common.
Loss of authentication data threatens to erode confidence in ecommerce and adds to a serious risk of identity theft. To combat the problem enterprises need to recognize the need to hold as little unique personal information as possible. They also need to look at new ways to authenticate, such as permitting users to set their own challenge questions, allowing the use of long passwords without character restrictions, and offering geo-location or other controls on accounts.
NSS also suggests that online services should be designed with data breaches in mind so as to minimize risk and allow companies to act fast to protect their users if necessary. Data that is stored should be anonymized and disassociated with the user where possible, as well as stored in encrypted form.
Data breaches aren't just a problem for the companies that suffer them, but for all of us too, and authentication systems need to change to make everyone more secure.
The full report is available as a PDF from the NSS website.
Image Credit: mama_mia / Shutterstock
It's true of most technologies that as their popularity increases so prices begin to come down. The cloud is no exception to this as a new report from cloud portfolio management specialist RightScale shows.
Having analyzed price reductions from the four leading public cloud providers -- AWS, Rackspace, Google Compute Engine, and Azure -- in 2013, the report finds the pace of price reduction accelerating
Several trends are evident within this, Amazon continues to lead the way in terms of the size of price drops, forcing other providers to follow suit in order to compete. AWS announced 12 price drops in 2013, down from 13 the previous year. Azure, Google, and Rackspace all stepped up their pace, accounting for a combined 13 reductions in 2013, up from 9 in 2012.
It's important to note though that price drops aren't always across the board, they may target particular services or markets. There were twice as many reductions in the price of compute services in 2013 for example, good news for enterprises which tend to spend 70 to 90 percent of their cloud budget in this area.
Storage prices saw fewer reductions, six last year down from eight in 2012, but the average size of decrease in storage costs was larger, 32 percent as opposed to 20 percent.
As prices drop the cloud becomes a more attractive option and companies are growing their cloud usage. IDC reported in December 2013 that, "Cloud spending, including cloud services and the technology to enable these services, will surge by 25 percent in 2014, reaching over $100B". This means that although prices are falling cloud is accounting for a larger proportion of IT budgets, increasing the pressure to adopt processes and tools to optimize costs.
You can read more about the findings on the RightScale blog.
Image Credit: alexmillos / Shutterstock
The antivirus industry is getting steamed up about the forthcoming end of XP support. Last week we saw Avast warning of the vulnerabilities users might face.
Today anti-virus specialist Malwarebytes announces its new Anti-Malware Premium product and at the same time is pledging that it will continue to support XP users for life.
The company says that XP users currently make up 20 percent of its user base and could be at greater risk after 8 April when support for the old operating system ends.
The new Premium product has a streamlined dashboard interface that makes it easy to see the protection status of the PC along with a heuristics engine designed to detect and eliminate malicious software based on its behavior. It also has anti-rootkit technology and adds malicious URL blocking and protection from potentially unwanted programs. As before Malwarebytes will run alongside traditional security software to provide an additional layer of protection. A Chameleon mode allows Malwarebytes to open even if the system has an infection that tries to close down security software.
The company hopes that continuing support for XP will boost its presence in the business market. Marcin Kleczynski, Founder and CEO of Malwarebytes says, "Corporate users can't just upgrade, they may have legacy software running on XP and don't what to spend millions on updating".
The new program doesn't replace the free Malwarebytes cleanup tool which has been downloaded more than 200 million times and will continue to be offered. Anti-Malware Premium will be available later today, existing users with lifetime licenses for Malwarebytes Anti-Malware PRO will get a free upgrade to the new version.
Kleczynski concludes, "We are proud of what we have created and believe it builds upon the success of our existing products to give people a strong proactive countermeasure against today’s advanced online threats".
For many people webmail has become their main method of handling email, whilst corporates cling to a client model. Integrating with cloud services can be a chore in either case.
Powerbot is a clever browser extension that connects Gmail and Google Calendar to Evernote and Dropbox making it easy to share data between them. It's now extended its functionality to Yahoo Mail and the Outlook client.
Powerbot buttons are added to the mail interface allowing users to, for example, send email threads to Evernote, import notes into outgoing email and so on. All of your Evernote and Dropbox notes and files are available in one interface for sending and receiving emails.
The addition of an Outlook version is significant thanks to its popularity in the enterprise, and Powerbot's Outlook version works as a download rather than a browser extension. Powerbot gives users buttons for adding mail messages, threads, and attachments to or from Evernote notebooks or Dropbox folders without leaving the email.
The Outlook version is currently available free whilst it's in beta. The Yahoo Mail and Gmail extensions offer a 30-day free trial and are then priced at $2 per month or $15 per year.
"Despite Gmail's huge popularity, we still see that old habits die hard (especially in larger organizations), where Microsoft Outlook is still the standard," says Dmitry Gorshkov, Head of Product for Powerbot. "By shipping Powerbot for Outlook, we hope to both bring millions of people a more enjoyable, integrated experience and help Evernote get even more adoption within the enterprise market. We are big believers in Evernote and think this is a natural extension of the Powerbot technology".
You can find out more and download a trial on the Powerbot website.
The data contained in logs can be useful for a variety of purposes, but analysing it in order to extract what you need can be difficult and time consuming.
Search analytics specialist Elasticsearch is aiming to make log data more accessible with the release of Logstash 1.4.
Log data can be any information that carries a time stamp so it can be used to provide insights into purchasing habits, support systems and more, which means it can help businesses understand the customer experience.
The latest version of Logstash is claimed to start up to three times faster and as part of the company's ELK stack product (combining Elasticsearch, Logstash and the Kibana visualization tool) allows businesses to extract useful data from logs quickly and benefit from the insights it can provide.
New features include a streamlined installation process to get the product up and running more quickly. A simplified plug in system to allow Logstash to be customized for specific business needs. Puppet modules that automatically configure the product, whether it's on a server or a virtual machine, and all new documentation.
"Logstash can get data from unknown places and from any source and will clean it up so you don’t have to worry about the exact log types or reconciling different data formats," says Jordan Sissel, software engineer and Logstash creator. "We handle it all and let you slice and dice that data with Elasticsearch. Serve it up nice and pretty with a side of Kibana and you’ve got instant feedback on how to better please your customers and drive business success".
Logstash 1.4 is available now on the Elasticsearch site and from GitHub under an open source license.
Image Credit: alphaspirit / Shutterstock
We're used to reading reports that the PC is dying, but chip maker Intel has used the Game Developers Conference in San Francisco to reveal a roadmap for the reinvention of the desktop.
Intel sees enthusiast users as some of the most important supporters of desktop computing, and new form factors including mini PCs and all-in-ones driving renewed interest in the sector.
"The desktop business is a large and important segment for Intel, and we are investing in it -- reinventing form factors, experiences and products for our customers," says Lisa Graff, vice president and general manager at Intel's Desktop Client Platform Group. "Enthusiasts are the heart and soul of the desktop and they asked us to give them more. We are delivering -- more cores, better overclocking, faster speeds".
Intel unveiled a fourth-generation Core processor code named "Devil's Canyon" for release in mid 2014. It will feature an improved thermal interface and materials that are expected to enable significant enhancements to performance and overclocking capabilities. In the second half of the year the company will also deliver an 8-core, 16-thread Core processor Extreme Edition. This will support the new DDR4 memory standard and provide improved performance for gaming, video editing, 3-D content and other high-end uses.
It also announced plans for a Pentium Anniversary Edition commemorating more than 20 years of the Pentium brand. This will feature unlocked multipliers that allow the ability to increase the core and memory frequencies independently from the rest of the system.
As well as new processors Intel demonstrated a reference design for a portable all-in-one PC code named "Black Brook" a thin, light system incorporating a 3D camera, quad microphone array, premium audio and a full HD display. It can be used upright or laid flat to become a sort of poor man's Surface. See the video below for a preview of how it works.
To enhance the appeal of AIOs Intel has partnered with several software developers to deliver multi-user, multi-touch applications like board games and educational titles to make the most of the size and touch capabilities.
Finally it showcased its Ready Mode technology which will be coming to OEM PCs in 2014. This a power saving system that allows PCs to instantly ready and connected whilst using minimal amounts of electricity.
Do you think all this is enough to rescue the desktop’s slide into history? Let us know via the comments.
Enterprises worldwide are expected to spend $500 billion in 2014 to deal with issues caused by malware in pirated software. Consumers are set to spend $25 billion and waste 1.2 billion hours on security threats and fixes.
These are among the conclusions of a study carried out by IDC and the National University of Singapore, released today by Microsoft’s Digital Crimes Unit as part of its annual Play It Safe campaign.
Forensic analysis carried out on 203 new PCs that came with pirated software on them found that 61 percent were pre-infected with malware, including trojans, worms, viruses, hacktools, rootkits and adware. These machines bought through resellers and PC shops in 11 markets, included more than 100 separate threats.
Writing on the company's blog David Finn, Associate General Counsel & Executive Director of Microsoft Cybercrime Center says, "While these statistics are frightening, they shouldn't be a surprise. After all, cybercriminals aim to profit from any security lapse they can find. And through pirated software, they've found another way to introduce malware into computer networks -- breaking in so they can grab whatever they want: your identity, your passwords and your money."
When asked to rate their biggest security-related fears 60 percent of consumers put loss of data or personal information at the top followed by unauthorized internet transactions for 51 percent and hijacking of email, social networking and bank accounts for 50 percent. Yet despite these fears 43 percent admitted not installing security updates, making them vulnerable to attack.
Enterprises are especially hard hit by malware in pirated software. In 2014 it's estimated that businesses will spend $127 billion dealing with security issues and $364 billion dealing with data breaches. Almost two-thirds of these losses, around $315 billion, will be the result of organized crime -- malware launched by financially motivated criminals.
Finn concludes, "The results of this study demonstrate, once again, how vital it is that individuals, small businesses, enterprises and government institutions buy new computers from reputable sources and demand genuine software. Because if you don't, you never know what will come along for the ride".
The full results of the study are available as a PDF from the Microsoft website.
Lack of compliance with software licenses can cost businesses a lot of money, not to mention the negative effects of being caught out on an audit.
A new report from asset management specialists Express Metrix looks at the impact and outcome of software audits, uncovers some interesting facts, and busts some myths.
Based on interviews with 178 respondents in organizations of varying sizes, it found that 53 percent reported their workplace had been subject to a software audit in the last two years. The vendors most likely to have carried out audits are Microsoft, Adobe, AutoDesk and Oracle. Though in organizations with more than 10,000 employees IBM overtakes Oracle for fourth place.
What's interesting is organizations that had implemented asset management tools showed a 32 percent lower audit rate. This may be due to software vendors learning over time which companies have the best grasp of their license positions.
The findings of the report also show that the perception surrounding software audits often doesn't tally with the reality. Often companies worry about the audit process, but 57 percent of audited respondents described their relationship with the software vendor as consultative and collaborative, with only 20 percent saying it was "contentious" -- though this figure rises to 40 percent in larger organizations.
It also seems to be a myth that companies have little time to prepare for audits. Nearly half of organizations were given a month or more notice. Audits were also over relatively quickly, only 45 percent lasting three months or more from request to resolution.
The final misconception is that a software audit means you're bound to end up owing money to the vendor. In fact almost half (43 percent) of respondents reported owing no money to their vendors at the end of the audit process.
The report concludes, "...while just over a third of respondents report having being audited in the last year, the software audit risk touted by analysts such as Gartner and widely publicized in the media appears to be significantly overstated. Organizations that have undergone audits appear to have leveraged their experience to further refine their approach to compliance, including changing internal practices, investing in licensing expertise, and increasing the frequency of internal audits".
You can read a full copy of the report on the Express Metrix website.
Photo Credit: Georgejmclittle/Shutterstock
The increased use of mobile devices in the workplace leads to a number of issues. Not least of which is establishing control over shared resources like printers.
To address this HP has launched its first touch-to-authenticate solution for enterprise customers using NFC enabled smartphones or tablets.
"As mobile device usage in the office continues to grow, many businesses are concerned with security," says Pradeep Jotwani, senior vice president, LaserJet and Enterprise Solutions at HP. "HP continues to focus on the security needs of enterprise customers by delivering LaserJet devices and solutions that break new ground with touch-to-authenticate technology. By simplifying authentication for users, IT managers can better secure printer and MFP fleets without the concern of burdening users with a complicated authentication process".
HP Access Control 14 allows the authentication of user login credentials by touching an NFC capable Android smartphone to the printer. This provides a simplified login process without sacrificing device or data security.
The company has also updated its ePrint Enterprise product to give enhanced connectivity and security features to organizations using mobile device management solutions. HP ePrint Enterprise 3.2 is now fully integrated with MobileIron's AppConnect, one of the leading enterprise mobility management platforms.
At the same time HP is launching a new range of enterprise-ready printers and multi-function devices. The Color LaserJet Enterprise MFP M680 series can reach print speeds of up to 45 pages per minute and delivers advanced paper handling and finishing options. It's designed to increase office productivity by giving users the ability to print, copy, scan, fax and use other functions directly from the printer’s 8-inch color touch screen.
The HP Color LaserJet Enterprise M651 series are single-function printers that complement the M680 series devices. They provide simple wireless printing from smartphones, tablets and other mobile devices including wireless direct options from HP ePrint and AirPrint.
For more information on the latest offerings you can visit the HP website: www.hp.com/go/mfp
The Internet of Things has the potential to offer significant benefits to both businesses and consumers. Realizing those benefits though relies on identifying problems that the IoT can address.
Technology research specialist IDTechEx's event in Berlin at the beginning of April is set to explore the prospects offered by the IoT and look at how it can be used to make a difference in the real world.
At the heart of the IoT of course are devices that in the past wouldn't have needed connectivity. There is potential for this in consumer applications like home automation, driven by governments encouraging the roll-out of smart metering. However, consumer spending on automation devices remains sluggish owing to cost. The energy saving message means that people are comparing the price of devices with the potential saving and often choosing to keep their cash in their pockets.
Raghu Das, CEO of IDTechEx sees this changing as media companies in particular use the IoT to offer improved connectivity and targeted services. This may see a change in the pricing model, with consumers getting devices for free in exchange for seeing advertising or allowing data collection.
In the short term though he believes the IoT will only succeed if it addresses certain challenges. These include focusing on closed-system implementations that deliver a strong payback, then moving on to other areas where a problem can be solved with a cheaper, more effective solution.
Das suggests that existing hardware can be leveraged to perform more useful tasks. Using smartphones to connect to other hardware such as real-time location systems for example, as well as finding ways to connect islands of technology together.
The biggest opportunity according to Das is to, "Offer new services to consumers they do not yet know they want." But he adds that this is, "...challenging to do and involves creative new business models, probably where the service is 'free' but paid for in kind by consumer data".
The IDTechEx Internet of Things & WSN event takes place on April 1-2 in Berlin.
Image Credit: Black Jack / Shutterstock
We reported on Cloud Technology Partners' migration tool PaaSLane entering its public beta phase back in October and how it can cut the time and cost spent on moving to the cloud.
From tomorrow (March 11) the product becomes generally available with new and enhanced features to enable users to rapidly assess applications and speed up cloud migrations.
PaaSLane 2.0's new features include full .NET support with more than 200 specific rules, including rules for Microsoft Azure and Apprenda CloudFoundry. There’s a redesigned reporting interface including the ability to drill down into alert detail. There are also interactive charts and the ability to export reports in Excel and PDF formats.
"In the past two years the use of public cloud for enterprise workloads has skyrocketed. Many enterprises are looking at what it will take to migrate mission critical applications from expensive datacenters to agile cloud environments, and this is where PaaSLane shines," says Ben Grubin, Director of Product Management at Cloud Technology Partners. "However, the challenges of migrating existing apps to the cloud have led to many failed migrations, delays, or deployment of apps with significant code-level issues. PaaSLane can tackle the assessment of existing Java and .NET apps with ease, quantifying factors such as coding errors, hardcoded dependencies, security, and scalability problems, along with several other factors could quickly derail a cloud project. PaaSLane helps overcome these issues by leveraging source code inspection and a built-in cloud platform knowledgebase driven by extensive research to identify and resolve issues quickly, accelerating application migration and cloud optimization".
Faster uploads to Amazon Web Services are now available thanks to parallel uploading technology. PaaSLane also allows continuous optimization for evolving cloud platforms as it delivers real-time intelligence on changes that effect an application.
Grubin says that the product appeals to larger companies with many applications, system integrators supporting migrations and to smaller companies with just one or two critical apps. It can be integrated into the development lifecycle for any size of organization.
You can sign up for an instant free trial on the PaaSLane website.
Photo Credit: Roland IJdema/Shutterstock
Last year saw a number of credit card data breaches that made the headlines. A new report says that this shows how well the "deep web" of cybercrime is serving its customers.
McAfee Labs Threats Report for the fourth quarter of 2013 says that not only did Point of Sale (PoS) attacks like that on Target steal large numbers of records they point to a refinement in criminal technique.
The attackers used point-of-sale malware that's available to buy off-the-shelf in the cybercrime community and made straightforward modifications allowing them to target their attacks. What's more they had an efficient mechanism in place to sell on the stolen data including an anonymous, virtual-currency-based payment system.
"The fourth quarter of 2013 will be remembered as the period when cybercrime became 'real' for more people than ever before," says Vincent Weafer, senior vice president for McAfee Labs. "These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table”.
Other findings of the report include an increase in the use of malicious signed binaries, the number on McAfee Labs' database having tripled last year. The company says that the misuse of code signing is eroding user trust in the use of security certificates.
The report also explores the relationship between mobile malware and apps that "overcollect" user data and mobile device telemetry. Although most tracking is benign, 82 percent of mobile apps track when you use Wi-Fi and data networks, when you turn on your device or your current and last location. In addition 80 percent of apps collect location information and 57 percent track when the phone is used.
Ransomware continues to be a problem too, McAfee Labs recorded a million new samples, doubling the number between Q4 2012 and Q4 2013. There were also 2.47 million new mobile malware samples in 2013, 2.2 million new master boot record attacks and a 70 percent increase in the number of suspicious URLs.
You can read the full report as a PDF on McAfee's site and in the meantime, let's be careful out there.
Image Credit: zimmytws / Shutterstock
Remote access toolkits (RATs) for Android are nothing new, but until now they've mostly targeted the Asia region.
Now researchers at mobile security specialist Lookout have uncovered Dendroid, a custom RAT aimed at users in western countries. Dendroid’s author is selling the toolkit online with payment in virtual currencies like Bitcoin and even offers a warranty promise that it will remain undetected.
Writing on the Lookout blog Marc Rogers, Principal Security Researcher at Outlook says, "The toolkit is being sold for $300 to anyone who wants to automate the malware distribution process. The creator promises that the malware can take pictures using the phone's camera, record audio and video, download existing pictures, record calls, send texts, and more".
More worrying still is that Dendroid is designed to evade detection by Bouncer, the malware protection system used by Google on the Play Store. It uses an anti-emulation system to avoid executing any bad code that might trigger the detection system.
Amongst an impressive list of features Dendroid can spy on the user by taking photos or making video and audio recordings, intercept and block SMS messages, download browsing history and saved bookmarks, send texts as the device owner and record outgoing calls.
Rogers concludes, "Thanks to the quick identification and detection of Dendroid by security companies we don't anticipate Dendroid becoming a major threat. However, it does represent a step change upwards in the complexity of all-in-one malware toolkits for Android. Toolkits of this sophistication changed the PC landscape significantly as it lowered the barrier for entry and enabled relatively unskilled malware operators to control substantial botnets with a level of control they would never have been able to reach on their own".
Android users are advised to stay safe by ensuring that the Unknown Sources system setting is turned off in order to prevent drive-by installs and to install a mobile security app.
Image Credit: style-photography.de / Shutterstock
Market intelligence specialist IDC has released the latest results from its quarterly tablet tracker. It predicts that the sales growth of tablets (including 2-in-1 devices) will be 19.4 percent in 2014, down from 51.6 percent last year.
There are a number of reasons for this predicted reduction, partly the number of new releases has slowed, and in mature markets the sales pattern will switch to replacement of older devices rather than first time buys.
IDC also notes that price erosion -- the average selling price of a tablet fell by 14.6 percent in 2013 -- is slowing and it sees only a small drop of 3.6 percent in prices this year. This again is down to increasing maturity in the market as consumers steer away from low-priced budget products.
"After years of strong growth, we expect the white-box tablet market to slow in 2014 as consumers move to higher-end devices that work better and last longer," says IDC's Tom Mainelli, Program Vice President, Devices & Displays. "In mature markets, where many buyers have purchased higher-end products from market leaders, consumers are deciding that their current tablets are good enough for the way they use them. Few are feeling compelled to upgrade the same way they did in years past, and that's having an impact on growth rates".
Commercial shipments are expected to grow as consumer sales fall, due to tablets finding a place in more businesses. IDC expects this to benefit Windows devices. "The choice of operating system will be a key differentiating factor when it comes to success in the commercial segment," says Jitesh Ubrani, Research Analyst, Worldwide Tablet Tracker. "Though Android and iOS will remain dominant, we expect Windows-based devices to capture more than a quarter of the market as its benefits become apparent thanks to growing adoption of 2-in-1s".
It seems that for consumers tablets are treated more like PCs than mobile phones, with people holding onto their kit until it breaks or something significantly better comes along. The fact that they’re more likely to be bought outright rather than acquired on a contract is probably a factor here too.
More information on IDC's tracker research is available on the company's website.
Image Credit: vinzstudio / Shutterstock
The increasing trend towards BYOD and mobile devices in the workplace leads to added risks, but employees are often unaware or feel it isn't their problem.
These are among the findings of a survey by security specialist Absolute Software which polled workers in companies with a 1,000 or more employees who use mobiles for work.
When asked about penalties for leaking or losing company data, a quarter of US workers surveyed said there should be no punishment as data security wasn’t their problem. Whilst the remaining 75 percent felt they should face some penalty, many of those who had lost a mobile said their punishment ranged from nothing to getting a talking to or simply having to replace the device.
23 percent of respondents indicated that they didn't know their company's procedure for dealing with theft or loss of a workers device. More than a third of those who had lost their phones indicated that they didn't change their security habits afterwards.
The results also show ignorance of the value of corporate data, with 59 percent of enterprise mobile users estimating the value of their data at less than $500.
"If firms don't set clear policies that reflect the priority of corporate data security, they can't expect employees to make it a priority on their own," says Tim Williams, mobile enterprise data expert and Director, Product Management at Absolute Software.
It's clear that the attitude of workers towards mobile device security is putting enterprise data at risk and that could be potentially costly. "The data may be carried around in the employee’s pocket, but the half million dollar fines we've seen levied due to data loss come out of the company's pocket," says Williams. "Clear policies, properly articulated to employees, will ensure that the entire company, not just IT, unites against mobile data loss".
You can view a full copy of the report's findings on the Absolute website.
Image Credit: funkyfrogstock / Shutterstock
Independent testing group AV-Comparatives has released its 2014 Internet Security Survey.
The survey asked 5,845 users from around the world their views on security and reveals that when it comes to antivirus protection Americans like to get it for free whilst Europeans prefer to pay.
The four regions covered in the results are Europe, North America, Central/South America, and Asia. Worldwide just over half of users pay for a security solution but only in Europe are paid security products more popular. Free solutions win in North America and Asia and -- by a narrow margin -- in Central/South America. Avast is the product of choice for both mobiles and PCs in most regions, but with Asia preferring Quihoo 360.
"We found that just over half of all respondents pay for their endpoint security solution, and less than three percent use no solution," says Andreas Clementi, AV-Comparatives' CEO. "Respondents using a free solution don't necessarily receive inferior protection".
Some 2.4 percent of users worldwide admit to not using any security solution on their PC. This is higher for smartphones with 25 percent not having protection. Clementi says, "Over 25 percent of respondents stated that they do not have protection [on] their smartphones. These devices, and tablets, will probably be an increased target for cyber criminals in 2014".
The survey also asked what users felt were the most important aspects of a security product. The top three were low impact on system performance, good detection rates, and good malware removal and cleaning capabilities. These were the only criteria that achieved a higher than 60 percent response rate each. Using a product from a well-known vendor was at the bottom of the list with only a 10 percent selection rate.
The results show that Google Chrome has become the most popular web browser, with a 41 percent share, overtaking Mozilla Firefox on 32 percent. There's little surprise in the finding that the Android market share on smartphones increased from 51 percent to 70 percent. Nokia's Symbian share has dropped down to only 5 percent.
You can access the full report as a PDF on the AV-Comparatives site.
Image Credit: Maxx-Studio / Shutterstock
We all know that backups are important and these days that applies to data stored on cloud services just as much as desktop PCs.
Cloud backup provider Spanning Cloud Apps has announced a major update to its Spanning Backup for Google Apps, offering improved reporting and proactive notifications.
The new version includes a redesign of the status and notification interface Google Apps administrators use to understand what data is and isn't backed up. This is especially important in terms of data not saved as the Google API doesn't allow all data to be backed up and Spanning's competitors don't let administrators know this.
"Trust and transparency are non-negotiable with respect to cloud application backup," says Jeff Erramouspe, CEO of Spanning Cloud Apps. "We want our customers to live unencumbered by fear of the cloud, and to take risks without worrying about data loss. One of the things customers most appreciate about Spanning is the transparency we provide in reporting the status of their backups. For example, not all Google Apps data can be backed up due to API limitations. Spanning Backup offers the status updates and proactive alerts to highlight any issues that the customer would need to review and remediate to ensure proper backup is taking place. This gives customers visibility into their Google Apps data backup that they need for peace of mind. That’s how trust is earned and maintained, and that’s our commitment".
Gmail, Drive, Calendar, Contacts and Sites are automatically backed up daily to a private and secure sector of the AWS cloud. Enterprise grade security is used to protect your data and flexible restore options mean that, for example, emails can be found and restored by date, label, sender, and subject line.
Thanks to a redesign of status reports and notifications, administrators now get a deeper insight into the completeness of their backups with item-level detail and guidance on addressing problems. It can also identify potentially corrupt Google Drive files and send email alerts to admins on the backup status of user accounts.
The update to Spanning Backup for Google Apps is available now. You can visit the website for more information, or to sign up for a free 14-day trial.
It's often the case that the weakest link in any system's security is the person sitting in front of the screen.
As companies recognize this they're tending to invest more in training so that they can avoid threats rather than have to clean up after them. In a recent worldwide survey by Dell, 67 percent of security decision makers say they have increased funds for education.
It's no surprise then that Dell SecureWorks is adding to its portfolio of security awareness training with two new products, a Managed Security Awareness Program and Managed Phishing Services. Both products are designed to help organizations combat the flood of information security threats by teaching employees about information security best practices.
The Managed Security Awareness Program aims to educate workforces and change employee behavior towards security threats. It includes a modular training curriculum, simulated phishing and spear phishing exercises, knowledge assessments, monthly newsletters and information security branding materials, along with reporting and metrics designed to demonstrate effectiveness.
Managed Phishing Services helps companies to test how their employees are responding to phishing attacks. It includes training in recognizing attacks and taking the correct action when confronted with a phishing email. SecureWorks sends out simulated phishing emails using common attack methods and provides immediate feedback if employees click on a suspicious link or attachment.
Dell SecureWorks CISO, Doug Steelman says, "One of the biggest reasons organizations get breached is due to the vulnerabilities of their employees. Companies can patch their software and have plenty of security controls with abundant security instrumentation. Unfortunately, one click from an uninformed employee can allow threat actors to achieve their malicious intent, regardless of security technologies which may be in place".
You can find out more about Dell SecureWorks security awareness training solutions on the company's website.
Image Credit: FuzzBones / Shutterstock
Email has become a staple of business communication and although it's essentially free it has a hidden cost in terms the time spent dealing with it.
Collaborative email service Contatta has released an infographic which quantifies how time consuming and costly business email has become.
According to its figures the average worker spends 13 hours of their working week reading and answering email, which equates to an estimated 637 hours annually. Assuming a median professional wage of $23 per hour, that means businesses pay over $15K per employee to use email. Looked at across North America that means employees spend nearly 75 billion hours on email, costing businesses nearly $2 trillion in salaries -- that's almost 14-times the combined wealth of Bill Gates, Oprah and Warren Buffett.
More comparisons to show what that cost really means are in the infographic below. If you want to try to claw back a few of those lost dollars you can get a 60-day free trial of Contatta's collaborative solution, which aims to help employees use email more effectively, on the company's website.
San Francisco-based content discovery specialist inPowered is making its discovery and amplification platform free for all organizations.
The software aims to help companies uncover trusted content, such as third-party reviews and articles, and use it to inform and engage their audience.
Until now only paid users have been able to access inPowered's platform but today it launches a free version that allows marketers, PR professionals and social media strategists to search for brands, products or topics and then discover and share the most trusted content to their fans and followers on Facebook, Twitter and LinkedIn. There's still a paid option too which lets marketers pay to promote content via targeted advertising.
"Too many 'content marketing' vendors ask companies to start paying up front, before the company knows what impact the service will have on business metrics. At inPowered, we're introducing a fundamentally different approach where everyone can utilize our free content discovery and amplification platform and see real results, then they can upgrade to paid amplification services, if they choose, for greater impact," says Peyman Nilforoush, Co-founder and CEO of inPowered. "Finding quality, credible information on the topics your customers are interested in should not be something you have to pay for -- that's something that everyone has a basic right to. Today, we're making that accessible to all".
As well as finding and sharing content, inPowered measures the impact in terms of reads and social shares. Once the most engaging content is identified companies have the option to pay for further promotion.
"We believe that everyone should be able to discover and share great content to help educate consumers, for free," says Nilforoush. "We also believe you should be able to measure the impact that the sharing of trusted content has when it comes to engagement and brand consideration. Then, if you want to dramatically increase the readership of your top articles beyond your social channels, you can utilize our paid amplification. This ensures that organizations only pay for clear, measurable business results".
You can find more information and start using inPowered for free on the company's website.
Big data, cloud technology, social networking and the switch to mobile computing are all contributing to an increase in the amount of information enterprises have to deal with.
This is forcing companies to focus on the information that’s most relevant, risk related and value generating. As a result Gartner is predicting that 33 percent of Fortune 100 organizations will experience an information crisis by 2017, due to their inability to effectively value, govern and trust their enterprise information.
"There is an overall lack of maturity when it comes to governing information as an enterprise asset," says Andrew White, research vice president at Gartner. "It is likely that a number of organizations, unable to organize themselves effectively for 2020, unwilling to focus on capabilities rather than tools, and not ready to revise their information strategy, will suffer the consequences".
In order to avoid falling into this trap companies need an effective enterprise information management (EIM) strategy. This allows the sharing, management and reuse of information stored in different databases and created in different applications.
Having an EIM strategy though is only part of the answer. EIM initiatives must be designed so that sharing and reusing information creates business value, and the value created must contribute to overall enterprise goals.
According to Gartner analysts, three-quarters of individual information management initiatives are isolated from each other within the same organization. This leads to the benefits of EIM not being fully exploited. It says that IT leaders need to identify the key business areas that need improvement or are being held back by poor information management. This information can then be used to set new EIM priorities.
White concludes, "With effective information governance, business users will understand the impact of poor quality data on the outcome of desired business processes. This understanding leads to a desire, on behalf of the end user, to assure or 'steward' the data so that it supports their day-to-day business activities".
The impending information crisis will be discussed at the Gartner Enterprise Information & Master Data Management Summits 2014 on March 12-13 in London and April 2-4 in Las Vegas.
Image Credit: Maslowski Marcin / Shutterstock
According to new research by Gartner worldwide server shipments were up 2.1 percent in 2013 whilst revenues declined by 4.5 percent.
Most of this shipment growth has taken place in the Asia/Pacific and Japan regions whilst the North American market has remained relatively flat. Vendor revenue declined everywhere except the Asia/Pacific region where it grew by just 0.6 percent.
"2013 presented some pronounced differences in various server market segments," says Jeffrey Hewitt, research vice president at Gartner. "We've seen ongoing growth in Web-scale IT deployments, while the enterprise remained relatively constrained. In terms of hardware platform types, mainframe and RISC/Itanium Unix platform market performance kept overall revenue growth in check".
In the Europe, Middle East and Africa market both shipments and revenue have declined. Adrian O'Connell, research director at Gartner says, "The EMEA server market continued to suffer as it recorded its 10th consecutive quarterly revenue decline. Economic weakness continued to have a profound effect on the EMEA server market. Total revenue in 2013 was only around two-thirds of that seen in 2007, before the downturn set in".
Breaking the worldwide figures down by manufacturer, HP dominates in terms of box shipments with 27.9 percent of the market, followed by Dell on 19.5 and IBM on 9.0. A different picture emerges when you look at revenue, however, with HP still leading on 28.1 percent but IBM close behind on 26.5 and Dell trailing in third with 15.2 percent. IBM's position shows a big decline, it had 34.9 of the market by revenue at the end of 2012.
The market for x86 servers remains strong as it's still the most popular platform for large data centers, showing a revenue increase of 0.8 percent despite a small drop in shipments of 2.6 percent over the year. HP is dominant here with 40.3 percent of the x86 blade server market, Cisco coming second on 15.9 percent.
The full breakdown of figures is available on the Gartner website.
Image Credit: watcharakun / Shutterstock
A study of 2,500 people in the UK shows that 68 percent have been distracted from completing work by browsing the web, checking emails and engaging in social media.
In addition, 63 percent said they had lost their train of thought while working on a report or long piece of written work because they responded to an email or social media alert.
The survey also reveals that 36 percent lose an hour or more a day in productivity to email and social media and that 53 percent thought that checking these things whilst trying to work revealed a worrying lack of control.
Excuse me while I check my Twitter feed...
Working from home doesn't help things either with 59 percent saying that they lost more time to online distractions. What's more this lack of self-discipline makes people unhappy, with 62 percent of respondents agreeing that there was a link to a reduction in their satisfaction and happiness levels when they realized they'd been less productive.
Playwright Will Little, creator of Webtrate.com says, "The survey suggests our impulse control is getting weaker in a world of instant gratification. Yet the pressure of work should mitigate against our desire to access the internet. Unfortunately the draw of the internet is so strong that our ability to concentrate is losing the battle. It is now directly impacting on productivity levels and many people just can't seem to help themselves. In many cases, they don’t even realize how much productivity they are losing to internet".
Ooh, interesting Facebook update there. Like...
Of those who said they were being distracted, 71 percent said they believed they'd get more done if they could disconnect from the internet for a time each day. Which brings us -- if you haven’t wandered off to check your email by now -- to the hard sell.
The Webtrate application forces users to disconnect from the internet and focus on their work goals. Developed by Little, who created it to boost his own output, it offers two options. It can disconnect at a set time but will allow you back online after a reboot, or if you need some extra discipline it won't allow you back online until a set time has expired.
Little concludes, "What we need is a way to separate our work from the distraction of the internet. I created Webtrate because my productivity levels dropped when I had access to the internet. Instead of working fully I checked emails and read endless news updates. Now since I developed Webtrate my productivity has improved considerably. I still engage with the internet but only when my work is done. And I'm a lot more satisfied and happy for it".
Webtrate is available now for Windows and Mac systems, you can find out more if you can concentrate for long enough to click this link.
Image Credit: Angela Waye / Shutterstock
The increasing trend towards using mobile devices has opened up users to a whole range of new threats. On mobiles insecure apps present a greater risk than traditional malware and viruses.
Announced at the RSA Conference, viaProtect allows consumers to take control of and protect the personal data on their devices.
The company behind the product, viaForensics, has been protecting enterprises and government organizations for years and now brings the same technology to the consumer. Unlike traditional mobile security apps, which use a database of known malicious apps to screen for viruses and malware, viaProtect monitors all apps for potential risks. For example, viaProtect can detect if an app handles your personal data insecurely by sending it unencrypted or to unsecured servers located overseas. As many as 75 percent of apps are "leaky", or insecure according to viaForensics.
"We believe that everyone is entitled to state-of-the-art protection from threats like identity theft and loss of privacy," says viaForensics CEO and Co-founder Andrew Hoog. "viaProtect utilizes the same technology that our enterprise customers rely on to protect mission-critical data. It’s a more sophisticated approach for a world that is becoming more mobile by the day and one that an informed consumer will want. We’re very proud to make it available".
By gathering mobile forensic, system, network, security and sensor data from devices, viaProtect can use statistical analysis and risk indicators to detect suspicious events or behavior. It allows an app to be monitored in real-time to predict potential risks or problems -- rather than just checking for known malicious apps.
It's built to work with Android and iOS platforms and users are given a device risk rating to let them know how safe their system is. They can learn how their phones and tablets are sending data and where it's going to. It's ideal for families too with a browser-based dashboard that can be used to monitor several devices in one place.
For more information about the product you can visit the viaProtect website.
Cyber threat intelligence specialist Lookingglass Cyber Solutions has released the results of a study on global financial institutions and the risks introduced by their partners and providers.
It makes for quite scary reading, with analysis revealing that 100 percent of the third-party networks sampled showed signs of either compromise or increased risk.
The recent Target breach is a case in point. Originally thought to be the work of an insider it now seems to have been the result of a third-party compromise.
Lookingglass found that outbound botnet traffic and malicious behavior were the most common indicators, accounting for 75 percent of the assessed sample. 25 percent of the sample showed indicators of the ZeuS Banking Trojan. General malware was also present with 25 percent having hosts attempting to communicate with Conficker sites.
A further issue is that 15 percent of third parties relied on a single internet provider leaving them vulnerable to DNS attacks. Since many of these third parties will use other suppliers for hosting and other services the risk runs further down the supply chain.
"Every week, we are hearing about a new organization reporting a major data theft, but what they aren't talking about is exactly how perpetrators are getting in. This study highlights a weakness that the industry has been very hesitant to talk about in public -- the fact that trusted third parties should not and cannot be truly trusted," says Chris Coleman, CEO of Lookingglass. "Global organizations such as financial institutions, as well as retailers and critical infrastructure organizations, must look beyond their own defensive perimeters and consider monitoring their public Internet presence to better understand their attack surface. Gaining insight into third parties is crucial to mitigating risk within the supply chain".
Image Credit: Stokkete / Shutterstock
The Pony botnet malware has been around for a while but continues to cause problems and is moving into new areas.
Researchers from Trustwave have revealed on the company's blog that Pony malware has stolen the login credentials and digital wallets of thousands of people over a four month period.
This is the first time that widespread Pony malware has been found to steal digital wallets and currency. The currencies stolen include BitCoins, LiteCoins, FeatherCoins and 27 others with a value estimated at $330,000 at the time of discovery. The botnet has also stolen over 700,000 login credentials including 600,000 for websites and 100,000 email accounts.
There are obvious attractions in targeting virtual currencies, firstly they contain money, but secondly BitCoin transactions -- by design -- cannot be reversed. Once money is transferred out of your virtual wallet there's nothing you can do. There's no authority you can contact to reverse the transaction or freeze your account.
Trading information is also open, so anyone can examine the history of a virtual wallet though the identity of the owner remains unknown. The net result of all this is that stealing virtual currencies is much easier than stealing from a bank. Exchanging for hard currency via a trading website is just another transaction and by the time it occurs any connection to the original owner of the BitCoins is gone.
Once an attacker has the wallet.dat file containing the private key he becomes just as much the owner of the wallet as its original creator. Of course the wallet file can be protected with a password but it seems that many users don't bother to do this.
If you’re worried that your BitCoin wallet may have been compromised, Trustwave has set up a website where you can enter your public key to check. There's also a site where you can enter your email address to check for compromised credentials.
Image Credit: Rob Hyrons / Shutterstock
If you can never decide whether to take the notebook or the tablet with you when you go out, HP may have the machine for you.
Its new Pavilion x360 is a convertible PC with a 360-degree hinge so you can use it as a conventional notebook, a tablet, or in what the company calls "tent mode". Sadly this means only that you can stand it up on a table not actually go camping under it.
"Customers have told us they want a single device that is designed to work and play the way they do, at an affordable price," says Ron Coughlin, senior vice president of HP's Consumer PC and Solutions Group. "The HP Pavilion x360 is perfect for today’s busy lifestyles. Its 360-degree hinge allows multitaskers to easily transition from laptop to tent to tablet. It's the laptop that doesn't make you miss your tablet and the tablet that doesn't make you miss your laptop -- all at a price that is similar to an entry-level notebook".
With a weight of 3.08 pounds it's heavier than an iPad but about average for a notebook. The x360 has an 11.6-inch high definition SVA display with 10-point capacitive multi-touch, an HD webcam, twin speakers and a Pentium processor.
It comes in red or silver with a soft-touch finish on the outside to resist fingerprints and a brushed aluminum keyboard deck.
The Pavilion x360 should be available in the US on 26 February priced from $399.99. For more information visit the company's website.
HP also announced an expansion of its DataPass service, which gives users two years' free mobile broadband at 250MB of data each month. Currently available only in the UK, Sweden and Denmark, DataPass will be extended to 12 more countries, including the United States, from this summer.
One of the key tasks in investigating network security breaches is being able to capture packets to allow a thorough understanding and quick resolution of the problem.
Network management specialist Emulex Corporation has used the RSA Conference to announce its Endace Fusion Connector for Sourcefire Defense Center, which allows 100 percent packet capture at speeds of up to 100Gb Ethernet.
This means rapid response and root cause analysis, drastically reducing the time and operational overhead involved in accessing packet data. By narrowing the time gap between alert, investigation and response, the overall effectiveness of the security team increases, translating to improved system uptime, higher customer satisfaction levels and increased business continuity.
"We are very pleased to add Sourcefire to our growing Endace Fusion Ecosystem program," says Mike Riley, senior vice president and general manager of the Endace Division of Emulex. "The combination of Sourcefire’s highly-regarded network security toolset and our packet capture capabilities provides customers with a comprehensive security solution that significantly reduces enterprise network vulnerability windows and increases the data available for post-incident forensics analysis".
The Endace product offers a comprehensive intrusion detection system that not only provides full forensic visibility but also delivers a proactive approach to preventing future threats. With streamlined access to packet history security teams can react faster to resolve security incidents. It also makes it easier to identify which data has been compromised in a breach. Single-click access to EndaceVision Network Visibility Software allows for rapid analysis and the ability to search, visualize and interrogate captured traffic.
Fusion Connector for Sourcefire is available now as a free download from the Sourcefire community downloads site.
Image Credit: Sergey Nivens / Shutterstock
San Diego-based Astute Networks is announcing a new software release for its ViSX family of performance storage.
ViSX OS 5.0 adds Network File System (NFS) v2, v3, and v4 to its existing iSCSI support. The ViSX range also now offers an expanded range of capacity options to meet the growing demand for high application performance in both physical and virtual environments, including OpenStack support for cloud deployments.
Each ViSX storage appliance offers solid state performance at a low cost per GB and has a patented Data Pump Engine that offloads network and storage protocols in order to further boost performance. Designed to appeal to small and medium enterprises with no dedicated storage expertise, ViSX appliances can be plugged into existing infrastructure and improve application response times within minutes.
For critical applications like SQL Server, MySQL, Oracle and SharePoint, Astute claims ViSX can deliver an immediate 5 to 10 times performance boost. With support for the open source cloud platform OpenStack it offers a competitive advantage for cloud service providers allowing them to lower IT costs and enhance productivity.
"To enable their businesses to become more agile and responsive while making users more productive, IT professionals are facing the challenge to assure high application performance and availability while reducing overall IT costs and resource requirements", says Jeff Whitney, vice president of marketing at Astute. "That is precisely the focus of the newest release of the ViSX OS. It delivers outstanding all-flash performance while co-existing with installed storage for both physical and virtual environments. As a result, organizations achieve faster, consistent and predictable application performance while achieving a rapid ROI".
The ViSX Performance Storage Appliance range is now available in a range of capacities up to 45.6TB in a single 2U platform, and add-on flash modules are available in sizes of 480GB, 960GB and 1900GB. Find out more on the Astute website.
We reported yesterday on businesses being unprepared for the threats presented by BYOD. But according to a new study by Dell this is just one of a range of new threats that are being overlooked.
Technologies like BYOD, mobility, cloud computing, and internet usage, as well as internal actions both accidental and malicious, introduce organizations to a multitude of new risks.
But a majority of IT leaders don't see these threats as top concerns and aren't prioritizing dealing with them. Almost three-quarters of those surveyed admitted to having a security breach in the last year but only 18 percent thought predicting and detecting unknown threats was a major security concern. More worrying is that 83 percent said their current procedures allowed IT staff to identify a breach immediately, when actual detection took an average of seven hours.
Threats come from both inside and outside the organization and are often concealed in poorly-defined settings or ineffective access management and usage policies. 64 percent of respondents agreed that organizations will need to restructure and reorganize their IT processes, and be more collaborative with other departments to stay ahead of the next security threat. Of those surveyed in the United States, 85 percent said this approach is needed, contrasting with only 43 percent in the UK and 45 percent in Canada.
Matt Medeiros, vice president and general manager, Dell Security Products, Dell Software Group says, "Traditional security solutions can defend against malware and known vulnerabilities, but are generally ineffective in this new era of stealthy, unknown threats from both outside and inside the organization. These threats evade detection, bypass security controls, and wreak havoc on an organization’s network, applications, and data, but despite these dangers, our study found, among those surveyed, organizations are just not prepared. There is still a disturbing lack of understanding and awareness of the type of impact and detriment caused by the unknown threats that can come from both sides of an organization's data flow".
BYOD, cloud and the internet are seen as major areas of concern. Whilst 93 percent of organizations surveyed allowed personal devices for work, only 44 percent of those responding said instituting policies for BYOD security was of high importance in preventing security breaches.
The picture is the same with the cloud, 73 percent (90 percent in the US) report that their organizations use the cloud but only 49 percent ranked cloud usage as a top security issue for the next five years and only 22 percent said moving data to the cloud was a major security concern for today.
Awareness of internet threats is higher, with 63 percent of respondents ranking increased reliance on internet and browser-based applications as a top concern in the next five years. More than a fifth of respondents put infection from untrusted remote access like public Wi-Fi among the top three security concerns and 47 percent identified malware, viruses and intrusions as the root cause of security breaches.
Medeiros concludes, "...we believe a new security approach is needed -- one that's embedded in the fabric of software, governing access to every application and protecting every device, both inside and outside a corporate network. Only then, with this Connected Security approach, will organizations have a chance at keeping one step ahead of these epidemic threats that can significantly damage their network".
The full report is available as a PDF on the Dell website.
Image Credit: Brian A Jackson / Shutterstock
One of the problems with migrating systems to the cloud is ensuring a consistent means of access for users in different locations and with different devices.
Cloud services provider dinCloud has an answer in the form of webHVD, an HTML 5 virtual desktop that’s fast secure and easy to deploy.
The webHVD desktop runs in Google's Chrome browser which means it will work on Windows, OS X, Android and Chromebook platforms. It offers customers a turnkey desktop which they can start using in minutes. No VDI (Virtual Desktop Infrastructure) setup is required and there's no need to download or install a traditional software package. The Desktop as a Service (DaaS) offering includes a virtual private data center to manage user authentication, software-defined networking, virtualized storage, and computing power.
"HTML5 is the latest standard for how web browsers communicate on the Internet and is quickly making browsers like Chrome, Safari, and Internet Explorer, a single pane of glass for voice, video, instant messaging, collaboration, virtual desktop, and other functions. HTML5 offers many APIs which allow companies to take their innovations to the next level -- something that dinCloud has done with webHVD," says Walid Elemary, vice president of engineering and product development at dinCloud. "We took the number one rated hosted virtual desktop (dinHVD) and leveraged HTML5 to create a truly unique DaaS offering that snaps in easily, while delivering the performance, graphics, and functionality that small business users require".
The company sees webHVD as a viable replacement for remote access VPNs and other technologies that allow access from home networks or remote locations. This mitigates viruses, malware, and other potential security risks from joining the corporate network.
It allows multiple desktops to be assigned to a single user and there are multiple levels of authentication to keep it secure. Integration with Microsoft Active Directory means it’s easy to grant access to external parties, like consultants, using a valid email address. Levels of virtual disk space, memory and CPU can be tailored to individual needs.
To find out more visit the webHVD page of dinCloud's website.
Image Credit: Sergey Nivens / Shutterstock
A majority of organizations acknowledge that they’re unprepared to deal with security breaches via their BYOD technology.
A new survey released by security awareness training specialist KnowBe4 shows that 53 percent of businesses aren't properly prepared to deal with hacked or stolen mobile devices, even though 50 percent indicated that company-owned tablets, notebooks or smartphones may have been hacked in the past year.
The joint study carried out by consulting firm ITIC shows that 55 percent of companies are not increasing or strengthening their security despite recent high profile attacks against companies like Snapchat, Skype and Target.
The results show that 65 percent of businesses now allow end users to BYOD and use their own systems as corporate desktop or mobile devices to access organizational data including email, applications and sensitive information. This is attractive to companies because it cuts IT costs but comes at the price of increased security risks.
Kevin Mitnick, KnowBe4's Chief Hacking Officer says, "Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes [of the PC era] that resulted in untold system downtime and billions of dollars in economic loss".
Other interesting findings are that doubt remains over who is responsible for security on BYOD kit, with 43 percent of companies currently having no dedicated BYOD security policies. Only 13 percent of respondents said their firms had any specific policies in place to deal with BYOD deployments.
80 percent of companies consider strong anti-virus, intrusion detection and firewalls as the most important and effective mechanism to safeguard their networks, followed by endpoint security at 65 percent. Some 45 percent indicated that they were taking additional security measures including making sure the latest patches are installed and conducting security audits.
ITIC principal analyst Laura DiDio says, "These survey findings should galvanize corporations to proactively safeguard data in advance of an expensive and potentially crippling loss or hack".
Image Credit: Peter Bernik / Shutterstock
In today's complex cyber threat landscape it can be difficult and costly to investigate and respond to security incidents.
IT departments are often too focused on getting systems back online to spend time looking into the cause of the problem. With its new InSight platform AccessData wants to help enterprises better manage their data risks.
The InSight Platform enables the entire incident detection, analysis and resolution process via a single, consolidated platform with the ability to automate every step. When a threat is identified network forensics and other contextual data are automatically collected. The information is then presented in a unified view for easy analysis.
"The reality of today's cybersecurity world is one of continuous compromise, where every network has unauthorized people doing unknown things at any given time," says Craig Carpenter, CMO of AccessData. "In an environment of compromise, the ability to continuously detect, quarantine, respond to and resolve such incidents is an absolute must-have for any business or government entity. And with the massive growth and diversity of information, the need to automate as much of the incident resolution process as possible is obvious. The InSight Platform is the market’s first incident resolution solution, working seamlessly with legacy investments to give CISOs and IT departments comprehensive, real-time visibility into threats and incidents and the ability to remediate and resolve them quickly and easily".
