My Two Cents on the Security and Market Implications of the End of Windows XP

I know there have been a substantial number of articles on the end of Windows XP and its implications, but I couldn’t resist chiming in. Hey, maybe I was destined to do so since I was one of a few thousand people at the Windows 95 introduction in Redmond (back in the summer of 1995 of course). Here are my thoughts on this transition, I’ll try to take a bit of a different angle on the topic.

1. Microsoft will likely come out of this with a black eye. Windows XP was released in 2001 and was supported by Microsoft for nearly 13 years. As a point of comparison, the aforementioned W95 was supported for just over 6 years. Microsoft was more than generous with XP support, in spite of its market misstep with Vista, yet roughly 27% of PCs are still running XP and will now be vulnerable to a certain wave of malware over the next few months. If any of these attacks result in a major breach, we are bound to see publicity-seeking pols lambasting Redmond in the halls of the U.S. Congress conjuring up imagery of Teddy Roosevelt and his famous trust-busting exploits of 1902. In truth, Microsoft did nothing wrong, but if and when there are XP security problems, look for the Washington PR machine to seize on the opportunity for Microsoft vilification.

Topics: Endpoint & Application Virtualization Information and Risk Management mobile Security and Privacy

Managing IT Risk Associated with Mobile Computing Security

When BYOD was coming to fruition a few years ago, it had a sudden and deep impact on IT risk. Why? Many CISOs I spoke with at the time said it was purely a matter of scale. All of a sudden, large enterprises had thousands of additional devices on their networks and they struggled to figure out what these devices were doing and how these activities impacted organizational risk.

Topics: IBM End-User Computing Check Point Fortinet Cisco Information and Risk Management mobile Security and Privacy Security BYOD Citrix data security Fiberlink android Dropbox Good Technology Airwatch Blue Coat CISO Bit9 Anti-malware Facebook

If I Were the Next CEO of Symantec

As you’ve probably noted by now, Symantec just announced that CEO Steve Bennett is out and is being replaced by board member Michael Brown on a temporary basis. The board will now conduct a search for a permanent CEO.

Under Steve Bennett, Symantec announced a new strategy called, “Symantec 4.0,” intended to streamline the organization, cut costs, and push organic innovation. A good plan, but my guess is that things weren’t moving forward as fast as the board wanted so it decided to make a change. As an outsider, it did seem like Symantec circled the wagons, focused on internal operations, and kept its eyes off the market. Thus, the company now looking for its fourth CEO in the past five years.

Topics: Storage End-User Computing Data Management & Analytics IT Infrastructure Information and Risk Management Enterprise Software mobile Security and Privacy

Has Mobile Computing Had a Positive Impact on Cybersecurity?

I’ve heard the same story from a multitude of CISOs: “As soon as we agreed to support BYOD and mobile devices, all hell broke loose!” How? All of a sudden there were hundreds or thousands of new devices accessing the corporate network. Many of these devices were employee-owned, unmanaged, and full of questionable applications. What’s more, users were now working on multiple devices and moving sensitive data between Windows PCs, iPads, Android phones, and a slew of online file sharing sites like Box, Dropbox, and iCloud. Holy threat and vulnerability, Batman!

Most enterprise organizations are now way past this early period of mobile security chaos. Yes, there are still plenty of challenges associated with mobile computing security, but did preliminary mobile computing anarchy have any positive impact on information security in the long run? In other words, did the initial mobile computing fire drills actually help CISOs recognize risks and address systemic weaknesses?

Topics: IBM MDM Cisco Information and Risk Management Juniper HP mobile Security and Privacy Security endpoint security Bradford Networks Mobile computing Box Dropbox Aruba Vormetric ForeScout Veracode Great Bay Software NAC

Google Glass, Wearable Tech, and Big Data

Despite working in tech for nigh-twenty years, I’m not a classic early adopter. I’ve certainly played regularly on the bleeding edge, but also prefer technology that works reliably and has real lasting value.

