http://www.cio.com/article/494553/T_Mobile_Confirms_Stolen_Data_is_Genuine
As I have stated many times before, before you outsource any data or parts of your infrastructure...make a an security assessment . Think about the go-to-jail factor.
(Thanks Malcom for the link)
Monday 22 June 2009
Wednesday 17 June 2009
This is pure marketing...but I am proud of it
Following rigorous testing over the past year, AppGate’s solution has been chosen to ensure police officers on the beat can securely access essential information held on the central network at police head quarters via their mobile phones. AppGate’s technology will now make it possible for the Police force to change how they work to be more productive and efficient.
Stockholm 17 June 2009 - It has been a tough knot for the Police to solve, how to make confidential information available for officers working on the street while ensuring the information remains secured. Previously, officers had to return to the station each time they needed to retrieve information, despite the fact that it would be more effective and efficient if they were able to access it while at the scene of the crime.
A key requirement has been to find a solution that uses the highest possible level of security while at the same time providing the best possible availability, and the new solution from AppGate achieves that making it possible to retrieve highly classified information over a mobile phone. The solution will be available to police all over Sweden and 10 000 police officers will use the system at first with the possibility to scale it up to incorporate more users later.
The AppGate system makes it possible to integrate all types of access: Mobile, PC/Mac, PDA, in one single solution without having to accept reduced security or functionality. The users will get exactly the access they need when they need it – no more and no less. One set of users might be restricted to downloading e-mail and synchronizing their calendars on their mobile phones, while others who are running the required AV software on their mobile devices might have access to SAP and the CRM system as well.
As always AppGate security servers build on existing proven functionality such as:
Application Layer Firewall
Mobile & Fixed VPN
Granular & Role based Access
End-point Security Control
Stockholm 17 June 2009 - It has been a tough knot for the Police to solve, how to make confidential information available for officers working on the street while ensuring the information remains secured. Previously, officers had to return to the station each time they needed to retrieve information, despite the fact that it would be more effective and efficient if they were able to access it while at the scene of the crime.
A key requirement has been to find a solution that uses the highest possible level of security while at the same time providing the best possible availability, and the new solution from AppGate achieves that making it possible to retrieve highly classified information over a mobile phone. The solution will be available to police all over Sweden and 10 000 police officers will use the system at first with the possibility to scale it up to incorporate more users later.
The AppGate system makes it possible to integrate all types of access: Mobile, PC/Mac, PDA, in one single solution without having to accept reduced security or functionality. The users will get exactly the access they need when they need it – no more and no less. One set of users might be restricted to downloading e-mail and synchronizing their calendars on their mobile phones, while others who are running the required AV software on their mobile devices might have access to SAP and the CRM system as well.
As always AppGate security servers build on existing proven functionality such as:
Application Layer Firewall
Mobile & Fixed VPN
Granular & Role based Access
End-point Security Control
Monday 15 June 2009
I am so tired of hidden agendas from vendors
I read an article with someone called Mark Hennessy from IBM today. In the article he claimed that in the future the IT-department of most companies would disappear due to that everybody would use "the cloud" for all types of applications. He is entitled to have his view of course and I also think that a lot of companies will jump on this new outsourcing trend. What makes me irritated is that again a salesperson hides behinds his title….to sell a product. This is not uncommon in the IT-industry..anti-virus companies sends out reports that shows that there are more viruses then ever...router vendors that "foresees" increased usage of Internet (so operators needs to buy new and faster routers). Do they actually think that most people do not see through their marketing effort and take their advice for what it is...pure selling.
On the subject about cloud computing I think that companies that has IT as an integrated part of their business strategy will never outsource all part of their application infrastructure.
On the subject about cloud computing I think that companies that has IT as an integrated part of their business strategy will never outsource all part of their application infrastructure.
Tuesday 9 June 2009
Who is responsible if the shit hits the fan?