As well as allowing better visibility of network traffic InSight maximizes other security investments like firewalls and sandboxes via greater integration. It incorporates a ThreatBridge engine that collects data from multiple intelligence feeds, allowing it to hunt for malware and detect indications that the system is compromised.
You can find out more about Insight on the AccessData website, or it will be demonstrated on the company's stand at the RSA Conference in San Francisco from February 24-28.
Image Credit: Sergey Nivens / Shutterstock
Mobile advertising company InMobi has announced the results of its 2014 Mobile Media Consumption Report.
Based on research covering over 14,000 respondents in 14 countries, the findings show that we’re increasingly living in a "mobile first" world with 60 percent now using a mobile as their primary or only means of going online.
The main findings are that 68 percent have spent money via their phones in the past year and this is expected to rise to 83 percent in the next 12 months. Multi-screening is on the rise too as 61 percent report using their mobile for social networking and text messages whilst watching TV.
The results also show that mobiles are often used to fill in time. 83 percent of respondents said they use their mobile while waiting for something and 81 percent while lying in bed -- how many were lying in bed waiting for something isn't recorded.
Of course all of this has an effect on advertisers as mobile ads are now reckoned to be more influential on purchasing decisions than TV. The most common actions triggered by mobile ads are downloading an app (78 percent), visiting an advertiser’s website (68 percent), or visiting a store or retailer to get extra information or make a purchase (56 percent).
"In last year’s report we found that mobile had touched most aspects of modern life. But this year, we find that mobile has really become an essential part of daily life, even a daily workhorse, that has replaced the desktop and TV for everything from gathering key information, media consumption and accomplishing daily tasks, like shopping and paying bills," says Naveen Tewari, CEO of InMobi. "Furthermore, with mobile content gaining similar prominence as TV, mobile advertising is now impacting consumer behavior across the entire purchasing lifecycle from small day-to-day purchases, to bigger purchases, like cars".
All of this is important for companies as it shows that the mobile platform can have a real and measurable impact on businesses. The use of location tools, targeted mobile advertising, and responsive websites can help to drive consumer traffic and dramatically increase sales.
If you want to find out more you can get the full report from the InMobi Insights website.
Image Credit: Slavoljub Pantelic / Shutterstock
The cloud is increasingly popular with businesses because of its flexibility and low infrastructure costs, however, it does present risks when compared to running systems in house.
A new product from California-based Skyhigh Networks is aimed at quantifying the risks associated with public cloud services and takes the guesswork out of understanding and managing them.
Skyhigh's Enterprise CloudRisk Dashboard enables IT, security and executive teams to view a single score that encapsulates their overall cloud risk. They can also drill down to the metrics that make up the score, helping them understand the specific drivers of their risk. The product also produces recommendations to reduce risk and benchmarks the score both with a company's peers and between departments as well as tracking trends over time.
"For years, financial services' firms have been using objective, quantitative credit scores to evaluate potential risk," says Rajiv Gupta, CEO and founder of Skyhigh Networks. "With Enterprise CloudRisk Dashboard, we aim to bring a similar approach to managing cloud risk, so that our customers can adopt cloud services while minimizing risk."
The Dashboard has four key functions, the main one being a CloudRisk Score which provides a unique 1-10 score as well as showing its contributing factors. CloudRisk Recommendations produces actionable steps to reduce cloud risk, thereby improving the organization's CloudRisk Score.
CloudRisk Benchmarks allows the comparison of an organization's CloudRisk Score between internal departments and with industry peers, providing guidance on how the risk compares to organization norms and the industry. Finally CloudRisk Trends shows changes to the overall CloudRisk Score over time as well as trends in user, service and data risk.
Skyhigh also operates a CloudTrust Program to provide users with an objective assessment of a cloud service's security capabilities. Services that reach the most stringent standards can display the Skyhigh Enterprise-Ready logo on their site. The company is aiming for this to become an accepted standard for cloud safety as VeriSign is for secure web connections.
You can find out more about CloudRisk Dashboard on the Skyhigh website.
Image credit: Alexander Kirch/Shutterstock
When it comes to invoicing and accounting packages for smaller enterprises QuickBooks is one of the first names that comes to mind
Now analytics specialist InsightSquared has launched a SaaS package for QuickBooks that lets users have immediate access to financial dashboards and reports, in addition to sales & marketing data.
Like the company's existing product for Salesforce it's aimed at making small and medium businesses more competitive. It offers ease of use, access from anywhere and a unified view for data drawn from multiple sources. This means that decision makers no longer have to wait for the accounts department to create reports or export data to spreadsheets.
By providing real-time insights into business data via charts and supporting data tables the product gives users the ability to drill down and get the story behind the numbers. Reports can forecast cash flow, identify customers who are at risk of churn, see which customers are least likely to pay before the month’s end and more.
Fred Shilmover, CEO of InsightSquared says, "Our new QuickBooks product is an innovation that gives a competitive advantage to data-driven business users. We've empowered small and mid-size businesses to make the right decisions in ways never before thought possible".
InsightSquared can be deployed in under a day without any integration costs and comes pre-loaded with popular reports so it can be productive from the start. You can find out more on the InsightSquared website.
Effective financial planning and budgeting is essential for all businesses, but the software needed to support it can be expensive.
ERP specialist Oracle has released its Oracle Planning and Budgeting Cloud Service to help businesses harness the power of integrated financial planning cost effectively and fast.
Part of the company's Enterprise Cloud Portfolio, Oracle Planning and Budgeting Cloud Service is a robust application that allows businesses to adopt a world-class solution with no need for infrastructure investment.
The product builds on the functionality of Oracle Hyperion Planning, including agile forecasting, predictive planning, rich scenario analysis and interactive dashboards. Cloud specific improvements include, pre-built starter kits, creation wizards and best-practice guides to allow faster deployments. There's Microsoft Office integration too so users can perform planning, reporting and analysis via the Web interface or in Microsoft Excel, reducing the need for training.
Administration and maintenance is easier too with automated scaling based on demand, run-time diagnostics built in and scheduled maintenance with managed software updates.
"Since we previewed Oracle Planning and Budget Cloud Service to customers and partners last year, we've seen a tremendous interest in adopting cloud-based solutions to streamline budgeting and improve forecasting," says Hari Sankar, vice president of product management at Oracle. "Today’s general availability reflects our commitment to helping organizations of all sizes harness world-class enterprise performance management in the delivery model of their choice".
For more information and to sign up for the service you can visit the Oracle website.
Image Credit: ra2studio / Shutterstock
As businesses move their data to the cloud they can often be caught out by the need to comply with audit and usage reporting requirements.
Cloud security specialist Elastica has a solution to this with its new CloudSOC product which helps companies and employees use the cloud whilst remaining secure and compliant.
Delivered as an easy-to-use cloud-based service, CloudSOC provides security for cloud applications and services in one place. It analyzes data from multiple sources, including real time traffic, APIs, firewalls and end-user devices. Using Elastica's StreamIQ technology it then applies the power of machine learning to secure a broad range of cloud applications and services.
"Cloud and mobile has brought the promise of a truly elastic enterprise. Such an enterprise empowers employees to collaborate from anywhere using any device, enables efficient consumption of business resources as needed, and improves overall business agility. Elastica eliminates the security hurdle to enable a safe and secure elastic enterprise," says Rehan Jalil, President and CEO of Elastica.
CloudSOC supports four apps. Audit provides insights and analytics for cloud-based services along with Business-Readiness Scores for thousands of cloud services based on more than 50 risk attributes. Detect highlights threats, assigning a ThreatScore in real time that can be used to trigger polices to issue an alert or block an action.
The Protect app enforces polices on cloud access in real time and can automatically enforce global policies across several cloud services at the same time. Finally the Investigate app allows post-incident investigations and forensic analysis across cloud applications and historical data. With powerful visualization and extensive filtering it can supply fast results even for complex queries.
Elastica's CloudSOC is available now and is priced on a per subscriber/per month basis. You can find out more and sign up for a trial on the Elastica website.
Image Credit: Maksim Kabakou/Shutterstock
According to data from market intelligence specialist IDC worldwide shipments of personal and entry level storage (PELS) grew by 13.6 percent in 2013.
By the end of the year 75.2 million units had been shipped. Shipment values were up too, growing 6.2 percent over the year to reach $6.7 billion.
"The personal and entry-level storage market finished 2013 strong even with the difficult comparison with a strong second half from a year ago", says Liz Conner, research manager, Storage Systems at IDC. "In 2012, the fourth quarter showed exceptionally strong growth as the PELS market was in full recovery mode after the Thailand floods, which led to hard disk drive (HDD) shortages. Despite the resulting slight decline in 4Q13, the PELS market was able post year-over-year growth for all of 2013. This continued annual growth is driven by on-going consumer education, better marketing by vendors, and progressing product evolution to address items such as higher capacity, faster transfer speeds, and mobile device integration".
Most of the entry level growth has come from four-bay storage which provides a popular starting point for buyers. Demand for devices with more bays remained flat whilst shipments of two-bay units declined by 32.2 percent year-on-year. In the personal storage market single bay units dominate, accounting for 98.8 percent of units shipped.
The report also points out a shift away from 3.5-inch discs in favour of more portable 2.5-inch units. The 3.5-inch form factor saw an 18.8 percent decline in units shipped over 2012.
USB remains the most popular personal storage interface though the entry level business market prefers Ethernet. The newer Thunderbolt interface saw shipment growth of over 280 percent but started from a low base.
Demand for more capacity continues to grow too. In the 2.5-inch personal storage market 1TB devices took 58.2 percent of market share. In the entry level market 4TB devices proved most popular accounting for 28.2 percent of devices shipped.
You can find more about IDC’s Worldwide Personal and Entry Level Storage Tracker on the company's website.
Image Credit: cagi / Shutterstock
Many companies are keen to exploit the potential of big data but are wary of the potential costs involved in doing so.
To help businesses get maximum value from their big data investments Intel is launching the Intel Data Platform, a software suite based on open source technologies.
The Intel Data Platform offers an open environment for importing, managing and analysing big data. It builds on the existing Intel Distribution for Apache Hadoop and in addition a new Intel Data Platform: Analytics Toolkit creates graphical analytics and predictive modeling to help businesses uncover valuable insights from hidden relationships within their data.
"As big data shifts from hype to reality, Intel is helping to break down the barriers to adoption by easing complexity and creating more value," says Boyd Davis, vice president and general manager of Intel's Datacenter Software Division. "Much like an operating system for big data processing, the Intel Data Platform supports a wide variety of applications while providing improved security, reliability and peace of mind to customers using open source software."
Using fully integrated frameworks to process data in real time, businesses like retailers can use the Intel Data Platform to analyze information from social media, purchase history and inventory to, for example, measure the effectiveness of promotions. Business to business companies can look up data tailored to specific customers in order to tailor recommendations for products and services.
The platform will be available in the second quarter of this year in two versions. The Enterprise Edition will offer full platform capabilities as a free software product to customers who can support their own deployment. The Premium Edition will be available for purchase on an annual subscription basis and will provide additional technical features including enhanced automation, proactive security fixes and alerts, ongoing feature enhancements, and live telephone technical support.
Image Credit: Jojje / Shutterstock
The spread of BYOD means that employees increasingly expect a seamless experience, accessing content on the device of their choice.
With the launch of its new HP Access Catalog, HP lets enterprises create a secure app store so employees can instantly download applications and digital content across both mobile and desktop devices.
The software as a service catalog supports the Android and iOS platforms and is delivered by both native mobile clients and a web interface. By using open-standard technologies it offers a secure, cross-platform solution. HP Access Catalog gives companies increased productivity by simplifying the delivery and management of mobile applications and allowing employees a self-service experience.
"As organizations embrace mobility, they need a simple, secure and reliable mechanism to manage the delivery of apps to their employees", says Dragan Milanovich, vice president, Web Services, Software at HP. "The HP Access Catalog provides enterprises with a robust, flexible and easy-to-use solution, making it easier for users to be productive on their device of choice".
The catalog has a native identity management system or can be seamlessly integrated with existing enterprise identity systems so admins can ensure users get the right software for their role. It also allows IT departments to push updates to users and so make certain they have the latest apps and data, improving their productiveness without harming security.
HP Access Catalog will be available from HP and its channel partners in March, as a standalone product or as part of the HP Anywhere enterprise mobility platform. Pricing will be on a simple, per-user annual subscription model.
Image Credit: Sergey Nivens / Shutterstock
Elasticsearch, the big data search and analytics specialist, has launched its first major product release.
Elasticsearch 1.0 is built on the company's experience of helping businesses deploy Elasticsearch as part of the ELK stack, used by many major organizations including Netflix, Soundcloud and Facebook.
Enhancements in 1.0 include a federated analytics feature that can analyze data from several different clusters, along with more robust tools that allow you to combine queries and put together more complex analyses. A Distributed Percolator feature lets you know when data you're interested in gets added to the system, and simplified snapshot and restore processes let you take incremental snapshots of your information and only restore data that's changed.
"Organizations have been using Elasticsearch and the ELK stack at scale, pushing the boundaries of what we even thought possible. Elasticsearch 1.0 is the accumulation of everything we've learned as we've helped countless businesses deploy the Elasticsearch ELK stack", says Shay Banon, founder of Elasticsearch. "Business leaders want actionable insights, but they also want a solution that will have the scale, stability and robust features to grow as their business grows. That is what we are delivering with 1.0".
This launch comes shortly after last month's release of Marvel, the company's first commercial product that helps administrators monitor Elasticsearch deployments in real time.
Elasticsearch 1.0 is available now on elasticsearch.org and from GitHub under an open source license.
Image Credit: Maksim Kabakou/Shutterstock
Social intranet cloud site Bitrix24 is two years old and has over 100,000 company sign-ups. To celebrate it is giving BetaNews readers the chance to claim a free account with 15 GB of online document storage -- standard free accounts only get 5GB.
Here is how to claim yours.
You have to go to the Bitrix24.com website and enter your email address. You will then be emailed a confirmation code and link to a registration form. Down in the lower right corner of the registration form, next to the "Create" button, you will see "I have promo code", click it and enter "BETANEWS", and, after refreshing your browser, you will see the available storage jump from 5 to 15 GB.
If you've been thinking of giving Bitrix24 a try there is no better time to do it.
CRM has been around for a long time, but don't be tempted to think that it's on the way out. Companies are seeing CRM technology as a major part of their digital initiatives in order to improve customer experience.
This is the finding of the latest Gartner market trends report which says that demand for improved customer relationships is driving the expanded integration and use of CRM technology.
"CRM will be at the heart of digital initiatives in coming years. This is one technology area that will definitely get funding as digital business is crucial to remaining competitive", says Joanne Correia, research vice president at Gartner. "Hot areas for CRM investment include mobility, social media and technologies, Web analytics and e-commerce."
Although Gartner expects CRM market growth to be modest in 2014, following three years of strong investment, revenue from CRM software is expected to reach $23.9 billion this year with the cloud accounting for almost half of that.
Whilst e-commerce is at the top of most companies' lists when looking to improve customer service, Gartner's report identifies five main drivers of CRM investment. These include the need to monitor and respond to social media and use it as a channel for business intelligence. The mobile market is also key with connections to the Internet from smartphones expected to overtake those from PCs by the end of 2014.
The cloud is still important despite having been around for more than a decade. Gartner sees the move to the cloud slowing though as, "...the low-hanging fruit for cloud adoption has already been picked". Big data has led to an explosion in the amount of customer information available to businesses and has driven increasing sophistication in CRM models to analyze and predict customer behavior.
The fifth driver is the growing shift towards an "internet of things." As the price of embedded sensors falls, many industries will be transformed by the information gathered and CRM is likely to be at the forefront of exploiting the data produced.
"These drivers are spurring a critical need for more traditional operational CRM as CRM continues to top software investment priorities. This further validates businesses' focus on enhancing customer experience and consistent investment in CRM software, especially in CSS, marketing and sales software", says Ms. Correia.
The full report is available from Gartner's website and Gartner analysts will be discussing CRM trends at summits in Orlando and London later this year.
Photo Credit: Mikko Lemola / Shutterstock
Threats to Mac OS X, Linux and Android systems have increased over the past year as the malware landscape has evolved.
This is among the findings of Russian antivirus company Doctor Web which has released its annual overview of threats. Other trends include an increase in the number of programs designed to display annoying ads and a surge in the number of Bitcoin and Litecoin mining trojans.
Using statistics compiled from Dr.Web CureIt! the company finds that trojans were the most common threat of the year. Amongst these the top of the table was Trojan.Hosts.6815 which modifies the hosts file to redirect the user's browser to infected web pages.
Doctor Web also monitored the activity of several botnets. Although one of these almost ceased to exist in 2013 others are still operating and their numbers are growing. In particular it highlights the Win32.Rmnet.12 botnet, which from May was gaining around 25,000 machines per day. The report also notes that the Backdoor.Flashback.39 trojan, which exploits Mac OS X systems, although declining still had a botnet of almost 29,000 infected Macs by the end of December.
As you might have gathered from our story yesterday on CryptoLocker, the big trend of 2013 is the growth in ransomware trojan encoders that encrypt files and demand a payment for their release. The report says, "During the year, the Dr.Web virus databases were supplemented by definitions for more than 200 new modifications of encoders, and the geography of these threats expanded considerably. And, the technologies used by the attackers evolved, too: above all, more sophisticated encryption was employed, making it virtually impossible to restore data affected by the actions of some Trojan.Encoder modifications."
It seems criminals have improved their victim profiling too. Malicious files were attached to forms that job applicants had to fill out to apply for an accountant post and sent out to companies offering such jobs. This increased the chances of encrypting vital accounts forms thus raising the probability that the ransom would be paid.
Advertising and mining trojans showed increased numbers of detections too and again Mac users don't escape, with the development of Trojan.Yontoo.1 which downloads and installs advertising plug-ins for the Mac versions of Safari, Chrome and Firefox. Trojans seeking to mine Bitcoin and Litecoin also showed an increase in the second half of the year with average daily income for the criminals estimate at close to $1.5 million.
Linux and Android
Linux users normally feel pretty smug about their vulnerability to malware but Doctor Web has noted a number of new threats to the open source operating system. Most notable is the Hand of Thief trojan which can operate on various distros including Ubuntu, Fedora and Debian, it also supports eight desktop environments such as GNOME and KDE. This sophisticated malware features anti-detection technologies and routines for its covert startup, does not require administrator privileges, and uses strong 256-bit encryption for communicating with the control panel. Once installed it adds a special grabber to browsers that intercepts HTTP and HTTPS sessions and transmits data entered by users in web forms.
Other programs targeted at Linux are aimed at compromising servers, by sending logins and passwords to a remote system, and organizing DDoS attacks.
There's been a further increase in Android threats too with the Dr.Web virus database receiving 1,547 new entries corresponding to malignant, unwanted and potentially dangerous programs in 2013. This means that since the first malicious Android programs were detected in 2010 their number has increased almost 94 times.
Most common Android threats are still those that seek to extract cash through premium rate SMS services. Other familiar threats are spreading to Android too though, including trojans looking to steal personal data and fake anti-malware tools. In September 2013 Doctor Web's researchers uncovered the largest known botnet of mobile devices.
The report concludes that we're likely to see further increases in encoder trojans thanks to the availability of malware construction kits. It also predicts further increases in mining as the popularity of Bitcoin-like systems grows.
If you'd like to scare yourself some more you can read the full findings on the Doctor Web site.
Photo Credit: Balefire / Shutterstock
Big data is something that many companies are keen to exploit, but implementing big data solutions involves a number of hurdles.
Open Data Services specialist GoGrid is aiming to make the move to big data easier with its launch of 1-Button Deploy technology.
"Enterprises are eager to evaluate and implement the latest Big Data solutions, but until now, they haven’t had the resources to do so quickly and easily," says GoGrid CEO John Keagy. "GoGrid’s new 1-Button Deploy solution, combined with our Open Data Services platform, offers companies immediate access to the most advanced technologies on the largest server selection tailor-made for Big Data. Essentially, we give developers the keys to the Lamborghini, letting them drive best-of-breed Big Data solutions with the push of a button".
Powered by the Ansible development platform, 1-Button Deploy allows the deployment of a big data cluster across GoGrid's virtual servers. It offers automated deployment of a number of popular big data technologies including MongoDB, Riak and Cassandra, with Hortonworks 1-Button Deploy of Hadoop scheduled to go live in March. All of which means companies save on development time and costs whilst getting applications live faster.
"Our technology lets organizations launch the latest solutions with the push of a button, dramatically reducing deployment time and opening up a world of Big Data options to businesses that may not have the in-house expertise or resources to take advantage of them otherwise," says Ansible CEO Said Ziouani. "We’re delighted that GoGrid is supporting the continued development of our orchestration technology, and we’re excited to work together to advance the Open Data Services movement".
By making it easy for companies to explore a selection of big data solutions on its purpose-built infrastructure, GoGrid is helping businesses to quickly adopt the right technology -- or a combination of technologies -- for their big data applications. You can find out more on the GoGrid website.
Photo Credit: T.L. Furrer / Shutterstock
We looked at the launch of the Point.io backend as a service (BaaS) platform last year and explained how it could help companies retain control of their data in the era of BYOD.
The company is now making it easier to enable fast, secure data links with the launch of APIdoc, a single point of access for all file sharing and storage technologies.
APIdoc supports most popular cloud storage platforms including Dropbox, Google Drive, Microsoft OneDrive, Amazon S3, Salesforce.com and more. It also comes with an SDK so that custom storage connectors can be developed quickly for other systems.
Because it has pre-built standard API functions for common file and data handling tasks it speeds up deployment. And since it provides a single communications platform it also cuts development and maintenance costs by removing the complexity of backend storage allowing developers to concentrate on processes and interfaces.
APIdoc includes a full suite of metadata so it can provide reports to meet audit and compliance needs across platforms.
"APIdoc is the most comprehensive, easy-to-use utility to connect a company’s data sources in the market today," says Tim Panagos, CTO of Point.io. "The complexities of integrating structured data from databases or production systems and unstructured data like documents and spreadsheets can be overwhelming and expensive. APIdoc isolates all of that complexity from user applications and lets developers focus on true value-add rather than tedious internal plumbing".
You can find more information on APIdoc on the Point.io website.
Photo Credit: klRr / Shutterstock
Missed appointments cost health services and other businesses a significant amount of money, estimated at millions of dollars each year. Los Angeles-based marketing firm Screenpush is aiming to change that with the launch of Notifly.
Notifly works by sending out text message reminders in the run up to an appointment, prompting patients or customers to either confirm or cancel. On the business side of things a color-coded interface makes it easy to track each day's appointments and work around changes.
It's estimated that by using Notifly businesses can cut missed appointments by as much as 65 percent. "The technology behind Notifly is advanced, but the logic is simple," says CEO Josh Otten. "Save money, improve efficiency. The Notifly service is affordable and pays for itself almost immediately. And the results will improve everything about how a business functions. The idea came out of a very real problem facing many businesses and health organizations in particular. And the product offers a smooth and effective solution at a low cost".
By using standard SMS text messages the service works with almost all cell phones and keeps costs low. Notifly costs users as little as two to four cents per reminder whereas some existing competitors can cost as much as 50 cents.
Customers can reply with a simple Y or N response and Notifly's system automatically tracks these on a calendar. This cuts out the need for overbooking and gives more time to make adjustments and re-book vacant slots.
Otten concludes, "Not only does Notifly save businesses money, but it also improves their operating efficiency, making things easier for employees and more streamlined for the clients themselves".
You can find out more about how the system works on the Notifly website.
Photo Credit: Franck Boston / Shutterstock
With the Winter Olympics about to start there have been a number of stories pointing out the security risks of people using their mobile devices in Sochi.
Writing in a blog post, Paul Proctor, vice president and analyst at Gartner says it's important to remember that you're not really safe anywhere and it's your behavior that's the key factor in your security.
In particular he highlights a recent NBC News story which carried out an experiment in Sochi and which says, "Visitors to Russia can expect to get hacked," as being misleading.
Proctor says, "...everything they describe in the story is as equally true at your local Starbucks as it is in Sochi. Therein they miss the opportunity to present a more accurate picture of global security, as opposed to the 'evil Russians'".
He points out that none of the threats covered in the story require the hackers to actually be in Russia. The threats were not location dependent and NBC waited until the end of the story to point out that you shouldn't click on links you don't recognize from people you don't know.
The NBC story is a missed opportunity to point out that cyber security is a matter for everyday life, and Proctor encourages the news team to repeat their experiment in a Manhattan coffee shop.
Photo Credit: vidguten / Shutterstock
Mobile development specialist raw engineering saw its built.io backend as a service product come out of beta in November.
It's now announced a partnership with front end developer tool Xamarin to give users a complete development solution whilst making point.io’s functions available to existing Xamarin clients.
"Enterprises typically have two choices for mobile development: established but cumbersome legacy platforms, or fast-to-launch but untried players that aren't built for enterprise needs," says raw engineering CEO Neha Sampat. "Our partnership with Xamarin allows enterprises to get the best of both worlds: rapid mobile innovation on a platform that's proven in the enterprise".
The demands of BYOD mean that businesses are under more pressure to create mobile apps. Gartner predicts that by 2016, 70 percent of the mobile workforce will have a smartphone, half of which will be purchased by the employee, and that 90 percent of enterprises will have two or more mobile platforms to support.
Whilst built.io takes care of the background databases, servers, notification, scaling, analytics and so on, Xamarin looks after the client side. It enables developers to build native apps for Android, iOS, Mac and Windows from a single code base, cutting development time and ensuring consistent operation.
Jo Ann Buckner, VP of Product Marketing at Xamarin says, "Companies today are looking for scalable ways to mobilize their business practices and customer interactions onto multiple platforms. Our collaboration with built.io will accelerate mobile app development for our community, while ensuring mobile apps have a solid and secure backend".
Visit the built.io website for more information.
Many businesses are still unsure of the benefits of allowing BYOD despite the fact that it's reckoned 59 percent of people using BYOD get more work done on their own device. So what are the main factors involved?
BYOD implementation expert Moka5 has put together an infographic showing the top three drivers and barriers to companies investing in the technology.
The drivers are that BYOD is better for the workforce, particularly where access is needed for a diverse range of people including remote workers, contractors and outsourcers. It can also lead to significant savings on both capital and operational expenditure. Finally it results in a happier and more productive workforce who can work where they want and on the machines they want to use.
On the other side of the coin there are fears of confidential data being accessed on untrusted devices. Separating work from play can be harder if the same device is used for business and for personal use. Finally technical support becomes more complex as the IT department needs to cope with a wide range of different devices.
You can view the full infographic below (click to enlarge).
Photo credit: Ivelin Radkov/Shutterstock
A survey of more than 750 security decision makers and practitioners in North America and Europe finds that more than 60 percent have suffered some form of security breach in 2013.
In its first Cyberthreat Defense Report the Cyber Edge Group aims to provide an all-round view of organizations’ security threats, response plans, processes, and investments.
The report provides some insights into the challenges facing IT security professionals. Key findings include that mobile devices are seen as being more vulnerable to threats. Little surprise then that 31 percent of organizations already have BYOD policies in place and 77 percent expect to have them by 2016.
Levels of security investment are a concern too. 89 percent of respondents say that security budgets are rising or holding steady, one in four doubts that they have adequate investment in cyber threat defense.
Looking at threats by category, malware and phishing are of most concern whilst denial of service attacks are lowest on the list. Low security awareness amongst employees is widely cited as a factor affecting companies’ ability to defend against threats.
Despite the awareness of threats only 48 percent of respondents said their organizations carried out full vulnerability scans more than once a quarter with 21 percent only doing them annually. There is some confidence though, despite 60 percent admitting to being the victim of a cyber attack in 2013, only 40 percent expect to be caught out again this year.
"For years, Verizon has done a tremendous job assessing the current state of the cyberthreat landscape. But aside from a few vendor-leaning reports, no independent research firm has conducted a formal study to adequately assess the perceptions of IT security practitioners and the security posture of their employer’s networks. That ends today with the launch of our inaugural Cyberthreat Defense Report," says Steve Piper, CEO of CyberEdge Group, LLC. "As security professionals, it’s not only important to know what threats are coming at us, but what our peers are doing about them. This report provides this level of insight in a purely unbiased way."
You can get the full report, which is sponsored by leading IT security vendors, free at http://www.cyber-edge.com/2014-CDR/
Photo Credit: Sergey Nivens / Shutterstock
There are lots of project management tools available, but when enterprise software specialist SAP launches one you expect it to be something pretty impressive.
Building on the capabilities of the existing SAP Business Suite which covers ERP, CRM and other core functions, SAP Commercial Project Management brings project-related front- and back-end information into one integrated system. Once there it makes it available to project managers, administrators and executives as well as aiding collaboration with sub-contractors and customers.
SAP says that the new product allows end-to-end management of the whole project value chain, improving profitability and increasing employee productivity. It helps users to create effective bids by leveraging information from past projects and conforming to best practices.
"While a high percentage of project profitability is determined at the bid stage, around half of all projects are not delivered to plan -- in fact, on average 20 percent of project value is at risk," says Chakib Bouhdary, executive vice president, Global Industry Solutions and Customer Value at SAP. "SAP Commercial Project Management enables professional services, engineering, construction and operations and other project-based industries to reinvent the way they sell and deliver their services by offering full transparency throughout the project life cycle while helping ensure project profitability".
SAP Commercial Project Management is made up of three parts, project workspace, project cost and revenue planning, and project issue and change management. Running on the SAP HANA real-time, in-memory data platform, the software is mobile-enabled and can be used by companies selling and delivering projects to customers as well as those running projects internally. Additional mobile apps will also be available from SAP partners like Mindtree to provide key information to managers.
Photo Credit: SAP AG
With the rise in popularity of cloud services it's easy to forget about the impact on other models of IT delivery.
A new survey from network and business continuity specialist Talari Networks looks at the current state of WANs. Carried out in late 2013, the survey identifies the role of the WAN in supporting applications, achieving business goals, shifts in the use of WAN services and changes in WAN budgets.
The results reveal that the most important factors set to impact WANs in the coming year are improving application performance, cited by 42 percent of respondents and providing better real-time application support (32.4 percent). Yet 67.7 percent of IT organizations currently don’t prioritize applications or only do so in a static way.
"The survey results indicate the importance of the WAN to business success. For example, the survey results indicated that enterprise applications, such as CRM, are the leading drivers of increased MPLS traffic and one of the top drivers of the increase in Internet traffic. The survey results also indicated that on average there are 14 WAN-related incidents a year that negatively impact one or more of a company’s business-critical applications," says Jim Metzler, VP of Ashton, Metzler & Associates the analyst firm which carried out the research.
When asked to look at the implications of their business-critical applications not performing well, most respondents indicated pressure from the boss or business unit managers, tarnished reputation of the IT department and revenue loss. 86.5 percent say their WAN negatively impacts critical applications either occasionally or frequently.
"There's no doubt that the WAN plays an increasingly important role to a company's ability to function as business-critical, real-time applications, such as voice and video, public cloud apps and services and the use of mobile devices in the workplace continue to grow," says Talari's President & CEO Emerick Woods.
Other interesting findings include that prioritizing business-critical applications is seen as equally important as improving security. More than half of IT organizations use the internet to carry between one and 40 percent of their traffic and that use is set to grow. The applications driving this increased internet use are public cloud services (35.7 percent) and support for mobile users (22.7 percent). The outlook is generally positive with WAN budgets seen as being three times more likely to increase as they are to decrease.
The full report is available in PDF format on the Talari website.
Photo Credit: Maxx-Studio / Shutterstock
Cyber threats and in particular DDoS attacks are a major problem for both service providers and customers and have grown in both frequency and sophistication.
Corero Network Security a leader in enterprise security systems has launched a new product to help service providers fend off these threats.
Corero SmartWall Threat Defense System (TDS) aims to offer a first line of defense that's always on and provides visible threat protection to customers. It's a purpose-built family of network security appliances that can be configured to meet the needs of service providers.
The SmartWall TDS is rack mounted and comes as a series of appliances that can be used individually or clustered together. The Network Threat Defense unit guards against DDoS attacks using IP address blocking, SYN flood protection, TCP/UDP rate control and Client-Server connection limiting. Application Threat Defense, as the name suggests, protects against application threats with Deep Packet Inspection (DPI) of Layer 7 protocols and payloads in combination with behavioral anomaly detection.
The Network Forensics Appliance supports 10Gbps line rate packet capture to enable network forensics of security incidents. Finally the Network Bypass Appliance helps avoid downtime using intelligent zero power network bypass technology in the event of power or equipment failure, or during routine maintenance and configuration upgrades.
"We are excited to introduce this new portfolio of First Line of Defense solutions for service providers," says Ashley Stephenson, CEO of Corero Network Security. "Building upon our years of experience supporting enterprise customers with on-premises DDoS protection, we have now enabled service providers to similarly assist their customers in the escalating battle against cyber threats. With the addition of the SmartWall TDS, Corero is well positioned to keep pace with the evolution of the DDoS defense market and customer demands for improved levels of cybersecurity protection, both on-premises and in the cloud".
The technology will be demonstrated on Corero's stand at RSA 2014 in San Francisco. SmartWall TDS solutions will be available for trials shortly and for full deployments by the second quarter of 2014.
Technology giant HP has released its Cyber Risk Report 2013 which highlights the top enterprise vulnerabilities.
The report also offers an analysis of the current threat landscape, pointing out increased reliance on mobile devices, the spread of insecure software and the growing use of Java as adding to a growing "attack surface".
On a positive note the total number of disclosed vulnerabilities is down six percent over the previous 12 months and the number of high-severity vulnerabilities is down for the fourth consecutive year.
It's not all good news though, other key findings include the fact that 80 percent of applications reviewed contain vulnerabilities outside their source code. Plus 74 percent of applications had unnecessary permissions. This shows that even good applications can be vulnerable if wrongly configured.
Of the mobile applications studied 56 percent use encryption improperly. The research shows that mobile developers often fail to use encryption when storing sensitive data, rely on weak algorithms to do so, or misuse stronger encryption capabilities, rendering them ineffective.
It also finds that inconsistent malware definitions complicate risk analysis. HP examined more than half a million Android apps and found major discrepancies in how antivirus engines and platform vendors classified malware.
Sandbox bypass vulnerabilities were most common for Java users. Attackers have stepped up their Java attacks by exploiting multiple known and zero day vulnerabilities in combined attacks to compromise specific targets.
HP’s Zero Day Initiative, aimed at rewarding responsible researchers for disclosing vulnerabilities, uncovered more vulnerabilities with Internet Explorer than any other software. However, the report notes that this is a result of market forces focusing researchers on Microsoft vulnerabilities and doesn’t reflect on the overall security of Internet Explorer.
"Adversaries today are more adept than ever and are collaborating more effectively to take advantage of vulnerabilities across an ever-expanding attack surface," says Jacob West, chief technology officer, Enterprise Security Products at HP. "The industry must band together to proactively share security intelligence and tactics in order to disrupt malicious activities driven by the growing underground marketplace".
The report recommends that businesses must stay in touch with the latest security risks, particularly for mobile devices, and that robust security procedures must be put in place to protect data and privacy. This includes eliminating opportunities for unintentionally revealing information that may be useful to hackers.
While it's impossible to eliminate all attacks without sacrificing functionality, HP says that a combination of the right people, processes and technology does allow organizations to effectively minimize vulnerabilities and dramatically reduce overall risk. Collaboration and sharing of intelligence among the security industry also helps to strengthen protection and create a safe environment.
The full report and recommendations are available to download from the HP website.
Photo Credit: watcharakun / Shutterstock
If you've ever fancied becoming a gadget reviewer, then mobile provider EE along with tech website Gizmodo UK is offering you the chance.
Over three months of the Testmodo challenge three people will get to try out the superfast 4GEE service on one of the latest and smartest 4G handsets.
The winners will be sent a new smartphone each month and will carry out a series of challenges, writing a short review for the Gizmodo UK site every two weeks. The best bit though is that they get to keep the handsets they test at the end!
So, perhaps you want the bragging rights of showing off a new handset each month. Maybe you're curious about whether 4G lives up to the hype or possibly you've always wanted to get a foot in the door of tech journalism. Whatever your motivation this is your opportunity.
By now you’ll be on the edge of your seat wondering how to take part, so here are the details. First you need to be in the UK -- sorry rest of the world. Go to the EE coverage checker and find out if you’re among the 70 percent of the population that has 4G coverage. If you are then email your entry to giztestmodo@gmail.com. This needs to include your name and address plus a couple of lines explaining why you think it should be you and ideally your Twitter handle and blog link too. The competition closes at the end of Monday February 3rd so don’t hang around. Full details and T&Cs are available here.
Good luck to the entrants and let us know how you get on!
As long ago as 2003 Microsoft research found that having a second monitor made people up to 50 percent more productive.
However, having two screens is fine for those of us tied to a desk but isn’t exactly practical for people on the move.
The Able-HD Plus monitor is aiming to change that and allow you to take a second screen with you wherever you go. Available in 15 and 17-inch versions, both with full 1080p resolution, the 17-inch model is lighter than an iPad and less than one-third the thickness of a standard HD monitor, making it easy to slip into a laptop bag or briefcase.
It has a multi-port, detachable adapter board which also acts as a stand and is compatible with laptops, smartphones, Xbox games consoles and other devices, and comes with audio in/out, HDMI, VGA, and DVI connections. A synthetic polymer casing and rubber edging prevents damage to both the monitor and adapter, while a thermoplastic acrylic screen gives the strongest, clearest resolution without sacrificing the monitor's streamlined design or loading it with extra weight.
"The Able-HD Plus is going to open up a whole new world of possibilities for productivity and enjoyment, both for people who already like working with multi-screen systems and people who have never considered it before," says Nell Harton, Founder and CEO of the Able-HD startup. "Everyone carries their computers with them in one form or another. Now they can carry their screens, too".
The original project was financed on Kickstarter. Now the team behind Able-HD is headed back to the site in order to raise funds to address issues -- particularly fragility -- identified in the first design.
"We knew we had to make the system stronger," says Harton, "but we took the opportunity to rethink the entire system design, and wound up making some changes that are both innovative and highly functional".
To find out more, pledge to the campaign or reserve a screen at an "early bird" price for its summer 2014 release visit the Able-HD website.
We've looked at the Huddle desktop collaboration tool, which offers a blend of productivity and social networking, in the past here at BetaNews. The company is now launching another phase of its Connected Desktop with a plug-in for Microsoft Office.
By linking the power of Office tools with Huddle's cloud collaboration service the company aims to make workers more productive. Files can be saved into Huddle's secure cloud directly from Office applications but more importantly each document has a comment stream alongside it, allowing users to provide feedback on changes and reply to co-workers in context, all without leaving Office.
"People’s devices -- PCs, laptops, desktops and tablets -- are now simply a doorway to their world of work as the cloud gives them access to their files, colleagues' feedback and all the information they need," explains Alastair Mitchell, CEO of Huddle. "Skipping between the applications on your desktop and cloud service to share information and discuss files with people is time-consuming and disrupts your workflow. With Huddle for Office, you can continue working in the desktop tools you’re used to, but all of your feedback, files and updates are stored and shared in Huddle's secure cloud. Connecting with the people you need to and working together on your content has never been easier".
With the plug-in installed Huddle functions can be accessed via a toolbar within Office. There’s also the ability to track all comments and changes for compliance and auditing purposes. Documents are saved to a secure workspace ensuring that only authorized team members can access them. They can also be read and commented on via Huddle's tablet and smartphone apps.
Huddle for Office integration is available now, visit the company's website for more information.
Canada's leading cloud service provider, iWeb, is launching a Microsoft Private Cloud hosting service.
Aimed at giving businesses more control and flexibility over their IT infrastructure, it allows virtual servers to be deployed quickly without the expense and complexity of in-house data centers.
Microsoft Private Cloud can be deployed entirely from iWeb's data centers but managed by a business’s own IT team. Alternatively it can be used in hybrid configurations with in-house systems or public clouds.
This has a number of advantages, allowing users to extend their in-house data center or move specific workloads across to a hosted environment. It does away with concerns about space and costs and reduces the need for capital expenditure as well as offering flexibility for future growth. An additional advantage -- non-Canadian readers can look away now -- is that it addresses data sovereignty issues as it's hosted on Canadian soil.
"With businesses turning to the cloud more so than ever before, the Microsoft Private Cloud from iWeb provides the best of both worlds with cloud scalability on dedicated private infrastructure," says Christian Primeau, President and COO of iWeb. "Our team provides rapid deployment, state-of-the-art data centers and network infrastructure, all supported by top-notch professional services, freeing up customers to focus on their core business".
Microsoft Private Cloud from iWeb is available now. For more information and pricing visit the company’s website.
Photo Credit: Marynchenko Oleksandr / Shutterstock
PC and server specialist Dell is launching a new mobile cloud access device that delivers a full HD user experience on any HDMI or MHL enabled display.
The company claims that Dell Wyse Cloud Connect is a completely new end-user device category, bridging thin clients and mobile devices to promote BYOD.
Looking like a chunky USB stick, the device can be connected to any MHL or HDMI port on a TV or monitor. Linked to a Bluetooth keyboard and mouse it then gives you an instant, secure window into the cloud. Small enough to put into a pocket or bag it’s ideal for traveling to business presentations and meetings.
No batteries are needed as the device is powered by the MHL port or through a USB connection. It runs Android to allow web browsing and media playback via an integrated dual band Wi-Fi connection.
It's managed through the Dell Wyse Cloud Client Manager software-as-a-service (SaaS). This means IT managers can ensure that each Cloud Connect device is used by the appropriate person with the right permissions and access to apps and content is granted based on their role, department and location.
As well as the obvious application in presentations, Dell suggests that the quick and secure access provided by Wyse Cloud Connect can be used as a low-cost virtual desktop for education, providing access in classrooms, libraries and labs. Other suggested uses include digital signage, kiosks and personal cloud access to online entertainment and gaming.
"Small, smart and secure; Cloud Connect is a disruptive device," says Steve Lalla, vice president and general manager for Dell Cloud Client-Computing. "We unlock new options for our customers to access their data and applications by combining mobility, manageability and security with a powerful user experience at an affordable price-point".
Cloud Connect is available now priced at $129 per unit.
The popular open source analytics platform Elasticsearch aims to help businesses unlock the power of big data.
The company is launching two new products, Elasticsearch ELK which brings together three open source products to create an end-to-end analytics solution, and its first commercial product Marvel, a real-time management and monitoring solution.
Elasticsearch ELK is made up of Elasticsearch, Logstash and Kibana -- three world-class open source projects developed by the company's own engineers. Combined together these products create a full analytic solution, allowing companies to process their data with Elasticsearch, visualize the results using Kibana and manage events and logs with Logstash.
"With the Elasticsearch ELK stack we have brought together three of the most popular open source products and have created an end-to-end solution," says Elasticsearch founder Shay Banon. "Now businesses can get actionable insights instantly without struggling to stitch together solutions from many different vendors. Behind the scenes, it's incredibly complex, but we’ve done the work to make it simple for our users".
Marvel, the company's first commercial product, picks up and visualizes operating data from Elasticsearch’s APIs. It allows administrators to see their systems in action, make instant checks and analyze historical data. Potential issues can be spotted before they become problems and troubleshooting is made quicker and easier.
"Being real-time is critical in the world of customer support," says David Taylor, Senior Operations Engineer at Desk.com, "It is essential that our users' issues are searchable immediately which is why Elasticsearch is such a critical component of our infrastructure. Marvel gives us a way to monitor our Elasticsearch servers in real time so we can stay in control and our users always have a great experience".
Marvel is free during development and production licenses start at $500 a year for five nodes.
Photo Credit: Sergey Nivens / Shutterstock
In spite of the rise of internet advertising, telephone sales is still one of the most successful marketing techniques.
Marketing specialist Outleads is launching two new technologies to give businesses more accurate data about their telesales.
"Dynamic Capture and Segment Precision were designed to address a number of issues in online marketing," says Outleads founder Dorin Rosenshine. "Specifically, how do we provide streamlined call-tracking data that captures the full picture of a given marketing campaign, and how do we convert that information into usable subsets that make sense for businesses and help them be more effective with their customer response".
Dynamic Capture uses a tracking system to attach call data to phone numbers making it easier and cheaper to track advertising campaigns. Rosenshine says, "It works with almost any leads management system, tracks off-site phone calls, sends SMS notifications and can import call data to Google AdWords. It's everything a business needs to measure the success of marketing strategies and launch well-directed call-back campaigns".
Segment Precision uses the data gleaned from Dynamic Capture and filters it into Google Analytics. This lets businesses accurately target specific groups and get better returns from their marketing spend.
"Most people think that, because of how prevalent the internet is, telephone marketing has disappeared," says Rosenshine. "When in reality, telephone advertising is still one of the most valuable methods out there. It's human, for one, direct, measurable and provides immediate data. More importantly, though, it fits with the new methods as well. It's still a big part of the marketing landscape, and what Outleads does is integrate it in a way that is both understandable and translatable into targeted sales and advertisements".
Telephone call centers accounted for around $900 billion in sales in 2012 according to figures from ATA Marketing. But caller and visitor data is crucial to their success. Outleads' technology works with existing dashboards as well as allowing the linking together of call, website visit, email and text message data for a complete picture of customer interaction.
More information and a demonstration of the technology is available on the Outleads website.
Photo Credit: Kimberly Hall / Shutterstock
New analysis by security awareness training company KnowBe4 shows, perhaps not surprisingly, that training helps reduce risky online behavior in the workplace.
Carried out over a 12-month period, the study shows that whilst almost 16 percent of employees were prone to click on phishing links initially, this was reduced to 1.28 percent on average after training.
"It is well known amongst IT managers that the weakest link in security is the end user and we sought out a way to effectively address this," says Stu Sjouwerman (pronounced "shower-man"), KnowBe4 founder and CEO. "Nearly 40 percent of these companies are financial entities who typically are more aware and have tighter restrictions and yet were able to see a huge improvement, showing the program works extremely well".
KnowBe4 has teamed up with security expert Kevin Mitnick to launch a security awareness training course. The web-based interactive training uses case-studies, live demonstration videos and short tests. The training specializes in making sure employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering.
"The threat posed by malware should not be underestimated, particularly considering that employees have consistently proven to be the weak link in companies' Internet security efforts," says Mitnick. "In most cases, their involvement is unintentional -- they unknowingly allow access to corporate networks simply because they don’t know what to watch out for. That’s why our security awareness training is designed to ensure they understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering, and are able to apply this knowledge on the job. This allows organizations to create a 'human firewall' that actively works to prevent network security breaches".
You can find out more about Kevin Mitnick Security Awareness Training 2014 and see a demonstration of it in action on the KnowBe4 website.
Photo Credit: ra2studio / Shutterstock
Introduced in 2012, Google Apps Vault is designed to manage business-critical information and preserve important data.
It helps safeguard information for continuity, compliance and regulatory purposes and is used by thousands of businesses, schools, and governments. Google has now expanded Apps Vault's capabilities by introducing targeted legal holds.
The introduction of partial domain licensing last year meant that it was possible to save messages for a specific user or business unit. This latest update means that whilst it's still possible to preserve a user's complete mailbox you can also target the specific information that needs to be held for legal reasons. These legal holds can be based on any searchable criteria, including sent date, labels, content or search terms.
Writing on the company's Official Enterprise Blog, Deborah Hsieh, Product Manager, Google Apps Vault says, "Targeted legal holds allow Vault customers to preserve fewer emails and focus on the more relevant messages, helping reduce the costs and risks associated with managing and reviewing data".
By only preserving the messages that may be needed for litigation, investigation costs are reduced as relevant material is easier to find. Vault can be added to an existing Apps account from the admin console, or bought in conjunction with Apps, for $5 per user per month.
Photo Credit: Melpomene / Shutterstock
Intel has used the Bett 2014 educational technology show in London to announce reference designs for the next generation of devices aimed at the education sector.
The Intel Education Tablet and Classmate PC feature student-friendly features along with Intel’s Education Software suite of learning tools.
"Education leaders everywhere are passionate about driving student achievement and encouraging lifelong learning," says John Galvin, vice president of the Sales and Marketing Group at Intel and general manager of the World Ahead Program. "At Intel, we believe the right technology can be transformative. That's why we are focused on designing tools that bring learning to life, helping to make students more engaged. The result is a future where people have the skills they need for opportunity and growth".
The Education Tablet runs Android 4.2 and has what are described as "kid-friendly" features such as rubber bumpers on the sides making it easier for small hands to hold, a power button that resists accidental pushes and a stylus with a pen-like grip. Powered by a dual-core Atom processor it has a 10-inch screen along with front and rear cameras. 3G is optional and it's claimed to have a 12-hour battery life. It also features a plug-in thermal probe to help with science experiments and a snap-on magnifying lens.
The Classmate PC also has a 10-inch screen and is based on the Celeron processor. It runs Windows 8.1, but Windows 7 and Linux versions are expected to be introduced later this year. It has an optional touchscreen and features a rotatable camera to promote content creation. Like the tablet it's ruggedized to withstand dropping from 70cm and is water and dust resistant.
HP is the first to produce a commercial product based on the Classmate reference design. The HP Classmate PC is expected to be available later this month in America, Europe, the Middle east and Africa.
Gus Schmedlen, vice president, PPS Education at HP says, "The HP Classmate notebook helps deliver access to instructional tools, learning apps and education content to students and teachers around the world. Combined with professional development and HP's national education technology planning resources, the HP Classmate can help drive meaningful learning, social and economic outcomes".
Intel's full suite of education solutions are on display on the company’s stand at Bett 2014 which continues until Saturday.
New research by Gartner predicts that over the next few years mobile apps will become the most popular computing tools across the globe.
It says that by 2017 mobile apps will be downloaded more than 268 billion times, generating a revenue of over $77 billion. As a result it predicts that mobile users will provide personalized data streams to more than 100 apps and services every day.
"Mobile apps have become the official channel to drive content and services to consumers. From entertainment content to productivity services, from quantified-self to home automation, there is an app for practically anything a connected consumer may want to achieve," says Brian Blau, research director at Gartner. "This connection to consumer services means users are constantly funneling data through mobile apps. As users continue to adopt and interact with apps, it is their data -- what they say, what they do, where they go -- that is transforming the app interaction paradigm".
Apps provide an opportunity for companies to reach their customers in a direct way which hasn’t been possible in the past. As the use of newer technologies like wearable devices expands Gartner says that apps will become even more important.
