Most Apple devices lack proper security for the enterprise

Nearly half of all U.S. employees use at least one Apple device at work, but most of those gadgets lack common security protocols required by many enterprises, according to a new survey commissioned by Centrify, a company that sells enterprise security and management software for Apple products.MORE ON NETWORK WORLD: Free security tools you should try Last month, Centrify asked 1,004 business professionals about how they use computers and smartphones in the workplace. Respondents used a total of 1,309 Apple devices at work, including 191 Macs, 387 iPads and 731 iPhones, according to Centrify. All of the respondents were employed full-time at companies with at least 20 employees, from various industries including healthcare and financial services, according to Centrify.To read this article in full or to leave a comment, please click here

Worth Reading: Trading Shares in Milliseconds

Today’s stock market has become a world of automated transactions executed at lightning speed. This high-frequency trading could make the financial system more efficient, but it could also turn small mistakes into catastrophes. via technology review


Or as Thomas Sowell says — Stupid people can cause problems, but it usually takes brilliant people to create a real catastrophe.

The post Worth Reading: Trading Shares in Milliseconds appeared first on 'net work.

Court: FTC can bring down the hammer on companies with sloppy cybersecurity

The U.S. Federal Trade Commission has the authority to take action against companies that fail to protect customer data, an appeals court ruled Monday.The U.S. Court of Appeals for the Third Circuit upheld the FTC's 2012 lawsuit against hotel and time-share operator Wyndham Worldwide. The FTC filed a complaint against Wyndham for three data breaches in 2008 and 2009 that led to more than US $10.6 million in fraudulent charges. The appeals court ruling, upholding a 2014 district court decision, suggests the FTC can hold companies responsible for failing to use reasonable security practices.To read this article in full or to leave a comment, please click here

Court: FTC can bring down the hammer on companies with sloppy cybersecurity

The U.S. Federal Trade Commission has the authority to take action against companies that fail to protect customer data, an appeals court ruled Monday.The U.S. Court of Appeals for the Third Circuit upheld the FTC's 2012 lawsuit against hotel and time-share operator Wyndham Worldwide. The FTC filed a complaint against Wyndham for three data breaches in 2008 and 2009 that led to more than US $10.6 million in fraudulent charges. The appeals court ruling, upholding a 2014 district court decision, suggests the FTC can hold companies responsible for failing to use reasonable security practices.To read this article in full or to leave a comment, please click here

Ask HighScalability: Choose an Async App Server or Multiple Blocking Servers?

Jonathan Willis, software developer by day and superhero by night, asked an interesting question via Twitter on StackOverflow

tl;dr Many Rails apps or one Vertx/Play! app?


I've been having discussions with other members of my team on the pros and cons of using an async app server such as the Play! Framework (built on Netty) versus spinning up multiple instances of a Rails app server. I know that Netty is asynchronous/non-blocking, meaning during a database query, network request, or something similar an async call will allow the event loop thread to switch from the blocked request to another request ready to be processed/served. This will keep the CPUs busy instead of blocking and waiting.

I'm arguing in favor or using something such as the Play! Framework or Vertx.io, something that is non-blocking... Scalable. My team members, on the other hand, are saying that you can get the same benefit by using multiple instances of a Rails app, which out of the box only comes with one thread and doesn't have true concurrency as do apps on the JVM. They are saying just use enough app instances to match the performance of one Play! application (or however many Play! apps Continue reading

Windows Hello uses your webcam even if you disabled your camera

The newest Windows 10 privacy freak out involves Windows Hello which is supposed to be a convenient security feature turned on or off by selecting Settings > Accounts > Sign-in options.  Windows Hello replaces traditional passwords with biometric recognition, allowing users to unlock their PC with a swipe or glance. You’ve likely seen Microsoft’s 30 second Windows 10 commercial which shows a toddler who “won’t have to obsess over security” as she will be able to unlock Windows 10 with a smile.To read this article in full or to leave a comment, please click here

Mobile devices pose biggest cybersecurity threat to the enterprise, report says

Earlier this month, Check Point Software released its 2015 security report which found that mobile devices have become the biggest threat for today's enterprises. I like the fact that more vendors are doing their own studies and sharing the findings. Cybersecurity has so many facets that it's very challenging for IT departments to understand where to focus their energy, so surveys like this help.The survey revealed something that I think many businesses have turned a bit of a blind eye to, and that's the impact of mobile devices, primarily due to the wide acceptance of BYOD. The last Network Purchase Intention Study by ZK Research (disclosure: I'm an employee of ZK Research) showed that 82% of businesses now have some kind of BYOD plan in place. Even heavily regulated industries like healthcare and financial services are putting BYOD programs in place because of pressure from the lines of business. Years ago, CEOs and managers didn't want consumer devices in the workplace as they were considered a distraction. Today, businesses that do not allow workers to use mobile devices are putting themselves at a competitive disadvantage.To read this article in full or to leave a comment, please click here