I am often invited by companies to act as a bridge between the IT department and the higher management. That is not always easy..the management seems to think that IT people likes new toys to play with...and IT people seems to think that management does not understand the importance of IT. A way of getting around the discussion is to play the responsibility game. I start by asking what the worst thing that could happen would be. Usually that is that the company does something that hurts a 3-party...and then gets sued for it. I did this when I talked to a CEO about cloud computing...and I really enjoyed when he realised that he could never delegate the responsibility just because he outsourced his applications. That CEO is now very much involved in all discussions regarding outsourcing and cloud computing. I call it the go-to-jail factor.
Monday 8 June 2009
More about Mobility
I spend a lot of time with customers who want to increase the usage of mobile phones but have concerns about security and costs. There is no single answer that would fit anyone but over time I have formulated a list of questions to ask.
1. Will you use the mobile phone to access more then just email? Intranet, business applications and other applications are on the wish list of most users today. Will that increase your return on your investment?
2. What is the lowest level of authentication you will accept for access to information? Passwords? 2-factor authentication? Does your mobile solution support the authentication system that you already use?
3. What are the security effects on your infrastructure? How many ports do you need to open in your firewall etc etc?
4. Can you accept that your traffic goes trough a 3-party gateway (like the Blackberry solution).
5. How do you manage the mobile and support the mobile phone? Can a phone be updated remotely?
6. Can you control the identity of the actual phone before it is connected to the network?
7. Should information be stored on the phone or centrally?
8. Does the phone have encryption pre-installed or do you need to add that.
There is one more thing I usually tell everybody that wants to listen...make a difference between what you NEED to do...and what is fun to do. I have seen the costs of many mobile projects explode due to the FUN factor. Make a list of features that you need rather then options vendors try to sell to you. One of the features many talk about is the users use of the phone..expensive reports are created for something that you get from your operator for free.
1. Will you use the mobile phone to access more then just email? Intranet, business applications and other applications are on the wish list of most users today. Will that increase your return on your investment?
2. What is the lowest level of authentication you will accept for access to information? Passwords? 2-factor authentication? Does your mobile solution support the authentication system that you already use?
3. What are the security effects on your infrastructure? How many ports do you need to open in your firewall etc etc?
4. Can you accept that your traffic goes trough a 3-party gateway (like the Blackberry solution).
5. How do you manage the mobile and support the mobile phone? Can a phone be updated remotely?
6. Can you control the identity of the actual phone before it is connected to the network?
7. Should information be stored on the phone or centrally?
8. Does the phone have encryption pre-installed or do you need to add that.
There is one more thing I usually tell everybody that wants to listen...make a difference between what you NEED to do...and what is fun to do. I have seen the costs of many mobile projects explode due to the FUN factor. Make a list of features that you need rather then options vendors try to sell to you. One of the features many talk about is the users use of the phone..expensive reports are created for something that you get from your operator for free.
Tuesday 2 June 2009
How boring is IT-Security?
I had some friends over for dinner a couple of weeks ago and for some odd reason we started to talk about my blog. The verdict was that is had to be good...as they did not understand a word about anything I wrote. I have to admit I was a little but surprised because I want to think that I write about things that people should understand...as it concerns everybody. My wife gave me the simple (but fairly cruel) answer...IT Security as a dinner discussion is very very boring for 99.999% of the worlds population. It is such a boring subject that next time I bring it up..she will force me to bed without dessert. So why is IT-Security such a boring subject? I am not boring; my friends in the industry are not boring (at least we do not think so). I do not have the answer but maybe security is boring because we do not think it is that important. We actually believe that the threat is un-real and that the makers of software do a decent job to protect us. Therefore we who work in the industry are troublesome whistleblowers who try to make a dollar by scaring honest people to buy stuff they do not need. I wish it were true. I am open to any suggestion how to make IT Security more interesting for people outside the industry..at least that would make my dinner parties more interesting.
Subscribe to:
Posts (Atom)