"In the next three to four years, apps will no longer be simply confined to smartphones and tablets, but will impact a wider set of devices, from home appliances to cars and wearable devices," says Blau. "By 2017, Gartner predicts that wearable devices will drive 50 percent of total app interactions".
Because they have less opportunity for user input, wearable devices will depend more on apps to provide their functionality. Gartner sees this as a move towards cognizant computing, where the data gathered through the use of the apps and the analytics surrounding it are becoming more important in both volume and value.
Sandy Shen, research director at Gartner says, "Cognizant computing takes intelligent actions on behalf of users based on their historical data, preferences and rules. It can predict user needs and complete tasks without users initiating the action or interfering with the service. It can take the very simplistic format of completing a recurring event such as to turn on the water heater at a preset time, or the more sophisticated format of calling the rescue services and connecting with the doctor when an emergency occurs".
The trend towards apps working in this way will benefit existing companies like Google, Facebook, Amazon and Apple. These big players will have a head start thanks to the amount of data they already hold about their users. This provides them with a platform on which to build the cognizant systems of the future. However, Gartner sees these trends spanning across platforms and brands in order to deliver a richer user experience.
You can read more on Gartner’s predictions for the year ahead on the company's website.
Photo Credit: Angela Waye / Shutterstock
We've been focusing a lot on the decline of the PC hardware market of late, but the software spend still looks strong. The latest survey from market intelligence specialist IDC predicts that PC and Mac gamer spending will grow to over $24 billion by 2017.
It also finds that while global PC/Mac games revenue is set to grow at around four percent a year the US market will start to slip.
This is mainly a result of casual, browser-based games shifting to mobile devices and a drop in the popularity of subscription products like World of Warcraft. IDC says that this change is driven by a rise in living standards in the BRIC (Brazil, Russia, India and China) countries, along with the failure of games consoles to make much headway in emerging economies.
"Other than the casino genre, it's been tough sledding for most casual-leaning PC game genres in the past year," says Lewis Ward, Research Director, Gaming at IDC. "Most of the growth is coming from hardcore-oriented freemium titles such as Tencent's and Riot Games' League of Legends, Valve's Team Fortress 2 and Dota 2, Wargaming.net's World of Tanks, and a handful of Chinese MMORPGs."
The company also forecasts that Valve's Steam service has the opportunity to expand into North American and Western European homes due to the Steam Machines initiative.
"Demand for prepaid digital games should remain stable if not rise at the margins through 2017 partly because key developers, publishers, and platform providers will ramp up their offerings on HDTVs," adds Ward. "The difference between what PCs, consoles, microconsoles, and perhaps even smart TVs will be able to deliver three years from now will be mostly semantic. The platforms that outperform will have great games, a wise mix of business models, an ability to strain key customer insights out of a sea of big data, and offer great a social experience."
Photo Credit: Patricia Malina / Shutterstock
Email encryption specialist DataMotion has released the results of its second annual survey focusing on email and file transfer habits.
This highlights a wide-ranging communications disconnect between IT management and non-IT employees on security and compliance policies.
Among the statistics to emerge from the survey are that while over 51 percent of IT managers say that free consumer file transfer products were forbidden at their companies, only 24 percent of non-IT workers believe that to be the case.
A similar picture emerges with BYOD. 56.1 percent of IT managers say they have a BYOD policy, yet 74.9 percent of non-IT employees say their company either doesn’t have a policy or are unsure. This is more surprising since over 86 percent of those same organizations say they allow the use of mobile devices for email.
Things are no better when it comes to compliance. Nearly 80 percent of respondents believe that co-workers and employees violate security policies when transferring files electronically. IT managers are offenders here too, with one in five saying they "take risks because we don’t have the resources to be totally compliant". Also almost a quarter admitted to turning off policy-based filtering because it caused problems with false positives.
There are some improvements over last year’s survey, however. 71.7 percent of respondents say they now have email encryption capabilities, a 6.2 percent increase over 2012 survey results. Confidence in compliance has improved too with 48.1 percent feeling "very" confident their company would pass a compliance audit, compared to only 37.5 percent a year ago.
"It’s good to see improvements in security and compliance since last year, but serious problems remain and new ones have cropped up," says DataMotion's Chief Technology Officer, Bob Janacek. "There’s always a demand for new tools such as email on mobile devices -- companies and workers look for better ways to get the job done. The challenge is to provide encryption and filtering tools that are easy for people to use, and dependable so they don't get disabled".
The survey polled more than 400 IT and business decision-makers across the US and Canada. It particularly focused on those in industries which routinely deal with sensitive data and compliance regulations, such as financial services, healthcare and government.
Photo Credit: Nagy-Bagoly Arpad / Shutterstock
It's a rare business package these days that doesn't claim to offer some form of social capability.
With the launch of Saleslogix 8.1, marketing and CRM specialist Swiftpage has added a number of features to help sales staff interact with their customers by displaying their social networking activity within the package.
The new features include a Social Timeline giving a history of customer activity across the most popular social networking platforms. There's also a Social Buzz feature which helps users to better understand their customers' social media preferences and topics of interest, this in turn can be used to create improved interaction strategies and generate more relevant online content. In addition Social Profiles provide a snapshot of each contacts' most-used social media sites and activities, including their LinkedIn profile, integrated into the contact's main overview screen.
"Interacting through social media is now fundamental, but our users are giving us clear feedback that it's becoming too difficult for them to monitor and engage their customers across multiple sites in a concerted way -- especially as the number of social media sites continues to grow," says Lorcan Malone, senior vice president and general manager of the Saleslogix business unit.
The product is customizable so that users can choose to have social media interactions manually or automatically added to customer notes, leads, opportunities, to-do lists, support tickets, or feature-request lists. Anyone with access to the customer's profile then sees a complete record of all interactions which is dynamically updated as they take place. This creates a rich history of knowledge about the customer that can be used to improve all subsequent interactions and which, crucially, stays within the company even if the sales person moves on.
Other improvements in Saleslogix 8.1 include Outlook integration to give easy access to contacts, calendars and documents via an Outlook toolbar. Expanded browser support means that full Saleslogix functionality is available in Chrome, Safari and Firefox so that users are free to work on their preferred platform. There’s improved integration for Sage ERP users too along with a new centralized management interface to make configuration and troubleshooting easier for administrators.
The latest generation of Saleslogix Mobile is included too so that the application can be accessed on smartphones and tablets and users can access priority actions with a single tap.
You can find out more about the latest release and sign up for a free trial at the Saleslogix website. You can also view a demonstration of the mobile version on YouTube.
Photo Credit: Curioso/Shutterstock
Almost 3.5 million British children under the age of eight have tablets and nearly 4 million learned to use a smartphone or tablet before they were three.
New research from price comparison and switching service uSwitch reveals a growing nation of cyber tots with 29 percent learning to use a touch screen device before the age of three and 11 percent before they were two.
The study, carried out among more than 1,700 adults in December 2013, shows that parents spent £5.6 billion on gadgets for their kids last year, laying out an average of £462 each. Some 16 percent of parents believe their under 16s are "addicted" to gadgets, with 26 percent saying their kids would be lost without them. More worrying is that 12 percent of kids have run up bills due to in-app purchases.
The trend seems set to continue with 36 percent of parents expecting to spend more on gadgets for their kids in 2014, only a quarter felt they had spent too much last year. The most popular gadget is a games console with 91 percent of parents saying that their kids owned at least one. Parents do seem to be aware of the potential dangers though with 71 percent saying that they limit the hours their children spend using technology.
Ernest Doku, telecoms expert at uSwitch says, "Once the gadget of choice for high-flyers and tech fans, the price of an entry-level tablet is now under £100, making them an attractive -- and affordable -- piece of kit for the whole family. They can also make lessons, homework and bedtime stories both fun and interactive, so it's little wonder that more British parents are caving in to demands from their tech-savvy children. Most tablet-owning parents will probably find their tots commandeer their touchscreen devices anyway".
Whilst recognizing the benefits of tablet use Doku also warns of the dangers, "But parents really do need to keep tabs on what their children get up to online, and lay out some ground rules, or risk having to cover the cost of bills racked up by in-app purchases -- particularly in seemingly 'free-to-play' games. These can usually be disabled or placed behind a PIN within your device's 'settings' menu, ensuring that little ones can enjoy a tablet without causing a big financial headache".
Photo Credit: vesna cvorovic/Shutterstock
New research by the Pew Internet and American Life Project shows that the percentage of American adults who read an e-book in the past year has risen to 28 percent, up from 23 percent in 2012.
Yet the tree book isn't dead yet, at least in the popularity sense, as the results show most e-book readers read print books as well and only four percent are e-only readers.
What's interesting is that, regardless of format, reading remains a popular pastime. In the last year 76 percent of American adults have read a book with the typical reader consuming five. This is a median figure which, the report explains, gives a better picture of behavior than an average -- no, I didn’t pay attention in statistics lessons either.
The report also indicates that e-book reading devices are spreading through the population. The survey, conducted in January, shows that 42 percent of adults now own a tablet (up from 34 percent in September). Ownership of dedicated e-readers like the Kindle and Nook jumped from 24 percent in September to 32 percent after the holidays. To provide some contrast you should note that only four percent owned an e-reader in 2010.
Although tablets and e-readers are the most popular ways to read e-books the survey also shows that computers and cell phones are regularly used too. Use of computers to read e-books has declined since 2011, however.
Looking at the demographics shows that across all formats women read more books than men and 18-29-year-olds read more than other age groups, though this could have something to do with the numbers still in education.
You can read the full report on the Pew Internet and American Life Project website. If you’d rather read a good book my publisher would like me to point out that my latest novel One Hot Summer is available in both e-book and print formats, thank you.
Photo Credit: Fineart1 / Shutterstock
Garantia Data has announced the availability of its Redis Cloud product in the IBM-owned SoftLayer infrastructure as a service (IaaS) platform.
IBM only acquired SoftLayer around six months ago but Big Blue seems keen to strike deals to make its cloud platform competitive with rival offerings from Microsoft and Amazon.
Redis -- in case you didn't know -- is an open source data store that runs entirely from RAM. This makes it very fast and a top choice amongst developers creating cloud applications. Redis Cloud takes away many of the configuration issues associated with "do-it-yourself" Redis setups, ensuring high availability, and easier scaling and failure recovery.
Itamar Haber, Vice President of Developer Advocacy at Garantia Data writing on the IBM cloud blog says, "...open source Redis setups that are installed on virtual servers or bare metal resources work great when they’re small or if you have expert resources who can attend to and manage your Redis datasets, but developers who take this approach often encounter daunting challenges with negotiating scaling barriers..."
Garantia says that its product gets around these problems and delivers infinite scalability along with zero management with no need to waste time dealing with nodes, clusters, or any type of administration.
Mac Devine, CTO of the IBM Cloud Services Division and director of cloud innovation, says, "Developers demand high performance computing power and speed from the cloud. With the addition of Redis Cloud, the leading managed Redis solution on SoftLayer’s cloud platform, developers will benefit from unmatched infrastructure and Garantia Data’s enterprise-class Redis so they can build scalable, highly available, and top performing apps".
That IBM is serious about this market is underlined by the product's pricing, which at $79 per month for 1GB of storage is much cheaper than Microsoft Azure's $108 per month for the same volume of data.
Photo Credit: everything possible / Shutterstock
If you shop using your smartphone you are highly informed, social and seeking a superior shopping experience -- and retailers want to have your babies.
These (apart from the last bit) are the findings of the latest research by IDC which found that surveyed respondents believe the smartphone is transforming their shopping experience.
Of those responding to the survey, 69 percent agreed with the statement, "My smartphone is a critical tool that allows me to have a better shopping experience," compared to only 12 percent who disagreed. In addition, 70 percent agreed with the statement, "I plan to use my smartphone more to help my shopping experience in the coming year" compared to only 11 percent of respondents who disagreed.
The results show that smartphones allow people to be better informed and more confident in their shopping decisions. 70 percent of respondents said they checked prices using their phones and 50 percent also check reviews.
This provides a challenge to traditional stores as one in five respondents bought from a competitor whilst they were shopping in a retail store. One in three also said they'd bought much more online than in retail stores this year.
In addition to the survey, IDC analyzed app and mobile Web activity of over 10,000 smartphone users during the holiday shopping season. The results show that Amazon dominated the retailers, with far more consumers accessing its app, mobile website, or both, than any other retailer. Traditional brick and mortar retailers lag well behind Amazon when analyzing smartphone users’ visiting a brand’s mobile site or using its app.
"The smartphone is at the center of our lives, with most of us unable to be without it for even a couple of hours. By combining the insights from both the survey and mobile behavioral data, it is clear that, for a significant number of us, the smartphone is now also a critical shopping tool, our own personal concierge to help us shop intelligently," says Allan Fromen, Vice President and Consulting Partner for IDC's global Buyer Behavior Practice.
You can see an overview of the report's findings in infographic format below.
Independent testing organization AV-Comparatives has released its Anti-Virus Comparative Summary Report 2013.
This rounds up the results of the company's tests carried out over the past year on 22 consumer antivirus and internet security products.
Kaspersky Internet Security gets the company's Product of the Year Award, with Bitdefender as runner up. Seven other products, including a free program from Avast, received "Top Rated" designations. The researchers found Kaspersky's interface easy to use and were impressed by its additional functionality including hybrid protection from the cloud as well as on the device itself.
The other top rated products came from Avast, Avira, Bitdefender, BullGuard, ESET, Fortinet and F-Secure. Emsisoft Antimalware is given special recognition for achieving the Silver Award in the Real-World Protection Test in only its first year of testing.
Although it picks out these products as winners the report advises buyers, "If you plan to buy an anti-virus program, please visit the vendor’s website and evaluate their software by downloading a trial version, as there are many features and important considerations (e.g. compatibility, graphical user interface, ease of use, price, support etc) that you should evaluate for yourself." A checklist of key features is included as a table in the report.
You can read the full report as a PDF on the AV-Comparatives website. This includes reviews of all the winners and breaks down the results by different categories including false positives, malware removal and system impact.
The internet has changed the way we shop. Even if you don't buy online you’re likely to check prices before hitting the stores or use click and collect services to ensure what you want is in stock.
With its latest Retail Suite Oracle allows retailers to respond to these trends and remove the boundaries between the different supply channels.
New features and functionality in Oracle Retail version 14 make it easier for customers to buy items no matter where the stock is located. Store-level inventory can be made visible online, plus there's real-time inventory look up for items in other stores along with support for orders and take-with items in the same transaction. Customers can buy and pick up items from any channel. There's also support for returning purchases regardless of the channel they were bought from.
It makes life easier for developers too with rich APIs and the ability to accommodate modular development over an evolving mix of systems.
The new release offers enhanced support for mobile devices. It can help store staff with mobile point of sale devices, tablets and assisted promotions. Retail Suite also ensures better visibility of promotions and can drive in-store merchandising and dashboards.
"In the global retail industry we have seen a shift of capital from building and refurbishing stores to digital commerce and creating new and differentiated customer interactions. Retailers are focused on enabling the whole retail enterprise to deliver commerce anywhere," says Mike Webster, Senior Vice President and General Manager of Oracle Retail.
Oracle Retail can be implemented as a complete suite or in modular form, making it scalable for different sizes of business. Oracle has sought to simplify development in order to maximize return on investment and help lower cost of ownership. An improved dashboard system means retailers can quickly identify transaction volumes, average response times, and errors to help ensure critical systems are operating at maximum efficiency.
You can find out more about Oracle Retail 14 on the company's website.
Photo Credit: Pressmaster / Shutterstock
If you're looking to the earnings from your innovative mobile app to keep you in your retirement, you may need to think again.
A new report by Gartner predicts that through 2018 fewer than one percent of consumer mobile apps will be considered a financial success.
"The vast number of mobile apps may imply that mobile is a new revenue stream that will bring riches to many," says Ken Dulaney, vice president and distinguished analyst at Gartner. "However, our analysis shows that most mobile applications are not generating profits and that many mobile apps are not designed to generate revenue, but rather are used to build brand recognition and product awareness or are just for fun. Application designers who do not recognize this may find profits elusive".
With millions of developers and hundreds of development platforms Dulaney describes the mobile app market as "hyperactive." Also the number of good free apps available sets the bar high when it comes to expecting consumers to pay for something.
Gartner forecasts that by 2017 94.5 percent of downloads will be for free apps. Dulaney adds, "Furthermore, of paid applications, about 90 percent are downloaded less than 500 times per day and make less than $1,250 a day. This is only going to get worse in the future when there will be even greater competition, especially in successful markets".
Other cheery predictions in Gartner's report are that by 2016 some 20 percent of BYOD deployments will fail due to businesses having overly restrictive device management policies. It also sees employees becoming increasingly aware that IT organizations may be able to access their personal devices and demanding more separation between business and personal applications.
The browser is predicted to be more commonly used as an application delivery system too, with HTML 5 and complex JavaScript applications. This will allow developers to offer platform-neutral products but Gartner identifies risks like performance and fragmentation. It warns that developers need to be aware of vendors trying to lock them into platform-specific browser features too.
Dulaney says, "Although more than 100 'platform independent' development tools exist, most involve technical or commercial compromises, such as lock-in to relatively niche technologies and small vendors. This will drive increasing interest in HTML5 as a somewhat-standardized, widely available, platform-neutral delivery technology".
The full report Gartner Predicts 2014 is available from the company’s website.
Photo Credit: 3DStock / Shutterstock
Businesses are usually keen to adopt mobile technology but often struggle when it comes to finding a developer to translate their vision into reality.
Mobile strategy and solutions company Mokriya is trying to help by launching MobileInsights, a series of free guides aimed at streamlining the way businesses recruit mobile development firms.
The initial guide is the 50-page, "Creating a Compelling Mobile Experience, A How-To Guide for Choosing the Right Team" which focuses on the project leader's viewpoint. It includes detailed charts to help managers pick the right platform for their app along with questions to ask prospective developers. The aim is to create more guides over time to build into a detailed online resource for anyone looking to develop a mobile app.
"App development is driving the surge in smart device usage," says Mokriya founder Sunil Kanderi, "apps are the reason people want smartphones. They're the ideas that are pushing the whole industry forward. But having a good idea isn’t enough. The execution is ultimately what will determine if an app reaches that critical threshold, or gets lost in all the other products flooding the market."
With more than a billion smartphones already in use worldwide the potential for companies who get their apps right is huge. But as Kanderi says, "The user experience is what distinguishes the apps that prosper from the ones that drop off. Our research tells us that 57-percent of users won’t recommend an app they feel is poorly designed, and 40-percent of users will switch to something else entirely. What we're seeing is a shift in thinking. Users will no longer put up with an App that’s hard to use."
You can view the full guide and stay in touch with future releases on the Mokriya website.
Photo Credit: Rashevskyi Viacheslav / Shutterstock
For most of the last year it seems that we've been reporting the decline of the PC market. At the beginning of December we even had IDC saying that shipments had seen their greatest decline ever.
No surprise then that on the figures for the final quarter of 2013 both IDC and Gartner are saying that shipments have declined again. The good news though is that there are signs of the decline bottoming out.
The even better news, if you're Lenovo, is that the company has consolidated its place ahead of HP as the biggest player, with around 15 million devices shipped worldwide in the fourth quarter. On IDC's figures Lenovo now has an 18.6 percent market share, ahead of HP’s 16.8 with Dell in third on 12.2 percent. Gartner is a little more conservative but its figures support the same general picture.
"The PC market again came in very close to expectations, but unfortunately failed to significantly change the trajectory of growth," says Loren Loverde, Vice President, Worldwide PC Trackers at IDC. "Total shipments have now declined for seven consecutive quarters, and even the holiday shopping season was unable to inspire a turn in consumer spending. Although US growth slipped a little in the fourth quarter, other regions all improved, reinforcing our view that growth rates will continue to improve gradually during 2014 despite remaining in negative territory".
Gartner too believes that the decline is reaching the bottom. "Although PC shipments continued to decline in the worldwide market in the fourth quarter, we increasingly believe markets, such as the US, have bottomed out as the adjustment to the installed base slows," says Mikako Kitagawa, principal analyst. "Strong growth in tablets continued to negatively impact PC growth in emerging markets. In emerging markets, the first connected device for consumers is most likely a smartphone, and their first computing device is a tablet. As a result, the adoption of PCs in emerging markets will be slower as consumers skip PCs for tablets".
iCharts
Breaking the figures down by region, in the US HP continues to be the dominant player, followed by Dell, with Lenovo in fourth place behind Apple. However, in the fourth quarter HP posted a 10.3 percent decline in shipments whilst the other three grew, Apple by an impressive 28.5 percent.
"Holiday sales of technology products were strong in the US market, but consumer spending during the holidays did not come back to PCs as tablets were one of the hottest holiday items," says Gartner's Ms Kitagawa.
In the EMEA (Europe, Middle East and Africa) region Lenovo is on top and the only company to post a growth (albeit only 2.1 percent) in unit shipments. The Asia/Pacific region showed a decline too with buyers preferring to spend their money on smartphones and tablets.
IDC reports Japan separately and says that volume was higher than expected thanks to favorable exchange rates and XP migration. Shipments in the rest of Asia/Pacific, it says, were close to expectations though with unexpected weak spots in India and Thailand.
Have PC's reached the bottom or are there further falls still to come? Watch this space as we move into 2014.
Photo Credit: ArchMan/Shutterstock
Since the first personal computer viruses appeared in the 1980s, avoiding malware has become a fact of everyday life for computer users. There's a constant battle to stay ahead of the game and fend off the Trojans and botnets.
Where the conflict is at its fiercest though is in the financial sector as this is where malware has the potential to earn its authors serious money.
A new report by NSS Labs looks at the latest trends in financial malware and the dangers that it poses. Unveiled by Research Vice President Ken Baylor, it reveals a great deal of innovation has taken place since NSS released its last report on this sector in the first quarter of last year.
New suites of malware including Hesperbot and Beta Bot have emerged, and newer bots are using SSL to encrypt communication with their command and control (C2) servers. There has also been a switch to using seemingly innocuous blog sites, rather than traditional C2 servers, to communicate with botnet malware like Taidoor. This makes it much harder to detect the malware's presence on networks.
Another worrying trend is the emergence of a self-propagating version of Zeus, the man-in-the-browser malware aimed at socially engineering users to give up their login credentials. The geographical pattern of emerging malware is shifting too. There’s a growing trend towards new threats appearing in Europe first then spreading to US banks and account holders.
In order to combat these threats NSS recommends that banks need to carry out regular risk assessments. They must also implement effective multi-layer security at customer, account and risk detection levels. It also says that banks need to invest in the latest anti-fraud risk engines in order to detect anomalies between customers’ historical transactions and those currently taking place.
For more information, including a more detailed analysis of the latest financial malware threats, you can download the full report from the NSS site.
Photo Credit: Fabio Berti / Shutterstock
Technology giant IBM has announced that it's to invest more than $1 billion to create a new business unit for Watson, the supercomputer that beat human contestants on the TV quiz Jeopardy.
The new Watson Group will be headed by Michael Rhodin, previously senior vice president of the company’s software solutions group. The unit will be based in New York and have around 2,000 employees.
Rhodin says, "IBM has transformed Watson from a quiz-show winner, into a commercial cognitive computing breakthrough that is helping businesses engage customers, healthcare organizations personalize patient care, and entrepreneurs build businesses. Watson is one of the most significant innovations in IBM's 100 year history, and one that we want to share with the world. With these investments we strive to make new markets, reach new buyers and transform industries and professions".
Watson -- named after former IBM president Thomas Watson -- is an artificial intelligence system that aims to use information in a similar way to human thinking. It uses natural language and analytic capabilities to allow it to quickly interpret large volumes of data.
From its original room-sized unit IBM says it has now managed to shrink Watson to the size of three stacked pizza boxes. The new group will deliver Watson's technology via the cloud to power new consumer and enterprise apps. It will be deployed using Softlayer, the cloud computing infrastructure business bought by IBM last year.
The establishment of the unit reflects strong demand for cognitive computing. "We have reached the inflection point where the interest is overwhelming and we recognized we need to move faster," says Stephen Gold, vice president of Watson Business.
In addition to the business unit IBM is launching three new services based on Watson technology. Watson Discovery Advisor is aimed at research organizations, Watson Analytics allows users to explore big data through visual interpretations, and Watson Explorer is designed to help employees across a business uncover data-driven insights more quickly.
You can learn more about Watson and how it's being used in different industries on the IBM website.
Photo Credit: Jon Simon/Feature Photo Service for IBM
A new study from Osterman Research finds that malware is still one of the main security concerns for businesses.
The survey, sponsored by security specialist Trustwave, asked 160 security professionals about email, web and social media threats. It finds that employees were the number one reason for concern when it comes to introducing malware to enterprise systems.
According to 58 percent of respondents the biggest concern is malware being introduced by employees surfing the web. The second biggest malware threat (56 percent) was seen as employees using personal webmail.
These concerns seem to be borne out in practice, with 74 percent of respondents saying that their networks had been infiltrated by malware from surfing in the last year, with 64 percent infiltrated via email.
The infographic below shows findings from the latest report -- which is available from the Osterman site -- combined with statistics from an Osterman white paper and the 2013 Trustwave Global Security Report.
Photo Credit: Lightspring/Shutterstock
According to a study by New York-based risk management specialist Continuity Software, measurement and analysis is the key to achieving IT excellence.
Based on results from a number of sectors including healthcare, financial services, manufacturing and retail, the study underlines the importance of operational analytics in meeting performance targets.
As you might imagine the findings are all about size and performance -- stop making up your own jokes at the back! It's larger organizations that are most likely to use analytical tools to monitor IT performance goals -- 57 percent, as opposed to 29 percent of smaller enterprises. What they measure is interesting too, 89 percent measuring up time, 66 percent performance and 51 percent measuring the number of open issues.
There's more consistency when it comes to the different areas of infrastructure. Storage and network performance indicators are measured by 71 percent of those surveyed with applications a close second on 69 percent, databases on 66 and clusters on 49 percent.
The effectiveness of regular analysis is shown by the fact that 53 percent of companies that track configuration across their entire infrastructure daily said they were meeting or exceeding their goals. This compares to only 31-33 percent of those that monitor only part of their setup.
"Few would argue that business organizations that deliver IT operational excellence enjoy a distinct advantage over their competitors," says Doron Pinhas, CTO of Continuity Software. "As this survey reveals, organizations that are successful in achieving this goal invest in measurement and analysis of KPIs and are able to transform the collected insights into immediate actions".
The cloud seems to be getting neglected in all of this though with only 14 percent saying that they regularly monitor cloud KPIs. 43 percent of those surveyed say they never analyze configuration consistency in their cloud environment.
Pinhas comments, "It is also interesting to note that while the push to move data and applications into the cloud continues to escalate, most cloud infrastructure remains under-monitored, and consequently at great risk of unplanned downtime and service disruption".
The full report is available to download from the Continuity Software website.
Photo Credit: Bogdan Brasoveanu / Shutterstock
Yesterday's speech at CES by Intel CEO Brian Krzanich contained lots of stuff about plans for wearable technology and computers housed in SD card form factors.
But also in there was the announcement of a new Intel Security brand and the news that McAfee products will transition to this over time. Krzanich also says that Intel is planning to offer some elements of McAfee security products free of charge to protect the latest mobile devices.
Back in 2010 the chip giant paid $7.68 billion for McAfee, one of the best known names in information security. Since then it has operated as a subsidiary whilst retaining its brand identity. Now it seems that the McAfee name is to be dropped, though the familiar red shield logo will be retained.
"The complexity of keeping digital identities safe grows as mobile applications and devices become a more important part of our daily lives," Krzanich says. "Intel's intent is to intensify our efforts dedicated to making the digital world more secure, and staying ahead of threats to private information on mobile and wearable devices".
Details of the free protection solutions for mobile devices will be announced later this year. BYOD is also in the company's sights as Krzanich announced that Intel Security this year will offer "Intel Device Protection" technology, aimed at helping Intel-based Android mobile devices meet security standards for use at home and work.
The decision to drop a big-name brand that you've paid a lot of money for seems a bit strange. It may have to do with the security company's founder John McAfee. Although he hasn't been involved with the company since 1994, he has become a magnet for publicity. This has included his alleged involvement in a murder in Belize and his bizarre laptop-shooting video guide to uninstalling McAfee Antivirus. He's currently trying to sell his life story.
Speaking to BBC News, John McAfee seemed pleased with Intel's decision, "I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet. These are not my words, but the words of millions of irate users. My elation at Intel's decision is beyond words".
Photo Credit: Maksim Kabakou / Shutterstock
Sony’s VAIO | Flip range of convertible laptop/tablet hybrids launched back in October last year. This week the company uses CES to release a new, smaller 11-inch model for users who want maximum portability.
The Flip uses a clever three-way design which means it can be used as a laptop, a tablet or in 'Viewer Mode' which basically props the screen up on a stand that's built into the chassis.
The VAIO Fit 11A weighs only 2.82 pounds, has a solid state drive, quad-core Intel Pentium CPU and an 8MP rear-facing camera. It also features Sony's Triluminos display technology along with ClearAudio+ to provide what Sony says will be a top of the line movie viewing experience.
It also comes equipped with the pressure-sensitive VAIO Active Pen allowing you to take notes or doodle on the screen. If you'd rather type the keyboard is backlit -- a feature not often seen on smaller systems -- so you can use it in the dark. The aluminum chassis comes in a choice of silver, black or pink and the VAIO Fit 11A will be available from the end of February with a starting price of $799.
The rest of the VAIO | Flip lineup gets updated for spring too, with Windows 8.1 and all models now coming with Adobe Photoshop Elements 12 pre-installed. Visit Sony's website for more news.
A new market forecast by research specialist Gartner predicts that device shipments (that's PCs, tablets, ultramobiles and mobile phones -- no toasters or coffee makers) will reach 2.5 billion units in 2014, up 7.6 percent from last year.
It also sees Android passing the one billion user mark across all devices this year, with 75 percent of Android volume coming from emerging markets by 2017.
It's mobile phones that are expected to dominate device sales this year with 1.9 billion being shipped, up five percent from 2013. Ultramobiles including tablets, hybrids and clamshells are predicted to show the fastest growth though with an increase of 54 percent.
"The device market continues to evolve, with buyers deciding which combination of devices is required to meet their wants and needs. Mobile phones are a must have and will continue to grow but at a slower pace, with opportunities moving away from the top-end premium devices to mid-end basic products," according to Ranjit Atwal, research director at Gartner. "Meanwhile users continue to move away from the traditional PC (notebooks and desk-based) as it becomes more of a shared content creation tool, while the greater flexibility of tablets, hybrids and lighter notebooks address users' increasingly different demands".
Gartner expects the worldwide tablet market to grow by 47 percent as lower average prices attract new customers. It sees tablets as being an additional device that consumers will carry everywhere but predicts this will see a move to smaller units. "Complementary smaller tablets will take over from the larger tablet form factors, providing the added mobility that consumers desire at a lower cost and will compete with hybrids for consumer attention," says Mr Atwal. Gartner's own consumer survey in the third quarter of last year showed that over two-thirds of tablets are used outside the home.
Meantime shipments of traditional PCs are set to continue their decline. Gartner predicts a seven percent drop over last year to 278 million units. Thanks to the growth in Windows ultramobiles though the overall PC market is predicted to stay flat after a 2013 decline of almost 10 percent.
In the operating system market Android will continue to dominate with Windows a distant second and iOS/Mac OS third. Annette Zimmerman, principal analyst at Gartner says, "There is no doubt that there is a volume versus value equation, with Android users also purchasing lower-cost devices compared to Apple users. Android holds the largest number of installed-base devices, with 1.9 billion in use in 2014, compared with 682 million iOS/Mac OS installed-base devices".
The full report, Forecast: PCs, Ultramobiles, and Mobile Phones, Worldwide, 2010-2017, 4Q13 Update is available on Gartner’s website.
Photo Credit: bloomua / Shutterstock
Wireless speakers allow an enormous amount of freedom when listening to music around the home. But when you want to stream from online sources you'll often find that you're restricted to ones that are compatible with your system.
Audio specialist Pure using CES to announce an extension to its Pure Connect platform which allows its Jongo wireless stereo and multiroom music system to be used with any music streaming service including Pandora, Rdio, Deezer and Spotify, as well as any other audio or radio app.
Nick Hucker, Pure's marketing director says, "We are not in the business of picking a winning music streaming service or radio app -- different services are right for different audiences -- but we want to give our customers the most choice. Jongo was designed with flexibility in mind, which is why all Jongo speakers come with both Bluetooth and Wi-Fi. We've always used this flexibility to make sure all services can be played to a single Jongo speaker but now we are making the major step of extending this flexibility, via Bluetooth, to enable streaming of any music service or radio app to multiple Jongo speakers".
It uses a technology called "Caskeid" -- developed by Pure's parent company Imagination Technologies -- to seamlessly deliver content to multiple speakers via a combination of Bluetooth and Wi-Fi. To use it you simply select your chosen music or radio service app and send it via Bluetooth to a single Jongo speaker in a group. The Caskeid technology integrated into the speakers then takes care of ensuring that music is seamlessly and synchronously sent to all the other speakers in the group.
The company has also announced that it will be releasing a Caskeid application developer kit that will allow apps to be built with support for Jongo speakers.
The session and speaker configuration is set up using the Pure Connect App. This is available for free on Android and iOS systems and allows you to stream your own music or online radio. There are also subscription models for streaming via Pure's own online service, more information is available via the Pure Connect portal.
All-in-one PCs are popular in the office and in customer-facing environments because they’re stylish and take up less space than conventional models.
HP has been an active player in this field for a while and has now updated its range of all-in-one (AiO) models with four new systems including -- for the first time -- one that runs Android.
The Slate 21 Pro AiO provides a desktop that integrates seamlessly with Android phones and tablets using autosyncing and Google Cloud Services. It features a 21.5-inch touchscreen, a Tegra 4 quad-core CPU, dual-band wireless, Bluetooth and an integrated HD webcam. It runs Android 4.3 and uses Citrix Receiver to offer Windows application support. It also allows users to toggle between the Android environment and content displayed from a Windows PC.
The Slate 21 Pro satisfies the demands of enterprise security by having Citrix XenMobile pre-installed to allow administrators to manage apps and users within the corporate environment. It's available now in the US with a starting price of $399 including a keyboard and mouse.
"HP's multi-OS approach showcases our innovation and allows us to deliver the right product for our customers' needs, giving them all the flexibility and ease of use they need from a business PC," says Enrique Lores, HP's senior vice president and general manager, Commercial PCs. "The HP AiO PCs announced today highlight how businesses of any size can increase employee productivity by leveraging the growing Android ecosystem, all while being budget friendly".
HP's announcement also includes three new Windows-based systems. The 205 AiO is aimed at smaller businesses, with an 18.5-inch screen, AMD E-Series dual-core processor, built-in Wi-Fi and webcam. Prices start from $449.
The HP ProOne 400 AiO G1 comes in 19.5-inch non-touch or 21.5-inch touchscreen versions. HP says that this model is designed to offer a rich video and audio conferencing experience, with integrated Skype-ready webcam, business class speakers and integrated DTS Sound+ audio software. It also features a Display Port to drive an external monitor and an integrated Wi-Fi hotspot to allow people to connect smartphones and tablets. Running the latest Intel Core processors, the non-touch ProOne starts at $649 with the touch version available from $799.
Finally the Z1 G2 is a second-generation model of HP's 27-inch AiO workstation, using Intel Thunderbolt 2 technology for fast performance and touchscreen capability. No prices for this model were available at launch though you can expect it to start around the $2500 mark of the Z1.
You'll have noticed by now that my colleagues here are all busy promising to clean up their tech acts for the coming year. But I'm not going to do that.
I don't generally make resolutions anyhow -- it saves having to come up with excuses later -- so instead here's what I won’t be changing in 2014.
My Backup Regime
Among my colleague Mark Wilson's resolutions is a commitment to improve his backup routine. But I've spent too long working in tech support and have rebuilt too many systems to think it won't happen to me, so I'm already a mild obsessive where backups are concerned. Anything I'm currently working on is saved to the cloud and synced between two machines for good measure, and everything else is saved to an external hard drive every couple of weeks. I've even been known to backup my phone contacts.
Not Owning a Tablet
I get sent tablets to review from time to time and they're fun for a while but I haven’t -- yet -- felt the need to actually own one. I can see that they're handy if you want to tweet along to your favorite TV show or you need to look things up really quickly, but that's the problem. I don't really need non-essential information that fast and if I had access to a tablet all the time I'd just spend more hours online and have less of a life.
This is rather like Mihaita's resolution to disconnect more, I'm just trying to avoid another excuse to connect in the first place. There's little doubt that I’ll crack and end up owning a tablet at some point but so far I'm resisting the tide.
Not Buying Software
Easy for you, you may be thinking, given that I'm in a position to request review copies, but most of the programs I use on a day-to-day basis are freeware. I'm writing this post using LibreOffice, I edit images in Paint.NET, I use a free backup program and a free password manager. I have a tendency to avoid big names even when they are free, I long since dumped the bloated Adobe Reader in favor of a lighter, faster alternative. In fact there are only two paid-for programs on this PC, one for web design -- which is several years old -- and one for creating invoices.
Sadly this commitment doesn't extend to desktop operating systems, I gave up on Linux a long time ago. It's great when it works but far too frustrating when it doesn't, so I'll stick to Windows thanks.
Those then are my non-resolutions for 2014, if you see me buying a tablet sometime in the next year feel free to point and sneer. What about you though? Are you planning on making tech resolutions for next year or are you too going against the flow? Let me know via the comments.
Photo Credit: Thinglass/Shutterstock
It's inevitable that at this time of year tech companies and analysts like to try to grab headlines with their predictions for the coming 12 months. Security specialist Kaspersky Lab is no exception, and guaranteed to make waves is its forecast of the collapse of the internet as we know it.
This, it says, will be driven by pressure to break the web up into national segments. So far this has only applied to counties like China with its Great Firewall, but other nations including Russia have planned legislation to prohibit the use of foreign services. In November, Germany announced that all communications between the German authorities would be fully locked within the country. Brazil too has announced its plans to build an alternative internet channel so as not to use the one that goes through Florida.
Alex Gostev, Chief Security Expert at Kaspersky Lab says, "The Internet has begun to break up into national segments. Snowden's revelations have intensified the demand for rules prohibiting the use of foreign services. Individual countries are no longer willing to let a single byte of information out of their networks. These aspirations will grow ever stronger and legislative restrictions will inevitably transform into technical prohibitions. The next step will most likely be attempts to limit foreign access to data inside a country. As this trend develops further it may lead at some point to the collapse of the current Internet, which will break into dozens of national networks. The shadowy Darknet then will be the only truly world-wide web".
Other things to emerge from Kaspersky's crystal ball gazing are that Bitcoin users can expect to see more attacks targeting their wallets. Bitcoin theft promises cyber-criminals big profits and complete anonymity so attacks aimed at the currency's exchanges are likely to become more common.
We can expect ransomware to spread to the smartphone arena too. Encryption of data on smartphones is easy if the trojan program has administrator rights and Kaspersky predicts this type of attack will appear on Android devices first. It also expects mobile phishing attacks to increase in sophistication and to see an increasing underground market in mobile botnets.
Tough times for the cloud are on the horizon too according to the report. Partly because confidence has been hit by the Snowden revelations and partly because the type of data now being committed to the cloud is more attractive to criminals. Hackers are targeting cloud service employees as the weak link in a chain that could give them access to huge volumes of potentially valuable data.
If you weren't depressed about 2014 already you probably are now, but there are some more positive notes. Kaspersky foresees greater popularity of VPN services and TOR-anonymizers in addition to a greater demand for local encryption tools as people become more aware of protecting their privacy.
It also predicts the rise of a new breed of "cyber-mercenaries". Experienced hackers who will offer their services to companies in order to combat cyber-espionage and other threats.
You can read more about what Kaspersky thinks is in store for 2014 on the company's blog.
Photo Credit: Fotonium/Shutterstock
Being slightly late to the party when it comes to posting my list of favorite tech kit for this year means you'll probably have seen some of these things on other people's lists too -- blame spending Christmas in an internet free zone.
But hey, this is very much a personal thing, so these are my particular selections and the reasons why I've chosen them.
Windows 8.1
An obvious choice perhaps, but although the much heralded "return of the son of the Start button" turned out to be rather a disappointment, the update transforms Windows 8 into the system it really should have been in the first place.
The new Apps page makes managing the Start screen and your installed software much more manageable. Add in the revamped store which means there are many more Windows apps available and it’s now an OS you can use everyday without feeling that there’s just a little something missing. In other words 8.1 feels like a complete and well thought out product, a trick which Windows 8 -- good though it was -- never quite managed.
The FUZE
Although it's aimed at teaching youngsters about the joys of programming, the FUZE also happens to be really good fun. It turns the Raspberry Pi into a system that you can just plug in and start using without the need for any extras other than a monitor.
Because it comes with a number of projects it's easy to begin doing practical stuff right from the start. It's also a system that you won't quickly outgrow as your knowledge improves since new projects are released on a regular basis. The best thing about the FUZE though is simply that it makes learning fun and that’s what educational tools should do.
Microsoft Office 2013
The cloud has been one of major themes of the last year particularly for business users. With the launch of Office 2013 in January Microsoft didn't just embrace this trend but went down on one knee and slipped a ring on its finger. Smooth integration with Office 365 and SkyDrive is the most impressive feature of the latest Office suite but there are plenty of other tweaks too including a flatter look for the love it or hate it ribbon toolbar. There are also features which Office should have had a long time ago, like the ability to create PDFs. There's a reason why the Office division accounts for around half of Microsoft's operating profit and that’s because it gives people what they want.
HP ENVY 120
What's a printer doing here? Good question, the problem with printers is usually that they're ugly brutes with paper trays and feed chutes that stick out at all angles. That might be acceptable in the office but for home use a printer is generally something you want to hide away. With the ENVY, traditional old HP has managed to pull off the trick of making a printer that's actually bordering on being sexy. It could easily be part of an expensive hi-fi system. It's not bad at the business of printing and scanning either. If you’re looking for a printer that won't feel out of place in your trendy apartment the ENVY is an obvious choice.
Samsung Chromebook
The first generation of Chromebooks were always a little underwhelming, mainly because the Chrome OS was too limiting in what it could do, especially if you didn't have an internet connection. With the latest versions it's now possible to cache files so that you can work offline if you need to and there's added practicality from little app-style utilities.
Put all of this together with Samsung’s affordable, slimline, lightweight hardware and you have a machine that's hard to beat as a general purpose portable. Okay, so the processor performance may be a little modest but it gives you more practicality for work on the go than a tablet with none of the bulk of a power-user laptop. Add a long battery life and an affordable price tag and what’s not to like?
Agree with these choices, disagree? Let us know in the comments or tell us what your favorite tech of this year is.
Photo Credit: lucadp/Shutterstock
One of the problems with big data is its sheer size. This leads to problems when it comes to moving files around and can lead to a loss of competitiveness if companies aren't able to process files in a timely manner. The issue can be magnified if it involves transferring files to and from cloud platforms.
IBM has recognized this problem and in response has swallowed up California-based Aspera, a specialist in high speed transfer techniques. The company's patented "fasp" technology can reduce the transmission times for large files or data sets by up to 99.9 percent. It overcomes bottlenecks in broadband wide area networks that slow the transfer of extremely large files, such as high-definition video or scientific research data, over long distances.
"Our experience working with thousands of clients on Big Data projects tells us that companies can better compete and win when they can quickly extract value from massive volumes of data," says John Mesberg, Vice President, B2B and Commerce Solutions at IBM. "With this acquisition, IBM addresses a key challenge for globally integrated enterprises by allowing them to move large data files much faster to the individuals who need them, wherever in the world they may be".
Aspera can move big data to and from the cloud faster than traditional methods whilst providing predictability, bandwidth control and security. This benefits companies such as media organizations uploading TV shows and movies for streaming, medical research companies sharing genome data, or any organization trying to share and synchronize data between multiple devices on different sites.
"Our team has redefined how the world’s biggest data can be moved quickly, securely and reliably around the world," says Michelle Munson, president and co-founder of Aspera. "By tapping into IBM's innovative capabilities and global resources, we will solve ever expanding data movement challenges for our customers now and in the future".
The acquisition builds on IBM's Smarter Commerce initiative by helping businesses to speed up their digital supply chains. Aspera's fasp technology will be integrated into IBM's SoftLayer cloud infrastructure next year. The financial terms of the takeover deal have not been released.
Photo Credit: Maksim Kabakou/Shutterstock
Business systems specialist Oracle has announced that it’s reached an agreement to acquire Responsys for $1.5 million. Responsys is one of the leading providers of enterprise-scale, cloud-based business to consumer marketing software.
Buying Responsys extends Oracle's Customer Experience Cloud to create a product that meets the needs of companies with both B2B and B2C marketing requirements. It enables chief marketing officers (CMOs) to run marketing campaigns across email, mobile platforms, social media and the web, it also allows them to operate at a massive scale and across the full consumer lifecycle.
"Recognizing the unique needs of the CMO in B2B and B2C industries, the Oracle Marketing Cloud is now the only platform to unite enterprise-class leaders in these historically distinct marketing-automation fields," says Mark Hurd, President of Oracle. "Our strategy of combining the leaders across complementary technologies signifies Oracle's overwhelming commitment to winning and serving the CMO better than any other software company in the world".
"Responsys has always been focused on helping marketers realize their largest opportunity -- coordinating their marketing touch points across channels, across the customer lifecycle, and across industries, and as a part of Oracle, we will only accelerate our efforts," says Dan Springer, CEO of Responsys. "Oracle not only shares our vision, but is the proven leader in bringing together best-in-class technologies and companies to realize the largest enterprise opportunities. We couldn’t be more excited about what this means for our customers and employees".
Responsys’ board has unanimously approved the transaction which is subject to acceptance of a tender offer by shareholders and to regulatory approval in early 2014. You can download a full report on what the deal means for customers and partners from Oracle's website.
Image Credit: Dusit/Shutterstock
Television used to be simple. When you only had a few channels delivered via an aerial or a cable, deciding what to watch and where to watch it was easy. But with multi-channel digital services, the ability to watch on mobile devices, catch up with programs you’ve missed and more, it’s now a whole lot more complicated.
Little wonder then that apps which help you work out what to watch are proving popular. YO.TV, the UK's most used TV guide with five million customers, now plans to expand to 50 countries in 14 languages. Available on Google Play and the App Store, YO.TV lets users see listings for all their favorite channels across broadcast providers. Its Now and Next options streamline the scanning process, giving a cross section view of the full channel listings for any given time block. Personalized features let users set themselves reminders on their personal calendars so they don’t miss a favorite show or share their tastes in TV via social media.
Chetan Damani, co-founder of YO.TV, says, "Most people who access the internet via their smartphones use apps instead of browsers, which tells us that apps work best when they fulfill very specific functions. With YO.TV, we just looked at the way people were already using their phones and their televisions, and brought that all together in a single space."
Users have the ability to search by time and channel and having the guide as an app means you don't have to disturb other people who may be watching with you by using the TV's program guide. It also suits the growing numbers of people who use their mobile devices to watch sports and other events. Demani says, "It's not fair to say that mobile television is replacing regular TV, but use has certainly gone up dramatically, and YO.TV fits with that trend."
You can access the guide in your browser via the YO.TV website or install the app on your Android or iOS device.
Having uncovered the Android dialler malware last week, mobile security specialist Lookout is warning of a new threat involving a tangled web of spam, foreign banks and bulk messaging.
The threat surrounds a bulk SMS network called Bazuc which offers Android users a payout if they allow the network to access their unused SMS message allowance. The app has been downloaded up to 50,000 times from the Play Store but the author claims up to 100 downloads an hour so it’s evidently on third-party stores too.
The idea of getting cash for your unused texts may seem attractive. But once you're signed up to Bazuc it can be used to send virtually untraceable messages that look like they came from your phone -- because they did come from your phone. These can be used to bypass spam detection and anti-fraud systems and of course Bazuc's authors are charging companies to send messages via your phone at around four times the rate they're paying you.
Lookout's analysis of the network's users threw up bulk advertisers, phishermen, and African and American banks. A breakdown of the messages sent via Bazuc shows 40 percent service and transaction alerts, 30 percent PIN code and password messages, 18 percent registration messages and invites, 8 percent spam, 2.5 percent suspected phishing and only 1.5 percent messages from actual humans. All of the messages were aimed at US subscribers but originated in countries including Nigeria, Russia, Poland and Mexico.
A major problem is that the messages sent are open for the owner of the relay to see. This means that legitimate banks and other organizations using this service to send PINs and passwords are putting their customers at risk of ID fraud.
Whilst Bazuc isn't actually malware it does exploit a loophole in the mobile world. Those who install it risk their phone number and personal information being shared. The companies that use the service to send messages risk their communication falling into the wrong hands.
Ultimately it's the phone users that are likely to suffer. Bazuc isn't breaking any rules but the people who download it are almost certainly in breach of their contract terms of service. It's these users that will suffer when cellphone operators start to shut down accounts or charge higher rates for these bulk messages.
It could be worse than that though, as Lookout points out on its blog, "...we can’t discount the possibility that this network could be used to send illegal messages, and in this case the owner of the phone is likely to find themselves in hot water with the authorities".
This is a complicated scam, you can read more detail including information about the people behind it and how much money it’s making them on Lookout's blog. Meantime the advice is that if something looks too good to be true it probably is.
Image Credit: Paul Michael Hughes/Shutterstock
As the world begins to emerge from recession it's trade that will play a major role in driving the recovery. In a bid to bring together importers and exporters from around the world to increase transactions, IBM is partnering with Eurobank -- one of the largest banks in Greece -- to launch a cloud-based platform for international trading.
Called Exportgate -- a name which puts us in mind of some sort of scandal but we're sure they know what they’re doing -- it uses IBM's Digital Experience software to create a secure business-to-business web portal. Exportgate combines industry analysis tools to allow buyers to view company profiles and presentations, contact sellers directly and exchange ideas and research via forums. It also has the social capabilities you'd expect of any self-respecting modern business package.
Using the portal Greek businesses looking to expand their operations globally can find partners with relevant experience in other countries. At the same time international companies can find trading connections in Greece. Exportgate members have access to directories of over 1,400 Greek exporters and more than 6,500 international trading companies.
"One of the biggest challenges of international trade is the inability to effectively identify and engage with new partners on a global scale. Exportgate is helping to remove these barriers," says Constantinos Vousvounis, General Manager, Group Corporate and Investment Banking at Eurobank. "By partnering with IBM, members now have access to a cloud-based digital experience that helps them easily identify and expand their network of trusted partners while minimizing costs and accelerating growth into new markets".
