RSA Recap, Part One

I'll have more RSA recap to offer later on this week, but I wanted to kick off the RSA postmortem with a look at the last day or so of the sessions from the conference. There's a bit of a BYOD slant to these nuggets.

There are many ways in which mingling personal and corporate devices and access puts both sides at risk.   Some are due to the way online behavior (personal surfing) from one domain bleeds into exposing your data from another domain (work). The reverse can be true, too. Corporate assets are targets, and that puts your personal assets at risk if you put valuable personal data on a device that sees action outside the home while on business travel.

Topics: Network Security Networking endpoint endpoint security Enterprise Mobility

Fundamental Differences Between Securing Workloads and Endpoints


OK, full disclosure - this is one of my pet peeves, so let me get this out of the way right out the gate: in my humble opinion, a server workload is not an endpoint. Sure, they’re all hosts, but what I think of as an endpoint is different in so many ways from a workload, including computing characteristics, their respective role in the cyber security kill chain, not to mention buying centers. Defining an endpoint as broadly as "anything with an IP address" fails to acknowledge these differences. As such, as an industry, we should be mindful to make note of these distinctions when referring to what types of hosts are being secured.

Topics: Cybersecurity endpoint

Cutting Through Endpoint Security Marketing Hype is a Challenge for Buyers and Vendors Alike

Endpoint security is a fast-paced, dynamic market right now. The amount of funding, M&A, and general product development is moving at what can feel like a blurring speed, and separating the facts from the marketing language can be a challenge.

For a thought experiment, imagine for a moment you are a CIO/CISO/equivalent in charge of the security budget.  You are a little behind, maybe updating from an AV-only environment to a more advanced endpoint solution. How do you go about selecting a vendor? How do you begin quantifying your organizational needs? 

Topics: Cybersecurity endpoint endpoint security IT Spending Intentions skills shortage

Yet Another Proof Point for Network and Endpoint Security Integration

As I’ve mentioned many times in my blog, there is a lot of evidence suggesting a trend toward the amalgamation of endpoint and network security.

Here’s another recent data point that supports this further. ESG recently published a new research report titled Network Security Trends in the Era of Cloud and Mobile Computing. The report is based upon a survey of security professionals working at enterprise organizations (i.e., more than 1,000 employees). ESG asked them: “Is your organization engaged in any type of project to integrate anti-malware and analytics technologies on networks and endpoints?” Nearly one-quarter (22%) said, “yes, extensively,” while another 39% responded, “yes, somewhat.”

Topics: Cybersecurity IT Infrastructure Networking Information and Risk Management endpoint Enterprise Mobility

Why Doesn't IT Back Up BYOD?!

ESG recently started offering TechTruths... single nuggets of data and the analyst perspectives of why they matter. Check out all of them via the link above, but here is my favorite so far on BYOD data protection:

Topics: Backup Data Protection Information and Risk Management endpoint Enterprise Mobility

Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords.

Topics: IBM Cybersecurity Cisco Networking Information and Risk Management FireEye Dell endpoint Data Management SIEM

Endpoint Themes

Here are some trends to keep an eye on (in no particular order):

Topics: Cybersecurity Information and Risk Management endpoint endpoint security

Holiday Shopping? Android, Apple, or Microsoft

Have you ever noticed how we are all considered IT experts come the holiday time? Brothers, mothers, grandfathers, aunts, cousins and close friends all turn to us for their latest technology purchasing decision. Since I am a bit of a gadget guy, I enjoy these conversations. It’s fun to step through what they think they want and what they actually need. Here are a few of my observations:

  • Apps matter. If you currently rely heavily on an application or a set of applications from a specific app store and an app of equal or better functionality is not available on a competing app store, the decision is pretty simple. Stick with your current platform of choice. Upgrade if you feel you need a new form factor (viewing size) or the latest high resolution experience. This scenario is most often observed with current Apple users.
  • Form factor: I’m personally a new fan of the phablet. Here is why. If you want one device that can handle 90% of your computing activity the phablet works very well. The viewing size is usable for many tasks that include web browsing, a richer experience with apps due to the larger viewing size, and I have found that you can be productive on the device as opposed to smaller form factors I have owned. Ignore your friends when they ask “how does that fit in your pocket” and “that thing is the size of your head." I carry it around just fine and with a headset (I use a wired one) I rarely if ever hold it to my head and when I do it works fine. Dare I go as far to say that the iPad Mini would be a fantastic device if you could make phone calls with it.
  • Work and play. It’s really work and personal unless you are a big gamer. The ideal device enables you to use it as a work and personal device. This boils down to a device that has a keyboard so you can input at a reasonable rate and touch so you can interact with apps and the workspace very efficiently. I have used many devices in the work/ personal environment and right now you will be hard pressed not to look at some of the new Microsoft devices. Whether it is the Surface or touch-enabled Windows 8.1 devices from Microsoft partners, the work/personal experience is tough to match. You basically get a productive work experience with Windows apps and enjoy the tablet touch experience. With that said, apps for Windows are getting better, but still need some attention

I’m real impressed with the number of devices that are sub $400. So if you find yourself advising friends and family, start by looking at the Windows Surface, Apple iPad Mini, and the Kindle Fire HDX. These devices are all VERY capable. Side Note: Have fun decoding all the commercials on TV with your take on them and explain what really matters. My prediction is:

  1. If the user is already an Apple consumer and heavy user of apps, then the Apple products are pretty sticky. Be prepared to still pay a price premium, it's not the perfect match between work and play, but it comes with great support from the genius bar at the Apple retail stores.
  2. If the user isn’t an Apple fanboy and Microsoft productivity apps are not important, then the Kindle devices can be a great match. Do your homework here first and double check that the functionality matches requirements and be ready to enjoy the gateway into Amazon.
  3. If the user is a Microsoft Windows user and wants a touch-enabled experience, the new Windows 8.1 devices are an ideal match. Windows 8.1 touch does involve a little bit of seat time to get used to the gestures and the apps in the app store still need work, but the devices deliver a solid work/ personal experience.

Have fun! Every situation can have its uniqueness, but some basic questions about apps, form factor, and how they plan to use the device will quickly boil choices down. And don’t forget about the phablet. Go visit the retail stores and try out devices like the Nokia 1520 and Galaxy S4. Now I need someone to convince me why I need one of these ridiculous cellphone watches.

Topics: Microsoft Endpoint & Application Virtualization endpoint Enterprise Mobility

Businesses Report Significant Use of Desktop Virtualization Technology

Desktop virtualization is an alternative PC delivery model in which applications, operating systems, user data, profiles, and/or entire end-user environments are encapsulated and delivered to or executed on a remote endpoint device. The various desktop virtualization delivery models allow for centralized management, hosting, and/or execution, as well as syncing capabilities that enable local execution on an endpoint device.

Topics: Cloud Computing Endpoint & Application Virtualization endpoint Enterprise Mobility

Mobile Device Security Reality

You've heard the same things I have: "You can't control mobile device proliferation." "Most large organizations are being forced to create BYOD programs." "You need to let new employees work with their own devices and use social networking sites if you want to recruit them."

Topics: Cybersecurity Information and Risk Management endpoint Enterprise Mobility