Day Two of VMworld is in the books, and here's what our team of analysts have to say:
From a user’s perspective, a workspace is a window into an environment that includes all the necessary tools and information for performing her job. In some sense, this is akin to the consumer view of an app store, but there is more to the story in a business setting. We covered the details of Supporting Enterprise Mobility: How to Create a Workspace in a previous blog and discussed the options IT has to create Supporting Enterprise Mobility: Cloud Assembled Workspaces. Let’s cover two of the key ingredients that a user should expect:
As I’ve mentioned many times in my blog, there is a lot of evidence suggesting a trend toward the amalgamation of endpoint and network security.
Here’s another recent data point that supports this further. ESG recently published a new research report titled Network Security Trends in the Era of Cloud and Mobile Computing. The report is based upon a survey of security professionals working at enterprise organizations (i.e., more than 1,000 employees). ESG asked them: “Is your organization engaged in any type of project to integrate anti-malware and analytics technologies on networks and endpoints?” Nearly one-quarter (22%) said, “yes, extensively,” while another 39% responded, “yes, somewhat.”
Jon Oltsik, on Oct 8, 2014
One of the more vapid cybersecurity cliché statements goes something like this: “Hacking is no longer about alienated teenagers spending countless hours in the basement on their PCs. Rather, it is now the domain of organized crime and nation states.” While this is certainly true, it is also blatantly obvious. It is also nothing more than a meaningless platitude with no details about why this is true, how hackers operate differently than teenagers, or what the implications are.
If you want to understand these issues, I strongly suggest that you read a new threat report, Analysis of a Cybercrime Infrastructure, published this week by Proofpoint. The report follows the tactics and techniques used by a Russian organized crime group as it launched an attack on US- and European-based users aimed at stealing online banking credentials.
I shall be expanding on this theme--the internet of things (IoT) over the next few years, as I find it to be the most interesting thing to happen not only in tech, but potentially in modern society, ever.
In my time with ESG Lab, I have seen and tested numerous virtual desktop solutions and reference architectures. It’s common knowledge that virtualizing end-user computing environments can present the most challenging workloads an infrastructure must support. Users have become accustomed to the performance of flash drives in their business and personal computers, making delivery of an exceptional user experience–essential to the success of desktop virtualization–even more challenging. If you can’t deliver performance equal to or better than what users already have, you’ve already lost.
Jon Oltsik, on Aug 18, 2014
No one hates passwords more than I do and it seems like I’m asked to register for a new site each day. For those of us in the know, this situation of “password sprawl” is even more frustrating because we really should have solved this problem years ago. After all, Whit Diffie, Marty Hellman, and the RSA guys first came up with PKI back in the 1970s so you’d think that passwords would be dead and strong authentication would be ubiquitous by now!
Thankfully, there may be hope on the horizon in the form of the FIDO alliance. The group, composed on a who’s who of industry big shots like ARM, Bank of America, Discover Card, Google, Lenovo, MasterCard, Microsoft, PayPal, RSA, Samsung, and VISA, is “developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance of passwords to authenticate users.” In other words, FIDO wants to introduce “trusted convenience” by making strong authentication easy to deploy and easy to use on the front-end (i.e., for users) and back-end (i.e., for IT).
This will be my 9th year in a row attending VMworld! The event always proves to be a great display of end-user passion that is driving towards new innovation and IT vendors displaying their latest products, solutions, and services. I recently asked the ESG team attending the event if there was anything they planned to track closely or questions that they hoped to get the answers to and here is what they shared:
Most people who use IT or Internet applications would agree that the current username/password mode of authentication is cumbersome, ineffective, and obsolete. According to ESG research, 55% of information security professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that username/password authentication should be completely eliminated or relegated to non-business critical applications only.
As the old infosec adage goes, “people are the weakest link in the cybersecurity chain.” Clearly enterprise security professionals agree with this statement. In a recent ESG research survey, enterprise security professionals were asked to identify the factors most responsible for successful malware attacks. It turns out that 58% point to a lack of user knowledge about cybersecurity risks – the most popular answer by far.
This data is not unusual, security professionals often bemoan end-user cybersecurity behavior. They don’t pay attention in training classes, they click on suspect links, they are easily fooled by social engineering tactics, etc.