More than 60 percent of visitors to Exportgate are from outside Greece, originating in countries including the UK, Italy, France, Germany and Russia. So far the site has generated more than 485,000 visits, 1,348,102 portal page views, over 8,000 e-library member visits, and has led to more than 2,300 partnerships and connections among international companies.
"Eurobank's new digital strategy for international imports and exports has brought vibrancy to the global trading system in the region," Larry Bowden, IBM's Vice President of Exceptional Digital Software says. "Now through this unique cloud-based digital experience members have unparalleled access to their target audiences, as well as one of the largest and most organized libraries of trading resources that are all customized to their exact industry and business needs".
To find out more and start boosting your own Greek trade you can visit the Exportgate website.
If you've recently used your payment card in a Target store in the US you might want to check your statements carefully. In a statement on its website the company warns that "guests" who made card purchases in its stores between November 27 and December 15 may have had their card data compromised.
My colleague Brian Fagioli who bought his iPad at Target on the December 14 is now anxiously biting his nails as his could be one of the estimated 40 million cards that may have been affected.
Target's statement says, "We began investigating the incident as soon as we learned of it. We have determined that the information involved in this incident included customer name, credit or debit card number, and the card's expiration date and CVV (the three-digit security code)".
The company says it's working with a third-party forensics firm to conduct an investigation and that it has alerted the authorities and financial institutions. In the meantime it recommends that customers -- sorry, guests -- stay alert for suspicious activity on their accounts. It helpfully provides a list of resources including credit reference agencies and various state law enforcement bodies.
Target says the issue has now been resolved and that it only affects US stores. If you've used a Canadian store or purchased via the website your information is not at risk. If you do spot a suspicious transaction, REDcard holders should contact Target, other card holders should get in touch with their bank.
Photo Credit: alexmillos/Shutterstock
This is the time of year when people like to get out their crystal balls and try to imagine what the landscape of the coming 12 months will look like. IT efficiency and system management systems provider Adaptiva has announced its predictions for enterprise systems in 2014. The company has identified three key trends which it believes will shape the landscape for the next year: that BYOD will fail to live up to its hype, that lack of WAN bandwidth will hamper infrastructure plans, and that the continued use of Windows XP will cause significant security issues.
We spoke to the company's Chief Technology Officer and founder Deepak Kumar about the trends he sees shaping the enterprise IT landscape next year.
BN: BYOD is the thing everyone has been talking about in 2013 but you're predicting it will fail to live up to its hype. Why is this?
DK: BYOD will succeed in some use cases, but not as wildly as the outlandish hype suggests. BYOD will grow rapidly and companies will benefit from it in many ways. However, the hype is that BYOD will replace laptops and desktops as the primary end point device in the enterprise, simplifying the life of IT systems management. That's not realistic. Instead, companies will enable the use of smartphones and tablets for specific types of data and applications to supplement desktops and laptops. The traditional endpoint devices are more suited for creating content and even for consuming complex content. So BYOD will do great. I love it. We use it my company. But it will not make life easier for IT, it will add to their workload.
BN: So is BYOD just a fashionable trend or can it make a positive contribution to business? What needs to change for it to do so?
DK: I don't think anything needs to change except expectations. BYOD improves productivity. It enables agile teamwork by making certain data and applications rapidly accessible, and by making a larger part of the workforce continuously available. It's already making a positive contribution to business -- with email and calendaring alone -- and that will continue. For more complex use cases, companies should start small, measure success and ROI quickly, and move forward where it is working. Avoid making mass transformations just based on the idea that "BOYD is always good." It is good, but you have to use it wisely.
BN: You’ve said that XP will cause major security issues, can you talk us through the risks?
DK: Every computing platform is vulnerable to security attacks, and constantly needs OS patches, anti-virus updates, configuration changes, etc, to thwart potential attacks. After April 8, 2014, Microsoft will no longer publicly distribute patches to the software's vulnerabilities. Also, many anti-virus software providers say they plan to stop offering security for the product after April. Windows XP is already a strong target for hackers because it is so widely used. The lack of widely available OS and anti-virus updates will increase the attention it gets from cyber attackers. A lot of security breaches get swept under the carpet and we don't hear about them in the news. This goes on while Windows XP is still supported by the biggest OS manufacturer in the world. The real question is, what should we reasonably expect once Microsoft developers move on to other things?
BN: What do you think are the barriers to companies upgrading to a newer OS?
DK: Deploying operating systems using traditional methods requires a great deal of server horsepower and bandwidth, especially in large distributed environments typical of major corporations. It requires the deployment of complex protocols such as PXE, which in turn require extensive network infrastructure changes. Modern peer-to-peer technology such as our OneSite product can eliminate some of these issues, and make the deployment easier and much faster.
Independently of all that, you still have to address application compatibility and certification. All it takes to stall your deployment is one mission-critical application that won’t run on Windows 7/8. This could be a mission-critical software application, or even a hardware application. For example, take the case of a retail organization whose point of sale systems can't be upgraded, or a bank whose ATM systems can't be upgraded, until the vendors update the entire system.
BN: Isn’t there an opportunity here for third-party security providers?
DK: Definitely. There are draconian methods available to completely freeze and lock down the OS, but they also disempower the user. You can certainly buy elegant Band-Aids, but only Microsoft can fundamentally address the root causes which often lie deep within Windows code.
BN: You’re predicting that limited WAN bandwidth will hold back infrastructure projects. How can this be true in the age of high-speed fiber connections?
DK: There are three reasons bandwidth is still a problem in the age of high-speed fiber connections. First, companies are expanding their demand for bandwidth much faster than they are acquiring capacity. So, while companies will have more bandwidth than they are used to, they will suffer from a bigger gap between what they have and what they need.
Second, there is cost. The availability of bandwidth does not automatically ensure acquisition of it. It has to justify its place in a company’s budget.
Third, availability varies by region. In some parts of the world, they still have difficulty getting enough power to run their business successfully. Getting high-speed WAN connections is still not an option in many places -- at any cost. With globalization, companies are doing more business in more places, and often acquiring disparate operating locations.
BN: If lack of bandwidth is holding back development, isn't this a wider issue for telecoms providers and even governments?
DK: Bandwidth is already growing very fast, but the need for it is growing faster. That gap will always exist. When companies first got computers and saw revolutionary changes in organizational efficiency, they demanded even greater capacity and they still do today. No matter how much bandwidth we create, we will have a business use for more. While this is going on, companies need to find ways to maximize existing bandwidth and improve IT efficiency. For some organizations, infrastructure consolidation will make a lot of sense next year, and for others it will not because of bandwidth limitations.
BN: What overall effect do you think these trends will have on corporate IT strategies over the next year?
DK: Companies will focus on getting more utilization out of existing resources. That's true every year, but new ground is being gained in desktop computer aggregation and WAN bandwidth. Technology is advancing to the point where it is possible to leverage unused storage, memory and CPU resources from desktop collectives while people are working on them. The same is true with WAN bandwidth, where companies are harvesting unused bandwidth using new technologies such as network overlays, content-aware delivery systems, and traffic-aware protocols.
BN: Finally, what would be your one piece of advice to IT managers faced with increasing demands to embrace emerging technologies?
DK: Seeing is believing. Buy what you can touch, test, and deploy.
You can read Adaptiva's predictions for 2014 on the company's blog.
Photo Credit: Orla/Shutterstock
We increasingly rely on technology for the success of our businesses and even of our national economies. Yet that technology is under more and more threat from cyber criminals who adapt quickly to exploit any weaknesses. The resulting financial losses worldwide are estimated to amount to billions of dollars each year.
In a new report from NSS Labs, research director Dr Stefan Frei advocates an innovative approach to deprive criminals of access to vulnerabilities. He suggests that governments and security vendors could join together to create an International Vulnerability Purchase Program (IVPP) to buy vulnerabilities -- paying at or above black market prices -- to keep them from the hands of malicious attackers.
He points out that security currently depends largely on ethical researchers reporting vulnerabilities, but at the same time the black market is expanding fast and offering large rewards for the same information.
Dr Frei reckons that the cost of buying up all vulnerabilities would be less than the losses to cyber crime even if those losses were only reduced by ten percent. He also says that if every vulnerability was purchased for $150,000 the cost would still amount to less than 0.01 percent of US GDP. The report breaks down the cost of reported 2012 vulnerabilities by software vendor (based on the same $150,000 cost per vulnerability figure). This puts Oracle at the top of the list with vulnerabilities costing $64.1 million (0.173 percent of revenue) Apple second on $45.5 million (0.028 percent) and Microsoft sixth on $26 million (0.036 percent).
In addition to suggesting that governments get together to create an IVPP, among the report's recommendations are that software vendors should offer competitive bounty programs for people who find bugs. It also suggests that government and vendors need to introduce incentives so that developers produce more secure software in the first place.
You can get the full report on the NSS website. It's well worth a read and presents a solid case for the business and economic benefits of buying vulnerabilities.
Do you think this is the right way to go? Should we simply be looking to price cyber crime out of the market? Do let us know your thoughts in the comments.
Photo Credit: Gts/Shutterstock
Since it launched in 2006 Amazon Web Services has become a major player in the cloud computing sector. It's now aiming to move further into the big data arena with the rollout of Amazon Kinesis. Kinesis (from the Greek word meaning movement) is a managed service to handle the real-time processing of high-volume streaming data.
By using Amazon Kinesis customers will be able to store and process terabytes of data from hundreds of thousands of sources each hour. This will enable them to write applications that take action on real-time data -- things like website click-streams, marketing and financial transactions, social media feeds, logs and metering data, and location-tracking events.
Because it's available as a managed service, Kinesis should cut down on the development time needed to handle big data through more traditional approaches like Hadoop. Kinesis-enabled applications will be able to drive real-time dashboards, generate alerts and contribute to decision support systems.
Developers will also be able to take advantage of AWS's Auto Scaling to build flexible processing clusters. Kinesis integrates with third-party tools, including popular open source products, too so that developers have the freedom to select their own preferred method of data processing.
"When we set out to build Amazon Kinesis, we wanted to eliminate the cost, effort, and expertise barriers that have prevented our customers from processing streaming data in real-time," says Terry Hanold, Vice President, Cloud Commerce at AWS. "We've gotten great feedback from our preview customers, and it's inspiring to see the innovative ways customers are using Amazon Kinesis, across applications as diverse as gaming, mobile, advertising, manufacturing, healthcare, e-commerce, and financial services".
Companies that have been trialling the product include digital marketing platforms Bizo and MediaMath and Finnish social game developer Supercell. Sami Yliharju, Services Lead at Supercell says, "We are using Amazon Kinesis for real-time delivery of game insight data sent by hundreds of our game engine servers. Amazon Kinesis enables our business-critical analytics and dashboard applications to reliably get the data streams they need, without delays. Amazon Kinesis also offloads a lot of developer burden in building a real-time, streaming data ingestion platform, and enables Supercell to focus on delivering games that delight players worldwide".
Amazon Kinesis is available now in the US East Region and will be rolled out across other AWS regions over the next few months.
Photo Credit: Stephen VanHorn/Shutterstock
Many surveys of how employees use technology focus on larger companies, but the latest 2013 Small Business Employee Survey from GFI Software looks only at firms with between two and 99 employees.
The survey of more than 1,100 employees across the US asked about job satisfaction, use of social media, connecting to company networks, attitudes to cyber crime and more. The results are interesting. While the majority of employees (75 percent) believe that mobile computing has improved their lives because they can work from anywhere, they’re also concerned about privacy and data protection. The other 25 percent said that it had made their lives more stressful because it made escaping work harder.
Identity theft proved a major worry too with 87 percent feeling they were at risk when using their work computer systems. However, only six percent saw a "great deal" of risk with 37 percent identifying "some" risk.
When asked about social networking 33 percent said that they used their networks for personal reasons whilst working, with 18 percent of these saying that it made them less productive. 37 percent of those surveyed say that they use Facebook at least daily.
Use of mobile devices remains popular with 43 percent saying that they’ve connected to work networks remotely. Where mobile devices are provided by the employer, almost all respondents said they used them for non-work tasks with 22 percent admitting to doing so often. Seven percent say that they’ve lost a mobile device containing company data.
It appears that employers may be partly to blame for some of the failings. Among workers at small businesses that have IT support staff, only 53 percent said their company has written policies governing work computer use. In places that do have policies 24 percent admitted having violated them. Only 36 percent said that their companies blocked them from accessing certain websites.
Some of these factors may be contributing to the fact that 81 percent of respondents to this survey expressed overall satisfaction with their jobs compared with only 68 percent of all full-time US employees in an earlier survey.
"While small businesses are subject to many of the same market forces as large enterprises, it’s important to differentiate how the universal trends that drive all businesses impact them uniquely and specifically," says Sergio Galindo, head of global product management at GFI Software. "As a company that delivers solutions to these smaller organizations through a mix of on-premise, cloud or managed services, knowing the user base and how they interact with technology is essential to our success".
You can download a copy of the full report along with the questionnaire and responses from the GFI website.
Photo Credit: StockLite/Shutterstock
Data is the lifeblood of modern business, but to exploit it effectively requires user-friendly tools to help with development and management. Oracle, one of the biggest players in the database field, has launched a new version of its developer tool to address this.
Oracle SQL Developer 4.0 is aimed at streamlining database adoption to the Oracle Database 12c and helping increase productivity for a broad list of database development tasks so organizations can fully capitalize on the power of their enterprise data.
The new release supports the features of the latest Oracle database including multi-tenant architecture -- where a database on a single server supports multiple client organizations -- and cloud capability. Migration tools are included so that customers can transfer their legacy systems and applications with less coding and database development.
New "pluggable" features are supported too making it easier for developers to link databases to the cloud. Enhanced reporting options offer more charts and easy to interpret reports. An improved command line interface speeds the development process by allowing reports to be built into automated tasks.
The developer's lot is also eased by code assistance features that help identify syntax errors prior to execution.
"Harnessing the power of enterprise data has never been easier for more than 3.3 million developers that use Oracle SQL Developer," says Michael Hichwa, vice president of software development at Oracle. "Leveraging Oracle SQL Developer 4.0 as a free support to Oracle Database 12c, organizations can adopt the world's most capable database quickly and easily".
You can find out more about SQL Developer 4.0 on the Oracle website. There’s also a podcast available outlining the new features.
Image Credit: Ermek/Shutterstock
It’s often said that the great thing about standards in the technology industry is that there are so many to choose from. That's just as true in today's world of mobile devices as it was in the days of mainframes when it was first coined.
Mozilla, LG, Qualcomm, Deutsche Telekom and a number of other leading mobile companies have taken a step closer to a world where standards are... well, standard, by joining forces to create the Open Web Device Compliance Review Board (CRB). The aim of the CRB is to support device manufacturers and their technology partners to standardize performance.
This will involve ensuring API compliance to make the open web experience consistent for customers. It will also help OEMs and carriers to improve the time taken to get products to market and reduce the costs of compatibility testing.
The CRB's membership is made up of a mix of partners covering geographically diverse markets. What they have in common is an interest in promoting the success of an open mobile system. Participants in the CRB at launch are Deutsche Telekom, KDDI, LG, Mozilla, Qualcomm Technologies, Sony Mobile Communications Inc., Spreadtrum, TCL/ALCATEL ONETOUCH, Telefónica, Telenor and ZTE.
"Users want a wide selection of devices and great apps. Operators, device OEMs and vendors want to be able to develop and test quickly and independently, in order to get new products to market. The CRB will enable partners to do so efficiently, reliably and confidently," says Andreas Gal, vice president of mobile at Mozilla and president of the CRB. "This is the next step in building the ecosystem and will make it easier for partners to get a wide selection of high-quality solutions into consumers’ hands quickly and efficiently".
It's intended that certification and testing will be carried out by external labs authorized by CRB. Each test is expected to be completed within three days of submission. Standards are based on Mozilla's principles of user privacy and control.
Christoph Schmitz, head of software and integration management at Deutsche Telekom Terminals. Says, "Deutsche Telekom values openness and choice for customers. That’s why we were happy to be among the first global launch partners for Firefox OS. Now there is an opportunity for other mobile innovators to take advantage of the rewards of open technology. The CRB is well positioned to accelerate this opportunity".
You can find out more about the CRB and its goals by visiting openwebdevice.org.
Photo Credit: Karuka/Shutterstock
A new report by information research specialist NSS Labs focuses on the evolving landscape of mobile financial malware. It concludes that cyber criminals are adapting to the use of mobile apps to authorize transactions and that 99 percent of current mobile malware is aimed at the Android platform.
As banks add extra functionality to their apps they open up greater capabilities for both customers and the cyber criminals. Many mobile banking apps are based on HTML code making them especially vulnerable to exploits. The report's author, NSS Labs Research Vice President Ken Baylor, says this should prompt more banks to develop secure native apps for mobiles, incorporating fraud-resistant features, if their customers are to stay secure.
Part of the reason that Android is more at risk than iOS is that it allows the installation of software from untrusted locations. The Play Store still accepts software installations from unauthorized sources. Android's market share plays a part too, as does the fact that most mobile financial malware is coming from ex-Soviet states and there’s a shortage of iOS malware authors in these countries.
Baylor writes, "With the rise of more powerful Android Trojans, malware that specifically targets the financial sector is likely to evolve alongside the extra money transfer capabilities provided to mobile devices by an increasingly trusting financial sector".
The report also identifies a trend towards integrated malware that can compromise both PC and mobile platforms. This allows attackers to capture login credentials, initiate fraudulent transactions and intercept and approve authorization messages meant to provide safeguards. Criminals achieve this in a number of ways including SMS forwarding and by imitating security apps.
Baylor concludes that to stay ahead, "...banks must use hardened browsers on mobile devices with unique install keys, certificate based identification, in app encryption, geolocation, and device fingerprinting. Malware will remain several steps ahead of deployed bank technology so long as bank improvements remain slow and incremental".
You can download the full report View from the Precipice – Mobile Financial Malware from the NSS website.
Photo Credit: lucadp/Shutterstock
Everyone is familiar with Google Docs but the Sheets spreadsheet application always seems to have been a bit of a poor relation in terms of the search giant's cloud office portfolio. Now though there's a new release which brings more speed, more features and -- for the first time -- an offline mode.
The new version supports more cells so you can create bigger, more complex, worksheets. New features include Filter Views which let you save and share sections of the data, useful for collaborative projects.
Improved function help makes it easier to enter calculations and spot errors. Text handling is enhanced too so that if what you're entering is too long for the cell it automatically flows to adjacent ones. There are also improvements to conditional formatting that let you include rules to change colors and text styles based on custom formulas. Other minor tweaks include the addition of colored sheet tabs and custom number formatting for currencies, dates and so on.
The biggest news though is that you can now use Sheets offline. This only works in Chrome and there are instructions for setting it up on Google's support pages. Though if you’ve used Docs or Slides offline in the past then it should work straight away.
Writing on the company's Enterprise Blog, Zach Lloyd, Google Sheets Software Engineer says, "You shouldn't have to think about whether you have a WiFi connection when you want to work. So just like Google Docs and Slides, you can now make edits to Sheets offline. When you reconnect to the Internet, your edits will automatically sync".
Currently you need to opt in to the new Sheets as Google uses it to gather feedback on the extra features. To switch to the new version go to your Google Drive settings page and check the "Try the new Google Sheets" box.
On a brief test we found Sheets easy enough to use, if you're familiar with Excel you shouldn't have any problem with the basics like entering formulas and adding charts. If you decide to give the new version of Sheets at try do let us know what you think.
Bitrix24, the enterprise social network aimed at small and medium sized businesses, has released a new version of its cloud-based service.
Only three months on from the last release the latest version aims to improve telephony, CRM and collaboration features for its users.
The CRM part of the product now has its own activity streams along with new reporting tools for leads, managers and invoices. In addition web phone calls can now be made and recorded directly from a Bitrix24 account without any need of IP-telephony equipment or complex setup procedures.
There are improvements in productivity and collaboration tools too. The cloud storage feature Bitrix24.Drive can now handle company and group files as well as personal data. Companies that subscribe to the professional plan will also find that their storage is increased from 100GB to 1TB at no extra cost.
Project Management is now more tightly integrated with Time Management making it easier to track the time spent by employees on particular tasks. There’s also a new warning system to alert managers to tasks that are in danger of not being completed on time.
Dmitry Valyanov, president of Bitrix Inc says, "This is the fourth major update of Bitrix24 this year, and this rapid pace of improvement is one of the reasons that we reached the milestones of both 100,000 company signups and 1 million total users this fall, growing even faster than Yammer before Microsoft’s acquisition. Small businesses like the fact that they can now replace Yammer, MS Office, Salesforce, Dropbox, Basecamp and Skype with a single out-of-the-box solution that does all that they do and costs only a hundred dollars per month. Not only is it much cheaper, it solves a lot of interoperability, deployment, administration and shadow IT issues".
Bitrix24's new mobile app has an iOS 7-friendly design and an offline mode that lets users keep working even without a reliable intranet connection. The on-premise version has a new virtual environment that makes for easier deployment.
The product is available free for businesses with up to 12 users. Paid versions can be run in the cloud or self-hosted depending on your requirements. Visit the www.bitrix24.com website to find out more.
You might think that dialer malware went out with dial-up modems and that in these days of broadband you don't need to worry about viruses that call premium rate numbers in order to earn criminals money.
But researchers at mobile security specialist Lookout have uncovered a new piece of malware called Mouabad.p that tries to make money by making calls from your Android smartphone. Of course smartphone fraud involving premium SMS messages isn't new but making calls represents a step up in the malware's functionality.
Writing on the company's blog Lookout's product marketing manager John Gamble says, "Mouabad.p is particularly sneaky and effective in its aim to avoid detection. For example, it waits to make its calls until a period of time after the screen turns off and the lock screen activates. Mouabad.p also ends the calls it makes as soon as a user interacts with their device (e.g. unlocks it)".
It isn't clever enough to modify call logs, however, so victims could uncover its activity by checking their histories. Like other members of the Mouabad family this one also allows attackers to send SMS messages and control various settings relating to premium SMS billing. The malware is believed to be delivered via a dropper app that loads it in the background during its own installation.
The good news is that detection rates are low, the malware only works on Android versions older than 3.1 so owners of newer devices are safe. It's also mainly restricted to Chinese-speaking regions and since premium rate calls rely on country-specific numbers there's little incentive for it spread.
This doesn't mean that users elsewhere or with newer Android versions should get complacent though. As Gamble says, "In the world of mobile malware Mouabad.p is noteworthy because it can initiate a call without user intervention. In addition, Mouabad.p is specifically engineered to evade detection and deletion, concealing its background activities from users wherever possible and attempting to get privileged device access to make itself more difficult to remove".
To protect themselves Android users are advised to install apps only from trusted stores, make sure the system setting Unknown Sources is unchecked to prevent drive-by downloads and install a mobile security app.
Photo Credit: Mopic/Shutterstock
California-based SaaS security specialist Adallom has revealed the existence of an Office 365 token flaw in Office 2013 that could allow malicious web servers to intercept authentication tokens and remotely access a SharePoint site without any alerts being raised.
Writing on the company's blog Noam Liran, Adallom's chief software architect describes the attack as an "ice dagger" because it's the perfect weapon, leaving no trace. He says, "The vulnerability we've found and the security incident that used it have all the makings of a great crime mystery. Only through months of diligent research were we and the Microsoft Security Response Team able to piece together the elements of what might otherwise have been a perfect crime, totally invisible to existing perimeter and endpoint protection defenses".
The problem only affects Office 2013 thanks to its close integration with Office 365. In order to exploit the vulnerability the attacker needs to get a user to click on a malicious Word document via a link in an email or on a website. Of course us tech savvy types know to avoid that sort of thing. But in a large organization you only need one employee to click on a document claiming to be a job application or a document from review and your whole SharePoint archive is wide open.
PowerPoint, Excel and OneNote are vulnerable too, and you won't be safe if you're using SkyDrive Pro because under the skin it's actually a SharePoint Online site.
Liran sums up, "The vulnerability we researched here and the security incident that used it is a bona fide Perfect Crime; a crime where the victim doesn't know that he’s been hit; a crime where there's no proof of any foul play anywhere; a crime where protecting yourself against it without being familiar with its modus operandi is next to impossible".
"There was no malware payload to reverse-engineer. No file hash we can trace through time. No IP address to locate and investigate. No servers to confiscate. The attacker simply gets away with your Office 365 token. For good".
The vulnerability has been repaired in December's Patch Tuesday round of updates and Office 2013 users are urged to install the fix as soon as possible.
Photo Credit: David Evison/Shutterstock
Miami-based startup Textter has developed a new service aiming to revolutionize the way people send and receive text messages.
We spoke to company founder Carlos Cueto in an exclusive interview ahead of next week's official launch to find out more about the product and what it has to offer.
BN: For people who haven't heard of Textter can you give us a brief overview of what it does?
CC: Textter is a Live Messaging System (LMS), which allows users to see their friends' key strokes prior to pressing send. It's a Live communication tool in which you can respond prior to the other person pressing send.
BN: What gave you the idea?
CC: Observing my kids communicate with their friends via SMS texting. Kids today do not communicate on the phone. They literally spend all day texting, rarely calling anyone. The other reason, I do not have a lot of patience.
I use an iPhone and I am tired of seeing the 3 dots when I am waiting for a response. One day at the movie theater, I was in line buying goodies for my kids and their 8 friends. They were in the theater with my wife. The list was specific, when I got to the front of the line, the young lady told me they did not have watermelon Sour Patch Kids. So I texted my daughter and immediately saw the 3 dots. Unfortunately, I had people behind me but I wanted to read her response which was "The regular is fine, I am sorry, I got confused, the one on the Grove had the watermelon, love you!" The extra 20 seconds does not seem like a lot but when you are holding up a line, it's stressful. Had we had live messaging, I would have seen her response in 10 characters vs waiting for a 76 character entry and then her pressing send. Our service will literally save every Textter time every day.
BN: How big is the potential market and which services do you see as your competition?
CC: Currently, I have not seen any service similar to this, so the competition is nil. I believe eventually every smartphone, tablet and computer will load Textter as their Live Messaging System. At the start, our initial target market is 8 to 18 years old, 100s of millions of whom use SMS and are switching to web-based chats.
BN: What will make people choose Textter over other messaging apps?
CC: It’s the only live app available.
BN: Is Textter browser based or will it have its own app? Which platforms will it support?
CC: It will be an app plus browser based and will work across all platforms (smartphones, tablets and computers).
BN: Is it secure, are messages encrypted for example?
CC: Yes, connections made over SSL (Secure Socket Layer) and users must log in.
BN: Will this be a free app? How will you monetize it?
CC: Our basic tool will be free, eventually we will roll out a pro version for use in the office and another version to follow celebrities. Can you imagine reading a text/post from one of your favorite stars or athletes as they are pressing each letter? It's almost as if you can see what they are thinking.
BN: How will you take the product forward? Are there any other ideas in the pipeline?
CC: We use grassroots, social media and word of mouth to move it forward. Yes, we have quite a few additions we plan on launching but are keeping a lid on our secret for now. Development really starts after launch as we improve and adapt our product to service our users’ requests.
The service launches on December 16 initially on the iOS and Android platforms. You can register now for an invitation to use Textter by visiting the http://textter.com/ website.
Photo Credit: bloomua/Shutterstock
One of the most useful things about the internet is its ability to bring people together to trade and exchange. Think eBay, Play and Amazon Marketplace. But all of these are aimed at people with physical products to sell. London-based Hirejungle has come up with a platform that lets businesses and individuals hire out their goods or services.
Peer-to-peer rental, or the sharing economy, is big business according to The Economist. Whether you want to hire a car, rent a room for the night or find someone to carry out a home improvement job, technology makes it much easier to find what you need.
Newly out of beta, Hirejungle's peer-to-peer site connects people who have underutilized items or know how with others who need them. The site's founder Marcelo Barreneche says, "The first 'Eureka!' moment was when I needed a drill for a home refurbishing task and I didn’t have one, but I wasn't happy with the option of buying a new one only to use it just once a year. Then I thought it might be a good idea to hire someone to do the job for me… But who? And that started the brainstorming that led to this peer-to-peer platform".
Hirejungle is novel in that it doesn't charge transaction fees either for listing or for hiring. Instead the site is financed by advertising and gives businesses the option to pay for featured ads. If you’re looking to rent a car the site includes a price comparison engine to help you find the best deal.
There are of course other sites in this market, Taskrabbit.com and Rentmyitems.com for example, but they specialize in either services or goods. Hirejungle does both so you can rent out your car or hire a decorator via the same platform.
The site aims to be at the forefront of the sharing economy in the UK and Europe with plans to expand into India, Canada and the USA in 2014.
Barreneche sums up the site's attraction, "Here it is in simple terms: If you were to hire out something, let’s say your TV, which website would you use? If you have no idea, that's because you're another one of millions of people out there who could be earning income on things you don’t use".
Given all of the current buzz surrounding mobile you'd think that businesses would be falling over themselves to embrace the technology. But a new survey of IT decision makers by enterprise application and security expert Mobile Helix shows that whilst 78 percent of enterprises have a mobile strategy, 86 percent are not using it to transform their business.
The survey of 300 CIOs in the UK and US reveals that 87 percent think that their employees would benefit from mobile access to enterprise applications. However, many of them are reluctant to invest. Complexity is cited by 66 percent as a reason not to pursue a mobile strategy, with 72 percent saying it's too costly to integrate mobile innovations into legacy applications. Development, security and support concerns are also listed as limiting factors.
As a result of this reluctance a mere 14 percent of businesses surveyed are currently using mobile solutions to transform their business processes, drive increased revenues and develop new income streams.
"Cost concerns are understandable, given that widespread enterprise mobility is still in its infancy, yet if CIOs make the right long-term choices today, they can generate significant returns for their business," says Mobile Helix's President Matt Bancroft. "Mobility has the potential to disrupt business in much the same way as the internet, but at the moment, cost and complexity challenges lead people to frequently ignore the enormous possibilities available. Take an industry where physical signatures are still needed: why not look at ways to use fingerprint scanning and location awareness on mobile devices as a way to completely change the way the industry works. Ultimately, we see the strategic value of mobility delivered in three phases: mobilizing existing enterprise applications, then adding mobile-specific capabilities to existing applications, and then creating totally new mobile apps where need and business case dictate".
Where mobile technology is used it's most likely to provide a simple extension to the office. Less than half of those surveyed are taking enterprise specific applications mobile. Of those that are, secure offline access is the most common use. Location-based tools using GPS are also becoming popular.
"To date, people are focusing on simply doing what they have always done, but from a mobile device, yet there is so much more potential value available from mobile technology," Bancroft says. "Perceived complexity is hindering adoption, but a key challenge to mobility is companies’ lack of vision, and that is a much bigger hurdle to overcome. With the introduction and broad adoption of HTML5, enterprises today can develop and deliver apps using their existing infrastructure and in-house skills. This means that the development of mobility solutions and mobile innovations can be both simple and cost effective".
Has your company taken CRM or other key systems mobile or is it sticking with more traditional means of accessing systems? Let us know.
Image credit: Catalin Petolea/Shutterstock
Last month we reported on research showing that 65 percent of financial professionals were putting company data at risk by using unauthorized apps. New research carried out for anti-virus company McAfee shows that the figure is even higher across the enterprise as whole.
The study finds that of 600 employees surveyed across North America, the UK and Australasia, 80 percent admit to using non-approved software as a service (SaaS) applications in their jobs. These applications are referred to as "Shadow IT", meaning technology that hasn’t been approved by the IT department or acquired according to company procurement policy.
The rise of the cloud makes it easier for employees to deploy their own SaaS apps without reference to IT departments. The most popular unapproved application according to the survey is Microsoft Office 365, used by 9 percent of respondents, followed closely by Zoho on 8 percent. Then come social networking applications LinkedIn and Facebook each on 7 percent.
In an example of technical hypocrisy, IT users make greater use of Shadow IT (83 percent admitting to using it) than general business users on 81 percent. When asked to justify its use, 39 percent of IT respondents say they use unauthorized SaaS because, "it allows me to bypass IT processes", while 18 percent say that IT restrictions "make it difficult to do my job".
"With over 80 percent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive," says Pat Calhoun, general manager of network security at McAfee. "The best approach is to deploy solutions that transparently monitor SaaS applications and other forms of web traffic, and uniformly apply enterprise policies, without restricting employees' ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies".
The full report, The hidden truth behind shadow IT is available as a PDF from the McAfee website.
Photo Credit: Hans-Joachim Roy/Shutterstock
Most businesses by now will have heard of the Google Cloud Platform which lets developers run applications on Google's servers. The company today announces general availability of its Google Compute Engine offering scalable, secure virtual machines running Linux.
In its preview phase Compute Engine supported only Debian and Centos running with a customized Google kernel. It now supports any out of the box Linux distro so that developers can work with a familiar environment but also support software that needs a specific kernel or file system.
At the same time Google has announced a transparent maintenance regime that upgrades and maintains systems whilst allowing the virtual machines to keep running. In the event of failure VMs are automatically restarted to get them back online fast.
Writing on the Google Cloud Platform Blog Vice President Ari Balogh says, "At Google, we have found that regular maintenance of hardware and software infrastructure is critical to operating with a high level of reliability, security and performance. We're introducing transparent maintenance that combines software and data center innovations with live migration technology to perform proactive maintenance while your virtual machines keep running. You now get all the benefits of regular updates and proactive maintenance without the downtime and reboots typically required".
For those needing more computing power there are new instance types available with up to 16 cores and 104GB of RAM. Google has also cut the price of its Persistent Disk storage by 60 percent per gigabyte and is dropping I/O charges in order to offer more predictable pricing. The price of the most popular Compute Engine instances is also cut by 10 percent.
You can find out more about Compute Engine, view real-life case studies and sign up for a trial at https://cloud.google.com/products/compute-engine/
Photo Credit: Fernando Madeira/Shutterstock
Increased use of mobile devices by consumers means that companies face challenges in terms of making their services and data available on a range of different gadgets. To give customers a properly interactive experience you need more than just a website. The key to doing this is APIs (Application Programming Interfaces) which allow connections to be established between your data and your customer's devices.
But developing APIs can be a complex and costly process. In order to streamline this StrikeIron has announced the public launch of its new hosted API management tool in the form of IronCloud.
With a management console as well as a developer portal IronCloud allows both the business and IT sides of a company to collaborate on cloud-based APIs. The console offers easy access to features like end-user access control, flexible billing, usage analysis, security settings, account management and automated usage charge tracking.
"Our customers trust IronCloud, as we developed it to be the most scalable, mature, and reliable API management platform on the market," says Sean O'Leary, CEO and President of StrikeIron. "Our own managed API product offerings are provided through IronCloud. StrikeIron is the only API management company that has dedicated the last decade to monetizing data and digital assets via APIs. This new public release of the IronCloud platform enables businesses to share their digital assets with their customers quickly, securely, and reliably".
The launch gives StrikeIron a full portfolio of API tools including managed interfaces and API accelerators. Built to provide solutions to the company’s own customers it offers reliable infrastructure and enterprise grade data security to give companies a mature and stable platform for their connected services. It also supports a range of hosting options so it can be run in your own data center, on StrikeIron’s systems or in the public cloud.
IronCloud will be showcased at the Gartner Application Architecture, Development & Integration Summit or for more information visit http://www.strikeiron.com/about-the-ironcloud-platform/
Photo Credit: everything possible/Shutterstock
Antivirus software is generally seen as being about protecting your system from infection, but sometimes you get caught out and it's necessary to call on the product's removal capabilities. If you're lucky, or careful, you might never have to try out the malware removal ability of your security product, but it's good to know it can step up to the plate if needed. To help you see if your chosen solution measures up AV-Comparatives has released the results of its latest malware removal tests.
Tests were carried out on a range of 11 malware samples including Trojans, worms, backdoors and ransomware. Using a Windows 7 Professional 64-bit system each infection was loaded, the system rebooted and then the anti-virus product installed, updated and put to work.
The tests awarded scores for each sample based on the effectiveness of removal and convenience of operation -- whether a boot to Safe Mode or a rescue disk was needed for example. Results were then aggregated to give a points score for each product.
Best overall was Kaspersky with a total score of 98 points, followed closely by Bitdefender on 97. AVIRA makes up the top three on 92. At the bottom of the table comes ThreatTrack Vipre with a score of 65. G-DATA and BullGuard tie for second to last slot on 73. Microsoft Security Essentials scored 83 putting it in the lower half of the table.
Interestingly not one of the products received a perfect score -- complete removal using only normal mode -- across all threats. Kaspersky came closest, removing 10 of the threats normally but needing a rescue disk for the 11th. Other than the top three, all of the products completely failed when it came to removing at least one of the samples, ransomware proving the most difficult to shift.
You can download the full report as a PDF from the AV-Comparatives website.
Image credit: DeiMosz/Shutterstock
The growth in popularity of cloud-based applications has brought new challenges for system admins. Rather than a single set of systems in one place a company's computing may now be spread across a number of platforms and locations.
With the announcement of its new Advanced Cloud Management product ScaleXtreme aims to give its customers a broad set of server, application and service management tools on a single platform.
Generally available from today the product has been trialled in a number of large companies to give central IT control over their public cloud deployments on systems including on Amazon Web Services, Terremark Enterprise Cloud, and Microsoft Azure.
It's fully integrated with the company's existing server management capabilities, including server and application monitoring, patch management, and job automation. This allows enterprises to manage their existing infrastructure as well as taking advantage of public and private clouds to re-engineer and port their applications.
Nand Mulchandani, CEO and Co-Founder of ScaleXtreme, explains, "As enterprises evolve their applications architecture to be increasingly cloud-based, they find themselves having to deal with multiple vendors and management tools. There's usually no 'clean break' between their legacy applications running on virtualized servers in their datacenter, and starting to deploy applications in the public cloud. ScaleXtreme helps IT deal with this complexity. Our Enterprise Platform gives them a single console with which to control all aspects of cloud application provisioning; while still giving them server management functionality for handling the underlying infrastructure on their existing applications".
Features of the ScaleXtreme platform include the creation, deployment and management of cloud applications across private, public and hybrid environments. It provides automatic scaling capability across clouds, enforces access control and compliance, and provides server management tools like monitoring and patch management.
"Today, enterprises live with the reality of highly heterogeneous IT environments. Any platform that can simplify and unify the systems management burden on IT, and accelerate the provisioning of new cloud services for end users, is very welcome," says Rob Green, CEO of Dizzion Consulting, a cloud computing services firm. "We have deployed ScaleXtreme in several of our enterprise clients: from managing application scaling in the cloud, to failover and disaster recovery".
You can find out more about Advanced Cloud Management on the ScaleXtreme website.
Image Credit: everything possible/Shutterstock
CRM data is the life blood of any sales-based business so it's important to look after it. That's doubly true if you're contemplating moving your CRM activity to the cloud. In order to address this, Texas-based backup and recovery specialist Spanning Cloud Apps is expanding its product range to cover the most popular cloud CRM package Salesforce.com.
Unlike other solutions Spanning Backup for Salesforce is embedded within the main Salesforce user interface. This means that backup and recovery options can be reviewed without leaving the package and key activities shared directly to Chatter feeds.
"Spanning is focused on providing leading-edge backup and recovery solutions for the most significant cloud applications. As the titan of enterprise cloud computing apps, Salesforce is a logical next step for us," says Jeff Erramouspe, CEO and president of Spanning. "Salesforce is storing unfathomably large amounts of critical data -- our backup and recovery solution ensures organizations are now fully protected from data mishaps and losses".
The product is designed to reduce the administrative burden of performing backups by automating daily tasks. It also offers point-in-time recovery making it simple to return to a specific previous version of the data if needed. Reporting of activity to Chatter feeds means that admins can spot problems and take action to resolve them before they become critical.
George Crump, president and founder of storage and cloud market analysts Storage Switzerland, says, "As organizations move core business functions to cloud applications like Salesforce, they are struggling to apply traditional backup and recovery methods, leading them to look for emerging solutions like Spanning Backup for Salesforce. We see independent data protection of cloud-based services as a critical component of any organization's data protection strategy."
Spanning Cloud made its début at Dreamforce 2013 and is now available as a private beta before becoming generally available in the first quarter of next year. In the meantime you can find out more on the company's website.
Image Credit: Maksim Kabakou/Shutterstock
For most people customer relationship management conjures up the idea of a massive database of sales information. But for smaller, especially one person, businesses who may spend only a small amount of their time in front of a computer, traditional CRM isn't a practical proposition and doesn't lend itself to mobile use.
Step forward ONDiGO which is designed to provide CRM on the go -- see what they did there? It's built to be easy to use and to start working immediately so that you can begin improving business contacts with customers from day one.
Features of ONDiGO include color coding so that you can differentiate personal and business contacts, new and existing customers and so on. It allows you to review your history of calls and messages with a contact, set tasks, schedule meetings and make notes. You can also prioritize interactions and at the end of each day you can review a real-time report of your activity.
The app syncs automatically with your phone contacts and your Google calendar and it stores all of its notes and other information in the cloud so that they're secure and still accessible if you switch devices.
ONDiGO is currently available free on the Play Store for use on Android devices. You can learn more about the product and view videos of it in action on the company's website. You can also register your interest in the iOS and Windows Phone versions which are in the pipeline.
Email is often cited as being the killer application that made the internet take off, and there's no denying it has changed the way the world does business. But using email for business means keeping an archive so that you have a record of conversations. Over time that archive can become substantial and take up a lot of expensive disk space so storing it in the cloud begins to look like an attractive solution.
To help with moving mail to the cloud Metalogix is launching its Total Email Management and Migration product for Amazon Web Services. It delivers a complete service for mail archiving, backup, security, migration and continuity in the cloud.
The product uses 'labs' which allow users to test solutions to make sure everything is working as it should before completing the migration. There's also a try and buy option which offers all of the options of the full product for a limited number of accounts so that customers can see how the migration works before moving to the full solution.
"With Metalogix Total Email Management and Migration for the AWS cloud environments we are delivering a comprehensive approach to email and file archiving and management with the flexibility our customers seek to support the changing dynamics of their business," says Steven Murphy, CEO of Metalogix. "By providing the industry's best of breed email management solutions on AWS, users can achieve the stringent security and control they need while lowering their total management costs. This consolidated solution combined with world-class security and management functionality is truly the 'All Stars Environment' customers and their trusted partners have been seeking to meet their email and unstructured data management requirements".
The product is offered in licensing packages based on number of users or storage capacity and perpetual licenses can be transferred to other cloud systems on in-house infrastructure if need be. You can find out more on the Metalogix website or try out the product via the AWS Test Drive Labs at http://aws.amazon.com/testdrive/microsoft/.
Photo Credit: Roland IJdema/Shutterstock
Successful sales strategy is dependent on understanding the customer. But for small and medium businesses building up the kind of intelligence database needed can be time consuming and take staff away from the task of actually selling. It can be many months before the implementation of a traditional sales intelligence platform bears fruit.
Software company InsightSquared has used the Dreamforce 2013 conference to launch the latest version of its analytics tool aimed at helping smaller enterprises stay competitive. Designed to work with the Salesforce CRM application, InsightSquared 3.0 has been put together based on feedback from experienced CEOs, along with sales and marketing professionals, in order to provide best practice reports and drive effective sales management.
The turnkey SaaS solution can be up and running in under a day and incorporates three new technologies. Instant Sales Insight allows managers to clearly see the relationship between sales activity and conversions. Sure Forecast ensures more accurate forecasting based on existing conversions and pipeline deals. Thirdly the Smart Pipeline Manager makes it easier to spot high probability and high risk deals.
Reports from the system can be generated using a straightforward point-and-click interface and offer immediate insights that can be used to boost sales performance from day one.
Fred Shilmover, CEO of InsightSquared says, "We are taking sales and marketing innovation to a new level by making business intelligence powerful yet easy to use, which has never been done before. We’re delivering industry-changing innovation and setting a new standard for what modern business intelligence should be".
Visitors to the InsightSquared stand at Dreamforce 2013 will be able to register to get a sales report in 60 minutes. Alternatively you can sign up for a free trial on the InsightSquared website.
Photo Credit: amasterphotographer/Shutterstock
It's an indication of the impact of social media that Twitter is now often the first place where people learn of major news stories. But that's a double-edged sword because it can be hard to know how accurate the information you're reading is.
From today Twitter is making it easier for government organizations and charities in the UK and Ireland to make timely and accurate information available via Twitter Alerts. The alerts service launched in the US, Japan and Korea in September of this year and has already been used by a number of public services to share information during emergencies involving public safety, bad weather and so on.
Some 57 accounts are signed up to the UK and Ireland service at launch including all of the UK's police forces, the London Fire Brigade, the Mayor of London's office, the Environment Agency and the Foreign Office. A full list of organizations using the service can be found on Twitter's website.
Rita Dexter, Deputy Commissioner for the London Fire Brigade, says, "People act on information shared on social media. During a major incident accurate, verified and frequent updates are essential. Twitter Alerts will help us communicate quickly during a significant emergency".
If an organization is using the alerts service you’ll see an orange bell symbol on its Twitter account page. You can also go directly to the alerts page by adding /alerts to the end of the page URL -- for example the Greater Manchester Police page is https://twitter.com/gmpolice/alerts. You won't be automatically signed up to alerts even if you follow the main account, you have to opt in to receive them.
When an alert is issued it will be highlighted on your feed with the orange bell icon, if your mobile phone is linked to your account you'll also receive an SMS message. Users of Twitter for Android or iPhone will get a push notification to their device provided they're using Twitter for iPhone version 5.10 or higher, or Twitter for Android 4.1.6 or higher.
Photo Credit: bikeriderlondon/Shutterstock
Don't panic, Redmond isn't after your credit card details -- well, no more than usual. Microsoft has announced the opening of a new Cybercrime Center to combine its legal and technical expertise with cutting-edge tools and technology in the fight against crime on the internet. The center will tackle a wide range of crimes including malware, botnets, intellectual property theft and online child exploitation.
"The Microsoft Cybercrime Center is where our experts come together with customers and partners to focus on one thing: keeping people safe online," says David Finn, associate general counsel of the Microsoft Digital Crimes Unit. "By combining sophisticated tools and technology with the right skills and new perspectives, we can make the Internet safer for everyone".
Located on Microsoft's Redmond campus, the center includes a separate and secure location for third-party partners allowing them to work alongside the company’s own experts. This will allow for improved partnerships across law enforcement, education and industry.
The secure facility houses technologies that allow the team to visualize and identify global cyberthreats as they develop in real time. These include SitePrint, which allows the mapping of online organized crime networks; PhotoDNA, a leading anti-child-pornography technology; cyberforensics, a new investigative capability that detects global cybercrime, including online fraud and identity theft; and cyberthreat intelligence from Microsoft’s own botnet takedown operations.
With around 100 people worldwide including lawyers, forensic analysts and technical experts the center is well-equipped to make online life safer.
"In the fight against cybercrime the public sector significantly benefits from private sector expertise, such as provided by Microsoft," says Noboru Nakatani, executive director of the INTERPOL Global Complex for Innovation. "The security community needs to build on its coordinated responses to keep pace with today’s cybercriminals. The Microsoft Cybercrime Center will be an important hub in accomplishing that task more effectively and proactively".
Microsoft is encouraging customers to visit www.microsoft.com/security to learn more about threats and ensure that their systems are protected.
Millennials are more heavily distracted when watching video and as a result adverts need to work harder to get through to them. This is among the findings of research by YuMe, a digital brand advertising specialist, and IPG Media Lab.
Focusing on millennials (those born between the early 1980s and the turn of the century) the first phase of the study looked at the tablet video viewing experience compared to TV, PC and mobile. The second phase analyzed media consumption and multi-tasking habits in an attempt to understand which device is most effective at achieving brand recall within the demographic.
"This study really did exceed our expectations, as it not only proved the power of tablet video consumption, but it dove deeper to showcase actual habits and consumption of millennials," says Kara Manatt, Vice President of Consumer Research Strategy at IPG Media Lab.
Key findings are that millennials are more distracted when watching video, so ads have a harder time breaking through, however, when video ads do succeed they tend to have a more positive impact on the millennial generation. The results also reveal that smartphones are the most popular device for viewing videos amongst this age group and consequently when ads appear on smartphones they're more effective. Millennials are also more likely to multi-task with other connected devices. This represents, "...a clear opportunity to plan for duplication and exposure timing across devices for ad breakthrough," says Ed Haslam, SVP of Marketing at YuMe.
More about the study and its results will be presented in a webinar on November 22nd at 11:30am PT. You can register for this by visiting https://www1.gotomeeting.com/register/337165017. In the meantime you'll find an overview in infographic form below.
Because NoSQL databases are less restrictive than the more conventional relational model, offering simpler design and improved scaling, they're popular for handling big data and real-time web applications. However, this comes at the price of higher maintenance demands.
The latest release of DataStax Enterprise (DSE) 3.2 addresses this with the addition of automated management services, allowing companies to concentrate on generating revenue rather than maintaining the database. This makes it the first NoSQL solution to have management taken care of by the database itself, bringing features that would previously only have been available in products like Oracle to the NoSQL market.
Using new versions of DataStax's Apache Cassandra-based database software along with visual monitoring tools many database operations can be left to the system. A Capacity system collects key information and can warn admins when systems are stressed, making it easier to predict when extra capacity will be needed.
A Repair service keeps data consistent across distributed clusters with minimal performance impact. In addition an OpsCenter provides an at-a-glance dashboard together with a point and click interface to allow bulk operations like starting and stopping multiple nodes.
"By automating repair and capacity planning functions, DataStax Enterprise 3.2 allows developers to focus on their revenue-generating applications instead of their underlying database technology," says Robin Schumacher, vice president, products at DataStax. "With DataStax Management Services, DSE 3.2 delivers an easy to use and reliable out-of-the-box experience for companies who want to reap the scalability and availability benefits of Cassandra without the operational overhead of open source software".
DataStax Enterprise 3.2 and OpsCenter 4.0 are available now from the company’s website.
The company is also offering free self-paced online training to help users get to grips with the product via its DataStax Ac*ademy.
Backing up data can often seem like a chore and is something which isn't always top of the agenda, especially for smaller businesses. New research commissioned by cloud backup and disaster recovery company Intronis shows that a high percentage of small and medium businesses are at risk of major data loss that could put them out of business.
The results show that most SMBs go to managed services providers (MSPs) -- 83 percent of which are SMBs themselves with less than 99 employees -- for their IT services. More worrying is that they often don't buy backup and data recovery until after suffering a detrimental loss of data.
