Home > RSS Feeds > Security
  • A marked increase in the volume and complexity of IT security attacks appears finally to be pushing more organizations to rely on external IT security expertise. In a global survey of 200 IT professionals with responsibility for security, more than a third said they rely on third-party service providers to secure their IT environments. The study, conducted by The Economist Intelligence Unit on behalf of NEC, finds that while there are mixed opinions concerning how vulnerable their organizations are to major cyber-attacks, nearly three-fourths of those polled say they definitely will be a target of a serious cyber-attack or are likely to be targeted. For IT service providers across the channel, increased awareness of the challenges involving modern IT security is a double-edged sword. Although more awareness creates potential new opportunities, that increased awareness also means that the IT service provider is likely to be held most accountable in the almost inevitable event of a serious attack. Channel Insider examines key takeaways from the study.

  • Organizations are undermining cyber-security strides they have made by failing to enforce best practices concerning known vulnerabilities, including privileged accounts, third-party vendor access and data stored in the cloud, a new survey from security specialist CyberArk concludes. According to the poll of 750 IT and IT security decision-makers, well-publicized breaches have increased cyber-security awareness but in some cases have driven false confidence in companies' ability to protect their organizations from cyber-attacks. A majority of the respondents believe the IT security industry is making progress against cyber-attacks. However, John Worrall, chief marketing officer at CyberArk, said most cyber-attacks are a result of "poor security hygiene" and "organizations can't lose sight of the broader security picture while trying to secure against the threat du jour." Here's a look at how businesses are progressing in their cyber-security programs and where security solution providers can help close gaps.

  • Two of the biggest reasons businesses continue to struggle with insider threats are the adoption of cloud computing technology and bring-your-own-device (BYOD) practices. A new survey reveals that nearly three-fourths of the organizations polled believe they are vulnerable to insider threats. Many of them point to an increase in devices with access to corporate data as a major contributor to the rise in insider leaks. Although the industry's adoption of cloud and BYOD is generally perceived as a positive trend for businesses, these shifts are having an impact on insider threats. The Bitglass Corporate Spies report, based on a survey more than 500 cyber-security professionals, finds that with the adoption of cloud and mobile devices, insiders have access to corporate data from any device and from anywhere. The problem is "careless" users who share sensitive data externally or lose a mobile device that contains sensitive data, according to Bitglass, which offers mobile security and cloud access security broker solutions. The companies at the greatest risk are those that don't have visibility and control over their data. Here's a look at key findings from the study.

  • IT security opportunities continue to proliferate for managed service providers and others in the channel as new tools and processes are developed to address new challenges.

  • Federal agencies that use big data analytics as part of their cyber-security strategy are improving their data security and reducing cyber breaches, according to a survey released by MeriTalk, a public-private partnership focused on the government information industry, and underwritten by Cloudera, a provider of Apache Hadoop-based software. The majority of survey respondents said they've successfully used big data to stop cyber-attacks and report a decline in security breaches. The report, "Navigating the Cyber-security Equation," finds that 81 percent of the 150 federal IT managers surveyed used big data analytics for cyber-security in some capacity. However, many still face adoption roadblocks, including a shortage of skilled talent, privacy concerns and poor management support, along with data analysis hurdles, ranging from the sheer volume of data to not having the right systems to gather the information they need. Nearly six in 10 agencies face a cyber-security compromise at least once a month due to their inability to analyze the data fully. For security providers, this means agencies need help collecting and analyzing data as part of their cyber-security programs. Here's a look at key survey takeaways.

  • Cyber-security is a game of spy versus spy that today still requires IT security professionals to be lucky and smart. Aiming to reduce their reliance on luck, many IT organizations are investing in cyber-security analytics apps based on big data platforms. A new survey of 592 IT and security professionals conducted by the Ponemon Institute on behalf of Cloudera, a provider of a distribution of the open-source Hadoop platform for storing and processing big data, finds that demand for cyber-security analytics apps is growing rapidly. For solution providers in the channel, this creates two opportunities: helping internal IT organizations build and deploy these apps or making them available as a managed service. In either scenario, Cloudera partners report seeing an average 71 percent increase in the volume of data their clients are able to store, an average 80 percent increase in data processing speeds and an average 84 percent increase in the amount of data clients that are able to analyze. While advanced cyber-security analytics apps may not stop every attack, they may go far in evening out the poor IT security odds many organizations face.

  • Although many businesses understand that they're ability to defend themselves from IT security attacks is relatively weak, most of them are not in a position to do much about it, according to the findings of a new survey of 4,000 business executives conducted by Kaspersky Lab. The good news is that investments in IT security are on the rise across the board. The biggest limiting factor, however, may not be the actual size of IT budgets. Rather, organizations are reporting that that even though almost half are looking to hire additional security personnel, nearly half also say there is a shortage of IT security talent. At the same time, half the respondents say that in terms of wages, it's becoming more difficult to recruit and retain IT security professionals. Those statistics bode well for increased demand for IT service providers in the channel. Yet, as short-handed as organizations are, only a little more than one-fourth of the respondents said an external audit of their IT security was an effective means of discovering whether the organization has been compromised. Channel Insider examines key takeaways from the study.

  • The Cloud Security Alliance recently published a new handbook, "The Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy," aimed at helping big data solution providers reduce security and privacy threats that are growing and evolving as big data is collected and consumed in the cloud. "As big data expands through streaming cloud technology, traditional security mechanisms tailored to secure small-scale, static data on firewalled and semi-isolated networks are inadequate," J.R. Santos, executive vice president of research for the CSA, said in a statement. One of biggest challenges big data providers face as they migrate to the cloud is ensuring real-time security, which includes putting measures in place that stop unauthorized access to data. Compliance monitoring also is a key issue for providers as they create guidelines to determine how they can use the data, while ensuring that privacy laws and regulations are met. From CSA's massive listing, we've gleaned 10 best practices for delivering real-time security and compliance monitoring.