Facebook’s Threat Intelligence Sharing Potential

Enterprise organizations are actively consuming external threat intelligence, purchasing additional threat intelligence feeds, and sharing internally-derived threat intelligence with small circles of trusted third-parties.  Based upon these trends, it certainly seems like the threat intelligence market is well- established but in this case, appearances are far from reality.In my humble opinion, threat intelligence consumption and sharing is extremely immature today with the market divided by a few haves (i.e. large banks, defense contractors, large IT vendors, intelligence agencies) and a large majority of have-nots – everyone else.This immaturity is illustrated by some recent ESG research (note: I am an ESG employee).  A panel of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked to identify weaknesses associated with their firm’s threat intelligence consumption and sharing programs.  The data indicates:To read this article in full or to leave a comment, please click here

Securing the enterprise digital footprint

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

In late 2007, AOL security researcher William Salusky and his team discovered one of the first reported instances of malvertising -- a digital ad running on aol.com had been configured to serve up malware to unsuspecting visitors. This turned out to be the beginning of a new era where attackers use a company’s digital footprint (web infrastructures and mobile apps) to distribute malware and commit fraud.

For security teams, protecting the digital footprint, which resides outside the firewall, poses three distinct challenges. Namely, securing assets you know about, securing assets you don’t know about (like those created by someone within the organization or by an authorized third-party), and identifying rogue assets that are impersonating the organization’s brand or sub-brands.

To read this article in full or to leave a comment, please click here

Securing the enterprise digital footprint

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.In late 2007, AOL security researcher William Salusky and his team discovered one of the first reported instances of malvertising -- a digital ad running on aol.com had been configured to serve up malware to unsuspecting visitors. This turned out to be the beginning of a new era where attackers use a company’s digital footprint (web infrastructures and mobile apps) to distribute malware and commit fraud.For security teams, protecting the digital footprint, which resides outside the firewall, poses three distinct challenges. Namely, securing assets you know about, securing assets you don’t know about (like those created by someone within the organization or by an authorized third-party), and identifying rogue assets that are impersonating the organization’s brand or sub-brands.To read this article in full or to leave a comment, please click here

Tips for protecting your business against cyber extortion

CrytoLocker is malware cyber criminals use to encrypt the contents of a computer until users pay up.But that's only one type of cyber extortion, according to Tim Francis, enterprise cyber lead at Hartford, Conn.-based insurance company Travelers.Criminals can also threaten to shut down computer systems or erase data, to infect a company with a virus, to publish proprietary information or personally identifiable information of customers or employees, launch a denial-of-service attack, or hold social media accounts hostage.Criminals can also start the attack first, and refuse to stop until the money is paid.MORE ON CSO:Lost in the clouds: Your private data has been indexed by Google It's no longer just a lone disgruntled employee targeting a single company, Francis said. CryptoLocker is just one example of how cyber extortion technology has been commodified, making it accessible to a wider variety of criminals.To read this article in full or to leave a comment, please click here

Skipping the Hype Cycle

Sipping from the firehose is a big problem in the tech industries. Every time I turn around there’s yet another new technology to make everything better. If you can’t quote rule 11, you need to learn it by heart. Now. I’ll wait right here while you do the memorization thing.

So — why the hype cycle? Essentially, it comes down to this: we’re emotionally driven creatures. Advertisers have known this for years; to wit —

On average, consumers are exposed to more than 5000 advertisements per day. Among those 5000-plus advertisements, only about 12 will make an impression on the average consumer. How can your business stand out among the clutter? Whether you are a Fortune 500 company or a recently funded startup, the best way for your business to stand out is by building emotional connections with your audience. Your business needs to acknowledge that selling a product is no longer enough. Now it’s all about the experience you provide with it. This experience is dependent on your ability to trigger the right emotions, from the right audience, at the right time. via entrepreneur

Mark the last words in that quote: it’s about selling an experience, rather than a Continue reading

6 Things You (Maybe) Don’t Know About Ansible

Ansible is a very flexible and extensible automation tool, and it can be used in a lot of different environments that may not fit your preconceived notions of Ansible as an SSH-based tool to configure Linux and Unix systems. Here are a few other things you can do with Ansible, and a few ways to further customize and configure how your automation works. I hope these tips are useful! If you have any of your own to share, feel free to send us a tweet @ansible!

1. Ansible can be used to manage more than just servers

Most Ansible playbooks are used to configure and manage servers. Web servers, database servers, and so on. But anything with an SSH interface or an API can be managed with Ansible, too. For example we have modules to talk to cloud platforms, Citrix NetScaler and F5 load balancers, and other networking equipment. These modules are really helpful for tasks like multi-server rolling upgrades or other complicated orchestration tasks that need coordination with your broader networking environment.

You can also implement custom connection plugins for those really weird or legacy devices. There are a number of lesser-known ones shipped with Ansible, including Continue reading

1 3,285 3,286 3,287 3,288 3,289 3,779