The 2013 State of Cloud Backup study carried out in September 2013 surveyed 350 IT service providers -- including MSPs, system integrators, and IT solution providers -- to find out about their sales of cloud backup services as well as the type of demand they were seeing from their SMB customers.
"Data losses come in all forms, from hardware failures to user error and natural disasters, and it's never a good time," says Neal Bradbury, co-founder and vice president of channel development for Intronis. "SMBs and IT service providers should think of cloud BDR services as insurance for the company’s data -- no business should be without it".
On a positive note, of those companies that are working with a service provider to protect their data, more than 50 percent are using cloud technology, showing an increased confidence in the cloud’s reliability and ability to safeguard data. The results also reveal that cloud backup offers a strong opportunity for service providers to grow their business, with 56 percent of the providers polled saying that backup and recovery is a top selling product.
The full survey and can be found on the Intronis website at www.intronis.com/cloudstudy2013. Additional key findings will be released via the Intronis blog over the coming weeks.
Photo Credit: Lisa S./Shutterstock
Launched earlier this year in Barcelona, KNOX, as we reported at the time, is a secure Android platform powering Samsung Galaxy devices. It's designed to strengthen Android by using hardware features to provide the highest level of protection. KNOX is aimed at offering security whilst remaining manageable and addresses the need to separate work and play on the same device.
With the launch of a partner program, Samsung is helping resellers and independent software vendors to provide extra value for their customers and extend the benefits of KNOX to the enterprise market. It provides partners with assets, resources and training to help them provide support for Samsung devices. Compatibility is included for existing master data management (MDM) solutions to allow resellers to offer a complete solution or work with existing installations.
"We are launching Samsung KNOX partner program and believe it is a truly exciting time in our journey towards winning in the Enterprise segment," says Dr Injong Rhee, Senior Vice President and Head of B2B R&D Group, IT & Mobile Division at Samsung Electronics. "With Samsung KNOX, for the very first time Enterprise IT can deploy Android devices, which are loved by consumers, for enterprise usage, ensuring highest levels of platform security and information protection. This excitement is shared by our Go-To-Market partners and they have signed up overwhelmingly to partner with us to resell KNOX and in turn unlock tremendous value in their Enterprise Mobility offerings. We look forward to a long-term win-win with our partners."
The partner program will be offered in Platinum, Gold and Silver levels though for the first six months all partners will get the Platinum level before tier qualifications and benefits come into play.
To find out more about KNOX and the partner program visit www.samsungknox.com
Image Credit: Rashevskyi Viacheslav / Shutterstock
It's the iPad and the Nexus 7 that make the most headlines in the tablet market, but the fiercest competition for consumer cash in the run up to this year's Christmas holiday season will be taking place lower down the food chain.
Taiwan-based audio-visual specialist Hannspree is the latest to enter the fray with its new HANNSpad SN14T71. Offering a 13.3-inch screen it launched today in the UK with a price tag of just £199.99 ($318). The screen itself is a 10 point Multi Touch unit with a resolution of 1280 by 800. Whilst that’s pricier than other budget tablets like Tesco’s £119 Hudl, it’s squarely up against some premium smaller devices like the 16GB Nexus 7 and you are getting a lot more screen real estate for your money, albeit with a lower resolution.
Size isn't everything though so what about the rest of the spec? The HANNSpad comes with a 1.6GHz quad core ARM processor, 1GB of DDR3 memory, 16GB of internal storage and an HDMI output. A Micro SD slot allows you to add up to 32GB more storage.
Connectivity is via wireless N and Bluetooth -- there’s no 3G or 4G. However, it does have 0.3 megapixel front and 2.0 megapixel rear webcams, a G sensor and a 3-axis accelerometer. The SN14T71 runs Android 4.2.2 (Jelly Bean) and comes pre-loaded with a number of apps including Softmaker Office.
The HANNSpad will be available from Misco, Amazon and ebuyer and the price includes a two year warranty. If you want a big tablet on a small budget it could be worth a look.
The rise of intelligent machines has long been fertile ground for science fiction writers, but a new report by technology research specialists Gartner suggests that the future is closer than we think.
"Smartphones are becoming smarter, and will be smarter than you by 2017," says Carolina Milanesi, research vice president at Gartner. "If there is heavy traffic, it will wake you up early for a meeting with your boss, or simply send an apology if it is a meeting with your colleague. The smartphone will gather contextual information from its calendar, its sensors, the user's location and personal data".
Your smartphone will be able to predict your next move or your next purchase based on what it knows about you. This will be made possible by gathering data using a technique called "cognizant computing".
By combining information from apps and the personal cloud your phone will be able to carry out more tasks automatically. "We assume that apps will acquire knowledge over time and get better with improved predictions of what users need and want, with data collection and response happening in real-time," says Ms Milanesi.
Initially the tasks carried out automatically will be calendar based -- things like arranging a car service, or sending birthday greetings. As cognizant computing improves it will allow other tasks like responding to routine emails or booking travel tickets to be carried out too.
Of course none of this means that smartphones are actually becoming intelligent. It's simply that the information they're able to gather via their sensors and from the cloud will make them appear so. This of course raises privacy concerns and how well it works depends on how willing users are to share information. But Gartner reckons that while privacy might be an issue for some, consumers are willing to give up a good deal in return for convenience.
"Mobile phones have been our trusted companions for years channeling the natural need we have to communicate with others and express ourselves first with voice, then with the internet, and more recently through applications," says Ms Milanesi. "Smartphones, their technology and operating systems have been radically changing other devices from PCs to televisions. The era of personal cloud is empowering users as well as devices to get access to and share more and more data. Over the next five years, the data that is available about us, our likes and dislikes, our environment and relationships will be used by our devices to grow their relevance and ultimately improve our life".
Gartner analysts will be discussing the future of smart devices at the Gartner Symposium/ITxpo 2013 in Barcelona from November 10-14. You can follow news from the event on Facebook or on Twitter using the #GartnerSym hashtag.
Image Credit: Maksim Kabakou/Shutterstock
The growth of the cloud and the use of software as a service (SaaS) has had a dramatic effect on both businesses and individuals, allowing people to access corporate applications and data from anywhere and on any device. But it also gives IT managers a security headache as it becomes harder to build and enforce consistent policies, especially when employees are using their own devices.
In a bid to tackle this, security specialist Adallom is launching a complete solution for SaaS applications. This offers seamless cloud-based security that audits all SaaS activities and provides real-time information on user activity.
It's built to be scalable across the cloud and to integrate with other security solutions like anti-virus and VPN. Using a clientless architecture it sits in between the user and the SaaS application, making use of proxy server technology to ensure minimum latency.
Adallom combines a range of techniques, and these include real-time risk analysis which monitors user activity to detect abnormal behavior, manage high risk incidents and share knowledge of attack patterns via a global intelligence network. This means it's able to prevent attacks without the need for complex rules and configurations.
A single interface makes it easy to define policies across SaaS applications. This is combined with centralized auditing to allow admins to see user login, device location and activity details.
"The freedom provided by SaaS applications has introduced a new threat vector through the myriad of modern attacks targeted at human interactions with SaaS applications. Adallom addresses this gap, preventing attacks by helping organizations extend visibility, compliance and security to SaaS and cloud services," says Assaf Rappaport the co-founder and CEO of Adallom. "With unrivaled intelligence, Adallom provides the means to mitigate SaaS threats and enhance enterprise security while preserving the ease-of-use and convenience of cloud services. The goal is security without boundaries".
You can find out more details about the product and its pricing on the Adallom website.
Image Credit: Maksim Kabakou/Shutterstock
It seems that everyone is keen to get in on the big data trend at the moment. If you're still unsure of what it is and where it comes from take a look at the handy infographic we published last week. If you want to start making use of it, then the company behind that graphic, Kapow Software has just released its latest product to make it easier to extract big data from any source.
Kapow Enterprise 9.3 uses synthetic APIs which allow it to draw data from a number of sources and integrate it into existing business processes. What the company calls Kapplets enable users to run and manage thousands of automated data integration applications at the same time. They can then view the different data streams in an integrated way and act on the findings.
"Enterprise 9.3 is enterprise-ready data integration software that is ideal for any business challenged by managing big data as part of its day-to-day operations," says Stefan Andreasen, Founder and Chief Technical Officer at Kapow Software. "It gives users robust capabilities that make data accessible, affordable and actionable, allowing organizations to rapidly deliver the critical information at the time they need it to make better decisions".
The product allows the rapid creation of synthetic APIs to support interactive web technology like HTML5 and JavaScript, but it continues to support traditional APIs too in order to interact natively with XML and use existing code where it occurs.
Kapplets allow action to be taken on the data as it arrives and results can be rendered as graphs and tables to make them easier to understand. In addition built-in user management makes for easier distribution of information to the people who need it. Improved scalability and performance makes for faster processing of high volumes of data too.
"Kapow brings incredible value to our business users by making them more efficient and productive," says Lars Johnsen, Chief Content Manager at Schultz Information, a market leader providing digital information portals and decision tools for both government agencies and corporations. "Using Kapow, we spend less time on manual processes to access and prepare data and more time on making new discoveries. Kapow Kapplets are intuitive and elegant, and provide our business users the critical data they need with just a single click".
You can find more information and request a demo of the product on the Kapow website.
Photo Credit: PlusONE/Shutterstock
Data breaches and cyber attacks frequently make the news when well-known companies are the target.
This is good in the sense that it raises awareness of the need to take security seriously, however, the latest Global Risk Management Survey by Gartner finds that fear of attack is causing security professionals to shift their focus away from disciplines like enterprise risk management and risk-based information security in order to concentrate on technical security issues.
"While the shift to strengthening technical security controls is not surprising given the hype around cyberattacks and data security breaches, strong risk-based disciplines such as enterprise risk management or risk-based information security are rooted in proactive, data-driven decision making," says John A Wheeler, research director at Gartner. "These disciplines focus squarely on the uncertainty (as in, risk) as well as the methods or controls to reduce it".
Gartner says that organizations that move away from risk-based disciplines, or fail to adopt them in the first place, fall prey to what it calls fear uncertainty and doubt (FUD) which in turn can lead to reactionary or emotion-based decision making.
The survey shows a worrying movement away from risk assessment, with only six percent focused on enterprise risk management in 2013 compared to 12 percent in 2012. Wheeler says, "As IT risk profiles and postures change in the future, an inevitable shift in focus back to these risk-based disciplines will need to occur. If not, IT organizations may find that more-critical, emerging risks will remain undetected, and the company as a whole will be left unprepared".
In the short-term though it seems that FUD can benefit the security budget. The report finds that 39 percent of respondents have been allocated funds totaling more than seven percent of the total IT budget. This compares with only 23 percent having received a similar amount in 2011.
"These incongruent survey findings seem to validate the observation that risk-based, data-driven approaches are falling to the wayside in favor of FUD-based, emotion-driven activities," says Wheeler. "Or, perhaps more disturbingly, they indicate that those who have concerns are simply burying their head in the sand, rather than proactively addressing emerging threats".
Linking of IT risk indicators to business performance seems to be in decline too with survey respondents indicating a seven percent drop in formal mapping over the last year. Seventeen percent had ceased this activity altogether. Wheeler concludes, "If done correctly, integrated risk and performance mapping exercises can yield tremendous benefits for companies and IT organizations that are seeking to develop a more-effective risk management dialog with business leaders".
The full report Survey Analysis: Risk Management, 2013 is available from Gartner's website.
Photo credit: Tashatuvango/Shutterstock
Next week’s Patch Tuesday will see a number of security patches for Windows 8.1 including three that get the top Critical rating. According to Microsoft’s advanced notification on TechNet the three critical updates address remote code execution issues in Windows and Internet Explorer.
There are also five more updates flagged as Important, three for Windows and two for Office. The three Critical bulletins also apply to Windows XP and will be among the last for the 12-year-old operating system before support ends in April next year.
Interestingly none of these patches address the Security Advisory issued earlier this week affecting Vista, Windows Server 2008 and versions of MS Office from 2003 to 2010. Users of these systems are advised to follow Microsoft’s FixIt solution which involves disabling a codec. A more permanent solution is expected at a later date.
Other things to expect on Tuesday include the regular refresh of the Malicious Software Removal Tool and a number of non-security related updates.
Photo Credit: fotoscool/Shutterstock
Google Glass has caused a bit of a stir, whether it's for the ability to turn us all into government spies or for causing the slightly distracted Google gaze. But there's been relatively little discussion of how smartglasses might be useful for business.
Until now that is, because a new report by Gartner says that smartglasses have the potential to boost worker efficiency in areas like healthcare, manufacturing and field service.
"Smartglasses with augmented reality (AR) and head-mounted cameras can increase the efficiency of technicians, engineers and other workers in field service, maintenance, healthcare and manufacturing roles," says Angela McIntyre, research director at Gartner. "In the next three to five years, the industry that is likely to experience the greatest benefit from smartglasses is field service, potentially increasing profits by $1 billion annually. The greatest savings in field service will come from diagnosing and fixing problems more quickly and without needing to bring additional experts to remote sites".
As yet smartglasses have seen little adoption in the business world and take up is likely to remain low until apps and services emerge to make them truly useful. Gartner expects the biggest impact to be in heavy industry such as oil and gas production where the technology could be used to provide on the job training and access to technical documentation on site. Workers would therefore be able to carry out tasks even if they couldn't remember all of the procedures. Quite whether you'd want the guy who's fixing your nuclear reactor to be reading the instructions as he went along is another matter -- "insert control rod A into reactor housing B".
There's a role in quality control too. The technology could be used to make a video recording of a procedure to prove to management or safety inspectors that it had been carried out correctly.
What the report calls the "weightless" industries like finance and media are likely to see less benefit. Though smartglasses could be useful for, say, insurance assessors looking at damaged properties.
"...the goals of corporate training may evolve away from memorizing procedural steps to knowing how to use smartglasses and access key information using voice commands," says Tuong Nguyen, principal research analyst at Gartner. "Classroom training and tests on the content of manuals can be reduced since much of the practical training can be done 'on the job' with the assistance of smartglasses. However, training must always include safety and employees should continue to know how to use equipment for routine tasks".
In healthcare Gartner says that smartglasses could help doctors consult with specialists during a patient examination. In conjunction with facial recognition the glasses could also be used to bring up a patient's records as they walk into the surgery. Of course from the other side of the desk you would never be sure whether your doctor was looking up your symptoms or checking on the football scores.
The full report is available on Gartner’s website.
With the increasing trend towards using mobile devices in the workplace, IT departments sometimes struggle to keep up with demand from their users. As we've seen elsewhere, this can lead to employees using unauthorized software.
Companies interested in speeding up the build time for mobile apps will want to take a look at San Francisco-based raw engineering’s built.io product which comes out of beta and is generally available from today.
Unveiled at DEMO Mobile 2013, built.io is a backend as a service (BaaS) product that allows enterprise mobile apps to be developed faster. It looks after managing servers, cloud infrastructure, database structure and scaling, allowing developers to focus their talents on building the user experience.
"Using built.io, our team was able to build variations of Twitter and Google Docs in under a week. That kind of timeframe really changes the game for enterprise apps. It's now cost-effective for businesses to experiment and create really interesting, powerful apps, even for short-term needs like a seasonal customer promotion or internal sales meeting," says raw engineering CEO Neha Sampat.
The move out of beta coincides with the introduction of some new features. These include a new management console, geo-location features, intelligent notifications, cloud extensions, social network integration and more powerful analytics.
As a result the product allows developers to build apps on top of an existing platform. They can also easily add social features such as allowing users to follow comments on a shared document.
"By taking care of all the heavy lifting involved with building an app backend from scratch, built.io gives businesses a way to finally meet the pent-up demand for apps sparked by today’s mobile workflows, 'app store' culture, and BYOD trends," adds Sampat.
For more information on the built.io product and its pricing model you can visit http://built.io/plans.
The increasing popularity of BYOD brings a number of challenges for IT departments, not least of which is ensuring that files are handled in an approved and secure way. The problem is that users don’t often see things the same way. A new survey by Workshare shows that 65 percent of mobile users at financial institutions are using file sharing apps that aren't approved by their IT departments.
Only 55 percent were using unauthorized apps to work on documents outside the office in 2012, but the figures are even more worrying when you take into account that 89 percent of financial professionals are now using their own devices for work -- up from a mere 3 percent last year. The report also shows that 78 percent of these workers are using free file sharing services like Dropbox and SkyDrive to access and store corporate documents.
Whilst 62 percent of "knowledge workers" use their own mobile devices for work, the report shows that the BYOD trend is at its most popular in legal, sales and marketing departments, with around three-quarters of employees in these fields using their own kit. By contrast only 18 percent of those in administrative roles use their own devices for work purposes.
Large companies with more than 20,000 employees seem to have a better grasp of the risk posed by file sharing solutions. However, in businesses with fewer than 500 staff only 24 percent of employees were using authorized file sharing apps.
It's clear from these findings that BYOD has become an important tool for many enterprises but that in some organizations the procedures and controls needed to use it safely haven't caught up. To address these concerns Workshare is launching a new version of its Protect Server product. This gives IT departments control over corporate files shared by email and webmail on mobile devices.
You can see an overview of the report's findings in handy infographic form below.
Photo Credit: bikeriderlondon/Shutterstock
From technology that watches you in the supermarket, to social networking’s attempts to make the ads we see more relevant, the advertising industry is becoming cleverer at getting its message in front of the right people.
But is scanning emails, as Gmail does, a step too far? A survey commissioned by Outlook.com in the UK has found that 84 percent of people disapprove of email service providers scanning messages in order to target online adverts.
The study, carried out by independent research company GfK, also finds that 64 percent of UK residents were unaware of any email provider scanning messages to target them with ads. A massive 93 percent agreed that they should have the ability to opt out of having their messages scanned for this purpose.
Annie Weber, Executive Vice President of GfK's Public Affairs & Corporate Communications division says, "The polling indicates that overall many British residents are unfamiliar or uncomfortable with the idea of email service providers scanning words in emails for the purpose of targeting advertising. At a time when digital privacy is increasingly concerning the public, this survey suggests that service providers need to work hard to ensure email users understand the specifics of how their personal content is being used, and the underlying reasons for these practices which will result in a more informed and educated user".
Are you concerned about your mail provider scanning your messages to show you more relevant adverts? Or is that low on the scale of your online privacy worries? After all, it's hardly a new practice. Let me know via the comments.
Image credit: Amir Kaljikovic/Shutterstock
Most people should know by now that Microsoft is ending support for Windows XP in April 2014. However, according to NetMarketShare's latest report, 31.24 percent of the PC market is still running the venerable OS.
For enterprises this raises serious security and compatibility issues not to mention the time and effort involved in migrating large numbers of systems. Solutions provider Adaptiva is offering an answer in the form of its OneSite Rapid OSD product to aid operating system deployment and cut the time and cost involved in moving to Windows 7 or 8.
Where traditional migration techniques need server resources on site and technicians to spend time at the desk, OneSite allows the process to be carried out without either.
It uses a number of tools to streamline the process, these include pre-staging of content so that files travel over the WAN only once, using predictive bandwidth to minimize impact on other traffic. On LANs multiple systems are allowed to download files simultaneously. When an OS image gets updated OneSite creates a small "diff" file rather than transfer the whole thing again, saving both bandwidth and time.
OS images are delivered using a peer-to-peer pre-boot execution environment (PXE) rather than relying on a single server. This allows for faster installs by choosing the best peer system to serve the image. The system also uses a virtual state migration point (SMP) to store all of the user settings and applications in a file that can easily be moved across a network and cached on other machines with spare disk space. It can aggregate unallocated space so as not to steal storage from users.
"Operating System migration involves an extreme amount of data and requires a way to manage the distribution and deployment of about 20-25+ gigabytes of data required for most companies," says Deepak Kumar, CTO and founder of Adaptiva. "Because OneSite is tightly integrated with Microsoft SCCM, it provides an elegant solution that automatically creates a Virtual SAN and Virtual SMP at every network location, making OS migration a much easier task. Our technologies drastically cut deployment times down to as quick as a single day -- once the image and task sequence have been created -- all without the need for consulting services".
You can find out more about OneSite and sign up for a trial version on the Adaptiva website.
Photo credit: JNT Visual/Shutterstock
The increasing use of technology by customers presents many challenges for business. This means that traditional areas like finance and operations may no longer be driving change. According to a new report by research specialists Gartner, meeting the digital era, where change may be motivated by evolving customer expectations, needs a fresh approach if it's to be done successfully.
Unlike other projects which are about delivering on budget and on time, digital transformation schemes can involve taking risks in order to achieve better performance. Gartner calls this "discovery oriented project management" where it's necessary to experiment and continue to learn from projects even after their launch.
The report recommends a number of things to help enterprises come to terms with this new landscape. These include having a small core team of no more than six to eight executives to enable decisions to be made quickly, understanding how customers actually use technology to interact with the business, and approaching old and new models in parallel. It also suggests using behavioral scientists to help understand how customers use information as they have no preconceptions of how things should be working. In addition the report suggests businesses look for inspiration from other industries rather than look purely at their own sector.
Richard Fouts, research vice president at Gartner says, "Customer focused digital business transformation initiatives will short change the organization’s intent if they depend on a traditional approach that values the wrong things. Most projects are defined goals, schedules and quantifiable objectives. However, it's difficult to set quantifiable objectives if the ultimate business model you’re driving toward is unknown. Transformation puts you in discovery mode; the firms we talked to treat it more like a scientific experiment versus an engagement with a known deliverable".
The full report, How to Approach Customer-Focused Digital Transformation is available on the Gartner website.
Photo credit: Tashatuvango/Shutterstock
Silver surfers are a more important market than generations X and Y yet are often ignored by technology companies according to new research by Gartner. With many markets now having an aging population, technology designers and marketers need to refocus on the opportunities offered by older users.
Speaking at Gartner Symposium/ITxpo on Australia's Gold Coast, vice president and Gartner Fellow David Furlonger says, "In recent years, technology decision makers have focused their work largely on the perceived wants and needs of younger demographics. They have created and sold products targeted explicitly at an already-saturated market of financially poor 'digital natives' in Generations X and Y. This emphasis on the young is unsurprising, since many technologists are themselves part of these younger age groups. However, it is a very serious mistake, because it neglects the most promising technology market demographic of all: the affluent, increasingly technologically sophisticated older generation we are calling the 'silver surfers'".
Research elsewhere by Australian mobile company Optus shows that the older generation is increasingly active on social media with more than three quarters of silver surfers in the country using Facebook to stay in touch with friends and family.
Technology is able to improve quality of life for the older generation too and research by Gartner and others shows that individuals in this age group are quick to recognize the potential it has to change their lives. This represents an opportunity for companies to design and sell devices specifically for the needs of this market, a step that most have not yet taken.
"The consumerization of technology has made it far more accessible, especially in terms of usability, to people who may find PCs more difficult to manage," says Furlonger. "However, technology designers and manufacturers have largely ignored this huge and growing market, and by doing so, have neglected one of their most important sources of future growth and revenue. The younger market has only linear growth potential and decreasing purchasing power, while the silver surfers offer exponential growth opportunities and growing purchasing potential".
A number of factors are driving technology adoption by older groups, these include increased availability of broadband and Wi-Fi connections, along with social networks and targeted forums. All of this helps meet the need for social interaction as increasing numbers of older people find themselves living apart from their families in a way unknown to past generations.
Gartner says that designers can help by delivering clean, simple, uncluttered user interfaces, without confusing fonts, colors or special effects. Straightforward navigation and simple checkout processes are crucial for older customers too.
Companies also need to recognize that silver surfers select and buy technology in a different way. Trust and reputation are important as are recommendations from family and friends. Perceived value -- the contribution technology can make to a person's life rather than just the price -- is important too.
"The silver surfer demographic is huge and growing, and clearly has both the ability and the desire to spend significant amounts of money on technology," says Furlonger. "However, to date, most technologists and technology manufacturers have failed to deliver products and services that meet the needs of this market and its various sub- or microsegments, and marketers have largely failed to target it effectively. To do so will require fundamental changes in their approach to product and service design, marketing and sales".
The full report is available on Gartner's website and you can see a video of Furlonger introducing the research on YouTube.
Photo Credit: arek_malang/Shutterstock
Unless you're heavily into the world of data storage you probably haven't heard of Ceph. It's an open-source distributed storage system for Linux platforms designed to deliver performance, reliability via a software defined system that's also very scalable. It's self-managing and self-healing and can be accessed via big data tools like Hadoop and Samba.
Now that you know what it is you'll be interested to learn that Inktank, the company behind Ceph, has launched Inktank Ceph Enterprise. This is a subscription product that builds on Ceph's open-source roots to provide the most stable version of the product with a new graphical management console and a suite of support services.
"Inktank Ceph Enterprise is an important development that should help enterprise customers evolve their Ceph deployments, be they public, private or hybrid cloud environments," says Simon Robinson, Research Vice President at analyst firm 451 Research. "Having the backing of Ceph experts behind their Ceph deployments should help customers as they look to improve business continuity service levels, drive greater agility and improve operational efficiency across their cloud estate".
It can be used in cloud deployments or as a replacement for traditional storage solutions. Offering web-scale technology with long-term support available from a commercial vendor, it allows businesses to benefit from the economics of modern data storage. By using commodity hardware it can lead to significant cost savings compared to legacy systems.
Inktank Ceph Enterprise is supported on Red Hat Enterprise Linux 6.3, Red Hat Enterprise Linux 6.4, CentOS 6.3, CentOS 6.4, and Ubuntu 12.04 LTS. Its pricing model is based on the amount of storage deployed.
"The launch of Inktank Ceph Enterprise makes Ceph a viable, sustainable storage platform within the enterprise", says Bryan Bogensberger, CEO of Inktank. "Inktank customers now have the tools, code and peace of mind required to get serious about replacing expensive, proprietary legacy storage hardware and satisfying their emerging cloud and big data storage needs with the transformative Ceph distributed storage system".
Photo Credit: kubais/Shutterstock
Microsoft has released its latest Security Intelligence Report detailing the threat intelligence gathered from more than a billion systems worldwide.
With Windows XP support due to end in April 2014 the report takes a close look at the risks posed to consumers and businesses of using unsupported operating systems. According to StatCounter, XP and older systems still account for around 21 percent of those in use.
The main threats facing XP users are the Sality malware family which can steal personal data and lower system security settings, the Ramnit family that infects executable, MS Office and HTML files, and variants of the Vobfus worm which can download other malware onto a PC and spread itself via removable drives.
The report finds that in the first half of 2013 almost 17 percent of computers running up to date Microsoft security products encountered malware. Although encounter levels were similar for both operating systems, XP machines were six times more likely to be infected than those running Windows 8.
"The data help illustrate the positive impact that security innovations in newer operating systems are having. Modern operating systems such as Windows 8 include advanced security technologies that are specifically designed to make it harder, more complex, more expensive and, therefore, less appealing for cybercriminals to exploit vulnerabilities," says Tim Rains, director of Microsoft Trustworthy Computing.
Obviously Microsoft has an interest in persuading XP users to upgrade but there are some compelling statistics. Microsoft warns that in the two years following XP SP2 going out of support malware infections jumped by 66 percent compared with those for SP3.
Rains adds, "We truly want people to understand the risks of running Windows XP after support ends and to recognize the security benefits of upgrading to a more modern operating system -- one that includes the latest in security innovations, provides ongoing support and can in turn better protect them".
You can see an overview of the findings in the slideshow below:
Microsoft Security Intelligence Report, volume 15 from sreid_waggedFinding the right staff is crucial to the operation of any business. But often the people that are right for a role aren't necessarily looking for a new job. San Francisco-based analytics specialist Identified thinks it has an answer to this with a new product that combines social media and big data techniques to create a massive searchable candidate database.
Identified Recruit claims to have a billion potential candidates available making it the largest source of professional profiles. You may think that this is like LinkedIn, but the difference is that Identified Recruit uses multiple data sources so it isn't limited by its own user base.
"The open web contains the most comprehensive, current professional information available, but until now companies have been forced to go to individual networks like LinkedIn to find talent," says Brendan Wallace, co-founder and co-CEO of Identified. "With access to all of the web's data, companies can find great talent on a scale never before possible".
The product gathers information from a range of public social media sources whist protecting personal data by anonymizing the details. This allows it to deliver results for groups -- such as healthcare professionals -- that are under represented on sites like LinkedIn. The company quotes as an example that Identified has over 3,500 profiles for Surgical Technicians, where only 87 can be found on LinkedIn.
Earlier this month, Identified announced that it had hired Facebook's manager of data science, Mohammad Sabah to direct and develop the expansion of its core technology -- though it didn't say if it had found him through its own system.
Recruiters can find out more and request a free demo at www.identified.com the rest of you make sure your social network profiles are up to date.
Photo Credit: vichie81/Shutterstock
We've seen a raft of tools in recent months that seek to combine business intelligence with elements of social networking. Bloomfire's USP in this field is that it seeks to capture the knowledge that already exists within an enterprise and use it to deliver improved employee engagement and ultimately better customer service.
Bloomfire has a clean interface reminiscent of Google+ and it works by dividing content into "feeds". These are designed to deliver content that’s relevant to the individual whilst filtering out noise so that people can find the information they need to do their jobs. Notifications can also be customized so that relevant notifications and tags aren't missed. The result is more time spent on the actual task and less managing the system. In any case it's designed to be used by business people rather than technicians.
The product is cloud based and can be accessed from a browser or via Android and iOS apps. It’s customizable so that users can apply their own corporate branding. Built-in analytics show who is contributing the most and which posts are the most valued by others as well as how long questions take to get answered.
In-built creation tools make it easy to share multimedia content including webcam videos and screen captures. These and other linked documents are stored in Bloomfire’s own cloud so there’s no external storage requirement.
The product currently has 350 customers and 150,000 individual users. Packages start from 25 users and the company says that 30 percent of its existing customers upgrade their product each quarter.
You can find out more about the product and sign up for a 14-day free trial on the Bloomfire website.
UK telecoms regulator Ofcom's annual Infrastructure Report update published today shows that 73 percent of premises are now able to receive superfast broadband, up from 65 percent last year.
Ofcom defines "superfast" as networks delivering download speeds of at least 30 Mbit/s, typically delivered using fiber optic cabling. Around 22 percent of connections now fall into this category with some 4.8 million consumers now having superfast connections, more than doubling last year's 2.1 million figure.
Traffic is on the up too with 650 million gigabytes of data being sent over fixed broadband connections in June, a 26 percent increase over last year. For people who like a handy real-world reference that's equivalent to a billion copies of the Encyclopedia Britannica.
The report also looks at mobile trends and notes that the number of public Wi-Fi hotspots has more than doubled over the year to 34,000. The amount of data being transferred via hotspots has also more than doubled to around 2 million gigabytes a month.
For the first time Ofcom has looked at mobile coverage on the UK's road network and concludes that just 35 percent of A and B roads are served by all four 3G networks and 9 percent has no coverage at all. Over the coming year it intends to look at coverage on the rail network too.
"Superfast broadband is rolling out fast across the country, and 4G mobile will reach at least 98 percent of the population. This is really good news but there remain considerable challenges, not least in hard-to-reach areas for mobile and home internet services," says Ed Richards, Ofcom Chief Executive. "We know consumers increasingly expect superfast speeds, but it’s also important to make sure people can connect over a very wide area. That is why we are doing everything we can to support moves to improve coverage in difficult areas such as roads and train lines".
The full report is available as a PDF from Ofcom's website.
Image Credit: Luis Louro/Shutterstock
Mobile phones are almost as important as PCs for engaging with customers according to the results of a survey released by enterprise mobile specialist OpenMarket.
The study of 167 business leaders in the USA carried out by Forrester Consulting showed that 74 percent now think that mobiles are an important channel for customers, partners and employees, as against 79 percent for PCs.
It's hardly surprising then that 63 percent of enterprises now think that customer engagement is the key factor in developing their mobile strategy. In fact engagement rates much higher than customer satisfaction (38 percent) and revenue generation (27 percent) in driving mobile use.
The tools used in developing mobile strategy are still led by SMS, 70 percent of those surveyed using it to communicate with their customers, with the use of QR codes following on 60 percent.
Of the companies surveyed 63 percent are spending less than $5 million a year on their mobile strategy. The report questions whether this is enough to sustain ongoing projects. It also finds that only four in ten companies are using in-house staff to build mobile solutions with the rest seeking technology partnerships.
A copy of the report's whitepaper is available on OpenMarket's website and you can see a handy infographic summary below.
Ransomware, software that locks you out of your PC and asks for a fee in order to release it, has been around for quite a while. The first examples date back to the late 1980s but in its most recent form it started to gain popularity with malware writers in 2006, starting in western Europe and rapidly spreading to the rest of the world.
Finnish security specialist F-Secure has been working with the police on a joint investigation and reckons that just one case could be responsible for up to $800 million of damage and losses.
A single gang using the Reveton Trojan managed to infect more than 30,000 computers in Finland alone and over 5 million worldwide. Reveton currently charges $300, or 100 euros in Europe, to unlock the system. That amounts to a potential profit of some $800 million from this one attack.
Naturally not everyone pays up, so the perpetrators won't see the full potential profit. However, many of those infected will need to spend time and money recovering their systems so there's an economic cost to factor in. F-Secure cites the case of a hard drive of photographs which cost $6,000 to recover. That seems a little extreme but if only one percent of the Reveton attack victims incurred that sort of cost it still adds up to a hefty $300 million dollars. If you don't fancy turning to a life crime, therefore, data recovery seems like a good business opportunity.
To highlight the problem F-Secure has produced a useful infographic and is hosting an online ransomware Q&A until the end of October.
If you or anyone you know has been a victim of ransomware do let us know your experiences in the comments.
Image Credit: Robynrg/Shutterstock
Migrating existing applications to the cloud can be a major headache for companies. Extensive testing is needed to ensure everything works as it should and without it the process becomes something of a leap in the dark. In a bid to help with this Boston based Cloud Technology Partners has produced its PaaSLane product, released today as a free public beta.
The idea behind PaaSLane is a simple one, automatically analyzing the code of an application before migration in order to cut down the amount of manual effort required. Out of the box the software is tuned generically to work with all cloud platforms, so it's compatible with Azure, Google and Amazon Web Services. However, users can define their own rule sets to take account of special requirements or non-public clouds.
"As cloud adoption accelerates, our customers are looking for ways to automate assessing for cloud readiness across hundreds of applications. Software development organizations need an effective way to clearly identify issues and estimate the effort required to optimize applications for the cloud," says John Treadway, senior vice president at Cloud Technology Partners. "PaaSLane finds issues and estimates the time required to address them in a matter of minutes, giving management an objective measure of cloud readiness across application portfolios, while providing development teams with a roadmap to start fixing them immediately".
As well as assisting the migration, PaaSLane can help to streamline the code, enabling developers to spot any sections that may cause problems and help with ongoing compatibility and stable operation. It uses static code analysis to examine application source code, finding common patterns that might affect application performance, stability, security, and scalability in cloud deployments. It then provides recommendations based on cloud best practices. The program shows clear, graphical overviews of a project's progress with the ability to drill down to the level of individual lines of code. The developers reckon that PaaSLane can cut migration times by up to 25 percent.
You can register for the public beta now at www.paaslane.com and it will remain free until the end of the year or until the beta period ends whichever comes first.
Smartphones have become such a big part of many people's lives in recent times, allowing us to stay in touch with the Internet wherever we go, that occasions when you can't get a data network or Wi-Fi signal become extremely frustrating, it's almost like losing a limb.
French developer Altheia has an answer in the form of a new app for Android phones called Be-Bound which it claims can keep you in touch with the Web even if there's no 3G, 4G, Edge or Wi-Fi signal available.
"We started with a simple observation: everybody has faced connection issues, even in covered areas like the train, the subway, indoor or any other areas with low connectivity," says Albert Szulman, CEO of Be-Bound.
You might be wondering how it's possible to stay in touch without a Web connection -- short of setting fire to the phone and using it to send smoke signals. But Be-Bound has developed a clever low-bandwidth technology that makes use of the old 2G network as a transport layer to exchange information between the Web and your phone. You can thus maintain Internet connectivity in areas where otherwise you'd be unable to get online.
The connection is claimed to work with any telecoms provider in the world, all users need to do is download the free app. This has built-in functions for email, news, stock quotes and other common tasks. Using Be-Bound is free when you do have an Internet connection, though it uses a tiny amount of bandwidth. When no data network is available the service works with SMS and pre-paid credits and is cheaper than standard roaming costs.
Beta versions should be available to download following the app's official launch at the Dublin WebSummit on October 30th, meantime you can find out more and register your interest at http://www.be-bound.com/en/
Image Credit: Dario Lo Presti/Shutterstock
Business automation specialist Automation Anywhere has launched a new application aimed at helping businesses identify tasks and prioritize them based on the crowd-sourced wisdom of their user community.
Called Cumulus (could this possibly be using the cloud?) the application is launching via the Yammer enterprise social network. It will be available as a featured application via Yammer's app directory. Using Cumulus, anyone in an organization will be able to suggest a task to be automated, vote on the tasks that seem most valuable, contribute suggestions to existing initiatives, and track any active automation projects.
Built-in tools help identify the savings that can be made from automation of tasks. It calculates the hours and money that can be saved and so helps point out the tasks where automating will deliver the best return on investment.
"Enterprise social is the new operating system for organizations, and has the power to deliver real, measurable ROI," says Mihir Shukla, founder and CEO of Automation Anywhere. "Cumulus provides a way for entire organizations to tap in to the social revolution and contribute ideas for automating tasks while keeping the value of doing so at the forefront. We know that Yammer, with its large user base and commitment to making social enterprise collaboration work, is the perfect place for Cumulus to be first available".
Project-level dashboards will make it easy to spot potential savings, and visualization tools allow step-by-step tracking of projects. There's also a leader board to identify those members of the team doing the most to champion automation.
"Automation Anywhere has its finger on the pulse of what businesses should be doing with social platforms: utilizing them to pinpoint high return activities, like process automation," says Gregory Love, Business Development Manager at Yammer. "We look forward to Yammer users leveraging Cumulus to find the most crucial business processes to automate throughout their organizations".
You can find out more and sign up to try the free version on the Automation Anywhere site.
Featured Image Credit: Alexander Kirch/Shutterstock
Independent testing organization AV-comparatives has released the results of its 2013 Business Software Review. This looks at security software for smaller and medium businesses, taking as its basis a single site network with a Windows Server 2012 domain controller and 25 client PCs running a mix of Windows XP, 7 and 8.
The key thing here is that this is the type of business which may not have its own IT manager so the report considers the management and monitoring of the software from the viewpoint of someone who isn't a specialist in IT and only looks after the system part time.
The ten products tested were: AVIRA Endpoint Security 13.0, Bitdefender Cloud Security for Endpoints 5.1, ESET Endpoint Security 5.0, F-Secure Client Security 11.0, G DATA AntiVirus Business with Patch Management 12.0, Ikarus security.manager 4.2, Kaspersky Endpoint Security for Business Advanced 10.1, Sophos Endpoint Security and Control 10.2, Symantec Endpoint Protection12.1 and Webroot SecureAnywhere Endpoint Protection 8.0.
All of the packages were found to have a straightforward interface which shouldn't present problems for part-time system admins. However, Ikarus was noted as being more suitable for confident administrators, F-Secure may require some initial configuration by an IT professional, and ESET needs a little practice for users to find their way around.
Webroot, Symantec, G DATA and Bitdefender gained particular praise for their simple to use interfaces, making key information easy to access.
Overall the ten programs were found to be pretty evenly matched, all offering trouble-free installation and user-friendly interfaces for both console and client deployments. As a result all get AV-Comparatives Approved Business Product award thanks to no major flaws being found. It seems therefore that the best security package for smaller businesses is… All of them, so it will pay to compare features and shop around for a good deal. You can download the full, detailed findings of the report as a PDF.
Image Credit: alphaspirit/Shutterstock
We've looked at Huddle's drive to create a connected desktop environment allowing people to collaborate via the cloud before, but now the company is aiming to take things a step beyond. Announcing a collaboration with TIBCO Software's enterprise social network tibbr it aims to further streamline the sharing process.
This will allow users to socialize, share and manage content in the cloud in a seamless way. From within the tibbr environment, users will be able to quickly and easily attach Huddle files to their updates for information and feedback. The files remain stored within Huddle's secure cloud and retain all of their security, permissions, and versions. The end result is a unified work environment bringing together people and information in real time.
"Our partnership with tibbr brings content collaboration and enterprise social networking together in one central environment for enterprises worldwide," explains Alastair Mitchell, CEO of Huddle. "By placing content at the core of social interactions and giving customers the ability to use tibbr's social features to distribute and discuss Huddle content, we're improving office workers' productivity and efficiency. Now people no longer have to skip between multiple applications to get their jobs done. We’re excited to be partnering with one of the key players in enterprise social networking and looking forward to transforming the way people work worldwide".
"In order for companies to get the best use out of their content, collaboration is essential," says Ram Menon, president, social computing at TIBCO. "tibbr and Huddle have both seen great momentum with enterprises seeking collaborative, mobile solutions that drive business performance. With this valued partnership, we will support one another as we rapidly grow into new markets".
In order help existing users of both platforms to take full advantage of the new partnership and to encourage adoption, each company is offering a yearlong subscription to the other's service to its existing users.
Image Credit: leedsn/Shutterstock
Online application specialist DataStax has announced a new initiative to help startup businesses. DataStax software delivers a scalable big data platform and is used by large organizations including Adobe, eBay and Netflix, but the DataStax Startup Program allows eligible startups to deploy DataStax Enterprise applications for free.
The company has also launched a new DevCenter tool, which is free for its existing users, to allow the graphical creation of queries and database objects in Cassandra Query Language. This is along with free online training courses to teach users how to work with big data in the open-source Apache Cassandra database.
New companies qualify for the Startup Program if they have received less than $20 million in funding and operate within a designated revenue threshold.
"I remember when we at DataStax were a cash-strapped startup, and we want to help companies in that scenario succeed," says Matt Pfeil, co-founder and vice president of customer solutions at DataStax. "The DataStax Startup Program gives young companies access to software that will let them focus on their customers rather than fighting challenges with data growth".
If you're running a startup business you can find more about the DataStax Startup Program on the company's website.
The free online Cassandra training will be available in November, aimed at helping developers and administrators get the most out of the software. It uses a self-paced format with hands on exercises and ends in a graded assessment. Pre-registration is available at the DataStax Academy page.
Image Credit: Olivier Le Moal/Shutterstock
Security specialist BullGuard has launched what it's calling its most advanced Internet Security suite yet. It's designed to offer industry leading protection regardless of the user's ability and to run quietly and efficiently in the background.
Aside from dropping the year from the product's name, highlights of the latest version include an enhanced behavioral detection engine to guard against zero day threats, a revised user interface offering easier one-click access to functions, free 24/7 support and free upgrades to newer versions.
A choice of basic and advanced displays ensures that anyone can make the most of the package. Unneeded or unwanted functions are hidden to simplify operation. Alex Balan, Head of Product Management at BullGuard, says, "It is our most advanced security suite yet, and one that offers a significantly improved degree of control and operation".
Outside the core security functions the package offers an array of other tools. These include online backup with 5GB of free storage, a Vulnerability Inspector that checks installed applications for updates and known exploits, a PC Tune-up module and parental controls.
The new interface uses Windows 8-style tiles to offer a consistent feel and easy access to all modules. The package protects three PCs for a year and there's a 60-day free trial available from the BullGuard website.
Balan concludes, "As ever, we've placed a strong focus on ensuring that our excellent reputation in the security market remains intact by revising and improving core security. We've also further improved usability by ensuring that the majority of tasks can be set to run in the background, with as little user interaction and impact on system resources as possible. In short, once installation is complete a user can let it do its job with minimal interaction".
If you have an eye for a bargain, you can pick up last year's version from the Downloadcrew store at a substantial discount.
UK catalog store retailer Argos will start selling its own £99.99 Android tablet on Wednesday. The Argos MyTablet undercuts Tesco's £119 Hudl, but the saving is at the cost of a lower spec. MyTablet has only 8GB of storage to the Hudl's 16GB, shorter battery life and a lower resolution screen. It also comes only in silver or pink rather than the Hudl's choice of four colors.
Argos says its tablet is targeted at the teenage and pre-teen market and it ships with parental controls pre-enabled. The device runs Android 4.2.2 Jelly Bean and comes with 19 pre-installed apps including BBC iPlayer, Angry Birds and social networking tools.
The company seems confident that there's a market for the device. John Walden, Argos' managing director, says, "Millions of people have bought tablets during the last year but there is still around 75 percent of the UK population without one". A recent Ofcom survey showed that around a quarter of British 12-15 year olds now have their own tablet.
MyTablet's main competition is likely to be the Kindle Fire which Amazon sells for £99 in the UK, though it's also up against a raft of devices from lesser-known brands. Walden says, "Customers have never had such a good quality tablet at such an affordable price. At just £99.99 the Argos MyTablet is highly competitive with a great specification, and fits neatly in the range of tablets we have on offer".
We all realize, or should do, that whatever we do online leaves a trail. Usually this is in the form of cookies or other information over which we have some control and which is subject to a degree of legal regulation, but what about other, more insidious, forms of tracking?
New research carried out by Netherlands-based university KU Leven reveals that a small number of sites are secretly tracking their users. The study by KU Leuven-iMinds researchers has uncovered evidence that 145 of the Internet's 10,000 top websites carry out tracking without the knowledge or consent of their users. The sites do this by using hidden scripts to extract a device fingerprint from users' browsers. This technique avoids the legal restrictions imposed on the use of cookies as well as ignoring the Do Not Track HTTP header. The study's findings suggest that secret fingerprinting is being used to get around legitimate barriers to tracking.
By collecting the properties of PCs, smartphones and tablets including their screen size, the software versions they're running and which plug-ins are installed, fingerprinting can accurately identify and track users. A 2010 study by the Electronic Frontier Foundation showed that, for the vast majority of browsers, the combination of these properties is unique, and can be used to track users without relying on cookies. Device fingerprinting generally targets either Flash, the common browser plugin which enables animations, videos and sound files, or JavaScript, the programming language for web applications.
The KU Leven research is the first concerted effort to measure just how widespread device fingerprinting is. The researchers found that of the Internet's top 10,000 websites 145 of them use Flash-based fingerprinting. More worrying still is that some of the Flash objects included questionable techniques such as revealing a user's original IP address even when they're visiting a website through a proxy.
The study also found that 404 of the top million sites use JavaScript-based fingerprinting, which allows sites to track non-Flash devices and mobile phones. Although this is only a tiny percentage of sites it's still evidence of a disturbing trend.
Of course device fingerprinting does have legitimate security-related uses including fraud detection and protection against account hijacking. But this study suggests it's also being used for analytics and marketing purposes via fingerprinting scripts which are hidden in seemingly innocuous advertising banners and web widgets.
In order to detect websites which are using device fingerprinting technologies, the researchers have developed a tool called FPDetective. This crawls and analyses sites looking for suspicious scripts. This tool and its source code will be made freely available for other researchers to use and build on, so we can expect to see fingerprinting detection appearing in security products in the future.
The report's findings will be presented at the 20th ACM Conference on Computer and Communications Security this November in Berlin. Meantime you can download the full paper outlining the research methodology as a PDF.
Photo Credit: Maksim Kabakou/Shutterstock
Many of us are so attached to our mobile devices that we take them to bed with us, but we're failing to take basic security precautions. This is among the findings of the 2013 Norton Report.
The report shows that whilst the number of online adults who have experienced cybercrime has fallen, the average cost per victim is up by 50 percent. In the UK, however, the cost per victim has fallen, down from £144 in 2012, to £101 in 2013.
"Globally, the cost per victim is up," says Sian John, security strategist at Symantec. "But in the UK the cost is down quite significantly. This is due to cybercriminals shifting tactics, perhaps as Brits become more aware of scams. Criminals also use tactics where there is a lower cost per head to victims, as they believe scams like this have a higher chance of escaping notice, and as the number of victims has remained static, they are clearly still making money from online fraud".
Most worrying though are the findings for mobile devices. While nearly half of those surveyed are so attached to their mobile devices that they sleep with them it seems that they're doing so without using protection. Forty-eight percent of smartphone and tablet users do not take even the basic precautions such as using passwords, having security software or backing up files from their mobile devices. The same percentage don't log out after each session and 32 percent admit to sharing their social media password with others.
"If this was a test, mobile consumers would be failing," says Marian Merritt, Internet Safety Advocate at Symantec. "While consumers are protecting their computers, there is a general lack of awareness to safeguard their smartphones and tablets. It's as if they have alarm systems for their homes, but they’re leaving their cars unlocked with the windows wide open".
Since 49 percent use their devices for both personal and business this potentially exposes more information to cybercriminals. Because one in five also accesses their social network on their work phone, Symantec has warned that hasty social media updates and snaps, dubbed "auto-pilot posting," are putting personal and professional privacy at risk.
John explains, "Whether we’re at home or in the office, it’s become second nature to pop a quick update or picture on our social profiles. The information we share can be completely harmless, but the danger lies in the fact that the action has become automatic. When we’re on auto-pilot, it takes mere seconds to post something online. Yet with so many different accounts on one device, public and private, it’s easy to address the wrong person and run into trouble".
The Norton Report (formerly known as the Norton Cybercrime Report) is one of the world's largest consumer cybercrime studies, based on self-reported experiences of more than 13,000 adults across 24 countries, aimed at understanding how cybercrime affects consumers, and how the adoption and evolution of new technologies impacts consumers' security. You can find out more at www.symantec.com.
Photo Credit: Shumilina Maria/Shutterstock
The emergence of a generation of smart machines taking over middle-class jobs within 15-years is a "futurist fantasy" according to 60 percent of respondents to Gartner's 2013 CEO survey. However, the analysts predict the rise of smart machines will have widespread business impact within only seven years.
"Most business and thought leaders underestimate the potential of smart machines to take over millions of middle-class jobs in the coming decades," says Kenneth Brant, research director at Gartner. "Job destruction will happen at a faster pace, with machine-driven job elimination overwhelming the market's ability to create valuable new ones".
According to Gartner's "Maverick" research, designed to provoke unconventional insights, CIOs need to change their mission to address the proliferation of smart machines in a widening range of jobs and consider the impact this trend might have on their career paths and on increasing levels of unemployment.
Machines are evolving from automating basic tasks on the production line to becoming advanced self-learning systems as capable as the human brain in many highly specialized professions. As such, the next wave of job losses will likely occur among highly valued specialists during the next decade.
