The 4 security controls your business should take now

In PC World, Tony Bradley writes about the 4 security controls your should take now.

1. Inventory of authorized and unauthorized devices
2. Inventory of authorized and unauthorized software
3. Continuous vulnerability assessment and remediation
4. Malware defenses

vScope comes into play in bullet 1, 2 and 4. vScope takes care of discovery and inventory of both hardware and software. Combined with the compliance analytic engine, rule based tests are performed automatically and regularly. Examples of tests include finding servers where  anti-virus agents are not installed.

Read the full article:
There never will be a perfect computer or network defense. Computer security is a constantly elevating game of cat-and-mouse. As quickly as you address the latest threat, attackers have already developed a new technique to access your network and compromise your PCs. But if you focus on the fundamentals, you can minimize your risk and defend against most attacks.

http://www.pcworld.com/article/2029558/the-4-security-controls-your-business-should-take-now.html

Fear of losing control? Are you a Server Hugger?

Here are two interesting articles worth reading about cloud adaptation. In this first article, Forrester’s Patrick Thibodeau gives a name to those who have fear of losing control of their IT, slowing down cloud adaptation. He calls them “Server Huggers”, a new form of tree huggers. However, ReadWrite Web’s Joe Brockmeier replies in this post that there are numerous reasons for companies today to hold back their cloud initiatives, for the right reasons. Instead, he suggests waiting and seeing is a strategy in it self, which might be the best for many at this point.

At InfraSight Labs, we agree with the second post. We simply believe that companies have invested in too many systems which are hard to migrate to the cloud all at once. Some services are easier to migrate than others, and therefore we are probably going to see a mix of in-hous IT and cloud solutions going forward. Right now in vScope, we are experimenting with reading cloud data and presenting it side by side in-house IT resources. This helps companies who are migrating to the cloud keep track of their assets in a much more controlled way. Furthermore, it helps optimize the right cloud structure and overall costs. Keep your eyes open for a release of vScope’s cloud editions, and please let us know if you have and inquires in the meantime.

Virtualization keeps growing. Read the latest V-index

V-index is an online virtualization industry study performed by Vanson Bourne, an independent market research company. It is based on a survey of at least 500 enterprises across the US, UK, France and Germany and is designed to measure 3 parameters – virtualization rate, consolidation ratio and primary hypervisor in use.

The Q3 V-index results are now available at www.v-index.com. Get the latest virtual server percentages and ratios of more than 500 enterprises, including:

•       38.9% virtualization penetration rate

•       5:1 consolidation ratio

•       Primary hypervisor use:

•       Servers: VMware (67,6%), Hyper-V (16,4%), Citrix (14,4%)

•       VDI: VMware (54,3%), Hyper-V (20,3%), Citrix (24,9%)

vScope in the right place: Gartner’s top 10 IT-trends for 2012

An article in Network World describes Gartner’s vision for IT trends in 2012. Gartner’s view is much in line with InfraSight Labs predictions about the future, and gives fuel to why we stress “agent-less” and “platform independent” as key features in vScope. We also believe the article is pointing towards a need for a new kind of IT tool, where users may treat their IT data in a more Business Intelligence-like way, applied in the datacenter.

Read the article below with our inline comments (The original article is here)

ORLANDO — If you had to pick 10 technology-related trends that will impact your enterprise infrastructure in the coming year, Gartner says you’d do well to start with virtualization and move to other issues such as social media influence, energy issues and flat networks to name a few.

At the Gartner Symposium IT/Expo, David Cappuccio, managing vice president and chief of research for the Infrastructure teams with Gartner, said the Top 10 Trends show how IT is changing in that many of them in the past been outside the traditional purview of IT, but they will all affect how IT does its job in the future.

The Top 10 Trends and their impact, briefly include:

1 The evolution of virtualization: Cappuccio says virtualization will ultimately drive more companies to treat IT like a business. The danger during the next few years will be in following a specific vendor’s vision, though it is unlikely that any one vendor’s vision will prevail. Users should have their own visions of architecture control, and build toward it with a constantly updated strategic plan.