Some ways I’ve been early:

  • First programmed on a TRS-80 with a phone coupler and audio cassette storage
  • Had a Compaq portable and an Atari 2600
  • Read Neuromancer when it came out
  • Played online games on BBS forums as early as 1990
  • Used e-mail regularly since 1991
  • Ran phone lines between dorm rooms to network Macs via 2400 baud modems
  • Got a cell phone in 1996
  • Moved to SF in 1997 for the dot com boom
Topics: Big Data End-User Computing Data Management & Analytics Enterprise Software mobile social google

Hot Topics at the RSA Conference

It’s the calm before the storm and I’m not talking about the unusual winter weather. Just a few days before the 2014 RSA Security Conference at the Moscone Center in San Francisco.

In spite of this year’s controversy over the relationship between the NSA and RSA Security (the company), I expect a tremendous turnout that will likely shatter the attendance records of last year. Cybersecurity issues are just too big to ignore so there will likely be a fair number of first-time attendees.

Topics: Cloud Computing Check Point Fortinet Cisco Networking Information and Risk Management FireEye mobile Security and Privacy endpoint security SIEM Cybereason Good Technology bromium 21CT CloudPassage Firewall Cylance click security Bit9 Carbon Black IDS/IPS Firewall & UTM Hexis Cyber Solutions Public Cloud Service

Can the FIDO Alliance Act as a Game-Changer and Help Obsolete User Name/Password Authentication?

It seems like yesterday when I was logging onto the VAX system at my alma mater UMass so I could work on a market research project with a statistics program. When my time slot came up, I would sit in front of a VT100 terminal, input my username and password, and voila – a timesharing session at the cutting-edge of high tech.

Well this memory may seem recent but in truth it was back in the mid-1980s. I probably had a mullet and was hankering to listen to Flock of Seagulls at the time. The VAX, mullet, and new wave music are now ancient history but we’re still using user names and passwords for authentication most of the time.

Topics: IBM Apple Microsoft End-User Computing Information and Risk Management mobile Security and Privacy Security google Lenovo endpoint security mobile device multi-factor authentication RSA Security Facebook

Enterprise Security Professionals Identify Mobile Computing Security Challenges

Most companies now provide network access and application support for non-PC devices like smartphones and tablets and many are developing new applications and business processes designed specifically for these devices. Business managers look at iPhones, Android devices, and even Windows phones and see opportunities for revenue growth, cost cutting, and improved communication everywhere.

Topics: IBM Cybersecurity MDM Information and Risk Management mobile Security and Privacy Security cybersecurity skills shortage endpoint security Citrix CyberArk Courion Bradford Networks Fiberlink android Good Technology ForeScout Airwatch Blue Coat

Mobile Device Management (MDM) Deployment Remains Elementary and Immature

Now that it’s February, the entire security industry (sans a few noble protesters) is gearing up for this month’s RSA Conference in San Francisco. Once again, I anticipate a lot of buzz around all-things mobile computing security this year just as there was in 2013. MDM/MAM is sure to come up too – what with Citrix’s buying Zenprise last year, IBM’s purchase of Fiberlink, and VMware’s recent acquisition of AirWatch.

Yup, everyone will be talking MDM, MAM, mobile business processes, mobile development, and so on. They’ll be pointing out killer applications, wonderfully productive use cases, and burgeoning application development trends as well.

Topics: Information and Risk Management mobile Security and Privacy

Getting Over the Post-holiday BYOD Proliferation Blues

It’s no secret, BYOD and mobile devices are changing the way we work, play, and communicate with each other. As a result, the demand for wireless networks is very strong and ESG's IT spending intentions research survey data indicates that expanding wireless networks is one of the top-five most-cited network priorities for organizations. The timing is perfect to talk about expanding the WLAN as the volume of new mobile wireless devices entering the workplace always tend to spike after the holidays. Many of those in IT that I speak to have stated it is not uncommon to have over a thousand new devices hit the wireless network in January. IT then has to struggle to ensure there is adequate connectivity for all these new devices (especially in the executive wing), mitigate the risk, and spend a lot of time associated with managing the onboarding process. For those in higher education, this scenario plays out at the start of every school year as well.

Topics: IT Infrastructure Networking mobile BYOD Aerohive Bring Your Own Device