"The bottom line is that many CEOs are missing what could quickly develop to be the most significant technology shift of this decade," says Mr Brant. "In fact, even today, there is already a multifaceted marketplace for engineering a 'digital workforce,' backed by major players on both the supply and demand side. This marketplace comprises intelligent agents, virtual reality assistants, expert systems and embedded software to make traditional machines 'smart' in a very specialized way, plus a new generation of low-cost and easy-to-train robots and purpose-built automated machines that could significantly devalue and/or displace millions of humans in the workforce".
Gartner reckons that the capability and reliability of smart machines will dramatically increase through 2020 to the point where they will have a major impact on business and IT functions. Businesses who fail to adapt to this trend will struggle to compete in the marketplace.
"It's worth remembering that IT cost is typically about four percent of annual revenue, whereas the labor costs that can be rationalized by smart machines are as high as 40 percent of revenue in some knowledge and service industries," said Mr. Brant. "The supply side of the market -- including IBM, GE, Google, Microsoft, Apple and Amazon -- is placing large bets on the success of smart machines, while the demand side includes high-profile first movers that will trigger an 'arms race' for acquiring and/or developing smart machines".
The good news for the middle-classes, at least in the short term, is that Gartner foresees some barriers to the robots taking over. These include the price of the technology not falling fast enough, unions organizing against machines taking jobs and citizens protesting about high unemployment. It also predicts that consumers may reject machines perhaps due to a highly publicized catastrophe or simply because of demand for human interaction. The full report is available on Gartner's website.
So, could a machine do your job? How would you feel if you were about to be replaced by a robot? Would you be happy to consult, say, a robot lawyer? Do let us know in the comments -- extra kudos will be gained if your reply is written by machine!
Photo Credit: Palto/Shutterstock
Reports from leading analysts for the third quarter of 2013 suggest that the PC market is still in decline. However, sales haven't declined as quickly as predicted.
According to IDC's Worldwide Quarterly PC Tracker PC shipments totalled 81.6 million units in the third quarter. This represents a 7.6 percent decline over the same period last year, better than the 9.5 percent that was being predicted. IDC says the market was buoyed by business purchases plus the channel intake of Windows 8.1 systems in September.
Rival analysts Gartner record slightly lower shipments of 80.3 million units, an 8.6 percent decline over last year. This marks the sixth consecutive quarter of decline. Mikako Kitagawa, principal analyst at Gartner says, "The third quarter is often referred to as the 'back-to-school' quarter for PC sales, and sales this quarter dropped to their lowest volume since 2008. Consumers' shift from PCs to tablets for daily content consumption continued to decrease the installed base of PCs both in mature as well as in emerging markets. A greater availability of inexpensive Android tablets attracted first-time consumers in emerging markets, and as supplementary devices in mature markets".
Broken down by market the US continues to show recovery with sales down only 0.2 percent according to IDC or 3.5 percent up on Gartner's study. Europe the Middle East and Africa (EMEA) continue to decline. Asia Pacific shows an 11.2 percent drop in shipments on Gartner's study. IDC separates out Japan and shows an Asia Pacific (excluding Japan) decline of 8.8 percent whilst most of the top five vendors in Japan saw growth.
Looking at vendors, Lenovo and HP continue to battle for supremacy, each with around 17 percent of the market worldwide. Dell rounds off the top three with 11.7 percent. Only these three recorded positive shipment growth in 2013.
iChartsIf you look at the US only, HP remains the clear leader with around 27 percent of the market, followed by Dell with 21 percent, and Apple with 13.4 percent (Gartner) or 11.6 percent (IDC). Lenovo only manages fourth place in the US with around 10 percent of the market but recorded an impressive 24.6 percent growth over the same quarter last year.
"The United States outperformed many other regions as growth stabilized just under 0 percent. Continuing upgrades from Windows XP boosted shipments, particularly in the commercial desktop segment, while retail acceptance of new and emerging product categories, such as Chromebooks and Ultraslims, helped the portables segment," says Rajani Singh, Senior Research Analyst, Personal Computers at IDC.
These figures are preliminary and may change a little in the final analysis but they do seem to indicate that PC market hasn't reached the bottom just yet.
Photo Credit: Mopic/Shutterstock
Cloud vendors must establish one definition for cloud to protect buyers falling foul of multiple interpretations of the technology, so says a panel of technology experts brought together by hosting company UK Fast.
With more and more providers joining the cloud market and confusion still reigning over what the term actually means, baffled buyers are at risk of paying over the odds for technology that isn't technically cloud, or worse entrusting their business data to unsuitable cloud solutions.
Lawrence Jones, CEO at cloud and colocation company UKFast, says, "We see different definitions of hosting, hybrid and cloud from every provider. To us, hybrid is where the whole solution is in a data centre, and part of it is dedicated and part of it shared. People don’t ask the question about what it all means. No-one would ever ask what the technology of the cloud is, they just log on and move on. We make sure that we have the conversation with clients asking why they want to move to the cloud and work out the best option from there -- whether that's cloud or dedicated".
Simon Swan, co-founder of online recruitment marketplace HiringHub.com says, "There is a real cause for someone to put together a dictionary for the cloud. Define the key terms and then whoever deals with IT in a business can go to that place and get the information. Then they will have a grasp of it before they engage with a cloud company".
But Nick Kavanagh, operations director at Gteq, disagrees that people are confused, saying that he believes that, thanks to cloud sneaking its way into our personal lives more and more, businesses are more "cloud savvy" than they realise. "Businesses have been using it [the cloud] for a long time. Email systems like Hotmail, or programmes like Dropbox are all cloud-based. People don’t realise they are using it but they have been, and they are comfortable with it".
If you want to learn more you can see video clips from the debate on YouTube. Are you clear on what the cloud means? Do you think that businesses need more help to understand what it can do for them? Let us know via the comments.
Photo Credit: eteimaging/Shutterstock
Independent analysis company Ovum has released a new report titled Challenges and Best Practices for Deploying Tablets in the Enterprise which finds that tablets are ever more prevalent in businesses.
It notes that as the market for tablets grows, usage of these devices is changing the way people work and is having a noticeable impact on the enterprise. Whether through units supplied by the company or BYOD, fast increasing numbers of tablets are being used to access corporate data and applications.
Richard Absalom, analyst for Consumer Impact Technology at Ovum and author of the report says, "Coupled with imaginative thinking around how mobile apps could provide new or improved processes in specific roles, tablet deployments have the potential to change the way that businesses operate. The primary challenge for the enterprise is to turn tablet usage into a genuinely transformative deployment, taking into account but not just reacting to demand from employees that are bringing their own tablet or want to be provided with one".
The survey, conducted in the second quarter of this year, finds that 17.6 percent of employees had already been provided with a tablet by their employer, up from 12.5 percent in 2012. Of respondents that owned a personal tablet, 66.7 percent used that device at work. The number of personal tablet owners increased from 28.4 percent in 2012 to 44.5 percent in 2013. Given this growth it's safe to assume a fast increasing number of personally owned tablets are also being used at work.
According to Absalom, "Although increasing numbers of employees are being provided with a tablet by their employer, the primary route for tablets into the enterprise is through the consumer/employee channel. Over 66 percent of employees who personally own a tablet use them for work." He goes on to suggest, "The first step to a successful tablet deployment is to understand employee behaviour and activity. Employees are using multiple devices to access corporate data and content, and any tablet or mobility strategy must be set in this context".
Providing access to corporate data via tablets presents new security challenges. But Ovum warns that it's important any security solution doesn't come at the expense of the user experience and risk turning users away from using approved software.
You can read more or access the full report via the Ovum website.
Photo Credit: bikeriderlondon/Shutterstock
VMware's recent release of a new version of its flagship server virtualization product vSphere 5.5 means that many businesses will be planning to upgrade to the new software. However, as with all major upgrades there's a degree of risk involved, especially if the software is part of your enterprise's core infrastructure.
Operations management specialist CloudPhysics rides to the rescue of hard-pressed system admins with a number of tools to streamline the upgrade. The software as a service offering performs a number of checks to help ensure that the vSphere upgrade goes smoothly.
These are presented as a series of cards relating to each of the upgrade stages and presenting the necessary information in an easy to understand format. Starting with selecting a host to upgrade, the cards begin with a host inventory to take you through a compatibility check, system release notes and upgradability. A separate card looks at device I/O compatibility. Finally CloudPhysics also flags relevant VMware knowledgebase articles to ensure you don't miss anything important that may impact on your installation.
You can read more about how CloudPhysics can help your vSphere upgrade to run smoothly and try the software out by visiting the company's blog.
Photo Credit: Liljam/Shutterstock
As the Internet gets bigger and more crowded it can be increasingly difficult to find a catchy domain name. Startup company Panabee aims to provide a simple tool for individuals and businesses to find great domain names and it has just reached the milestone of 10 million monthly searches -- up 50 percent from 2012.
Given the scarcity of available names, Panabee offers a new interface for brainstorming alternatives besides dot-coms. As consumers become more Internet savvy, it allows businesses to embrace different domain endings like .co.uk, .biz, .net and more.
Existing services make suggestions as well, but most revolve around alternative dot-coms. Panabee, however, offers a one-click ability to set and search new suggestions around one of 20 different top level domains. As new TLDs are opened up at the end of 2013 it hopes to grab opportunities in a changing market.
Panabee's domain search also allows for easy checking of multiple domains at once, including country-specific domains, as well as social media and mobile applications. Routinely users will search for domains without knowing whether the social media profiles and apps associated with these names are taken. With Panabee, domain searches show related terms, web search results and social media profiles containing the keywords so you get a complete overview of your chosen name and have the ability to brainstorm ideas.
Panabee's marketing has long followed a different script than Go Daddy’s, "sex sells". Say the founders of Panabee, "We market our products with humor, not money. Because it's bold and clever. Also because we spent all the VC money on Will & Kate royal wedding posters". They add, "If you needed a startup name in 1998, you used Go Daddy. If you need one in 2013, you use Panabee".
You can find out more about this quirky approach to domain searching at www.panabee.com.
Network connectivity and management specialist Emulex has launched a new NetFlow generator appliance designed to cope with the latest high-speed LANs.
For those unfamiliar with the nuts and bolts of networking, NetFlow is the metadata that describes network traffic. It's used to diagnose problems and find security issues. In the past NetFlow has been generated by the switch, but 10GB Ethernet means some switches can't keep up leading to NetFlow that's intermittent or incomplete.
Emulex's answer to the problem is the EndaceFlow 3040, a dedicated NetFlow generator appliance that takes the process away from the switch and generates 100 percent accurate NetFlows on up to four Ethernet links at speeds up to 10Gb per second line rate. This results in faster detection, identification and resolution of critical security and network issues, improving network uptime and reducing operational expenditures in enterprise data centers.
The EndaceFlow incorporates load balancing to avoid collector overflow and minimize the need for manual configuration. It also supports up to 120 custom filters allowing admins to zero in on particular types of traffic or on individual IP addresses. Units can be placed at different points in the network making the EndaceFlow a solution that's easily expandable as the enterprise grows.
When combined with EndaceVision software data collected by the hardware can be displayed in an easily visualized form. It can also be combined with behavioral-based analytics tools from companies such as Lancope and SevOne, NetOps and SecOps which means personnel are able to create complete solutions that significantly speed the resolution of critical network and security issues.
"Traditionally, end users have used routers and switches to generate sampled NetFlows, which severely limits behavioral analysis and can impact switch and router performance," says Mike Riley, senior vice president and general manager of the Endace portfolio at Emulex. "The Emulex EndaceFlow 3040 addresses these issues by offloading NetFlow generation onto a purpose-built appliance that can generate unsampled NetFlow across multiple 10GbE links. This gives our customers all of the data they need to diagnose and resolve complex security and network performance issues on 10GbE networks in a fraction of the time previously required".
The EndaceFlow 3040 begins shipping to customers today and will be on show at the Emulex booth at this week's Interop in New York.
Demand from employees to use mobile devices with different operating systems and applications is the bane of IT managers' lives at the moment. BMC Software aims to ease the burden with its latest version of MyIT. Featuring major new OS expansions and a new HTML 5 universal client to support mobile, desktop and laptop devices, MyIT 1.5 delivers single-point access to a variety of company resources from any device.
We looked at the MyIT app back in June at which time it was only available for iOS devices. The new version delivers native Android support, a wide array of new self-service features, enhanced language support, and fast and convenient integration with BMC AppZone for enterprise app store access.
With expanded support for smart-office and software defined workspace (SDW) initiatives the app also helps facilitate hot desking. It can integrate with building management systems to schedule occupancy and avoid conflicts. The product has added support for extra languages too in order to broaden its global appeal.
Jason Frye, Deputy CTO for MyIT says, "BYOD is no longer the exception to the rule in large organizations. The ready availability of smart devices and mobile applications means that employees have higher expectations for their IT experience than ever before, and their impatience with substandard IT services is more acutely felt. BMC MyIT allows IT departments to meet and exceed those expectations without undermining manageability or security. With BMC AppZone integration, MyIT now offers BMC customers a powerful and convenient way to access critical IT applications, services and support information from whichever device is best suited to the situation".
For more information and a free trial of MyIT you can visit the BMC website.
Photo credit: bloomua/Shutterstock
IBM has announced that it's reached an agreement to acquire The Now Factory, a Dublin-based provider of analytics software that helps communications service providers (CSPs) deliver better customer experiences and drive new revenue opportunities.
Using The Now Factory’s software, CSPs can gain real-time insights into their customers by analyzing massive quantities of network and business data. With this type of insight they can provide an enhanced quality of service by better managing negative experiences and network outages.
The acquisition complements IBM's MobileFirst Analytics portfolio, which is designed to enhance the way organizations analyze mobile device usage to provide exceptional customer experiences.
"The Now Factory's innovative solutions are all about enabling quick insights for better business results in the highly competitive telecommunications landscape," says Tom Morrisroe, CEO of The Now Factory. "As part of IBM, we can now extend our technologies to a broader range of clients to help them uncover new, untapped growth opportunities, and achieve tangible business value from big data and analytics".
In addition to its ability to detect and resolve issues, The Now Factory's software helps CSPs better understand how a subscriber interacts with cloud-based services, such as mobile applications. For example, a CSP can use The Now Factory's software to investigate customer usage of 3G and 4G LTE data services and identify high volume pre-paid subscribers. This can result in a targeted campaign to convert high volume pre-paid subscribers into post-paid accounts.
"Today's announcement is part of IBM’s strategy to continually establish leadership in the era of big data and capitalize on the opportunity to analyze data in real time," says Bob Picciano, General Manager, Information Management at the IBM Software Group. "The Now Factory’s software enhances IBM’s Big Data and Analytics portfolio by improving the speed, development and implementation of big data solutions, and gives communications service providers the ability to better service their customers".
IBM is keen to to grow its presence in the area of big data, something it expects to account for $20 billion of its revenue by 2015.
Image credit: David Gaylor/Shutterstock
Mobile development platform supplier Appcelerator has released the results of its latest enterprise mobility survey along with a Halloween-themed infographic.
The survey of 804 companies worldwide carried out in August this year looks at their current and intended use of mobile systems. Among the key points the study finds that ownership of mobile projects within companies is often unclear with only 15 percent having employed or planning to employ a single leader for mobile developments. This despite the fact that enterprise apps are growing fast with half of companies reporting plans for an enterprise store.
Opening up mobile specific APIs is something 40 percent plan to invest in. There's also a move to support more operating systems, with building apps for multiple devices and platforms being reported as one of the top obstacles to delivery.
62 percent of companies say that they now support three or more operating systems. Some are more popular than others, however, interest in building apps for mobile platforms is strongest for iOS and Android devices with HTML 5 web apps close behind. Blackberry development lags at the bottom of the list.
Delivering quality app experiences to customers is seen as a way of gaining advantage in the market. But 60 percent of companies worry that they're vulnerable to their more mobile aware competition.
You can view the full survey results in suitably goulish infographic form here.
Enterprise social network and collaboration specialist Bitrix24 has released a new version of its free software for smaller businesses. The new product allows users to create, edit and collaborate on documents online, without having MS Office installed on their PCs.
Bitrix 24 has its own instant messenger for video and group chats, in addition users now have access to video conferencing and screen sharing capabilities. Email connectors allow it to work with MS Exchange, Outlook, Gmail, AOL, Yahoo!, iCloud and other popular mail services.
The new release also has an enhanced Activity Stream with real time updates, smart forwarding, notification options and company-wide announcements, while an engagement analytics module (Company Pulse) has been added to provide real time indicators for enterprise social network adoption. This helps identify roadblocks and slow adopters, and shows which intranet tools are currently being utilized by employees.
There's also a new mobile app which allows access to multiple Bitrix24 accounts from a single device. It has a mobile CRM feature too which lets users create and edit CRM entries and invoices directly from a mobile device.
"2013 has been a year of significant growth for us," says Bitrix24 CEO Dmitry Valyanov. "We’ve signed up 90,000 companies, which is well over 500,000 users for the cloud and onsite versions of Bitrix24 intranet. Our workforce grew by 40 percent to over 130 employees and we opened three new sales and support offices. GooglePlay now lists Bitrix24 among the top 5 mobile intranet apps, along with or surpassing such established enterprise social brands as Jive Software, IBM Connection, VMWare SocialCast and TIBCO Tibbr. We hope to have a million users by the end of the year".
Bitrix24 is free to any organization with up to 12 employees with paid cloud plans available for larger businesses. To find out more and sign up for the free version visit www.bitrix24.com.
Photo Credit: Pressmaster/Shutterstock
Investment in big data continues to rise in 2013 according to a new survey by Gartner with 64 percent of companies investing or planning to invest compared to 58 percent in 2012.
The survey of 720 Gartner Research Circle members worldwide, which was conducted in June 2013, was designed to examine organizations' technology investment plans around big data.
Industries leading the way with big data investments are media and communications, banking, and services. Among media and communications organizations 39 percent say that they have already invested in big data, followed by 34 percent of banking organizations and 32 percent of services firms. Planned investments during the next two years are highest for transportation (50 percent), healthcare (41 percent) and insurance (40 percent).
On a regional level North America continues to lead investments with 38 percent of organizations surveyed saying that they have invested in technology specifically designed to address the big data challenge. Asia/Pacific organizations were notably ambitious with 45 percent indicating that they plan to invest during the next two years.
Despite the enthusiasm, however, most organizations take a tentative approach to investment, beginning with knowledge gathering and pilot schemes before embarking on a major rollout.
"For big data, 2013 is the year of experimentation and early deployment," says Frank Buytendijk, research vice president at Gartner. "Adoption is still at the early stages with less than eight percent of all respondents indicating their organization has deployed big data solutions. Twenty percent are piloting and experimenting, 18 percent are developing a strategy, 19 percent are knowledge gathering, while the remainder has no plans or don't know".
When it comes to the uses of big data the survey reveals that there are a wide range of business problems being addressed, although there are some clear patterns. In Gartner's 2012 and 2013 studies, business cases that improve process efficiency and business cases centered around customer experience dominate big data wish lists. In the 2013 survey, 55 percent of organizations say that they are currently addressing enhanced customer experience using big data, while 49 percent are using big data to address process efficiency.
Slightly concerning is that for 15 percent of organizations surveyed the major challenge was understanding what big data is. Nick Huedecker, research director at Gartner says, "Perhaps unsurprisingly, this concern came mainly from respondents with no plans to invest. Organizations should be sure they are educated about big data opportunities in their industry to ensure they are not missing the boat".
You can get the full report on the Gartner website and big data trends will be further examined at the Gartner Symposium/IT Expo in Orlando in October.
Image Credit: Maksim Kabakou/Shutterstock
Microsoft and AT&T have announced a collaboration to allow enterprise customers to connect to Microsoft's cloud platform using a private network. The solution will use cloud integration technology to pair VPN with Azure and allow customers to benefit from enterprise grade security with as much as 50 percent lower latency compared to a normal public Internet connection.
"This is a game changer for businesses that have been seeking a more secure way to reap the benefits of cloud services," says Andy Geisse, CEO, AT&T Business Solutions. "By bringing the security and performance of our virtual private network to Windows Azure, we expect to energize enterprise demand for cloud solutions".
Concerns about security and reliability continue to be cited by businesses when deciding to adopt cloud computing. This new cloud solution takes advantage of the Multi-Protocol Label Switching (MPLS) technology underpinning AT&T’s virtual private network solution. According to independent research firm Forrester Research, 70 percent of multinational enterprises have already adopted global MPLS services, high-performance networks that make it easy to create secure, virtual links between different geographic locations.
"There’s no question that the time for cloud computing is now, and it’s critical we help enterprises embrace the cloud on their terms," says Satya Nadella, executive vice president of Cloud and Enterprise for Microsoft. "Through this strategic alliance with AT&T, we can reduce the barriers to entry for cloud computing by providing a more secure and reliable connectivity option for enterprise customers, accelerating the growth of cloud computing and the rapid adoption of Windows Azure".
AT&T's existing customers are already able to take advantage of this technology with the company's own cloud offerings. By enabling secure links to Azure it opens up secure cloud access to a wider range of businesses. However, the integrated solution isn't expected to be available until the first quarter of 2014.
Photo Credit: Slavoljub Pantelic / Shutterstock
IBM has been at the forefront of social business software for a while and today the firm launches its new SmartCloud, a set of cloud-based social business tools aimed at empowering global workforces.
It's aimed at enabling executives such as human resource managers to create communities for new employees to speed up induction time, for example, or sales executives to conduct impromptu video chats with colleagues and share information. By combining social tools and mobile devices in the cloud it aims to help people work more effectively, collaboratively and securely from any location.
SmartCloud is divided into a number of sections. SmartCloud Connections includes features such as File Sync and Share that lets employees -- such as product development staff -- access the cloud and share important documents in the way that works best for them.
SmartCloud Communities introduces new social bridging capabilities which can deliver marketing teams a single view into their social data and all their communities, whether on premises or in the cloud, so they can easily interact with team members across the entire business, access and share new proposals and identify experts to answer questions. This can be extended to cover external agencies, partners and clients making for effective virtual meetings and presentations.
SmartCloud Docs adds a social element to traditional office productivity tools, allowing the sharing and collaborative editing of documents, spreadsheets and presentations in real time. In addition SmartCloud Notes reduces reliance on the email inbox by making it easy to move between key tools including email, calendars and files from a single intuitive web interface.
"Successful workforces today are fueled by powerful social technologies that give employees access to vital information and the insights of colleagues while on the go," says Alistair Rennie, general manager, social business at IBM. "With our biggest set of new capabilities introduced to date, we give businesses the opportunity to forever change how employees work through new powerful features that allow them to remain connected and productive from anywhere and in the end drive impactful outcomes for their organization".
IBM SmartCloud for Social Business will be available on SoftLayer's industry leading infrastructure in a new Amsterdam data center, along with new "on-boarding" services that help customers quickly move mail, calendar and contacts to the cloud in a way that best meets their timing and business objectives.
For details on the entire suite of new features you can visit www.ibmcloud.com/social or tune in to the virtual launch event taking place at 10am ET at http://ibm.co/reinventwork.
Photo Credit: Melpomene/Shutterstock
We all have information relating to banks, insurance companies, utilities, retailers and more that we need to keep. But now that we increasingly manage our accounts online how do you cope with saving statements and other important information that you receive electronically?
The online organizer service doxo thinks it has the answer and has added email to the range of information it can collate. The doxo Email Import option automatically imports, organizes and archives all of the emails for key accounts that you receive through your inbox and it works with Gmail, Outlook.com and all the leading mail providers.
Once you've linked your email to your doxo account you select the businesses you work with, and doxo will organize and archive thousands of emails for you in a matter of minutes -- so all your account info, usernames, passwords, documents, and now emails are together in a personal and secure, cloud-based, digital filing cabinet.
"Managing emails is both a time sink and a nuisance for most people," says Dan Miller, senior analyst at Opus Research. "doxo takes a novel approach that detects important emails from vendors and service providers and then organizes them alongside related account information and documents within a users doxo account. Not only does doxo intelligently import and organize hundreds, if not thousands of emails from your personal email account in minutes, it also carries out automatic updates daily. That makes it a time saver and an important tool for managing interactions with key vendors".
You can specify which accounts you want the software to work with -- banks, utilities, insurance, investments and so on. It will check for new mail from your key accounts each day, keeping your records up to date. You can then access everything related to your account online or via the doxo mobile app.
"doxo is your personal directory of all the accounts in your life -- giving a consolidated view of your account info, usernames, passwords, documents, and now email, together in one convenient place," says Steve Shivers, co-founder and CEO at doxo. "It’s our mission to make your life easier, and Email Import brings us another step closer to fulfilling that goal".
You can find out more about doxo and try it out with a free account at www.doxo.com.
Photo Credit: Andresr/Shutterstock
The results of a survey released by GFI Software show that a startling 96.5 percent of respondents use public Wi-Fi networks at least once a week to carry out work related tasks. The survey carried out by Opinion Matters asked 1,000 U.S. office workers with a tablet or smartphone who travel to and from work on a train, bus or subway about where, how and what they use their mobile devices for, and how those mobile devices have impacted the way they work both inside and outside the workplace.
More than one-third (34.2 percent) of those respondents reported they accessed public Wi-Fi at least 20 times a week during their commutes, with some employees saying they connect more than 70 times a week. This activity puts company data and passwords at risk from packet sniffing and other forms of traffic interception.
"The research findings reveal a stark and concerning trend among commuters -- one of using their personal devices to catch up on work during their commuting downtime, but doing so over highly insecure internet connections that can be easily intercepted by other users or the operator of the access point," says Walter Scott, CEO of GFI Software. "Mobile internet access is now firmly entrenched as a day-to-day norm, but with that has come an increasingly relaxed user attitude to data security, compliance and data governance policy. Companies need to address mobile device management to ensure that use in insecure environments doesn't create vulnerabilities that could be exploited by criminals -- both cyber and conventional".
Over 60 percent of respondents admitted they would use any Wi-Fi source they could find. But whilst 59.8 percent were concerned about being robbed when using their mobile device in a public place only 29.6 percent worried about having their data intercepted on public networks. Almost 20 percent of mobile devices had no security enabled at all, whilst only 24.7 percent had corporate security policies enforced.
The survey also shows the rise in BYOD with 86.9 percent of respondents using their own mobile device at work. 51 percent also admitted to using their smartphone for personal tasks whilst connected to company networks for at least 30 minutes a week.
Scott says, "BYOD is something that isn't going to go away. From the early days of executives buying PDAs and expecting IT to support them, end-user devices in the workplace being used for work tasks has been with us for more than two decades. However, the explosion in BYOD fuelled by powerful and affordable smartphones and tablets is such that companies have to manage it. Mobile Device Management is now a paramount IT security requirement for businesses of all sizes to maintain data security and integrity inside and outside of the company network".
A final worrying statistic from the survey is that 44.6 percent of those questioned admitted to using their mobile devices in the bathroom. Now wash your hands...
Photo Credit: Tang Yan Song / Shutterstock
California-based project management software provider Wrike has launched a new version of its software with a simplified interface and -- no prizes for guessing -- online collaboration features.
The "Graphite" version of Wrike has a redesigned user interface along with innovative task scheduling and time management. Andrew Filev, Wrike's CEO and founder says, "Simple, clean, and lucid -- these were the key topics of our design discussions while we were working our magic on Wrike Graphite. We wanted to find the perfect balance between our users' habits and a new level of efficiency in day-to-day work, which we tried to implement in every element of the new UI".
The new, flat design user interface highlights key content thanks to a contrasting color palette and increased use of white space and icons. One of the main components of the redesign is a comprehensive and well-structured task view. Wrike Graphite features a timer which broadcasts individual users' current work in real-time, automatically updating fellow team members on a project's progress. This allows users to virtually simulate walking around an office or workspace to collaborate or check up on fellow workers’ progress.
"With one click, team members can share information about their progress, sort of a 'push-pull' way of informing peers without bombarding them with needless information," Filev says. "It’s as if workers walk by colleagues' desks to assess progress and help out, if necessary. So, it’s especially transformative for the online work experience, if team members are working from different locations".
Other improvements include better charting showing project details and statistics, activity stream-like email notifications to keep team members up to date using fewer messages, and HTML5 desktop notifications to keep users up to date with new messages and comments.
Wrike runs in your browser and there are native apps for Android and iOS. To find out more or to get a free trial version visit the Wrike website.
Photo Credit: nmedia/Shutterstock
Where once malware was aimed at disrupting your computer, today it's more likely to be out to steal your personal information and get access to your finances. BullGuard has a track record of guarding against this type of threat with products like Premium Protection 13 its complete security package.
But the company's latest release, BullGuard Identity Protection, is designed to work alongside your existing security suite -- of any brand -- and ensure that your personal information and social networking activities are protected against threats.
Identity Protection allows you to specify the details you want protected such as credit card and bank account numbers, usernames and passwords. It will then notify you by email or SMS if any suspicious activity occurs. It also allows you to monitor social networking accounts for things like suspicious friends and links to malicious websites. You can unobtrusively monitor a child's account for inappropriate content too.
Alex Balan, Head of Product Management at BullGuard, says, "We’re all too well aware of the growing number of threats that are targeting internet users, and the popularity of social media sites such as Facebook has made it an increasingly attractive alternative for would-be cyber-criminals and cyber-bullies.
"We developed BullGuard Identity Protection squarely with this in mind. It provides frequent and casual internet users with peace of mind because their data and their children’s activity, is monitored and kept safe".
BullGuard Identity Protection is a web-based service so it will work on any device with a browser and you can log in to change your account settings from anywhere. You can subscribe to the service on a month-by-month or annual basis.
For more information visit www.bullguard.com.
Photo Credit: Pavel Ignatov/Shutterstock
Content collaboration specialist Huddle has launched its Connected Desktop experience aimed at streamlining team working by linking the desktop with the company's content collaboration system.
Groups of people can work together, editing and saving files from their desktops into a secure cloud. This aids productivity regardless of where workers are located or what type of device they're using. The latest release offers five new capabilities.
Seamless interaction with the cloud allows users of Huddle for Windows or Mac to edit documents in their desktop application whilst ensuring that it's locked to prevent conflicts. If connectivity is lost the latest version is uploaded as soon as it's restored.
Huddle for Outlook integrates with the mail client to save documents and email conversations into the Huddle cloud. Email responses are recorded as comments on the file so that the context of discussions is retained.
Huddle Drive offers enterprise-grade storage allowing easy access to files for all team members as well as enhancing security by reducing the risk that corporate data will be leaked or lost.
Huddle Viewer ensures that photos and videos can be viewed directly from the cloud via a browser without the need to open a separate desktop application. It also makes locating and sharing the latest version of an image simpler.
Finally Huddle Dashboard creates a business activity stream showing all of the activity on a project in a single place. Files for approval, notifications, comments, tasks and actions are immediately flagged and teams can easily see what progress has been made across projects.
"The office of the future is no longer a physical environment -- with a desk, chair and workstation tied to the network -- it’s a secure virtual environment that is accessible from anywhere via whatever device people wish to use," says Alastair Mitchell, CEO of Huddle. "People’s devices are now the doorway to their world of work. Thanks to the cloud, they can securely store, access and share all of their files and collaborate with everyone they need to -- inside or outside of the organization".
Huddle is browser-based but native apps are also available for Windows, Mac, Android and iOS. The infographic below shows how it works, you can find out more and see a video of Huddle in action at www.huddle.com.
With the launch of a new iPhone on the horizon you can almost sense the forming of a queue each time you go past an Apple store. But Apple isn't the only company with new products either already launched or in the pipeline. In fact 2013 has been something of a bumper year for technology releases.
The FinancesOnline website has produced a handy infographic showing this year's stand-out gadgets and those that are still to come. In the smartphone market most of the interest was at the top end. HTC and Sony joined the premium smartphone battle with new products this year with the Google Nexus 5 still to come.
It's been a fairly quiet year for tablets with only the latest Nexus 7 creating a stir thanks to its high resolution display. Microsoft Surface Pro made headlines for the wrong reasons as the company was forced to slash prices. However, rumours of an iPad 5 mean that the tablet market may get a boost before the end of the year.
The PC market continues to slide despite 4th generation Haswell processors aiming to boost the ultrabook market with more battery life. Apple's funky cylindrical Mac Pro proved that the company has lost none of its design flair and it should be on sale by the end of the year. On the software front iOS7 is moving away from the bevelled and shadowed look and of course the much leaked Windows 8.1 will go public in October.
We've also seen the launch of the inexpensive Chromecast this year, Samsung became the first of the big players to enter the smartwatch field and there's been controversy surrounding the other big wearable development -- Google Glass. We're likely to see a battle for the gaming market in the run up to Christmas with the Xbox One and PlayStation 4 both competing for your holiday cash.
For a month-by-month breakdown of 2013's hot tech releases take a look at the infographic below. Once you've done that tell us what's been your favorite piece of new technology this year? What are you most looking forward to from the coming releases?
Prepared by personal financeChief information officers are increasingly looking at enterprise architecture in order to drive their digital strategy according the latest research by analysts Gartner. The company's 2013 CEO and Senior Executive Survey reveals that 52 percent of respondents said their organizations have a digital strategy.
"Senior business executives are challenging CIOs and their IT organizations to be at the front of digital strategy, identifying innovative new business models and technologies, and getting more business value out of each technology investment," says Marcus Blosch, research vice president. "Enterprise architects can provide unique capabilities to help CIOs develop a new agenda for 'hunting and harvesting' in a digital world".
It can sometimes be difficult to see how new ideas and technologies apply to business and what difference they will make. Enterprise architecture can help by linking technologies and innovations with the strategy of the business. Gartner calls this process 'hunting and harvesting', EA teams can do technology tracking and create innovation management processes to support hunting. Harvesting is driven through techniques such as business capability modeling, which provides a basis for identifying and delivering outcomes.
Blosch adds, "CIOs must extend IT's performance profile beyond tending, to hunting and harvesting for digital value. For enterprise architects, particularly those who sit within the IT organization, this is a great opportunity to move EA into a more strategic role. Business-outcome-driven EA is integral to achieving each of these areas to provide insight and support decision making. The EA team currently has the opportunity to become more strategic by aligning itself to support the CIO and the organization".
Businesses need to build the skills required to support hunting and harvesting. These must be combined with more agile approaches to innovation, such as being able to run experiments. The ability to identify an opportunity, quickly set it up and pilot it, assess the results and decide to expand it into another cycle or kill it off according to the results.
The report is part of a wider Nexus of Forces study on the factors influencing enterprise computing. You can find out more on the Gartner website.
Photo Credit: Dan Kosmayer/Shutterstock
In recent weeks we've seen social collaboration become the new black as far as business computing is concerned. Gartner has reported growing expectations from social technologies and new product releases from major players have focussed on this sector.
Washington DC-based HyperOffice was an early entrant into this field and its current offering is aimed at SMBs looking for a scalable solution that will grow with the business. As well as social collaboration HyperOffice includes online document and project management, shared calendars and contacts. It also lets you build an intranet, maintain wikis and forums and handle business email as well as offering traditional project planning tools like Gantt charts.
The software is cloud based and optimised for mobile browser interfaces, dedicated apps for popular mobile operating systems are coming soon. It's compatible with ActivelSync and SyncML which allows it to exchange data with most smartphones on the market.
The product is customizable so that users can be directed to land at a particular part of the suite depending on their needs and can belong to multiple workspaces. Customizing is via a simple drag and drop interface.
The company sees HyperOffice as competing with Google Apps and Office 365 and say it's more sophisticated than Google and simpler to use than Office 365.
Farzin Arsanjani, president of HyperOffice says, "...while the demand for social tools in businesses is intense, serious market gaps remain. Enterprise social tools like Yammer are thin on collaboration capabilities, while collaboration software like Google Apps and Office 365 don't see social tools as essential to their suites".
For more information, video demos and free webinars visit the HyperOffice website.
Photo Credit: nopporn/Shutterstock
In time for the release of Windows 8.1, Norton has announced new versions of Norton 360, Norton Internet Security and Norton AntiVirus. In addition to Windows 8.1 compatibility these include some under the skin changes to improve protection, performance and usability.
Gerry Egan, senior director, product management, Symantec says, "According to Symantec research, Web attacks increased 30 percent in 2012, driven by the easy availability of malware toolkits and the high frequency of unpatched vulnerabilities on websites. As a result, consumers can be attacked even when they visit a legitimate website, an attack that puts their devices and personal information at risk. With the latest Norton releases, we are delivering the comprehensive security required to protect today's devices against new and evolving threats, without impacting performance".
Key enhancements in the latest products include new advanced repair capabilities which use Internet-connected resources to repair Windows system files that have been broken or crippled by malware faster and with greater consistency. Improvements are made to the behavioral-based protection engine, SONAR, which operates on the premise that while the physical nature of malware changes, its behavior often does not. As a result, SONAR now allows the latest products to discover and shut down malware that attempts to disguise its bad behavior by operating inside legitimate Windows processes.
SONAR also helps with the removal and cleanup of malware attempts by saving the evidence of the attack for later use by Norton's repair technologies. This helps to ensure that all traces of a malware attack are removed and a system is returned to its original state.
Improved installation and setup means users can quickly download and install the latest version of the product for their device type and subsequently ensure that all their devices are protected. Boot time is improved by 15 percent, install speed by 10 percent and memory usage during scan by 100 MB, resulting in faster performance and lower system impact.
The password management tool Norton Identity Safe gets a new look. It now includes improved form filling, with drag-and-drop functionality and full vault searches available directly from the toolbar to help manage passwords in a more secure and convenient way.
The latest versions are available from today, for more information visit the Norton Update Center.
Photo Credit: Vladru/Shutterstock
If you've ever felt like you needed an easier way to manage your Office 365 installation then you're not alone. Tech Data Corporation and MessageOps have had the same thought and joined forces to offer an easy to use cloud management platform called 365 Command.
The tool offers a fast, accurate and cost-efficient way for solution providers to manage their Office 365 clients. Bharath Natarajan, director of product marketing, TDCloud and software services at Tech Data says, "Available through Tech Data's award-winning Solutions Store, powered by StreamOne, 365 Command will bring profitable success to solution providers' cloud businesses, creating a continual revenue and profit stream".
365 Command replaces the command line interface of Windows PowerShell with a rich, HTML5 web interface. The easy-to-use, web-based portal provides resellers with a product offering that enhances administration, reporting, and monitoring tools needed to better manage Office 365.
Administrators and help desk staff can quickly perform common tasks such as managing mailbox permissions without the need for PowerShell scripting knowledge. There's also a powerful reporting and analytics function, allowing detailed charts and graphs to be produced with just a few clicks.
"MessageOps is pleased to partner with Tech Data to expand our reach within the Microsoft partner community", says Chris Pyle at MessageOps. "With the evolution of cloud computing, we are seeing a large demand from partners who are looking to create a repeatable and profitable service offering around Microsoft Office 365. 365 Command is the enabler".
You can find out more and register for a free trial at 365 Command.
Photo Credit: wavebreakmedia/Shutterstock
The FUZE is a new programable computer and electronics workstation based around the Raspberry Pi. It's built in the UK and its designers believe it will appeal to the education sector as well as home electronics enthusiasts.
We hope to get some hands-on experience with one soon but in the meantime we spoke to Jon Silvera the managing director of Binary Distribution, the company behind the FUZE, to find out more about it.
BN: For readers who haven't seen the FUZE before can you give us a quick overview of its features?
JS: The FUZE is an innovative new product aimed at teaching computer programing and hobby electronics. The FUZE powered by Raspberry Pi consists of a robust metal case containing the RPi Model B, a UK keyboard, the FUZE IO Board (a very accessible Input /Output interface) providing much needed circuit protection for the RPi. All connectivity is extended to a convenient back panel. Also included in the full package is a mains-to-USB power supply, wireless mouse and mat, 4GB SD card (prepared and ready to run), an electronics components kit, FUZE BASIC along with a hard copy programmer’s reference guide.
Perhaps most important, however, is the inclusion of FUZE BASIC, a specially adapted version of BASIC tailored to the Raspberry Pi and the FUZE project. FUZE BASIC is a comprehensive and somewhat expanded version of the original popular language. A full hard copy reference guide is included for easy access.
FUZE BASIC makes learning to program so much easier and accessible that enthusiasts of all ages will find programing something to embrace, not fear -- it's pre-configured and does not need a new library to run a new command or function. It supports and simplifies the full GPIO functionality of the Raspberry Pi making even complex electronic projects achievable and more importantly, fun.
FUZE BASIC supports all the usual functions like FOR-REPEAT-UNTIL-IF-THEN-ELSE etc, file and screen handling, graphics, Turtle graphics but goes on to include Sprite handling and Input/Output commands that open up all kinds of possibilities. It is, for example incredibly easy to program a simple game but then go on to make the joystick controls to play it -- this is actually a simple project!
The FUZE was conceived and developed with programing as its core focus. The objective has been to make learning, and teaching (!) fun, interesting, self-motivated and easily measurable. The addition of electronic projects that avoid talking about electrons and nuclear physics goes a long way to keep things simple to understand and therefore more achievable across a broad spectrum of age groups and abilities
It's perfect for beginners and advanced programers alike and with the added benefit, interest and fun of LEDs, micro switches, buzzers and more, you're actually learning about the basics of electronics without even realizing it.
The unit can come complete with a UK keyboard, Mouse, and solderless breadboard for electronic projects. For those of you who already own the Raspberry Pi, the FUZE is available as an upgrade for the RPi Model B so you can buy just the case or the case with FUZE BASIC and electronics kit etc.
BN: Who is the FUZE aimed at?
JS: Anyone aged six and upwards. Because the FUZE comes with our specially written PDF project cards, anyone who can read can benefit from the FUZE. We are targeting education as well as the home/hobbyist market, with FUZE BASIC and Python on the Pi it's perfect for all budding or already proficient programers and Scratch is great for learning the concept of programing.
BN: Why did you choose to supply the system with your own FUZE BASIC?
JS: Back in the late seventies and early eighties BASIC was the language of choice. Well, it was that or machine code as BASIC was too slow to do anything other than write text-based programs.
From these early days, thousands upon thousands of bedroom and student coders went on to pretty much form the computer industry we value and enjoy so much today. In most cases these programers started using the BASIC language and then, once being firmly bitten by the coding bug, furthered their skills and abilities with more complex languages like C, Assembly, Pascal and a few others.
But they started with BASIC, not everyone of course but so very many did. Consider the computers by Acorn, Sinclair, Commodore, Atari and Amstrad -- every single machine came with BASIC.
BASIC covers all aspects of programing from simple loops to complicated IF THEN ELSE conditional statements, from simple line drawings to beautiful mathematical masterpieces, from text adventures to graphical platform games, from simple LED off/on projects to atmospheric and environmental measuring tools and so on.
The Raspberry Pi is generally supplied with Python and Scratch which are both fantastic applications but in our view meet the requirements of the two ends of the programing spectrum. Scratch can be a great introduction to understanding some of the fundamentals of programing but it does not perhaps provide a deeper, behind the scenes look at what is actually making the program work -- it is also, I'm afraid, woefully slow on the RPi so can often be more frustrating than productive -- run it on a higher performance Linux or Windows system and it really is awesome!
Python on the other hand requires somewhat more knowledge about programing languages and environments than is generally and readily available in primary and secondary schools. Please don't misinterpret our message here, Python is a fantastically powerful and functional language but, in our view this makes it harder to approach than BASIC and as such we've focused our efforts on FUZE BASIC over any other language. It's quite simply, easy to learn and therefore easy to teach -- because of this we believe it’s more fun and rewarding than any other introduction to programing. We feel this is the best approach at a time when expectations are high and we need as many people to be bitten by the bug as possible.
BN: Was it a conscious decision to make the FUZE look like a 1980s home PC?
JS: Absolutely YES! In all honesty, have you ever tried to build a small home computer? It's no wonder these things all looked so similar -- it’s actually very hard not to make it look retro. That said, I'm a real fan of retro computing and as such every effort was made.
BN: Can you tell us a bit more about the project cards that you offer alongside the FUZE workstation?
JS: FUZE BASIC project cards are designed to promote self-motivated learning. That is, it should be entirely reasonable to expect a pupil to get by at their own pace and without the need for lots of intervention -- apart of course, than to demand you come and look at what they've just done!
The projects range from the very basics, to intermediate programing and electronic techniques and methods. Over time they will be expanded to incorporate advanced projects. New project cards will be provided for free, unless part of an electronic project package, from the www.fuze.co.uk website.
As all schools seem to be starting from the same position, they are written, hopefully, to appeal to all ages and not specifically to any key-stage or age group so they can be implemented anywhere within the key stage spectrum.
Projects are short and focused. They also include plenty of computing references and soundbites providing additional learning within the IT curriculum. They cover much of the programing requirements proposed in the recently announced framework curriculum for the UK.
A small admission is needed here. Our original intention was to make around ten or more projects available at launch but this has just proved too much for our humble little business. We are, however, working around the clock and will post new ones as completed on the FUZE website. Initially the FUZE will ship with most likely four to six projects -- more will be posted in the days and weeks following launch, and will be freely available to download.
BN: Why build it in the UK? Wouldn’t it have been cheaper to outsource production overseas?
JS: A very interesting question… This has been a very conscious decision.
With the core drive for the FUZE project being about getting people in the UK programing again, a drive very much driven by the Government after coming to the conclusion that as far as programing in schools goes, they've let things slip somewhat. The result being an incredible amount of revenue never even touching the ground in the UK. Let alone the negative economic implications of thousands of programers being situated everywhere around the world other than the UK which means we miss out on all the taxes, NI contributions, VAT and so on that could generated be here.
We're not talking small amounts either -- just contemplate for a moment the number of apps sold every day in the UK on devices such as Apple iPads and iPhones, Microsoft Surface, Android tablets and game consoles.
It doesn't take an economic guru, which I am not, long to realize something needs to be done which is why, in my opinion, things have moved forward at such a pace. It’s not flippant therefore to say that with this in mind we wanted to make as much of the FUZE as possible locally. We're based on a Business Enterprise Farm (a real working farm!) in Buckinghamshire, the case is also made in the same county, the boards are made in Wiltshire and the FUZE is assembled by us, here on the farm. Even the packaging is completely recyclable and supplied by local businesses.
It is not, however, easy to buy small electronic components manufactured in the UK or a custom keyboard for that matter so these items have to be imported.
We have always been conscious of the benefits of keeping things local, both to the environment and to doing our bit to help the economy.
Could it be made cheaper? Yes of course it could. Should all of the revenue and jobs be outside the UK? We don’t think so.
BN: Do you have any other versions or updates planned for the future?
JS: We'd like to keep real details under wraps at this point but suffice to say this is not a short term project. There are many long term objectives planned and all of them revolve around one thing; let’s get more kids programing -- it is one of the most secure and likely careers of our future so it would be a smart move to be prepared.
IT research company Gartner has released its latest research showing that in the second quarter of 2013 server sales were up by four percent though revenues declined 3.8 percent over the same quarter last year.
IBM remains the leader in the worldwide server market based on revenue with $3.2 billion totalling 25.6 percent of the market for the second quarter. HP leads on numbers of boxes shipped but managed only a 25 percent market share by revenue.
Dell comes in third with 17.7 percent -- whilst still shipping more kit than Big Blue -- with Oracle and Cisco trailing on 5.8 and 4.4 percent respectively. If you've been counting as we go along you'll have realized that leaves 21.5 percent for other vendors. First among the also-rans is Chinese supplier Inspur Electronics with 2.7 percent of the market by shipments.
Jeffrey Hewitt, research vice president at Gartner, says, "The global server market remains in a relatively weak state overall. The only regional bright spot was Asia/Pacific with growth of 10 percent and 21.7 percent year-on-year in terms of revenue and shipments. The US also grew in terms of shipments by 1.9 percent year-on-year but declined in revenue by 5.1 percent".
If you look at form factors x86 blade servers declined by three percent in shipments and 4.5 percent in revenue. However rack-optimized x86s grew 3.9 and 2.4 percent. RISC/Itanium Unix servers also showed decline whilst the 'other' CPU category -- made up primarily of mainframes -- showed 6.9 percent revenue growth.
You can read a full breakdown of the numbers on the Gartner website.
Image Credit: watcharakun /Shutterstock
Research giant Gartner has revealed its latest 'Hype Cycle' -- a series of reports that offer a graphic representation of the maturity and adoption of technologies -- focusing on social collaboration in enterprises.
It shows that the use of social technologies to meet business needs is increasing along with growing expectations of their effectiveness. More vendors are adopting an approach in which social features aren't bought separately but are incorporated into something else. You can see this trend in new product releases from Clarizen and Deltek which we've reported on recently.
"IT leaders must keep abreast of this evolving sector in order to take advantage of social capabilities and understand the implications that social software developments have for related technologies," says Jeffrey Mann, research vice president at Gartner. "As social technologies mature and organizations improve their understanding of how to apply them, they will be found in more and more situations. Increasingly, social technologies are not implemented on a stand-alone basis, but are tightly integrated within a variety of other technologies, including business, IT operations, unified communications and collaboration applications".
As technologies mature and move along the Hype Cycle to what Gartner calls the 'Slope of Enlightenment' they become more visible and in demand. These include things like internal peer-to-peer communications and unified collaboration and management.
Newer technologies at the 'Innovation Trigger' stage of the cycle include collaborative customer interfaces which allow the delivery of a personalized experience, social co-browsing in shared web spaces, mobile virtual worlds and social TV to provide real-time engagement with customers.
You can register to download the full report from Gartner's website and the company is hosting a Content and Collaboration Summit in London in September.
Photo Credit: Oleksiy Mark/Shutterstock
Size isn't everything when selecting an enterprise content management (ECM) solution, according to independent global analysts Ovum. Companies also need to consider vendors in terms of market share, profitability, and capability to support the deployment along with the enterprise’s own business requirements through its lifetime.
In its latest Ovum Decision Matrix, which is focused on the selection of ECM solutions, the analysts reveal that file sync and share is becoming the next must-have feature as organizations demand secure ways of sharing information outside the corporate firewall. In addition, end users are demanding empowerment through the use of social media in a business context, as well as increased support across various mobile platforms.
Sue Clarke, senior analyst at Ovum, says, "Because much of the functionality is now commoditized, and the industry has gone through a period of consolidation, which has reduced the number of platforms available, it is becoming increasingly difficult for the CIO to select the most appropriate solution".
A further important factor in choosing a vendor is the support associated with migration. The report reveals that whilst most suppliers offer a migration toolkit extra support is usually required. "ECM deployments can be difficult and complex and generally require services for all but the simplest of deployments. Even migrating from one platform to another or from one version to the next is not without its difficulties," adds Clarke.
For more information on the latest decision matrix and to register to download it visit the Ovum website.