• InfraSight Labs comment: Exactly! This is why we stress “Platform independent” as one of the key features in vScope. With vScope, users may control their architecture regardless of platform.

2 Big data, patterns and analytics: Unstructured data will grow some 80% over the course of the next five years, creating a huge IT challenge. Technologies such as in-line deduplication, automated tiering of data to get the most efficient usage patterns per kilowatt, and flash or solid-state drives for higher-end performance optimization, will increase in importance over the next few years, Cappuccio said. Analytics and other systems to monitor for recurring data patterns that could develop  into money making applications will also be important.

3. Energy efficiency and monitoring: The power issue has moved up the food corporate food chain, Cappuccio said.  Nascent tools are beginning to roll out that can use analytic tools to watch power usage on a variety of levels.  With the increased attention given to power consumption, it has become apparent that many systems are highly underutilized. At low utilization levels, they use a high percentage of their total energy draw. An average x86 server that is turned on, but idle, will draw upward of 65% of its nameplate wattage, for example.  IT organizations need a clear inventory of what compute resources are doing and what workloads there is the potential for significant waste of energy.

4. Context aware apps: The big question here how to do something smart to take advantage of smartphones.  Gartner has in the past said context-based computing will go beyond the business intelligence applications and truly make a unified communications environment possible by  bringing together data culled from social networks and mobile-devices.

5. Staff retention and retraining: Here the idea is developing a plan to get people excited about their jobs enough to stay.  And we’ll need is as starting in 2011 an average of 10,000 baby boomers will be eligible to retire every day for the next 19 years, Cappuccio said. Loyalty to one company is not a quality found in new workers.

6. Social networks:  Affordable and accessible technology has let individuals and  communities come together in a new way – with a collective voice – to make statements about our organizations, the products/services we deliver and how we deliver them, Cappuccio said. The collective is made up of individuals, groups, communities, mobs, markets and firms that shape the direction of society and business. The collective is not new, but technology has made it more powerful -and enabled change to happen more rapidly Cappuccio said. The collective is just beginning to have an impact on business operations and strategies but most organizations do not have a plan for enabling or embracing it.  Ignoring social networking is not an option, Cappuccio said.

7. Consumerization: The key trend here is the fact that new application types will be developed to address mobile users but they won’t be desktop replacement applications.  Still,  a secure, well-defined strategy needs to be put into place to take advantage of this development, Cappuccio said.

• InfraSight Labs comment: Creating a user friendly, easy-to-get-started experience has been the focus of vScope development from day 1. An important part of this is hos vScope is agent-free. We believe that this is drastically reducing the total cost of ownership for “IT business intelligence”

8. Compute per square foot:  Virtualization is one of the most critical components being used to increase densities and vertically scale data centers. If used wisely, average server performance can move from today’s paltry 7% to 12% average to 40% to 50%, yielding huge benefits in floor space and energy savings.  Two issues that need to be considered going forward are the number of cores per server — four- and eight-core systems are becoming common, and 16 cores will be common within two years —  and overall data center energy trends. IT will also have to address things like performance/licensing, Cappuccio said

9. Cloud computing While cost is a potential benefit for small companies, the biggest benefits of cloud computing are built-in elasticity and scalability. As certain IT functions industrialize and become less customized, such as email, there are more possibilities for larger organizations to benefit from cloud computing, according to Cappuccio.

• InfraSight Labs comment: vScope does also span into the cloud, enabling users to see their cloud resources side-by-side with in-house and/or hosted IT.

10. Fabrics: Gartner defines this infrastructure convergence as: The vertical integration of server, storage, and network systems and components with element-level management software that lays the foundation to optimize shared data center resources efficiently and dynamically. Systems put forth so far by Cisco and HP will unify network control but are not there yet.

• InfraSight Labs comment: This is where we believe vScope has an advantage since it combines an arbitrary number of technologies into one unified model.

Original article here: http://www.networkworld.com/community/blog/gartner-10-key-it-trends-2012

Virtual servers in majority

Virtual servers are now in majority, according to a study made by IDC and VMware.

