The government of Singapore has released its 2014 budget, which includes S$500 million (US$400 million) to help drive economic changes at small and medium-size businesses (SMBs). This spending will focus on:
On January 22, 2014, a new mobile security player was born. This is the date that VMware announced its intention to purchase the mobile device management (MDM) firm AirWatch. With a price tag of $1.5 billion, this acquisition confirms that the mobile security market is scorchingly hot. This news comes on the heels of the November acquisition of Fiberlink by IBM. I expect additional mobile security market consolidation to occur throughout the remainder of 2014. This acquisition is a shot across the bow of any other major vendor looking to play in the mobile security market. If you don't step up and spend now, you might just be left holding the bag.
Symantec held its EMEA Industry Analyst Conference in the UK recently. Symantec saw targeted attacks increase by 42% during 2013. Although it’s always mentioned among the top concerns by businesses in surveys, security is still often treated in a somewhat blasé way by many of those businesses in reality. We took several messages away from Symantec’s conference:
Security is not just a simple IT issue but has wider business implications. Digital security has many facets, including cybercrime and online privacy. Security is an economic and societal dimension for the digital ecosystem. Just think of privacy legislation -- customers expect the businesses with which they interact to adhere to it. This also means that the future security manager will be someone who understands business requirements and employee wishes well enough to balance them against specific security threats and compliance obligations. The security officer who just “shuts the gates” and says “no” to requests like accessing video websites or installing software is damaging to what we call the connected business.
Every client (especially every government client) who says I’ll never use cloud services with highly secure data needs to hear this story. In no more sensitive a place than law enforcement is just such a value proposition playing out.
Police departments in 18 states in the US, and soon Canada, are dramatically increasing the efficiency of commercial use of highways through a disruptive SaaS solution that costs a fraction of the incumbent service and mixes well with their permitting and inspection databases.
If you drive toll roads or bridges you know the value of Drivewyze. In rush hour, you can wait 10-25 minutes to pay your toll with cash or you can sign up for an electronic toll system that lets you breeze past. Drivewyze does the same for commercial trucks and fleets but not at toll booths but weigh stations, that take much longer to get through. And in the trucking business every minute lost at a weigh station can cost thousands of dollars in lost delivery time. For law enforcement the value is even higher as any time lost inspecting a safe truck is time not spent stopping an unsafe one.
The system works by helping known-good drivers and trucks register with the weigh station wirelessly as they approach it on the highway, get an all-clear, then drive right by. Trucks send their credentials to the weigh stations using any mobile device they happen to have – iPhone, Android, Blackberry. Anything with a cellular connection will do the trick. At the weigh station, they receive the information about the driver over whatever equipment they have – aging PCs and laptops are most common. The system checks each driver and truck against long-standing databases of safety records, expired licenses, past weigh station checks and other information that would indicate an unsafe driving circumstance.
Ok, so NASA failed an audit. Don’t we all? I think it is important to understand the government’s cloud computing adoption timeline before passing judgment on NASA for failing to meet its cloud computing requirements. And, as someone who has read NASA’s risk management program (and the 600 pages of supporting documentation), I can say that this wasn’t a failure of risk management policy or procedure effectiveness. Clearly, this was a failure of third-party risk management’s monitoring and review of cloud services.
The Cloud Is Nebulous
Back in 2009, NASA pioneered cloud technology with a shipping container-based public cloud technology project named Nebula -- after the stellar cloud formation. (I love nerd humor, don’t you?)
Photo Source: NASA
During 2009, NASA, to determine if current cloud provider service offerings had matured enough to support the Nebula environment, did a study. The study proved that commercial cloud services had, in fact, become cheaper and more reliable than Nebula. NASA, as a result of the study, moved more than 140 applications to the public sector cloud environment.
In October of 2010, Congress had committee hearings on cybersecurity and the risk associated with cloud adoption. But remember, NASA had already moved its noncritical data (like www.nasa.gov or the daily video feeds from the international space station, that are edited together and packaged as content for the NASA website) to the public cloud in 2009. Before anyone ever considered the rules for such an adoption of these services.
with Brownlee Thomas, Ph.D., Henning Dransfeld, Ph.D., Bryan Wang, Clement Teo, Fred Giron, Michele Pelino, Ed Ferrara, Chris Sherman, Jennifer Belissent, Ph.D.
Orange Business Services (Orange) recently hosted its annual analyst event in Paris. Our main observations are:
Orange accelerates programmes to get through tough market conditions. Orange’s’ vision in 2013 is essentially the same as the one communicated last year. However, new CEO Thierry Bonhomme is accelerating cost saving and cloud initiatives in light of tough global market conditions. The core portfolio was presented as connectivity, cloud services, communication-enable applications, as well as new workspace (i.e., mobile management and communication apps).
Orange proves its capability in network-based services and business continuity. Key assets are its global IP network and its network-based communications services capabilities. In this space, Orange remains a global leader. These assets form the basis for Orange taking on the role of orchestrator for network and comms services, capabilities that have (literally) weathered the storm, proving its strength in business continuity.
With apologies to the late great President Ronald Reagan, "trust but verify" is outmoded advice when it comes to computer network security. So, why do so many information security professionals still think trusted and untrusted networks zones are still best practice? Most think that people are trusted or untrusted. The problem with that thinking is you never know who can or cannot be trusted. Remember wikileaks? It was an inside job.
The solution: Zero Trust - Verify Then Trust
Meet John Kindervag, Forrester Principal Analyst and a leading expert in network and information security. He says that firms must take a Zero Trust approach to network security that means "verify then trust". In this episode of Forrester TechnoPolitics, John describes the what, why, and how of the Zero Trust approach to network and information security.
Podcast: Zero Trust - Your Only Hope For A Secure Network (8 mins)
I’m very excited to kick off survey development for upcoming Forrester Forrsights surveys that will feature security content. Continuing on from previous years will be the Forrsights Security Survey. This is an annual survey of IT security decision-makers from North American and European SMBs and enterprises. New for 2013 is a Workforce Survey that will provide the (also North American and European) employee perspective when it comes to security and devices in use within their workplace.
These surveys will be fielded April through May, and the results will make their way into published research this summer. Survey development starts now, and I would love to hear what you think about the proposed topics. What are some areas where you’d like to see us gather more data?