Image Credit: Peshkova/Shutterstock
It's become almost unthinkable to use a Windows PC without some form of protection and that’s put the emphasis on other systems when it comes to security. Last week independent testing organization AV-Comparatives released its report on Mac security and now it's Android’s turn.
With mobile devices it's important to guard not just against hackers but against the loss of the device itself. Smartphones are an attractive target for thieves and security software needs to make the data on them difficult to access for the thief but still easy to get to for the owner. Most of the products tested offer some form of anti-theft measure, with either the ability to lock the phone remotely or to track it.
The tests also looked at whether security software saps an Android device's battery life to an unacceptable degree. Always a concern for mobile users.
The test examined 16 products available from the Google Play store in July 2013. All scored well for battery usage with only Webroot and Qihoo not making the top score. In terms of detecting malware the best performers were AhnLab and Kingsoft both with 99.9 percent detection rates, closely followed by Kaspersky on 99.7 percent, with Baidu and ESET both on 99.6. Ikarus brings up the rear with only 91.0 percent detection.
For theft protection, avast!, F-secure, QuickHeal, Tecent and Webroot offer the widest range of features. Baidu and Kingsoft have no theft protection at all.
You can read the full test results as a PDF here.
Photo Credit: style-photography.de/
Californian work collaboration and project management specialist Clarizen has launched the latest version of its cloud-based platform. Clarizen v6 combines social engagement and project management to achieve better results.
Clarizen’s co-founder and CEO Avinoam Nowogrodski says, "Clarizen v6 was designed from the ground up to support the requirements of today's changing modern workplace. Increasingly, companies and organizations are staffed by people of different generations, with different skill sets and who are located around the world. Clarizen v6 delivers on our Work Funnel concept of connecting social context, tasks and projects on a single cloud-based platform, so collaboration will drive results".
Features in the new version include internal and external social collaboration, allowing employees, contractors and customers to link conversations on projects and take part in real-time discussions.
Drag and drop resource allocation allowing managers to easily assign workloads, easy document collaboration that integrates with cloud storage tools like Box and Google Drive, object previews, a fast search engine and extensive configurability.
"Clarizen v6 was designed around the tenets of participation, alignment and awareness," says Nowogrodski. "We wanted to empower individuals in a way that has never been done before. By connecting social context with processes, we give a voice to each team member. It is that voice and that transparency that will ultimately lead an organization to success".
Clarizen v6 is available now. Existing customers can experience v6 and choose their upgrade path through the Clarizen "Training Box" which allows them to configure their system and train their employees prior to completing a full production upgrade.
Photo Credit: Alexander Kirch/Shutterstock
The man behind UK cloud and hosting provider UKFast is launching a new fund to help protect businesses from online threats. Called BASE (Building A Safer Environment) it aims to make quality security solutions available to businesses who can't afford the inflated costs charged by suppliers.
The fund set up by Lawrence Jones, CEO of UKFast, aims to help businesses add security features to their network and grow to the next level. UKFast grants £5,000 to each business that qualifies for the funding to boost their solution.
Jones says, "It is common place to have online shops hosted on networks and environments that aren't behind a firewall. Many trusted sites that you'd assume would take this seriously are opting out, knowing that customers never check. The problem is less about people's desires to create a safe environment and more to do with astronomical pricing for firewalls and online security".
The BASE fund provides industry leading anti-virus, backup systems, safety protocols and 24-hour monitoring at no extra cost for UKFast dedicated or managed hosting clients. Grants of up to £5,000 per businesses are available to anyone hosting on the UKFast network.
Jones adds, "It makes sense and seems logical to me. It's a small price to pay when you consider the £12m we put into developing our own data centres. I'd like to think that one day all hosting providers will be doing the same.
"We’re hearing from businesses who are seeing their security costs multiply because their hosting provider is taking advantage of growing fears around safety online. People are hearing more and more about DDoS attacks and some companies are using that to hike their prices up.
"Businesses are being forced to upgrade their firewalls and pay excessive costs for a basic safeguard. It's wrong! Britain’s businesses shouldn't be held to ransom on this and forced to operate without the fundamental protections because of cost".
Photo Credit: Jakub Krechowicz/Shutterstock
The myth of Mac invulnerability has been looking shaky for a while and received a further blow in February when some machines used by Apple's own staff were hijacked and used to launch an attack on Facebook.
Growing numbers of Macs mean that the platform is increasingly attractive to cybercriminals and even if the number of attacks remains small compared to Windows it's still a threat that needs to be taken seriously. With this in mind independent testing company AV-Comparatives has been looking at security software for OS X Mountain Lion.
Seven products receive the company's Approved Security Product award. These are: Avira Security for Mac, ESET Cyber Security Pro, F-Secure Anti-Virus for Mac, Intego Premium Bundle for Mac, kaspersky Security for Mac, Sophos Anti-Virus for Mac Home Edition and ZeoBit MacKeeper Internet Security.
Quick Heal Total Security missed out on an award due to a poor score in the Mac malware detection test.
The review covered protection against Mac malware as well as Windows malware detection to prevent the inadvertent spreading of infection. The Avira and Sophos products are free, so there's really no excuse for leaving your Mac unprotected.
AV-Comparatives also suggests adopting a number of good practices in order to protect your system as follows:
You can read a PDF of the full test report here.
Photo Credit: Thomas Bethge/Shutterstock
After years of cost cutting through the recession, businesses now have the challenge of continuously optimizing their IT costs. According to a survey of over 2,000 chief information officers worldwide, 65 percent see the main barrier to optimization as the mindset needed for all resources to work towards the same goal.
"Organizations don't often achieve the desired results from their optimization initiatives, and costs end up returning into the business," says Sanil Solanki, research director at Gartner. "CIOs should consider incorporating five key principles into their organization's cost optimization practices to form a basis for continual optimization. These principles are geared toward avoiding the danger of tactical cost initiatives, which may seem to generate savings in the short term, but can mean costs returning into the business in the long term".
The five principles Solanki identifies are accountability, agility, discipline, simplification and transparency. Accountability ensures that the IT department can manage the demands that the organization makes of it. Agility guarantees a good balance between resources and a flexible response.
Discipline ensures that someone is accountable for IT cost optimization and that, preferably, the process is led from the top by the CIO. Simplification reduces complexity in order to control costs, Gartner estimates that overly complex systems can add as much as 25 percent to IT unit costs. Finally, transparency makes sure that the business understands what IT can do for it and that IT understands its role in the business.
For a more detailed analysis you can register to get a copy of the report Five Principles Underpin IT Cost Optimization from the Gartner website.
Photo Credit: Dusit/Shutterstock
"I'm working from home," is often seen as one of the great lies of modern life. But a new survey released today by Kona, the cloud based social collaboration and productivity platform, shows that a majority of employees would rather telecommute than be in the office.
The survey conducted with SodaHead shows that 70 percent of us would prefer to be sitting at home in our pajamas than traveling to the office. For those aged between 35 and 44 the number wanting to telecommute jumps to 81 percent. The 18-24 age group though obviously likes to get out more with only 66 percent preferring home working.
There is a darker side to all of this, however. In offices that do allow people to work remotely 57 percent say it leads to jealousy amongst colleagues. Dice up the demographics and the figures are higher, 60 percent of parents, 65 percent of over 65s and 70 percent of those earning more than $100k say that they're jealous of telecommuting colleagues.
Despite the evident popularity of telecommuting though many companies aren't taking advantage of technologies that can make remote workers more productive. 64 percent of respondents still feel that email is the most effective means of group communication.
"Innovation combined with the right leadership, processes and people allows businesses to be more adaptable to the needs of their teams, spurring a more productive environment -- whether that's a traditional, virtual or hybrid work setting," says Scott DeFusco, Deltek's Vice President of Product Strategy and Management for Kona. "Using a social collaboration platform like Kona enables team members to be more connected and engaged".
Kona allows communication and interaction between team members regardless of their location. This leads to more productive exchanges of information and better work flow to keep a project moving forward.
Do you work from home? Does technology help or hinder you? Let us know via the comments.
Photo Credit: Paul Vasarhelyi/Shutterstock
The Texas-based marketing platform for small businesses Main Street Hub is introducing HubSites. These provide a mobile-friendly landing page to act as a link to a company's main site.
Features include a prominent click-to-call button, the ability to capture testimonials, Google Maps integration, a real-time Twitter feed and more.
"Today’s local consumers are hopping on their smart phones for information about local businesses at an increasing rate, yet local businesses are not keeping up with this shift," says Andrew Allison, co-CEO at Main Street Hub.
"Local business websites are hard to use on mobile phones and, as a result, they have the effect of pushing customers away. HubSites, on the other hand, are designed to convert mobile phone users into customers, using social media and mobile design to take advantage of opportunities to gain new customers the very moment they are making a purchasing decision".
According to a BIA/Kelsey survey mobile searches will overtake those from desktops by 2015, yet the majority of small businesses don't have a specific mobile website. HubSites allow B2C companies to stand out from the crowd and get ahead of the competition by offering a straightforward landing page. As part of the full Main Street Hub package they can help smaller companies to manage their online reputation and attract more customers.
Image credit: Andresr/Shutterstock
The SaaS alert and incident tracking company PagerDuty has announced the addition of webhooks to its software to streamline integration with other tools.
Development teams will be able to improve collaboration and incident response by customizing their web applications. This allows improved reporting and alerting so that, for example, any changes to the status of a logged entry will cause messages to be sent automatically.
It allows two-way integration too. Previously a system such as a helpdesk would only be able to push events to PagerDuty so it could notify people. Thanks to webhooks when a message in PagerDuty changes state the information can be fed back to the originating system.
To demonstrate all this, PagerDuty has worked with the popular private chat and IM service HipChat to integrate the two products. By using webhooks PagerDuty status messages can be rebroadcast to team members via the HipChat system.
"We jumped at the opportunity to integrate PagerDuty with webhooks because of how immediately handy this collaboration would be for both us and our customers – and it was fast and easy to do," says Garret Heaton, Co-Founder of HipChat. "Adding PagerDuty functionality via webhooks not only helps our customers to communicate more seamlessly, but also aids us internally to stay synced about every incident status change".
Existing PagerDuty users will have webhooks enabled immediately. For more information and pricing visit www.pagerduty.com.
Photo Credit: alexmillos/Shutterstock
Google has announced new features in its Google+ app for Android aimed at making its social network a valuable workplace tool. On the company's enterprise blog, Joël Kalmanowicz, Product Manager, Google Apps Team says, "If you're a Google Apps for Business, Government or Education customer, today we're releasing a few new features designed to make it even easier for you to get things done with Google+".
The app now supports multiple accounts allowing you to sign in to both work and private profiles and easily switch between them. You can also create restricted posts that can't be shared outside your organization. There are new domain labels too, both in the app and on the web, allowing you to quickly identify your colleagues' profiles so you know that you're connecting and sharing with the right people.
The Google+ Domains API -- announced at Google I/O in May -- is now also available to Google Apps customers. The API allows Google+ to be integrated into existing processes and lets enterprise software developers access it from within their products.
The API changes will be rolling out to Google Apps customers over the next few days and you can find out more on the official Google Apps Developer Blog.
Microsoft has announced the launch of new channels to sell Surface RT and Surface Pro to business, education and public sector customers. In addition to the US commercial channel which launched in July, today's announcement sees 17 countries including Austria, Belgium, Canada, Denmark, Finland, France, Germany, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland, and the UK added to the list.
Writing in a blog post Cyril Belikoff, Director -- Microsoft Surface says, "This availability in international markets, along with the updates coming to Surface RT with Windows 8.1 are all important milestones for our customers. We know that people who use Surface love it! We’re looking forward to introducing even more customers in more places to the powerful productivity that Surface uniquely makes possible".
Resellers will offer a number of value-added services like asset tagging, custom imaging, onsite service and support, device recycling and data protection.
Microsoft is keen to point out that this is just the first stage of bringing Surface to international business markets and that it's planning to add more partners and extra markets over the coming weeks. The ultimate aim being to bring business channels to all markets where Surface is sold.
With the upcoming release of the Jobs biopic Apple is set to be in the spotlight in coming weeks. It's timely then that the Finances Online website has released an interesting report tracing the iPhone’s supply chain.
It makes for fascinating reading. The rare earth minerals used in many of the phone’s components are 90 percent sourced in China and Inner Mongolia. Move up to the component level and the LCD panels, chipset, memory and batteries are all made in Korea. The iPhone 5's innovative display -- which eliminates a layer of glass -- is made by LG for example. The gyroscope that works out which way you’re holding the phone comes from STMicroelectronics, a French/Italian company.
You probably already knew that most iPhones are assembled in China (85 percent) by Foxconn among others. The reason for this is that China can respond much faster when it comes to hiring engineers and setting up new production lines to bring products to market fast.
In terms of jobs, Apple employs some 43,000 people in the US with a further 20,000 US employees based abroad. That pales into insignificance though against the 700,000 jobs involved in making Apple products around the world.
Does it matter where technology products are made? Would you be more likely to buy a smartphone that was manufactured locally? Let us know in the comments.
California-based Ravello Systems has released its Cloud Application Hypervisor. It may have a name straight out of sci-fi, but this product allows enterprises to use public cloud platforms to test their in-house applications.
Differences in storage, networking and virtualization techniques have previously prevented the use of the cloud as a practical test platform. Ravello's software makes any public cloud look and feel exactly like the enterprise data center from an application's perspective.
It uses software defined networking and storage, and an application framework. This means enterprises can easily create replicas of their in-house, multi-tier VMware or KVM based applications in any public cloud without the need to make any changes. Using Amazon Web Services, RackSpace or HP Cloud they can create multiple instances of an application for testing.
Navin R Thadani, SVP of products, Ravello Systems says, "For bursty workloads like development and test it does not make economic sense for enterprises to build internal data center capacity for peak usage, since on average, resource utilization may be as low as one percent. The public cloud sounds promising but is too different an environment, and still does not solve the infrastructure automation problem. Consequently testing is still mostly on-premise. It is rarely as frequent or as efficient as it needs to be. Hence, development cycles are far too slow".
The Ravello software has been in public beta since February and more than 2,000 enterprise users have replicated over 30,000 applications in leading public clouds representing more than 1 million CPU hours deployed.
Ravello's usage-based pricing model starts from $0.14 per hour for a 2 CPU, 4GB memory virtual system. This includes the cost of the underlying public cloud making it a cost-effective solution for providing extra test capacity.
Photo Credit: Andreas Weitzmann/Shutterstock
Technology is being underused by growing smaller companies according to communications and cloud specialist Qubic. The company says that hosted technology can help businesses grow by freeing them from the need to invest in hardware infrastructures.
Chris Papa, Managing Director of Qubic says, "With small and medium-sized businesses having been particularly badly hit by the economic downturn, they are the ones most in need of extra support to enable them to prosper. A hosted solution can help encourage start ups and SMEs in general to grow as it means that businesses can use technology on a 'pay-as-you-use' basis as opposed to tying up cash in a server with a telephone system which costs a fortune".
By challenging the idea that IT is an expensive and difficult area of business, Qubic hopes to allow smaller companies to harness the potential of technology whilst allowing them the freedom to concentrate on running their own business.
Chris Papa concludes, "As a small company starts to grow, it won’t need an IT department or IT Director. Expanding will be easy because the infrastructure is already in place and all the company needs to do is to add to this and keep on growing. Staff can work from home initially so an office isn't even necessary to get the business off the ground. Staff can also work collaboratively, both from home and in the office when the business expands".
Photo Credit: everything possible/shutterstock
As my colleague Wayne Williams reported earlier today the PC market is continuing to shrink at the hands of tablets. Further confirmation of this, just in case you needed any, comes from a Gartner survey showing that the PC market in western Europe slumped by 20 percent in the second quarter of 2013.
All PC segments in Western Europe declined over the quarter. Mobile and desktop shipments dropped 23.9 percent and 12.2 percent respectively. PC shipments in the professional market declined by 13.5 percent, while the consumer PC market decreased 25.8 percent in the same period. This equates to a 19.8 percent drop overall
"The market exit of the netbook PC, and vendors reducing their inventory to get the new Intel chips and Windows 8.1 have fuelled the decline in Western Europe," says Meike Escherich, principal research analyst at Gartner.
HP remains the number one PC seller followed by Acer and Lenovo. Acer suffered the biggest drop of 44.7 percent thanks to a restructuring of its product range away from netbooks towards tablets. Lenovo was the only maker to post positive figures with its sales up 18.9 percent over the quarter.
Things may look up later in the year according to Ms Escherich, "We can expect some attractive new PCs in the stores for the fourth quarter of 2013, running Windows 8.1 with thinner form factors and longer battery life enabled by Intel's Haswell processors. These PCs will compete with high-end tablets and will be complemented by a new generation of Atom-based devices that will compete with low-end basic tablets. Although this will not fully compensate for the ongoing PC decline, it does create an opportunity for profit in the midrange and more high end PC segments".
Looked at on a country-by-country basis, the UK PC market showed a 13 percent drop in line with a long term trend. Ranjit Atwal, research director at Gartner says, "The second quarter marked the 11th consecutive quarter of decline in the U.K. During this time the notebook market has shrunk nearly 25 percent in unit volume. The U.K. notebook market totaled over 2 million units in the second quarter of 2010 and has now reached just under 1.5 million units".
The German PC market fell by 18.7 percent but France showed a drop of 19.1 percent over the same period. This is the fourth consecutive quarter that the French market has experienced strong decline and it has shown the weakest performance of the three major western European nations.
Image Cedit: Alexander Mak/Shutterstock
The Google Play store is being bombarded with apps designed to scam unsuspecting users, according to consumer advice platform Scambook.
The scammers aren't even bothering to write malicious code, instead relying on simple human error to install their fraudulent apps. One app in particular has no purpose other than to launch a link to an adult video website. When the user is then asked to register, an email form is generated linking to another service on another website. Users are then asked to pay a $3,200.00 yearly fee within days of receipt.
These apps are constantly showing up on the Play store thanks to Google’s automated process for scanning submissions. Scambook urges users to exercise caution when looking at new apps, especially if they're not from recognized sources.
It offers three tips for spotting malicious Android apps:
Do you think it's time that Google tightened up its submissions process to prevent users from falling prey to this kind of scam? The iTunes app store has always had a more rigorous vetting scheme. Have you fallen prey to a scam app? Let us know your thoughts.
Image Cedit: karen roach/Shutterstock
Microsoft will pull the support plug on Windows XP on April 8 2014. But with only 10 months to go to the deadline as many as 39 percent of enterprises have yet to migrate to another version of Windows, warns services and solutions company ITC Infotech.
Current trends towards BYOD are also making the migration process more complex but businesses need to address the issues in order to future proof their operations.
A recent survey by Forrester shows that more than two-thirds of North American and European information workers personally select the smartphones and tablets they use for work. Some 46 percent also use laptops that aren't on their company's approved list. The result is a blurring of the boundaries between personal and business IT with staff using their own devices to access company applications and data.
In switching from XP to Windows 7 or 8 organizations need to ensure they retain the flexibility for staff to use their own devices and maintain a secure environment. ITC Infotech warns that companies need to start the migration immediately or risk overshooting the deadline. Those that are still using XP, come April 2014, could face increased costs as Microsoft will raise the price of support for the old system to encourage migration of reluctant users.
Hardeep Singh Garewal, President -- European Operations, ITC Infotech says, "Once the deadline date is overshot, it will lead to cost escalation of up to three times as much to continue to receive support for XP, and then after a short period, support will be cut off altogether. It's therefore imperative that the transformation begins now and it would be relevant and appropriate to address the BYOD issue at the same time".
Does your business have a plan in place for the end of XP support? Will you be switching to a newer version of Windows or moving to a different platform entirely? How will you cope with demands for BYOD? Do let us know your thoughts.
Announcing a raft of additions to its Flex System range, IBM aims to help companies consolidate their IT infrastructures and reduce operating costs. The new systems combine the latest server technology with updated virtualization, network and management tools. They will allow the fast deployment of increasingly large clouds without needing to boost the size of the data center.
IBM quotes Morgan Stanley's Cloud Perspective survey which has found that by 2014 businesses will have migrated at least 62 percent of their database workloads to the cloud.
The new Flex Systems are available with a choice of x86 and Big Blue's own POWER7 architecture. The Flex System x222 uses a dual-density x86 architecture that allows it to support up to 2,800 Windows 7 user images on a single chassis. There's also an upgrade to the Flex System Manager so that systems can be monitored remotely using Android, Blackberry and iOS devices. A new utilization fuel gauge feature allows system managers to see at a glance the status and availability of their servers.
Flex servers can be built to order for clients who have specific processing, storage and networking configurations. You can find more information and access a configuration tool at the www.ibm.com/flex site.
A special committee of the Dell board has reached an agreement with the company’s founder Michael Dell over a buyout of the company.
Under the agreed terms Mr Dell, in partnership with the investment firm Silver Lake, will buy back the company he founded in 1984 for $13.75 a share plus a special one-off dividend of 13 cents per share. This is in addition to a guaranteed third quarter dividend of 8 cents per share. The deal which values the company at $24.5 billion will be put to a special shareholder meeting on September 12.
In a statement Alex Mandl, Chairman of the Special Committee, says, "The Committee is pleased to have negotiated this transaction, which provides as much as $470 million of increased value, including the next quarterly dividend that will now be paid regardless of when the transaction closes".
As we reported earlier this year the company's profits have been tumbling and Michael Dell plans to restructure the company away from PCs towards mobile devices and services.
The buyout has been resisted by some including major shareholder Carl Icahn who argue that the deal undervalues the company. This agreement makes it more likely that Mr Dell and Silver Lake will win the day but it doesn't guarantee that the wrangling is over yet.
Cloud-based analytics supplier Tidemark has announced its latest set of results which show 250 percent year-on-year growth. This is driven by businesses moving away from legacy suppliers as they seek to unlock the power of their data.
Christian Gheorghe, Founder and CEO of Tidemark says, "Legacy vendors, such as Oracle Hyperion, SAP and IBM Cognos are suffocating customers with archaic technology that prohibits getting the right people involved in actively managing the performance of the company. The velocity of business and increasing importance of data outside a company's walls have created new challenges that can't be solved by focusing on a few power users who act as the gatekeepers to information".
With apps for financial and operational planning along with metrics management, Tidemark aims to make information available to people at all levels of an organization, allowing managers to take decisions in real time rather than waiting for reports. It seeks to roll out its software quickly too with customers going live within 90-days of signing up for the application.
Although large enterprises continue to invest heavily in business analytics, Gartner estimates that between 70 and 80 percent of all enterprise analytics projects fail. According to Tony Rizzo, Co-founder, Customer Success at Tidemark, "It's not surprising most business analytics projects fail considering it takes nine to twelve months to deploy a legacy analytics system. Our applications, combined with a disruptive implementation approach, enable our customers to bring critical information to all corners of their organization in a fraction of the time".
The rapid growth in usage of tablets and smartphones is turning us into a nation of multi-taskers according to a report by the UK telecoms regulator Ofcom. Although 91 percent of adults tune in to the main TV set in the lounge at least once a week, around 53 percent now access other media whilst watching television.
We're interacting with TV shows or sending off tweets and Facebook posts about them whilst we watch. We're also performing unrelated tasks like shopping and surfing the web whilst the TV is on. Most of this is done via smartphones, with 51 percent of adults now owning one compared to only 27 percent two years ago. Almost a quarter of households now own a tablet computer too.
The results do show something of a television fightback, however. Although most homes now have at least three devices that can access the internet, increasingly we're reverting to having just one television. 41 percent of households only had one TV in 2012 compared to 35 percent in 2002. Those sets are getting bigger too with sales of 43-inch plus sets up 4.3 percent in the first quarter of 2013. What's more despite the wealth of catch up and recording options available, live TV accounted for 90 percent of viewing in 2012.
James Thickett, Ofcom’s Director of Research, says,
Our research shows that increasingly families are gathering in the living room to watch TV just as they were in the 1950s -- but now delivered on bigger, wider and more sophisticated sets. Unlike the 1950s family, however, they are also doing their own thing. They are tweeting about a TV show, surfing the net or watching different content altogether on a tablet.
Just a few years ago, we would be talking about last night's TV at work or at school. Now, we’re having those conversations live while watching TV -- using social media, text and instant messaging.
Television's role as babysitter is also threatened with three-quarters of parents saying that a tablet is a useful device for keeping children entertained. Of parents with a tablet 91 percent said their children either used it or had one of their own.
If you’re reading this on a tablet whilst watching live television on a big screen then do let us know in the comment thread -- if you can get your tablet back from the kids that is.
Photo Credit: Rashevskyi Viacheslav/Shutterstock
Enterprise application and data security company Mobile Helix has announced the results of an independent survey of CIOs. It shows a large percentage of businesses delaying the roll out of enterprise apps on mobile devices thanks to concerns over security, costs and complexity.
Highlights of the survey, conducted among 300 CIOs in the US and UK, are that companies on average had over 400 applications within their organization but that only 22 percent of them could be accessed from mobile devices despite clear demand from employees for mobile access. Major barriers to adoption are development and support costs along with security.
Matt Bancroft, Co-Founder and COO for Mobile Helix says, "Users expect critical data and applications to be available on any device and in any context, both in mobile and fixed environments, in the way that is most familiar and convenient to them. CIOs understand the obvious benefits of empowering employees and making them more productive, yet only a small proportion of enterprise apps and critical data are currently mobilized".
A high proportion, 81 percent, of respondents to the survey say they believe the cost of developing apps for mobile use is too high because of the fragmented nature of the mobile market. Only a third of respondents felt they had the necessary skills to develop native mobile apps. Of companies that had developed a native app, 47 percent said they would have reservations about doing so again because of the cost and complexity involved.
"The current approach to mobility is limiting the market -- enterprises are now looking for solutions which will allow them to develop and deliver apps to their employees simply and cost effectively," Bancroft adds. "Every device platform on the market today has a high performance, HTLM5-compliant engine. By taking this HTML5 browser-based approach, corporate IT can build a unified applications platform that extends across devices of all shapes and sizes, without compromise in functionality, performance, or security".
Photo credit:Steve Heap/Shutterstock
Information security research specialist NSS Labs uses a workshop at the BlackHat USA conference today to announce new threat modeling and forecasting services to help clients better understand how they're at risk.
These new services use data from NSS's research and from its BaitNET real-time monitoring technology to deliver information about exploit and malware trends.
NSS Threat Modeling allows companies to see which vulnerabilities pose the greatest threats to their networks. It can model individual security layers and show which exploits can bypass them.
Threat Forecasting meanwhile monitors malware and exploits around the world in order to predict which threats are likely to present the greatest risk based on an enterprise's specific systems. Using BaitNET technology, which captures and verifies information in real time, it can help organizations respond quickly to the immediate risks.
Vikram Phatak, CEO at NSS Labs says, "Every security organization runs into limitations where more manpower, budget, and technology (or all three) are no longer available for solving security problems. What matters then is having real, actionable information that you can use to make informed security decisions about how to deploy the resources that you do have. With these new services, we go beyond simply telling clients what threats are out there to actually 'forecasting' whether or not a threat is likely to impact their organization".
You can find out more about the workshop on the BlackHat USA website.
Photo credit: lolloj/Shutterstock
UK-based company Managed Connections has launched its new platform as a service (PaaS) offering to provide an easy way for private and public sector organisations to set up their own wireless hotspots.
Derek Williamson, Managed Connections' Commercial Director says, "Our research shows that offering Wi-Fi hotspots will increase customer loyalty, footfall and sales which is a huge benefit to people using our services. The official Managed Connections launch comes after almost four years of research and development and on the back of this we have some really exciting additions planned for the upcoming months. We have made getting 100 percent legally compliant and highly controlled Wi-Fi and wireless broadband into a variety of venues really simple, and we can show clients how to use our platform and services as tools to bring in more customers and how to make money from them. We’re really excited by this aspect of our offering and with our systems, there is now a choice of fully managed Wi-Fi hotspot and ISP packages to suit any sized commercial venue".
Part of the attraction of the cloud-based PaaS solution is that it can be used to seamlessly integrate control of any type of network from simple Wi-Fi hotspots to entire building or community networks.
With the added benefit of 24-hour support, this aims to give businesses maximum flexibility in responding to demand for network services.
Photo Credit: phloxii/Shutterstock
According to Imperva's recent Web Application Attack Report most applications have suffered attacks four or more times per month whilst some are under almost constant attack. In addition retail sites suffer twice the number of SQL injection attacks compared to other industries.
The report also finds that the US tops the list globally as the source of web-based attacks.
Security solutions company Cenzic believes that the level of attacks is due to companies prioritizing the security of their assets rather than their data. Tyler Rorabaugh, VP of Engineering at Cenzic says on the company's blog, "Companies tend to approach security using a traditional perimeter based security model -- they first establish a perimeter by monitoring assets, then focus on risk analysis and management. The problem is that it's like putting a fence around a piece of property but the area that the property is located in is constantly changing and evolving. Let's face it, today's businesses are data-centric, where data is the core of their business, but our security models are focused primarily on assets and not the data itself".
Enterprises need to take steps to minimise attacks and secure their data. Rorabaugh adds, "Web Application Firewalls and Database Firewalls help, but you must proactively test your applications and data access points with automated attack systems, pen testers and application security testers, and you must do this constantly. There are only a few types of hackers -- those that want to prove a point, gain respect or learn, those that are concerned about something you may be doing, and the last and most important of these are those that want your gold (data) or are in it for the money."
Do you believe ecommerce companies are doing enough to protect your data when you shop online? Let us know via the comments thread.
Photo Credit: Maksim Kabakou/
Independent testing organisation AV-Comparatives has released the results of its real world protection test for March to June 2013. The tests use each security suite on its default settings and live URLs that point to malware executables along with drive-by exploits.
Using a total of 1,972 test cases over the four month period the results show that all of the major security packages offer high levels of protection. Bitdefender and Kaspersky top the charts with 99.9 percent protection levels, F-Secure also manages 99.9 but ranks slightly lower as it relied on user interaction to block three of the threats.
Of the other popular products, McAfee managed 99.3 percent, Bullguard 97.9 and AVG 96.3. Propping up the bottom of the chart is AhnLab on 90 percent below Microsoft Security Essentials which managed 92.5.
The report also looks at false alarms caused by wrongly blocked domains and files. Bitdefender does less well here with 24 wrong blocks, Kaspersky and Sophos wrongly blocked only one. The worst performers in the detection charts are, as you might expect, amongst the top performers here with AhnLab and Microsoft having no false alarms at all along with AVG and ESET.
The report's authors note, "The duty of security products is to protect against malicious sites/files, not to censor or limit the access only to well-known popular applications and websites. If the user deliberately chooses a high security setting, which warns that it may legitimately block some sites or files, then this may be considered acceptable. However, we do not regard it to be acceptable as a default setting, where the user has not been warned".
The message to take away from all of this is that the differences between mainstream security products are pretty small. Your choice really comes down to a balance between maximum protection and the inconvenience of false alarms.
You can download a PDF of the full test on the AV-Comparatives site.
Photo Credit: Thomas Bethge/Shutterstock
Security specialist Symantec is reporting the first malicious use of the Android 'Master Key' vulnerability that allows hackers to inject malicious code into apps without invalidating the digital signature.
The vulnerability was discovered earlier this month but Norton Mobile Insight has now detected its first use in the wild. Mobile Insight harvests and analyzes Android apps from marketplaces around the world and has discovered the infection labelled Android.Skullkey in two applications from China. These are legitimate apps used to make appointments with doctors.
A hacker has added code to these apps allowing them to steal sensitive data such as IMEI and phone numbers. They can also remotely control the device, send premium rate SMS messages and even disable some Chinese market security apps at root level.
Symantec's official blog says, "We expect attackers to continue to leverage this vulnerability to infect unsuspecting user devices. Symantec recommends users only download applications from reputable Android application marketplaces". Naturally, it also advises that Norton Mobile Security can protect against this threat.
Photo credit: arbalet/Shutterstock
A new report by security research firm NSS Labs looks at the comparative performance of popular browsers when it comes to blocking phishing attacks. Over a 12-day test period the average phishing catch rate ranged from 96 percent for Firefox 19 to only 83 percent for Internet Explorer 10.
Of the other big three, Chrome 25 scored 92 percent, Safari 5 managed 95 percent, and Opera 12 scored 89 percent. Chrome, Firefox and Safari all make use of Google's Safe Browsing API so it's unsurprising that they scored within a few points of each other. Microsoft uses its own SmartScreen technology in IE, whereas Opera uses a combination of blacklists from Netcraft, PhishTank and TRUSTe.
The average block rate across all of the tested browsers is 90.1 percent, down almost 2 percent on the previous year's average, although those using the Google Safe Browsing API performed slightly better than last year.
What's also interesting is the amount of time it takes for a new phishing site to be blocked. As these sites only have an average lifespan of 26 hours it's vital that they're detected and blocked quickly. Once again IE 10 turns in disappointing results, taking on average 2.55 hours to block a new site. Safari and Firefox do best here taking 0.5 and 0.7 hours respectively, whilst Chrome at 1.68 hours is around the all browser average. Opera scores just ahead of IE with 2.47 hours.
All of the NSS tests were carried out on a PC running Windows 8 Enterprise with the latest version of each browser available on each day of the test. The full methodology is available on the NSS website.
Photo credit: Slavoljub Pantelic/Shutterstock
Forecasting enterprise cloud costs can be hard to do well but is essential to businesses who want to implement cloud solutions effectively. RightScale announces today that its PlanForCloud product has helped companies forecast $1 billion in cloud spending since its launch last year.
By analyzing data from more than 9,500 cloud deployments, PlanForCloud has revealed a number of interesting trends. For example 70 percent of cloud spending goes on servers, 18 percent on storage and only 6 percent on data transfer, with a further 6 percent accounted for by other costs such as transaction charges and support.
It also reveals that on Amazon Web Services some 54 percent of spending is on Reserved Instances of one year or more. This is where companies sign up to a contract for a specific resource up front in order to obtain a discounted hourly rate.
The majority of users opting for Reserved Instances, 62 percent, go for the highest level of utilization, under which the service will be charged as though it's running 24/7 for the duration of the contract. This shows that companies are prepared to adopt a long term commitment to the cloud rather than signing up on an ad-hoc basis.
You can read more about the findings on the RightScale blog and access the free cloud cost calculator to help with your own business decisions on the PlanForCloud website.
Photo Credit: Rrraum/Shutterstock
Tableau Software has launched a SaaS version of its Tableau Server business analytics product. The software allows users to explore and share corporate data in a reliable and secure way without the need for specialist support.
"Tableau Online will allow people to get their analytics up and running in minutes and add users in a few clicks," says Chris Stolte, Chief Development Officer and co-founder of Tableau Software. "It's completely scalable and secure and requires no infrastructure. It's the fastest way to get everyone in your company using powerful analytics to make better decisions today".
Data can be displayed in an easy to use graphical dashboard format that's accessible via a browser or on Android and iOS portable devices. Information can also be shared via a centralized server and is automatically refreshed so that you know everyone is working on the latest version.
The package can interface with other cloud tools including Salesforce.com and Google Analytics. Users of Tableau are able to subscribe via email so that they're alerted to changes in the data through their inbox. The package can scale as the company grows and at any point can be migrated from the cloud to Tableau Server to run in house.
To find out more about Tableau Online and sign up for a free trial visit the company's website.
We're used to sharing information via social networking in our personal lives, but in the business world the impact of this has so far proved limited. Enterprise software supplier Deltek hopes to change this with the launch of Kona Business, a premium version of its cloud-based social collaboration and productivity tool.
A cross between a calendar, social network and project management tool, Kona Business brings together all of the interactions between people working on a project, allowing them to get things done more effectively and more quickly, and as it's in the cloud it can be rolled out easily via browsers or through Android and iOS apps.
Because it's conversation rather than task centered the software allows individuals to work in a more natural way and helps to remove communication barriers.
Scott DeFusco, Deltek's Vice President of Product Strategy and Management for Kona says, "Individuals have become accustomed to things that span across your life -- personally and professionally. Kona Business addresses both organizational adoption and ongoing engagement -- a huge challenge in the social collaboration space".
Kona allows all conversations relating to a project to be captured in one place. It can also integrate with file sharing tools like Dropbox as well as with Google Docs so that project documents can be shared.
"Kona can be the glue that connects key individuals and processes, extending the power of interaction and technology for the entire ecosystem," says DeFusco. "Effectively connecting people, processes and technology is no longer the exception, it’s the rule. This is why Deltek created -- and uses -- Kona Business".
You can find out more about what Kona can do for your business by visiting the Deltek website.
Photo Credit: Alexander Kirch/Shutterstock
Analyst group Gartner says in a new report that the global market for IT outsourcing is set to reach $288 billion this year. This though represents an increase of only 2.8 percent and growth is slower than predicted by previous forecasts.
Bryan Britz, research vice president at Gartner says, "Planned new adoption of ITO remains positive in all service line segments. However, constrained IT budgets, an evolving ITO delivery model, economic conditions and cost-focused buyers are limiting the growth potential of the ITO market".
It's the emerging markets of Asia/Pacific, China and Latin America where most of the growth is taking place. Outsourcing in these areas is expected to grow by more than 13 percent in 2013/14. "Expansion by multinationals into these regions, new buyers of ITO that are themselves growing organizations, and fertile economic conditions all drive the positive outlook," says the report.
Gartner says that plans for increased use of BYOD and mobile devices should see growth for outsourced support continue through 2017. Desktop outsourcing though is in overall decline. In North America it predicts that buyers will seek to move more services to managed relationships in order to save money and have more predictability of longer term costs.
Photo Credit: Lasse Kristensen/Shutterstock
One of the things that puts businesses off moving their systems to the cloud is the problem of migrating all of their applications and data to a remote platform. Californian company CloudVelocity aims to address this with its launch of One Hybrid Cloud, a package that streamlines the movement of information to Amazon Web Services (AWS).
One Hybrid Cloud effectively makes AWS an extension of the corporate data center, making it possible to run existing Linux and Windows apps in the cloud without modification. It automates many of the processes required to migrate apps to the cloud and in the process the developers reckon it can reduce migration expenses by more than 90 percent.
"Until today, cloud migration and cloud-enabled disaster recovery have not been viable for the vast majority of enterprise data center apps," says Rajeev Chawla, chief executive officer of CloudVelocity. "With today's launch of One Hybrid Cloud, we are significantly reducing the amount of manual processes, risks and expenses otherwise required to deploy robust enterprise data center apps into the cloud".
Using One Hybrid Cloud the cloud pre-production and production environments are virtually identical. This minimizes errors and reduces development cycles as it means software can be updated, tested and easily pushed live. It means that the cloud also becomes an ideal operating model for disaster recovery.
Find out more on the CloudVelocity website or you can watch a screen capture demo of the product on YouTube.
Photo Credit: Sergey150770/Shutterstock
Development company FatFractal has launched its new Cloud-in-a-Box solution to make it easier for enterprises to deploy software in public or private clouds or in traditional data centers.
The company's Platform as a Service (Paas) and Backend as a Service (BaaS) products allow developers to create tailored solutions without the need for repetitive steps. FatFractal CEO, Kevin Nickels says, "We've hit the right balance between out-of-the-box services like security, scalability and performance without limiting the developer’s ability to do whatever they want".
The platform can be used for migration and allows developers to use their preferred programming language. It can help to quickly create mobile apps that make use of out-of-the box security and scalability features as well as supporting complex data relationships and queries.
Cloud-in-a-Box works with all of FatFractal's modules to allow enterprises to deploy into a range of environments. It's also compatible with open infrastructure standards like OpenStack. This allows the company to offer competitive pricing, Nickels says, "We work to encourage innovation by creating a no-cost sandbox and when developers are ready for production, the price of our NoServer module is typically 45%-90% lower than buying directly from a IaaS provider."
Details of a successful independent evaluation of the product by developer Cory Wiles are online at GitHub. Wiles says, "Based on the test results, FatFractal is the easiest to install and configure, has the smallest footprint, no additional library dependencies, is the most secure, is the only one that offers public API access and local development, and interface with multiple backends at the same time. We also recognize FatFractal as the most flexible and least intrusive."
For more information on Cloud-in-a-Box and what it can do visit the FatFractal website.
Photo Credit: art_of_sun/Shutterstock
One man's virus is often another's legitimate program or cookie, so whatever antivirus software you have installed it's always useful to be able to get a second opinion from time to time. There are already a number of online scans you can use for this and BullGuard is the latest to join the party with today's launch of its own free scanner.
Unlike some of the alternative offerings, BullGuard works by adding a plug-in to your browser. This lets you run the scan at any time with just a single click on a toolbar button so you don't have to remember the website address or where you filed the bookmark. It supports all of the popular browsers too. The scan, which took just a couple of minutes using the Chrome plug-in on my -- not quite as fast as it used to be -- Windows 7 laptop, looks for viruses and checks that your current security is up to date.
Once it's complete you can view full details of the scan and any detected threats in a text file. You also get the opportunity to download a 60-day trial of the full BullGuard Internet Security 2013 suite to remove any threats found.
"We recognize that maintaining system security is often a painful process and that many consumers don't have the time or inclination to constantly monitor their software," says BullGuard Head of Product Management, Alex Balan. "We know how important it is to ensure that security suites are capable of protecting against the latest threats, so we developed BullGuard Virus Scan with this in mind".
Whether you've noticed suspicious activity on your PC or you just want to double check your existing protection you can try out the scan by visiting the free virus scanner page on BullGuard’s website.
Antivirus company Doctor Web has released its review of virus activity for June. Trojans remain the main threat but the big news is a new version of the Linux.Sshdkit virus designed to steal passwords from Linux servers. It has undergone a number of changes to make it harder for antivirus analysts to intercept stolen passwords.
This follows the trend that we reported last month of attackers becoming more businesslike in their attacks. Although the number of infected Linux servers is small as yet it's a worrying development.
Windows viruses still top the charts with Trojan.Mods.2, which redirects users to malicious web pages, being the most common accounting for almost 4 percent of infections in the month. There's also been a rise in Trojan encoders, a variant of ransomware, distributed primarily via email.
Mobile threats remain common too, again aimed at stealing information for financial gain or duping users into making use of premium rate SMS services. Many of these target specific regions, Android.Tempur.1.origin for example is aimed at users in South Korea and is one of the most prominent threats of its kind.
You can read the full report and more details of specific threats on the Doctor Web site.
Image credit: njaj/Shutterstock
Leading web host company 1&1 Internet has launched a new cloud server package that delivers user configurable resources to bring greater efficiency to business users.
The adjustable resources -- processor cores, RAM and hard disk space -- are configurable upwards and downwards by the user at any time. This offers the capacity for a very high performance resource at a low cost. The pricing model is clearly set out with costs per hour for each core and gigabyte of RAM and disk space. Changes become active within five minutes and there's no minimum contract term involved.
There's also a FLEX feature that allows memory and CPU requirements to be suspended whilst the data is retained on hard disk. This is ideal for businesses that do seasonal work or have peaks in demand.
Robert Hoffmann, CEO Hosting, 1&1 Internet Ltd, says, "The latest generation Dynamic Cloud Server offers a number of distinct differentiators that can result in a transformation of efficiencies. The user enjoys the best of both worlds -- dedicated highly reliable resources as well as completely dynamic scalability. An innovative 'sleep mode' can provide a unique freedom to leverage high performance for specific, shorter periods -- a powerful benefit for many user groups at an unbeatable price".
Servers are offered in Linux and Windows versions and it's possible for users to switch at any point if they wish. 1&1's data center provides multiple redundant cores and storage to ensure maximum reliability. For more information on package costs and availability visit www.1and1.co.uk.
A study unveiled at Microsoft's Worldwide Partner Conference in Houston shows that partners with more than half their revenue related to the cloud had higher gross profits, more new customers and faster business growth.
The study by IDC goes to highlight the changes taking place in the business world as more organizations shift their systems to the cloud rather than keeping them in house. "Cloud alone hasn't caused these impressive numbers, though that is absolutely part of it; top-performing partners were visionaries that took on cloud technologies before their peers," says Darren Bibby, program vice president of Channels and Alliances Research at IDC. "We're at the point in the industry's overall cloud transition where partners that don't move some of their business to the cloud likely won't survive. And some partners that are getting ready to sell their business or retire may be OK with that. Most won't be".
The study also shows that customer buying preferences are increasingly cloud-centered with 63 percent expecting to have a single cloud service provider to meet their needs. In addition 67 percent expect to purchase a variety of different cloud services from the same vendor.
Jon Roskill, corporate vice president of the Worldwide Partner Group, Microsoft says, "This research validates our belief that the most successful partners are the ones that offer a hybrid approach to IT. Microsoft is the only vendor equipped to help partners offer their customers a suite of on-premises and cloud solutions in both public and private cloud environments. By offering a hybrid approach, it better addresses customer needs and, in turn, helps our partners make more money".
You can read the full report on Microsoft’s website.
My colleague Mihaita Bamburic reported earlier on EE's rollout of faster 4G LTE services in 12 major UK cities with a potential to double current average internet speeds.
Despite the claims that this would make EE's mobile network unequaled in Europe I can't say I was especially excited by this news. Living as I do within 20 miles of one of those major cities -- Manchester -- it's sometimes hard to get a 3G signal here let alone 4G.
You can argue it's my fault for choosing to live where I do, but that's always the problem with new phone technology. Although EE claimed back in May that it was on target to reach a million 4G customers by the end of the year the reality is that most of those will be in large towns and cities. The rest of us have to wait until the world catches up.
To be fair, 4G is spreading fairly fast, Olaf Swantee, EE's Chief Executive Officer has said that 4G will be available to 98 percent of people in the UK in 2014. Other operators such as O2 have also promised aggressive roll outs which is why EE is keen to grab as many customers as it can now whilst it has a head start. That's "basic" 4G of course, the benefits of the faster services promised by today's announcement will take longer to spread and may not reach some areas at all.
Emeka Obiodu at independent analysts Ovum says, "The doubling of LTE speeds in several cities across the UK is a nice headline. But, on its own, we don't believe it is a standout game changer as telcos struggle to sell LTE as a speedier network. Instead, its merit is that it gives EE a base from which to offer LTE packages tiered on speed and usage which are far more acceptable to customers. That is going to be the interesting thing to watch out for and if its rivals do not have the capability to do that, EE could have quite a solid marketing message."
Obiodu also says, "Fleshing out its shared plans for customers, and positioning it as a way for families to save money, is a canny move in today's austerity-dominated society. The ability to cap costs should appeal to families who will get better clarity on what their telecoms spend will be. We also liked how EE is going to use the shared plans as a nudge to push customers into a higher-priced plan. This is what Verizon Wireless has done successfully in the US and is one reason why their ARPU is rising."
The moral of all this is that if you need fast mobile internet make your home in a big city. The irony being that it's the place where you're least likely to need it as there will be plenty of free Wi-Fi and other ways of getting online. If you want to live elsewhere or you're inclined to move about it probably isn't worth making the leap to 4G just yet.
Microsoft has announced that it is releasing an updated version of its Dynamics CRM package in the fall of 2013. The new package is designed to help enterprises engage with their customers and will be available as both cloud and installed systems.
The refreshed version is designed to deliver a fast and fluid user experience, enabling people to access information that’s relevant to their jobs and have deeper insight into customer requirements. It also offers improved social collaboration features as well as the ability to access information on a variety of devices including Windows 8 tablets and iPads. Android, iPhone and Windows Phone 8 versions will be available shortly after the package's release.
"Customers don’t want to be sold to anymore. They are knowledgeable and are interacting with their social and professional networks to make their buying decisions. They expect businesses to help them make the most informed choice," says Bob Stutz, corporate vice president, Microsoft Dynamics CRM. "Microsoft Dynamics CRM helps people connect with these customers in a way that is personal -- giving them the information they need to choose the right solutions, engage to drive sales and nurture relationships to deliver amazing experiences."
Key features of the new release include links to Microsoft’s MarketingPilot campaign management solution to help businesses understand their customers. Dynamics CRM lets companies adapt business processes according to the needs of their customers. It also allows users to collaborate and share customer information via Yammer from within the Dynamics package. It connects to Lync and Skype too enabling real-time contact updates.
You can find out more about what’s new in Microsoft Dynamics CRM by visiting the Microsoft website.
Let us pause for a moment to remember AltaVista. Current owner Yahoo quietly announced in a blog post at the end of last week that the once popular search engine is to close on July 8. The news was tucked away in a raft of other closure announcements. Users will be redirected to Yahoo Search.
It's hard to appreciate now that in the days before Google's algorithm made the fast indexing of large numbers of sites possible, searching the web was something of a hit and miss affair. Search engines relied on fixed indexes that were slow to update and found it hard to cope with the rapidly increasing number of sites.
When AltaVista launched in 1995 it proved immediately popular as it indexed around 20 million pages, more than any other search tool at the time, and used its own crawler technology to keep it up to date. It also returned results quickly thanks to fast computers behind the scenes.
It remained a top destination for web users until 2001 when the number of Google searches moved ahead. Yahoo acquired AltaVista's technology and name in 2003.
Like most websites it had its moment in the sun before being overtaken by something newer and cooler. You have a few days left to visit the AltaVista site for old times sake before it's gone for good. It probably won't be missed but it deserves to be remembered.
Do you have fond recollections of AltaVista or other sites from the early days of the internet? Feel free to use the comments as a book of remembrance.
Photo Credit: inxti / Shutterstock
Microsoft research has uncovered a pair of viruses that work together to make them harder to remove from infected computers. Malware researcher Hyun Choi revealed the news in a TechNet blogpost.
The Vobfus virus spreads through infected website links or via removable or mapped network drives. Once installed on a system it downloads the Beebone virus which enrols the machine in a botnet. After this the two pieces of malware work together to download the latest versions of each, making them harder to detect and remove and allowing them to maintain a presence on infected systems.
Mr Choi says, "This cyclical relationship between Beebone and Vobfus downloading each other is the reason why Vobfus may seem so resilient to antivirus products. Vobfus and Beebone can constantly update each other with new variants. Updated antivirus products may detect one variant present on the system; however, newer downloaded variants may not be detected immediately. A typical self-updating malware family that just updates itself can be remediated once it is detected, because once removed from the system it cannot download newer versions of itself. In the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus."
Although it was first discovered in 2009, the Vobfus virus is proving to be a persistent problem due to its close relationship with Beebone.
To avoid infection Mr Choi recommends that users exercise caution when clicking external links as well as keeping their browser and other software up to date. Because Vobfus often spreads via removable drives it may also be worth disabling the Windows autorun feature.
Have you experienced a virus infection that's hard to shift or which keeps on coming back? Let us know in the comments if you think you've fallen foul of a collaborative virus.