Read more at Computer Sweden

Verizon: Businesses are failing to maintain data security

The Payment Card Industry’s Data Security Standard (PCI DSS) has matured in the six years since it was enacted, but businesses are failing to maintain their compliance with the security standard.

In a report (PDF) released Wednesday, Verizon Business analyzed more than 100 PCI compliance cases conducted in the last year. Its basic finding: The vast majority of firms are unable to remain compliant with the 12 requirements of the standard over the course of a year. Only 21 percent of firms stayed compliant with the Data Security Standards between their last successful assessment and their checkup a year later, the report found.

“It is no longer the case that PCI DSS is too hard [or] we can’t get there,” says Jen Mack, director of global PCI services for Verizon Business. “We see many organizations do successful implementations, but we see a backslide as the year progresses, and then they end out of compliance for the rest of the year.”

Firms had problems with protecting card holder data, tracking and monitoring access to sensitive data, and regularly testing system security and processes, the report states. These are PCI DSS requirements 3, 10, and 11, respectively.

The results are similar to Verizon’s first report in 2010, which found that 22 percent of firms failed their follow-up assessment. Yet, there are some significant differences. Verizon has prioritized the milestones that companies need to reach to comply with PCI DSS, putting first the steps that reduce risk the most. The company found that fewer businesses reached each milestone among the current year’s case data.

Overall, the problem is that companies are treating PCI compliance as a goal to reach and not a state to maintain, says Mack.

“Most people are looking at this as a project, rather than as a program,” she says. “The people that are most successful are the people who integrate PCI in with their processes.”

The relationship of PCI compliance to actual security has been debated. However, many security experts argue that the regime is a good starting point for implementing a data protection process within businesses. In its annual Data Breach Investigations Report, Verizon found that 89 percent of companies that suffered a breach were out of compliance with the standard.

This article, “Businesses failing to maintain data security,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Cloud Computing Outlook 2011

Snippets:

• Most IT professionals prefer to deploy their infrastructure using virtualization (77%)
• 61% of organizations are in the information gathering or planning stages or have an approved cloud computing strategy
(but no implementation), 20% have cloud implementations and 20% have no cloud computing plans at this point
• 70% of data center managers choose to deploy infrastructure on dedicated resources (e.g. dedicated
servers and data center resources) while only 12% prefer to deploy their infrastructure in the public cloud.

Full report here: http://cloud.com/cloud-computing-outlook

Tomorrows CMDB?

Interesting read which suggests something like vScope by InfraSight Labs:

http://cloud.kendallsquare.com/blog/cmdb-in-the-cloud-not-your-fathers-cmdb

InfraSight Labs publish joint research at ESORICS

Konrad Eriksson, CTO and co-founder of InfraSight Labs, has co-authored a research paper with IBM Research. The report, “Automated Information Flow Analysis of Virtualized Infrastructures” has been accepted for the ESORICS confererce.

Download the full report here.

Abstract

The use of server virtualization has been growing steadily, but many enterprises are still reluctant to migrate critical workloads to such infrastructures. One key inhibitor is the complexity of correctly conguring virtualized cloud infrastructures, and in particular, of isolating workloads or subscribers across all potentially shared physical and virtual resources. Imagine analyzing systems with half a dozen virtualization platforms, thousands of virtual machines and hundreds of thousands of inter-resource connections
by hand: large topologies demand tool support.
We study the automated information flow analysis of heterogeneous virtualized infrastructures. We propose an analysis system that performs a static information flow analysis based on graph traversal. The system discovers the actual configurations of diverse virtualization environments and unifies them in a graph representation. It computes the transitive closure of information flow and isolation rules over the graph and diagnoses isolation breaches from that. The system effectively reduces the analysis complexity for humans from checking the entire infrastructure, to checking a few well-designed trust rules on components’ information flow.

Bridging the gap between private and hosted clouds leads to increased complexity

The VMware Cloud Connector, available sometime next month, provides a link between internal and external clouds that moves virtual machines between a hosted service (public clouds) and an organization’s own internal systems (private clouds).

Again, at InfraSight Labs we believe that these types of initiatives further raises the need for tools to help admins understand the increased complexity of their networks.

Read more here