Photo Credit: Paola Canzonetta/Shutterstock
Day two's keynote at the Microsoft Build 2013 developer conference focused on the company's commitment to the Windows Azure mobile development program.
Azure Mobile Services and Azure Web Sites move from preview to general availability status. Mobile Services makes it easier for developers to build connected, scalable apps for Windows, Android and iOS, whilst Web Sites makes it simple to create and run webpages. There were also previews of new Azure technologies including Auto Scale, offering the ability to adjust capacity according to customers' needs. Plus a preview of enhancements for Azure Active Directory.
Satya Nadella, president, Server and Tools Business said, "Nearly 1,000 new businesses are betting on Windows Azure daily, and as momentum for Azure grows, so too does the developer opportunity to build applications that power modern businesses".
For .NET developers Microsoft has provided a roadmap to help update core business applications and move towards web apps and cloud environments.
A new advertising developer kit for Windows 8.1 was announced along with a revised one for Windows 8, to enable relevant advertising in Windows apps. Both SDKs are available from adsinapps.microsoft.com. There's also a readjustment of ad sizes to target those most in demand.
The release preview of Windows Embedded 8.1 is available from today too. This was demonstrated by Steve Guggenheimer, corporate vice president and chief evangelist, Developer Platform Evangelism, using the Avis "Select and Go" app running on a Windows Embedded 8 Industry tablet and Windows Embedded 8 Handheld device, illustrating the opportunity for developers to capitalize on the shared Windows codebase.
Several third-party apps were also showcased. These included PayPal's software developer kit allowing payments to be integrated into Windows apps along with developer tools from Adobe and Unity.
Summing up Guggenheimer said, "Whether developing for existing, client/server, or emerging device and cloud application patterns, developers need a platform that offers consistency and flexibility. Only the Windows platform -- spanning Windows, Windows Phone, Windows Azure and more -- meets this need".
Policy management specialist Tufin Technologies launches the latest version of its Security Suite for business networks with a number of new features. Version R13-2 has a self-service portal for connectivity requests, enhanced device support and increased automation of security-related policies.
Tufin Security Suite is made up of three modules, SecureApp which manages the network connectivity and security requirements of applications, SecureChange which looks after change management and risk analysis, and SecureTrack which automates policy management for network infrastructure.
Key changes in the latest version include the introduction of a self-service portal to allow non-technical users to request application access, automated removal of decommissioned servers, IPv6 support and RESTful APIs to allow interaction with other systems.
"Tufin continues to demonstrate its commitment to delivering business value via more efficient security policy management. R13-2 aligns security policy management and business operations through its self-service capabilities, extended device support, and enhanced application connectivity which introduces a whole new set of security, compliance and efficiency benefits," says Reuven Harrison, CTO of Tufin. "In fact, we are including a free, limited version of SecureApp in R13-2: SecureApp Basic. We are confident that once customers experience the value it delivers they will be eager to implement it. In addition, R13-2 extends our support for IPv6 and provides more comprehensive network topology. As networks continue to grow in complexity, Tufin will ensure that security teams not only protect the network, but also operate much more efficiently than before."
The latest suite is available now and there's a 30-day evaluation version available to download from the Tufin website.
Photo Credit: Alexander Kirch/Shutterstock
In a keynote speech to the TechEd Europe conference in Madrid, Microsoft's Server and Tools Corporate VP Brad Anderson has announced the availability of preview versions of Windows Server 2012 R2, System Center 2012 R2 and SQL Server 2014.
Writing on the company’s blog Anderson says, "These products are going to have a massive impact on companies around the world -- and IT pros are going to see the traditional boundaries between datacenters vanish and a true hybrid cloud emerge".
He also used the speech to show how major European companies like Spain's Telefónica and Italy's DDM are already using the Microsoft platforms to maintain their services in an easily scalable environment. The largest telecoms operator in Spain, Telefónica aims to move 80 percent of its IT to virtual platforms using Windows Server Hyper-V and SQL Server.
DDM has developed its popular CineTrailer movie app on the Windows Azure platform. This has allowed it to scale easily in order to accommodate growth in demand from PCs, mobile devices and connected TVs.
Cambridge, UK based semiconductor maker ARM Holdings was showcased to exhibit the potential for Surface RT devices in the enterprise. The Surface RT (which uses ARM chips) has been supplied to employees in IT, quality assurance, marketing and sales to enhance their efficiency and mobility.
Anderson sums up, "I believe that Microsoft’s track record with new enterprise cloud offerings makes it the best equipped to deliver an end-to-end app and IT experience -- everything from building the app, deployment, maintenance and managing every device that uses it."
The server software previews can be downloaded from the TechNet site.
Microsoft has announced a tie up with Oracle that will allow customers to run Oracle software on Windows Server Hyper-V and in Windows Azure.
The partnership means that Oracle will certify and support its software -- including Java, Oracle Database and Oracle WebLogic Server -- on the Microsoft cloud platforms. The key elements of the deal are listed on Oracle's corporate blog.
Commenting on the move Steve Ballmer, Microsoft's chief executive says, "Microsoft is deeply committed to giving businesses what they need, and clearly that is the ability to run enterprise workloads in private clouds, public clouds and, increasingly, across both. Now our customers will be able to take advantage of the flexibility our unique hybrid cloud solutions offer for their Oracle applications, middleware and databases, just like they have been able to do on Windows Server for years".
Oracle President Mark Hurd says, "Our customers' IT environments are changing rapidly to meet the dynamic nature of the world today. At Oracle, we are committed to providing greater choice and flexibility to customers by providing multiple deployment options for our software, including on-premises, as well as public, private, and hybrid clouds. This collaboration with Microsoft extends our partnership and is important for the benefit of our customers".
An interesting effect of the deal is it means that Oracle Linux will be available as a preconfigured instance on Windows Azure. Microsoft, however, will gain from getting customers to pay for its services even if they’re running rival software.
Microsoft's Azure cloud platform has so far lagged behind Amazon's AWS offering. This deal with Oracle may provide the push it needs to gain impetus in the enterprise marketplace.
Photo Credit: 2jenn/Shutterstock
As part of its National Cyber Security Programme the UK government has announced the first stage in a new £4 million awareness campaign. The campaign due to be launched in the autumn draws on expertise from various government departments and is led by the Home Office.
Bids are currently being invited from media, PR and creative agencies to produce a communications strategy to educate consumers and small businesses on the risks presented by cyber crime.
Security Minister James Brokenshire says, "The digitisation of the UK economy has made our lives easier and has created huge opportunities, but it has also created individual security risks as well. If we are to meet these new challenges it's essential we step up our efforts to stay safe online".
Research by the National Fraud Authority has shown that if individuals and small businesses make minor changes to their behaviour they can prevent significant online losses. Brokenshire adds, "By making small changes British businesses can remain competitive in the global economy and consumers can have greater confidence using the internet".
Advice on protecting yourself online is already available on the government's Get Safe Online website. Strangely it's short of information on protecting your data from national security agencies...
Photo Credit: fotoscool/Shutterstock
Network security specialist Lancope has released the results of a survey showing that 66 percent of large organisations said that either they hadn't experienced a security incident in the last 12-18 months or were unsure if they had.
Businesses face a constant stream of threats from the normal phishing and malware to more sophisticated, targeted attacks. But Tom Cross, Lancope's director of security research, says that it's very unlikely that none of these organisations experienced incidents during that time frame: "Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter. I would assert that if you’re unsure whether or not your organisation has had a security incident, the chances are very high that the answer is yes -- and this is a significant problem".
Companies responding to the survey said that the most common incidents they were aware of were malware, DDoS and insider attacks. While 25 percent said that the worst impact incidents had on their organisation was to their reputation, 21 percent had suffered financial loss and 13 percent had experienced intellectual property being stolen.
Of course the threat landscape is constantly shifting and half of enterprises now felt that mobile devices and BYOD represented the greatest danger to their organisations. Insider threats are also high on the worry list with 32 percent concerned about them. Lack of information about what was happening inside their network concerned 28 percent too.
Cross concludes, "Any organisation needs to know whether or not they've been subject to a security breach, and if companies believe they have not, the question may be are they really aware of everything that is happening on their networks?"
Since it's very often our information that gets compromised when security is breached perhaps this is an issue that everyone needs to take seriously. Before we give our business to a company should we be asking how good their data security is?
Photo Credit: RTimages/Shutterstock
A funny thing happened when I checked my email this morning. I found I had a friend request from Myspace, something I haven’t had for a long time. Even funnier was when I clicked on it Myspace -- or at least Myspace as I knew it -- was gone. In its place was a new sleek, Modern UI meets Spotify, music-based site. A site that doesn't seem to do friend requests anymore either so it's lucky I got that email or I might never have stumbled on it at all (conspiracy theories on a postcard please).
Of course this really shouldn't have come as a surprise, around nine months ago my colleague Wayne Williams reported early news of the update with the headline New Myspace is gorgeous, but who will use it? Like everyone else though I’d read about a Myspace update and not deemed it worthy of brain space. So suddenly finding myself on the new site -- fresh out of beta -- was a bit of a shock.
Not an unpleasant one as it happens. After a bit of reorientation (the site is much more minimalist than in the past and it isn't always obvious how things work) I thought it looked good. In fact visually it's a winner with chunky graphics, tablet-friendly sideways scrolling and a neat floating player at the bottom of the page. There's also a change in emphasis, rather than trying to recapture its pre-Facebook glory days as a one-size-fits-all social network it now focuses on creatives; musicians mainly but also artists and writers. Old Myspace was always good for finding music and the new one looks set to capitalize on that. There are new mobile apps too that allow you to build your own personalized radio station.
Tim Vanderhook, co-owner of the site along with his brother Chris and singer Justin Timberlake, says, "Today more than ever there's this need for a creative ecosystem that kind of caters to the creative community and that's both a social network and the streaming services attached".
There's no doubt that the new site is a visual treat but I'm not convinced that it does anything better than the competition that will tempt me to use it regularly. And with Google and Apple both moving into the streaming market that competition is about to become a whole lot tougher.
By targeting the site at artists the owners clearly hope that fans will follow. This could be a risky strategy but Myspace has the advantage of some 27 million existing users in the US and around twice that number worldwide. Many of those, like me, probably haven't used the site for a while but if they can be tempted back from their dormant state by the new interface they could give it a head start over the competition.
What we have then is a site that's undergone a radical redesign, gone off in a fresh direction with a new focus and, on the whole, seems to have done it well. This should be the big social network news story of the week, but sadly it comes at the same time that Facebook borrows the hashtag feature from Twitter, so poor old Myspace ends up as the bridesmaid once again.
If all US companies were to move their core systems from in-house servers to the cloud the amount of energy used could be reduced by up to 87 percent a new report claims.
The research carried out by by Lawrence Berkeley National Laboratory finds that if all the email, CRM and productivity software in the US were running in the cloud it would save 326 petajoules of energy. Just in case you were wondering a petajoule is around 278 gigawatt hours or the amount of energy you get from burning 34,121 tonnes of coal.
The figures are based on an estimated (from census data) 86.7 million workers using computers. They assume that all of those use email, 58.9 million of them use productivity tools like word processing and spreadsheets, and that 8 million use CRM software.
Email is the most energy hungry because there are lots of servers -- some 3.6 million. Next come the 1.3 million productivity servers and 73,000 CRM servers.
The report estimates that if all this was shifted to the cloud there would only need to be 47,700 mail servers, 32,400 productivity servers and a mere 4,390 CRM servers. Little wonder then that a major move to the cloud would see the petajoules plummet.
All of this is worked out using the Cloud Energy and Emissions Research (CLEER) model which is available in open access form if you want to have a go yourself.
The report concludes, "Our hope is that, together, the CLEER Model and case study presented here can provide foundational resources from which other researchers and decision makers who seek to understand the net energy and emissions implications of cloud services can build more comprehensive and impactful analyses".
There's no doubt that the numbers look impressive but it's worth noting that the study is funded by Google which obviously has a bit of an interest in shifting things to the cloud. Maybe we should wait for a report commissioned by the energy industry before we decide to throw away our in-house servers.
Photo Credit: inxti /Shutterstock
A new survey by Symantec reveals that people are more and more reliant on their smartphones at concerts, events and music festivals. But as usage of phones increases so do the security risks.
According to the research when people are out at live events phones are now more common than lighters (only 7 percent carry those anymore) and cameras (42 percent). This has led to the rise of some new phenomena such as "phone hogging" where audience members hold phones above their heads to take photos and video. Some 51 percent send texts or make calls to brag about the show and 38 percent take to social media to do the same.
Whilst 89 percent of people take their phones with them when going to concerts and festivals, 36 percent don’t have any form of security protection on the device. The most basic protection -- taping your contact details to the phone in case it's lost -- is followed by 10 percent. Perhaps surprisingly the under 30s are more likely to take precautions to protect their phone than older users and they're more likely to leave their expensive devices at home if there’s an increased risk of damage, loss ot theft.
Richard Clooke, Mobile Security Expert at Norton, says, "Your phone's security is probably the last thing on your mind at a festival, but there are some easy, preventative steps you can take even before you leave home. There's simple software solutions available now which allow you to track your phone via GPS if you drop it in the crowd, or if there’s no hope of finding it, you can wipe all the data remotely in case it falls into the wrong hands."
Norton Mobile Security Lite is available to download free for Android smartphone users. Amongst other features it lets you lock your phone via an SMS command and find it using a remote location feature. So when your friend phones you from Glastonbury to brag about how he's enjoying the show you can suggest that he installs it.
Photo Credit: Faraways/Shutterstock
The public beta of McAfee's newest mobile security app becomes available to download for Android devices today. Its leading feature is something called Smart Perimeter which addresses one of the key concerns of users, losing your device.
Smart Perimeter works by allowing devices to track each other and alert the user if they stray more than 30 feet apart. If a device goes outside the perimeter an alarm sounds and it's also locked so you have to enter a PIN to re-enable it.
According to McAfee's own research around half of smartphone owners say they would rather lose their wallet than their phone so this software should address their fears -- assuming of course that they have another device about their person to sound the alarm.
Other features in Mobile Innovations include a safe QR code reader that checks codes when they're scanned to ensure that the linked site is safe for browsing. There's also a Data Vault that PIN protects private photos and documents on the device.
Writing on the company's blog Lianne Caetano, director of consumer mobile product marketing at McAfee, says, "The McAfee Mobile Innovations app will help us to obtain users' input on device and web security, as well as strengthen anti-theft and privacy measures to protect personal data."
You can download Security Innovations for free from the Play Store right now or visit the McAfee blog for more information.
Symantec in conjunction with the Ponemon Institute has released a new study into the cost of data breaches. What it reveals is that whilst most of us worry about malware and hackers, it’s actually mistakes and system errors that cause the majority of breaches.
According to the survey, glitches and negligence between them accounted for 64 percent of last year’s data breaches. This includes employees leaking or mishandling information, violation of regulations, accidental data dumps and stolen or lost laptops.
What’s worrying is that many employees don’t realise they're doing anything wrong. Around 62 percent of employees think it’s acceptable to transfer corporate data on to personal devices and a majority of those don’t delete it afterwards, leaving the data vulnerable to leaks.
Whilst the cost of a data breach varies around the world, it's estimated at $159 per record in the United States. That puts the total cost per breach last year at $5.4 million, though the good news is it marks a decline from 2010’s peak of $7.24 million.
If you're worried about how much this might cost your company Symantec has produced a handy Data Breach Calculator to help you work it out. Once you've scared your boss with that you can look at practical steps to reduce the risk including improved training, use of encryption and identifying the most vulnerable data.
You can read more and access the full report on Symantec’s Connect blog.
After ten years with Yahoo as its mail and news provider, UK internet company BT is switching to a different service. Starting in June it will begin migrating its customers to a new service named BT Mail which will be run by California-based Critical Path.
Nick Wong, director of online for BT's consumer division says, "We will be switching customers' email over to BT Mail, which will include the features and functions they expect from a modern email service. We will be keeping our customers fully informed about what changes to expect and when they will be able to enjoy the new services."
Email folders will be moved to the new service and customers will be able to keep their existing addresses. BT is also dropping Yahoo as the news provider on its portal site -- which is set as the default home page for its customers. The Press Association will be taking over that service.
The move involves around six million email accounts and Yahoo will lose a big slice of traffic to its home page. Although BT hasn't commented on the reason for the move, there have been numerous complaints since the start of this year that hackers have been taking control of BT mail accounts and using them to send out spam messages.
Customers can read more about how the changes will affect them on the BT Life blog.
Symantec has dropped the PC Tools range of security software, leaving the Australian company that it acquired in 2008 to concentrate on its system tuning products.
Buying PC Tools gave Symantec a budget brand with the Internet Security, Spyware Doctor and Spyware Doctor with Antivirus products slotting in below the more upmarket Norton range. Now as part of Symantec CEO Stephen Bennett’s restructuring of the company, the PC Tools security products are being quietly streamlined out of existence.
Existing PC Tools security users will still receive updated virus definitions until their subscription expires. They’ll then be encouraged to move to an equivalent Norton product. According to the FAQ for PC Tools users that’s been posted on the company’s website they'll be able to, "...take advantage of our special offer to switch to Norton."
PC Tools Registry Mechanic, Performance Toolkit, File Recover and Privacy Guardian products are unaffected by the change, though it seems rather odd to leave the privacy product if the security focus is switching to the Norton range.
Photo Credit: Pavel Ignatov/Shutterstock
European operators have been asked not to go ahead with the launch of the HTC First planned for this summer. The phone comes with Facebook Home which replaces the standard Android screens with its own social media interface.
Home has been available for download to other Android devices too but hasn't proved popular with users. UK mobile operator EE has issued a statement making it clear that Facebook is behind the decision not to launch saying, "Following customer feedback, Facebook has decided to focus on adding new customisation features to Facebook Home over the coming months. While they are working to make a better Facebook Home experience, they have recommended holding off launching the HTC First in the UK." Orange in France has made a similar statement.
Facebook confirmed the news saying, "While we focus on making Home better, we are going to limit supporting new devices and think it makes a lot of sense for EE and Orange to hold off deploying the HTC First in Europe."
Pre-orders for the phone will be cancelled whilst Facebook returns to the drawing board. EE has said it will contact customers who have shown an interest in the device. The decision is bad news for the social network which has seen its usage rates dropping in the UK and which needs to boost its mobile presence to gain advertising revenue.
We’re used to the somewhat spooky way that websites track our every move. Notice how the adverts on various sites reflect the products you’ve been viewing elsewhere? You only have to look at a CD on Play and Amazon will be trying to sell it to you within hours. We’re used to the GPS tracker on our smartphones monitoring where we are all the time and pointing us towards local attractions too.
Well now this technology is starting to spread to other devices too. The BBC has used the Thinking Digital conference to trial a perceptive radio. Developed by the BBC's Future Media North Laboratory, the radio uses information about where you live to change the listening experience by referencing local places or weather conditions. It also monitors the background noise at your location so it can decide whether to boost certain sounds to enhance the listening experience. The idea is to provide an "immersive" broadcast that can reconfigure the content for each listener.
It's either a great idea or a creepy one depending on your viewpoint. And if it only broadcasts the things it thinks you want to hear how will you ever discover anything new?
Another worrying aspect is, once your radio thinks it has your best interests at heart, how long will it be before your other domestic appliances start getting in on the act? Will your fridge reject anything that isn’t compatible with your diet, or insist on only local produce? Maybe your alarm clock will refuse to process the snooze button on work days. Or your TV will insist on you watching a set number of mind improving documentaries before it lets you tune into a soap.
When your radio knows where you live it's only a short step to other gadgets knowing where you are and what you're doing all the time and trying to "improve" your life accordingly. What was all that stuff about Big Brother...?
Photo Credit: Everett Collection/Shutterstock
Any old security suite can protect your PC with a firewall and an antivirus product so the big players are increasingly looking for new angles to try to get us to buy their products. BullGuard’s flagship offering already has parental controls, spam filtering and PC tuning tools, so the latest release -- out today -- goes for the personal protection approach.
No, it doesn’t come with a goon in a dark suit and sunglasses to follow you around. It offers safeguards against identity theft and data leaks, plus it has social media protection. As an added bonus the amount of online backup space included with the package is increased to 25GB.
The ID protection module provides an extra layer of defense, running in the background to alert you via email or text if personal information has been compromised. Social media protection allows parents to monitor their children's Facebook profiles. It also has an app for the kids themselves to help them avoid risky behavior.
It scans the protected profile and alerts both parents and offspring to signs of bullying, "sexting", links to inappropriate content and more. The service works across tablets and smartphones as well as PCs.
BullGuard's Head of Product Management, Alex Balan says,
The changing face of threats and the changing habits of users in the modern computing age means that consumers face an uphill battle when trying to stay one step ahead of malicious third parties. Our intention when developing Premium Protection was to address these concerns and recognize that it's just as important to protect the person, as it is the PC. We've placed a strong focus on identity and social media protection, incorporating tools that can help guard against new threats alongside all of the 'traditional' protection required to help keep you (and your children) safe online.
The software comes as a 3-PC license for $99.95 (£69.95 in the UK) and you can download a 30-day trial from the BullGuard website. Existing BullGuard Internet Security users will be able to upgrade to the new suite.
Despite Yahoo CEO Marissa Mayer's promise not to "screw up" Tumblr following its recent acquisition, the move has caused some disquiet in the user community.
Posting on Tumblr, of course, many users are worried about the impact advertising may have on the Tumblsphere, others that Yahoo will change the ethos of the site. There was disquiet about rumors Yahoo would push to make it more family friendly by filtering content too -- around 1 in 6 Tumblr pages is reckoned to contain porn. Despite assurances, and the fact that the circulating message about the clean up has been exposed as fake, there's a lot of distrust out there.
Already websites like www.bluegrownup.com are springing up with the aim of offering disgruntled Tumblrs a new home. There’s also a tool to help users migrate their blogs to WordPress.
Personally I like Tumblr, though I don’t exactly fit its cool kid demographic. I've used it since 2010 and it's the only blogging platform I've stuck with over a long period of time, mainly thanks to its ease of use and its ability to integrate content with other sites. If Yahoo can manage Tumblr in a sensitive way and preserve what’s good about it I'll be happy to stay. It seems to have managed this trick with Flickr so there is hope.
It's worth considering what this means from the Yahoo side of things too. If you can locate a Yahoo user you won't find them worrying about upcoming changes -- Yahoo doesn't inspire that kind of user loyalty. But Tumblr isn't the only thing the company has bought recently and there's a definite pattern to the acquisitions. Earlier this month it purchased Astrid -- a smartphone daily organizer app -- for an undisclosed amount. In March it bought news aggregation app Summly from British teen entrepreneur Nick D’Aloisio for $30 million. What these and Tumblr have in common is an emphasis on personalizing the web experience. They’re also all targeted heavily towards mobile devices.
We can expect to see the impact of this shopping spree on the delivery of Yahoo's news and other services. You can already detect change in the air with the new tablet-friendly Flickr layout, though as with any redesign there are some users who don’t like the new look. Whether all this will be enough to make people really care about Yahoo again only time will tell. In the meantime Tumblr users should probably sit tight for a while and see what happens.
Photo Credit: fotoscool/Shutterstock
As has been widely rumored over the last few days, Yahoo has paid $1.1 billion for blogging platform Tumblr. In recent times this is the most paid for an Internet acquisition since Facebook bought Instagram for $1 billion last year.
Founded by David Karp in 2007 from a bedroom of his mother's New York apartment, the attraction of Tumblr has always been its clean interface and ease of use, which allows people to be up and blogging within minutes. The service has around 217 million users worldwide and is the 24th most popular site in the US according to research company Quantcast. The company employs 175 people and claims to have more than 100 million blogs.
Tumblr has been slow to attract advertisers though, earning $13 million in 2012 when it had hoped to have revenue of $100 million by 2013. Yahoo brings the opportunity to attract more advertising but this may be at the expense of the site's sleek look. In the past Karp has been critical of the way other sites implement ads. Like Facebook and Google+, Tumblr already allows brands to set up their own pages. At the moment Tumblr embeds sponsored posts into the main stream in a way that’s subtle but also effective -- particularly on the smaller screens of mobile devices.
A more overtly commercial approach isn't likely to go down well with the free thinking creative types that Tumblr attracts. Initial reaction to the news on the web points to a lot of unhappy Tumblr users.
Yahoo, headed by ex-Google executive Marissa Mayer, will be seeking to use Tumblr to sprinkle some corporate stardust on its aging brand by adding social media and a mobile-friendly platform. It will also be looking to the acquisition to attract younger users to other Yahoo products and get the company back in touch with the cool kids. However, this deal may invoke a sense of deja vu in anyone who remembers Yahoo's purchase of Geocities in 1999. At the time Geocities was the third most visited site on the web but under Yahoo's ownership it withered and died, shutting up shop a decade later.
Mayer says on the new Yahoo blog (on Tumblr of course) that Tumblr will continue to operate as a separate company with Karp as CEO and she promises, "not to screw it up".
Addressing the Tumblr community David Karp says, "Our team isn’t changing. Our roadmap isn't changing. And our mission -- to empower creators to make their best work and get it in front of the audience they deserve -- certainly isn't changing. But we’re elated to have the support of Yahoo! and their team who share our dream to make the Internet the ultimate creative canvas. Tumblr gets better faster with more resources to draw from."
Computer giant Dell has seen its net profits fall by 79 percent to $130 million in the first quarter of this fiscal year. This highlights the shift in consumer demand away from traditional PCs towards tablets. The company reports a decline of 9 percent in PC sales although revenue from software, services and new technologies was up by 12 percent.
Commenting on the results chief financial officer Brian Gladden says, "We made progress in building our enterprise solutions capabilities in the first quarter and are confident in our strategy to be the leading provider of end-to-end scalable solutions. In addition, we have taken actions to improve our competitive position in key areas of the business, especially in end-user computing, and it has affected profitability".
Uncertainty surrounds the company thanks to a dispute between founder Michael Dell and two of the biggest shareholders. Michael Dell along with private equity group Silver Lake has offered to buy the company for $24.4 billion and take it private. At the same time promising to shift the business away from PCs towards mobile devices.
However, the biggest shareholders argue that this valuation is too low. They have made a counter proposal to offer new shares to existing shareholders and install new management to run the business.
The company, which Mr Dell started from his college dorm room, was held up as a model of innovation as recently as ten years ago but has since lost ground to cheaper far eastern manufacturers and to makers of mobile hardware. The drop in PC sales should strengthen the case to move the company away from its traditional PC focus.
Photo Credit: Mopic/Shutterstock
Along with a number of major employers, e-skills UK -- an organization dedicated to inspiring future talent in IT -- is developing a new apprenticeship scheme to build cyber security skills.
The scheme highlights the need to attract a new generation of talent into an industry where at the moment only 7 percent of security professionals are aged under 29. It will give youngsters an opportunity to start a career and earn a wage whilst working towards an internationally recognized qualification.
A number of major companies including IBM, BT and defense supplier QinetiQ are backing the scheme, with the first apprentices due to start later this year. Karen Price, the CEO of e-skills UK, says, "I am delighted that e-skills UK is working with a consortium of key employers to create the routes for young people to enter the exciting world of Cyber Security. These new apprenticeships will help tackle the skills shortage faced by this sector, including attracting more women, who are currently under-represented".
Bob Nowill, Director of Cyber and Assurance at BT, adds, "There are currently few structured routes for young people to enter the cyber security work sector and we are pleased to be contributing to this opportunity to proactively grow new talent which is directly aligned to the needs of industry".
The scheme will be supported by taxpayer funding via the UK Commission for Employment and Skills. It’s coordinated by the National Skills Academy for IT in order to ensure that it meets the required high standards.
Will this be enough to tempt teenage hackers to go legit and become the next generation of security professionals? Only time will tell.
Photo Credit: Lasse Kristensen/Shutterstock
The Google I/O keynote has revealed some major changes to Google+. Highlights include a new multi-column stream aimed not only at providing a cleaner design but also at offering greater depth to the user experience.
The columns are customizable so that you can organize them to show the things that are most important to you. Tiles of information can be flipped to show alternative details and thanks to clever landmark recognition technology you can click on a picture to find more information about the location.
Hangouts are heavily revised too with the focus on making conversations simpler and not just concentrating on video. Hangouts becomes a standalone app on mobile devices and allows you to create ongoing conversations that stretch back over months or even years. You can see at a glance who is taking part in the chat stream and what point they've read up to. The new Hangouts will also allow group video chat at no charge -- take that, Skype!
On the photo side Google+ now offers 15GB of free cloud storage for your images. It can pick the best pictures from a folder for you by weeding out duplicates, blurred pictures or poor exposures. It also analyzes shots looking for smiling people and family images in addition to using the landmark recognition mentioned above to pull out the best shots.
There's an Auto Enhance feature too that corrects a range of common photo problems. Google also introduced what it calls Auto Awesome in order to create good shots by combining other pictures. This allows you to, for example, ensure you get group shots where everyone is smiling.
These changes make Google+ much more attractive in both looks and in function but will they be enough to boost its popularity? Let us know what you think.
F-Secure has released its latest mobile threat report for January to March 2013. Highlights include an increase in threat families and variants of almost 50 percent over the previous quarter, and that Android is still the most targeted mobile OS.
Android threats accounted for 136 of the 149 detected during the period, the other 13 being aimed at Symbian. No threats were reported for iOS, Blackberry or Windows Mobile. The report notes a particularly worrying trend towards the commoditization of malware, either by making premium rate calls or stealing bank details. 114 out of 149 threats found were profit motivated. The authors state:
The Android malware ecosystem is beginning to resemble that which surrounds Windows, where highly specialized suppliers provide commoditized malware services. Two key examples of this trend surfaced in the first quarter of 2013 in the form of "Stels" and "Perkele" malware. Besides commoditization, targeted attacks and spam operations involving Android malware are also making strides in the mobile threat scene.
There has been an increase in targeted attacks against particular groups such as human rights activists. Our old friend the 419 scam in the form of fake job offers remains popular too. The report breaks down threats by type with Trojans being by far the most common at just over 61 percent of all those detected.
As the report notes these trends very much echo those seen on the Windows platform.
In a way, Android is experiencing the same fate as Windows where its huge market share works in both good and bad ways. Such popularity certainly translates well in terms of sales, but it also appeals to the maliciously-minded crowds. Malware authors see plenty of opportunities yet to be explored on the relatively new and growing platform.
Whilst the actual number of threats is still quite small compared to those seen for Windows, the findings do show that mobile devices are firmly in the sights of malware developers.
Photo Credit: style-photography.de/
Web browsers are one of the main ways that malware finds its way onto your machine. Tests carried out by NSS Labs looked at the five major players, Chrome, Firefox, Safari, Opera and Internet Explorer to see which offers the best protection against more than 700 examples of real-world malware.
And the safest is... (Drum roll and a long, reality TV-style pause...) Internet Explorer 10, blocking 99.96 percent of known malicious downloads. Chrome comes second on 83.16 percent with the other three trailing a long way behind at around 10 percent each. This might come as a surprise to all those people who have long shunned Microsoft’s browser in favor of third-party alternatives on the grounds that they were safer.
So what's the reason for the difference? Safari, Firefox and Opera all rely solely on URL blacklists to block potential attacks. Chrome and Internet Explorer both have additional "context agnostic malware protection" (CAMP). In IE’s case this is called "Application Protection" whereas Chrome names it "Download Protection". Using CAMP technology means there’s more chance of false positives and so it relies on asking the user to make a choice to block or allow the download which potentially introduces a weak link in the chain.
If you filter the CAMP element out of the results then Chrome performs no better than Safari and Firefox. However, IE 10 still turns in an impressive 83.17 percent block rate based on URL reputation.
Now of course we technically aware types are careful about the links we click anyway. But it seems that if you’re worried about protecting your more vulnerable friends and relatives when they’re online you should encourage them to use IE 10.
Photo credit: dohtoor/Shutterstock
Security products that work across all of your digital devices from PCs to smartphones are nothing new -- Norton One has been around for over a year -- but now McAfee has joined the fray. LiveSafe includes virus protection, a password manager and encrypted cloud storage in a single package.
The most interesting feature is the secure online Personal Locker that gives users 1GB of storage to hold their sensitive documents, financial records, IDs and so on. This is secured using biometric authentication with voice, face and device recognition. It works using Intel Identity Protection Technology. This is a hardware authentication mechanism that’s built into the latest Intel processors. To access a file you need to enter a PIN, take a photo for facial recognition and read two messages to confirm your voice.
LiveSafe is compatible with Windows, iOS and Android and there's no limit to how many devices you can use it on. It has a password manager that's accessible across all devices so you'll always be able to get at your online accounts on the move. There’s also a browser-accessible dashboard to allow you to control LiveSafe's features from anywhere.
LiveSafe is currently available at an introductory price of $19.99 for a one year subscription and will cost $79.99 a year after that. It will come pre-installed on Dell Ultrabooks and PCs starting in June.
McAfee is a little late to the game here but the move away from providing trial versions on new PCs is clever and one other security companies will be watching closely. The Personal Locker should prove attractive to people who need access to private documents on the move too.
Photo credit: Andrea Danti/Shutterstock
Independent testing organization AV-Comparatives has released its latest performance tests evaluating the impact of security software on system performance. It carried out the tests on a 64-bit Windows 7 system and measured a number of everyday activities including copying files, installing and uninstalling applications and launching programs as well as running the PCMark 7 benchmarking suite.
The results of these tests have been used to produce a system impact score measuring how much difference the various antivirus programs make compared to having no security installed at all. This makes for some interesting reading.
At the top of the tree tied with impact scores of 0.4 (lower is better here by the way) come F-Secure, Sophos and Kaspersky. Second with a score of 0.6 comes ESET. Of what you might call the household names Symantec does best with a score of 1.3 whilst McAfee turns in a disappointing 14.4.
Microsoft’s own Security Essentials scores a reasonable 5.6, behind BitDefender’s 2.4 but ahead of AVG’s 7.1 and BullGuard’s 8.7. Bottom of those tested comes Kingsoft with an impact score of 25.6. You can read the full results and the test methodology by visiting the AV-Comparatives site.
Of course all of this only tells you how the software impacts on your PC, not how well it protects you. As always with security there’s a trade off involved but if performance matters then the report will at least help you make an informed decision. You can find data on comparative protection levels elsewhere on AV-Comparatives to help you make up your mind.
Spotify is the world’s most popular streaming music service with some 24 million active uses, around 6 million of those paying a subscription for premium services. I use Spotify all the time; it’s a great way of finding and sampling new music, and the company’s deals with major labels go a long way to legitimizing the streaming model.
Yesterday though, Spotify acted to change its website player after a Dutch developer released a Chrome extension that allowed MP3s to be downloaded from the site. Google removed the Downloadify plug-in from its site before Spotify applied the fix to the player, which now uses an encrypted format.
Robin Aldenhoven, the man behind Downloadify opines on his Twitter stream, "I could not believe it myself that they did so little to protect their library". But he also supports Spotify’s obligation to copyright holders saying, "Google responded correctly to remove, but Spotify should not send DRM-free MP3s to users".
Of course, we all know that streaming services have long been vulnerable to this type of thing. There are plenty of freely available tools to allow the ripping of music from YouTube, for example, even though it’s a clear breach of the site’s terms of service.
Although this latest issue might seem like a major problem for Spotify, I don’t think it’s really the "nightmare" that some bloggers call it.
The vulnerability didn’t affect the service’s desktop or mobile clients, just the web player, which only launched last November. Plus you need to sign up for an account to be able to access Spotify so you are traceable and frankly there are easier ways to find free MP3s if you really want to.
The real risk is that if this sort of thing happens too often the major record labels will lose faith in the Spotify business model -- and indeed that of other streaming services -- and may decide not to renew their license agreements. At the moment, it seems that the company’s fast action to plug this hole is enough to retain confidence. I hope it is, my nightmare would be if Spotify disappeared altogether.
Photo Credit: Joe Wilcox
How are you feeling? If you don't have time to lie on the couch and work through your issues you can now turn to your Android phone to measure your emotional state. Cambridge University researchers have developed an app that combines smartphone data with user perceptions in order to track happiness.
The EmotionSense app collects sensor information from the phone about where you are, how noisy the environment is, and who you’re communicating with. It then combines this data with your answers to questions about how you’re feeling in order to work out your emotional state.
There are other mood tracking apps of course, but the Cambridge team believe this is the first time that user input has been combined with phone information. The app was developed as part of a project to use mobile phones as a means of improving health and wellbeing. It takes about eight weeks to unlock all the sensors and build up a full picture of what influences your moods.
"Behind the scenes, smartphones are constantly collecting data that can turn them into a key medical and psychological tool", Neal Lathia, lead researcher on the project team, explains. "Any smartphone now comes with numerous sensors that can tell you about aspects of your life, like how active you are, or how sociable you have been in the past 24 hours. In the long term, we hope to be able to extract that data so that, for example, it can be used for therapeutic purposes".
The team aims to collect a record of what drives people’s emotions and be able to work out when they’re likely to be at their most stressed. In the future this could lead to phones being used by doctors to routinely monitor patients. Dr Lathia explains: "Most people who see a therapist only have an appointment once every fortnight. Many, however, keep their phones with them most of the time. In terms of sheer presence, mobiles can provide an ongoing link with a person".
The app is available now to download free from the Play Store but to use it you must consent to your data being passed to the researchers. The team is working on versions for other smartphone platforms.
Photo Credit: kaczor58/Shutterstock
As if the Google Gaze wasn’t enough to get you strange looks in the street, now there’s a new app for Google Glass users that lets you take a photo simply by winking.
The Winky app was revealed yesterday by developer Mike DiGiovanni on his Google+ page he says:
You might not think it's hard to say "Ok, Glass Take a Picture" or even just tap a button. But it's a context switch that takes you out of the moment, even if just for a second. Winking lets you lifelog with little to no effort. I've taken more pictures today than I have the past 5 days thanks to this.
Currently Winky is only available as Android source code so it needs to be compiled before it can be used but since most Glass users are currently developers and other techy types that shouldn’t be a problem.
So, next time somebody winks at you it’s important to check if they’re wearing a Google headset in order to avoid embarrassment. Aside from the fact that technology seems to be turning us all into twitching loons, there would appear to be endless potential for misunderstandings here, "Honestly, officer I was only taking a photograph".
Photo Credit: Vadim Ivanov/Shutterstock
The Dutch government has revealed plans to give the police extra powers to fight cybercrime. Under the proposed new law officers would be given the right to hack into computers, read emails, install spyware and delete files. They could also be authorised to tap VoIP calls and break into servers located outside the country if they were being used to host DDoS attacks.
The country’s Justice Minister Ivo Opstelten says that the powers would be used under strict control and that the approval of a judge would be needed before the police could carry out these actions.
Terrorism and child pornography are areas of special concern in the bill but it would also introduce penalties for the publication of stolen data. In addition the bill would make it a crime for a suspect to refuse to decipher encrypted files or hand over passwords during an investigation by police.
Digital rights group Bits of Freedom is opposed to the new law saying that it sets a bad precedent and that its preparation has been rushed.
The bill is set to undergo revisions before being put to parliament at the end of the year. If it’s passed then no doubt other governments will be looking at how they too can kick down the doors of suspects’ computers.
Photo Credit: Ivonne Wierink/Shutterstock
The Mozilla Foundation is accusing Gamma International, a UK-based software group, of making a false association between one of its products and the Firefox name.
Gamma International produces FinFisher, a program used by governments to obtain data in a covert way. FinFisher is often installed by disguising itself as an update to a well known program such as Firefox. Mozilla has now sent a cease and desist letter to Gamma claiming that its Firefox trademark is being violated and that the practice must end immediately.
Alex Fowler in charge of privacy and public policy at Mozilla says on his blog,
As an open source project trusted by hundreds of millions of people around the world, defending Mozilla’s trademarks from this type of abuse is vital to our brand, our users and the continued success of our mission. Mozilla has a longstanding history of protecting users online and was named the Most Trusted Internet Company for Privacy in 2012 by the Ponemon Institute. We cannot abide a software company using our name to disguise online surveillance tools that can be -- and in several cases actually have been -- used by Gamma’s customers to violate citizens’ human rights and online privacy.
Mozilla has acted following a report from the University of Toronto's Citizen Lab on digital spying. The report compares a legitimate install of Firefox with what the report’s authors claim is a FinFisher install. This, they say, comes labeled with version numbers, copyright details and descriptions from a legitimate Firefox version.
Photo credit: olly/Shutterstock
Following an investigation by the European Commission into whether Google unfairly promoted its own services, the search giant has agreed to make some changes to the way results are displayed.
Google will more clearly label search results that link to YouTube, Google Maps and its other sites. The Commission has proposed that these changes run for a month whilst it collects public feedback. The EC will then decide whether to make them legally binding for five years, in which case an independent monitor would be appointed to oversee proper implementation.
The agreement requires Google to clearly separate promoted links from general search results. The company will also need to show links to three rival specialized search providers in a location that’s clearly visible to users.
In addition Google will need to offer websites the ability to opt out of specialized search results -- such as news and shopping -- whilst not affecting their ranking in a general search. This includes the ability to allow newspaper websites to control, on a page-by-page basis, the parts of their content that shows up in Google News searches.
Google will no longer be able to include in its agreements with publishers any obligation that they source online search adverts exclusively from Google. Nor will it be able to restrict advertisers from running a campaign across rival platforms.
Whilst these changes will only apply to Europe, regulators in other countries will no doubt closely monitor the effects and deciding whether to impose similar restrictions of their own.
Typing on touchscreen devices is very different from using a conventional keyboard and the traditional layout doesn’t help much. Researchers at the University of St Andrews, the Max Planck Institute for Informatics and Montana Tech have come up with a new layout that claims to allow tablet users to thumb type 34 percent faster.
Named KALQ after the order that the characters appear, it's been developed to provide optimal character positions when typing on a tablet. By spreading the characters used in commonly typed words such as "on", "see", "you" and "read" which on a QWERTY keyboard would all need to be typed with one thumb, KALQ speeds up typing and minimizes strain.
Dr. Antti Oulasvirta, Senior Researcher at the Max Planck Institute for Informatics in Germany, says:
The key to optimizing a keyboard for two thumbs is to minimize long typing sequences that only involve a single thumb. It is also important to place frequently used letter keys centrally close to each other.
Experienced typists move their thumbs simultaneously: while one thumb is selecting a particular key, the other thumb is approaching its next target. From these insights we derived a predictive behavioral model we could use to optimize the keyboard.
KALQ also has built in error correction that takes into account thumb movements and a statistical analysis of the text being typed. This enables uses to reach a speed of 37 words per minute as opposed to 20 on a QWERTY layout.
The researchers will present their work at the CHI 2013 conference in Paris on 1st May and KALQ will be available as a free download for Android-based devices.
My Why I love Windows 8 piece last week generated a lot of comments and a good balance of pro and anti opinion. Thanks for taking the time to air your views. I received one particular comment concerning choice and that got me thinking that it was a subject which deserved a closer look.
In the past Windows has imposed relatively few restrictions on its users. You want to launch a program? You can click the desktop icon, select it from the start menu, select an icon from the task bar, use a gadget or track down the folder where it's stored and run it from there. You can even call up a command line if you want. It's your choice. As is installing a third-party menu system or an Apple-style widget bar, the permutations are endless.
The same goes for developers too. If you're building a program you can make it look how you want. You don't have to use the ribbon toolbar format, there’s no restriction on the size, shape or position of the buttons, the menu items don’t have to be in a particular order.
Contrast this with other systems. Visit the developer site for Apple, or even for Android, and you'll find there’s a whole raft of guidelines and recommendations all aimed at giving a consistent look and feel to programs and apps.
Which brings us back to Windows 8. With the launch of the much discussed Modern UI we have for the first time in Windows an interface that requires developers to conform to a strict template. It also requires users to launch and control all their apps in the same way.
Is this a good thing? Windows has always been about choice whereas other systems have imposed their developer's vision more forcefully on the user. But if you give people too much choice don’t they just get confused? Isn't it better to always have context menus and navigation controls in the same places? To have a one-stop location on the charms bar for settings and searches across all apps?
If all programs are launched from the same place and can be navigated in broadly the same way then you have a huge step towards making a more user-friendly system. Ask yourself this, if you'd never seen Windows before wouldn't the Modern UI approach seem much more logical than the old five ways to achieve the same end model?
The problem of course is that people have seen and used and adapted to older versions of Windows and are resistant to change. As a result there's been a lot of heated debate about the Modern UI way of doing things. This isn't helped by the fact that the desktop has changed little and is still lurking just a click away allowing people to slip back into a comfort zone.
Microsoft has made a bold move with Windows 8. It has provided an opportunity to re-evaluate how all Windows programs look and work. If that leads to improved usability at the expense of stricter development standards then in the long run it must be a good thing. It would be a shame if having come this far Microsoft were now to listen to the shrill voices and take a step back from the Modern UI approach.
Photo Credit: Thomas Pajot/Shutterstock
UK polling company YouGov has released the results of its latest Quarterly Tablet Tracker for the first three months of 2013. It shows that consumers now see Android tablets as equal in quality to the iPad and as a result their makers are eating into Apple's share of the premium market.
Although it still has the largest slice of the UK's tablet market, Apple has seen its share drop by 10 percent in the past 12 months. Despite the launch of the iPad Mini and 4th generation iPad, Apple now has 63 percent of the market compared to 73 percent this time last year.
The main reason for the drop seems to be the emergence of strong new competitors which have taken sales not just from Apple but from the obscure budget brands too. Google's Nexus 7 has grabbed 8 percent of the market in under a year, while the Kindle Fire has taken 5 percent. Since the beginning of 2012 Samsung has also more than doubled its share from 4 percent to 10 percent.
There is some good news for Apple with the iPad Mini taking 4 percent of the market and generating the highest customer satisfaction scores.
Looking at the overall picture, the Quarterly Tablet Tracker shows that 18 percent of the UK adult population (more than 8 million people) now own a tablet. This is an increase of 5 percent over the last quarter of 2012, no doubt fueled by the Christmas period.
Of course Apple still has a huge share of the tablet market largely thanks to its head start. But that dominant position is only likely to slip further as the big-name Android makers raise their game.
Photo Credit: Adam Radosavljevic /Shutterstock
Fourth in a series. It seems to be fashionable at the moment to be negative about Windows 8. People like to whine about how the Modern UI gets in the way and how the rest of it is just Windows 7 with some of the furniture rearranged. Some analysts are even blaming Windows 8 for poor PC sales.
Well, I’m sorry Windows 8 deniers, you’re wrong. I’ve used every major version of Windows since 3.1, I’ve been using Windows 8 since the Developer Preview versions and I think it’s Microsoft’s best effort yet.
If you move beyond the culture shock of its different look, there are just so many things that Windows 8 does well. The first is how quickly it manages to boot up your PC. When I initially loaded the Developer Preview on the humble Intel Atom-powered machine I use as a test box I was startled to find it booted in less than half the time taken by my Windows 7 laptop with Pentium power and 50 percent more RAM. Okay, so this is down to a little conjuring trick which saves the system state on shutdown and allows the system to reload without starting core components one by one, but it’s still impressive.
Another feature that makes me a fan of Windows 8 is its reliability. When your day job involves the constant round of installs and uninstalls that comes with reviewing software and hardware you become no stranger to the blue screen of death. Not in Windows 8, in almost a year of use I haven’t seen the BSOD once. This is due to Windows 8’s ability to allow individual programs to crash without taking down the whole OS.
Some people bemoan the lack of a desktop Start button, but the Charms bar combined with the powerful search function more than compensates. I’m now reaching the point where using an older version of Windows feels quite alien and I automatically go to the bottom right corner of the screen expecting something to happen.
Which brings us to the controversial Modern UI. Yes it’s designed for touch screens and it works best with one. But it’s still perfectly usable on an old-fashioned mouse and keyboard setup. The apps look good, they work well and if you want a conventional desktop it’s only a click away. Honestly, I don’t understand why people have a problem with it.
I could go on about improved multi-monitor support, easy syncing of settings between machines, the quality of the built-in security, the ability to reset the system and more. There are many reasons why I love Windows 8, so let me end with an appeal. Don’t take my word for it, set aside your prejudices, curb your Luddite tendencies and take a fresh look, this really is a good operating system.
Security giant Symantec’s 18th annual Internet Security Threat Report is out today and reveals that cyber criminals are increasingly scouring the Web for personal details in order to target their attacks. Armed with your information they can exploit security gaps in social networks and other sites to infect your system or steal your details.
It’s not just your PC that’s at risk either; the report shows an alarming 58 percent increase in attacks on mobile devices with just under a third of these aimed at stealing data without the user’s knowledge. Android is the most targeted mobile platform as its open source nature makes it easier to hide malware in apps. The securer-than-thou smugness of Apple users receives a blow too as the report notes more than 600,000 Mac systems were infected by a single attack last April.
When it comes to types of threat, the growth of ransomware continues with infections becoming more aggressive and harder to undo. Another scary statistic is that 61 percent of malicious sites are actually legitimate websites that have been compromised so you may be at risk even if you think you’re practising safe surfing.
Symantec also highlights some common myths about security and you can read these as a handy infographic and access the full ISTR report here.
Norton’s security expert Richard Clooke said, "The report results have shown that it is still crucial for Norton to continue to educate consumers on how they can help protect themselves from acts of cybercrime. Ransomware, for example, a scam which disables victims’ computers until they pay a ransom, continues to be a key theme and is now becoming more sophisticated than ever..."
Of course all of this is aimed at boosting sales of Symantec’s security products, but it does underline that the threat landscape is an ever changing one and that we all need to be careful out there.
Photo Credits: Slavoljub Pantelic/Shutterstock
We all know that search engine results can sometimes serve up malware, but if you’re using Bing you’re five times more likely to get malicious links than if you’re using Google.
In an 18-month study, independent German lab AV-Test discovered that all search engines sometimes serve up Trojans and other malware amongst their results despite the search providers' best efforts to prevent it.
AV-Test found 5,000 malware links across 40 million websites, so toxic search results are perhaps rarer than you’d think. However, it seems that developers are putting their efforts into SEO techniques so that their results appear higher up the rankings where users are most vulnerable to clicking without thinking.
Google and Bing proved to be the safest search engines in the study, but of the two it’s Bing that’s more likely to give you a nasty surprise when clicking on a link, delivering 1,285 malicious results to Google’s 272. If it’s any consolation you can feel sorry for the Russians as their search giant Yandex delivered more than ten times as many infected sites as Google.
Most of the infected sites exploit existing vulnerabilities so you can keep yourself safe by ensuring that your browser and security software are always up to date.
Photo Credits: maraga/Shutterstock