Archive for February 14, 2017

IT Woefully Unprepared for Modern Risks: Citrix

Posted in Commentary with tags on February 14, 2017 by itnerd

There is no one-size-fits-all security solution to address the threat landscape today’s businesses face. Each organization has unique security obstacles and obligations. Billions of dollars have been invested into IT security solutions and increasing annual security budgets has been an imperative. In fact, 98% of business respondents reported they will spend over a million dollars in 2017, per a global study by Citrix and the Ponemon Institute. However, many of the systems and people in place are still not able to handle today’s threats.

Security threats increase as more devices crowd networks and as people have more freedom to work from anywhere, on any device. More devices, especially bring your own (BYO) devices are the new norm, and businesses need to put information security at the top of their priority list to ensure apps and data are secure no matter where they reside or are accessed. On top of this, businesses need skilled staff to plan how they will reduce risk and improve the security of their applications and data.

The global study by Citrix and the Ponemon Institute on IT security infrastructure found that less than half (48%) of survey respondents said their organization has security policies in place to ensure employees and third parties only have the appropriate access to sensitive business information. Not helping is that nearly 70% of business respondents said that some of their existing security solutions are outdated and inadequate.

Top security concerns confirmed in the study:

  • Poor security deployments: 70% said their organization had made investments in IT security technology that was not successfully deployed (e.g. shelfware).
  • Unapproved and rogue app deployments: 65% of respondents said their organization is not able to reduce the inherent risk of unapproved applications – increasing risk, including from shadow IT.
  • Unmanaged data at risk: 64% say their organization has no way to effectively reduce the inherent risk of unmanaged data (e.g. downloaded onto USB drives, shared with third parties, or files with no expiration date).
  • Talent pool is small: Only 40% said their organization is successfully hiring knowledgeable and experienced security practitioners.

While there’s no silver bullet to fixing security business challenges, survey respondents shared that they believe there are solutions to help better manage security challenges:

  • Creating a unified view: 53% percent believe a unified view of users across the enterprise.
  • Becoming proactive: 48% percent answered an ability to keep up with new or emerging attacks.

Respondents also shared that some specific improvements can be made to reduce their overall risk:

  • Technology improvements: 65% believe an improvement in technologies will improve their overall security posture and reduce risk.
  • Staffing investments: 72% say an improvement in staffing will improve their overall security posture and reduce risk.

To learn more about the Ponemon Institute survey findings, visit our landing page or read the blog from Citrix vice president and chief technology officer, Christian Reilly.

These findings are the second installment of the global study from Citrix and the Ponemon Institute. The first report reviewed how business complexity is hindering security postures and adding to the shadow IT trend.

UPDATEIf you’re interested in the Canadian-specific data, here’s some highlights:

General Facts:

  • Most IT professionals in Canada (73%) feel strongly that some of their security solutions were outdated and inadequate.
    • In fact, Canada is among the top four countries (including U.S., U.A.E. and the U.K.) to agree that their organizations’ existing security solutions are outdated and inadequate.
  • 71% of IT and IT security practitioners say their organization needs a new IT security framework to improve its security posture and reduce risk.
  • 52% of respondents state that their organization will increase budget for IT security in 2017 – equivalent to the global average.
  • More than any other country, Canadian IT practitioners think that machine learning is the most important technology to reduce security risk over the next two years (85%)

Employee Behaviour

While Canadian IT and IT security practitioners are concerned about their organizations ability to control employee devices and data, they conversely appear to disregard the importance of enforcing employee compliance with security policies.

  • Canada and Korea (40% respectively) are the least confident that their organization has the right policies and procedures in place to protect data and their infrastructure.
  • Yet, Canada is the country least concerned (51%) about the inability to enforce employees’ compliance with policies.
  • 67% of Canadian respondents (compared to the global average of 63%) perceive employee use of personally-owned mobile devices in the workplace (BYOD) as a disruptive technology and risk to IT security infrastructure.
  • Canada is among the top two countries most concerned about the inability to control employees’ devices and apps (81% for Canada, 82% for Mexico).
  • 90% of Canadian respondents believe that employees’ use of social media in the workplace has a negative impact on security. This is 15% higher than the global average.

All Data is Canadian Unless Otherwise Stated

  • At 12%, Canada had the most respondents state that they were unsure whether their company has a mobile strategy for Bring Your Own Device (BYOD).
  • 89% of Canadian respondents say that the inability to hire and retain expert staff is a factor that decreases their organization’s overall security and increases risk.
  • More than any other country, Canadian respondents (86%) say that an improvement in staffing would most improve their organization’s overall security posture and reduce risk. Globally on average, only 72% would agree.
  • Canadian IT practitioners (74%) are only second to Japan (79%) in their concern that having more millennials in the workplace poses a significant risk to security.

     

Advertisements

BREAKING: Microsoft Holding Off On Today’s Patch Tuesday Release

Posted in Commentary with tags on February 14, 2017 by itnerd

Today is Patch Tuesday. That’s the day that Microsoft releases updates and fixes that ensure that all your Microsoft software won’t get pwned by hackers. Oh yeah, some bugs might also get fixed along the way. But if you’re responsible for deploying these updates in your company, you likely have the rest of the afternoon off based on this:

Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.

Interesting. There’s no word on when any updates that were planned to be released today will actually be released. But you have to assume that something major happened for Microsoft to take this step as it is not only highly unusual, it’s never happened before.

UPDATE: Microsoft says any patches that were due to be released will come out on March 14, 2017.

Guest Post: NordVPN Discusses Invasive Cross-Device Tracking by Advertisers and How to Protect One’s Privacy

Posted in Commentary with tags on February 14, 2017 by itnerd

One could imagine Internet users understand they are being tracked by advertisers as soon as they go online: the ad for some recently Googled product suddenly reappears on every Internet page visited. However, a new study shows that the majority of consumers do not realize their private data is being sold to advertising networks and third-party entities in order to provide them with targeted ads.

When people find out they are constantly followed and monitored, many start worrying about their privacy.  And while it’s understandable that advertisers need to use technology to reach the people that might be interested in their products, the problem is that consumers are most often not informed about what kind of information is being collected about them.

Moreover, advertisers are using cross-device tracking, which raises additional privacy and security risks. In cross-device tracking, ad companies and publishers try to build a consumer’s profile based on their activity throughout computers, tablets, smartphones, smart watches and various IoT devices. Online and offline factors are often combined: such as browsing history with physical location, retail purchases with watched TV programs, commute to work and vacation travel and so on.

Basically, most Internet users are tracked from the moment they wake up till they go to sleep through the variety of devices and physical locations revealed by their GPS coordinates.

Why hidden online tracking might be dangerous

There are a few issues when one is unknowingly tracked by advertising companies. 

First of all, it’s an invasion of Internet user’s privacy – whenever the users have not given their consent. For example, one family member might be browsing “privately” on their smartphone, but the rest of the family might see ads on their home computer related to the other person’s mobile browsing history. Or, worse yet, a woman who has suffered the trauma of miscarriage is often still persecuted by pregnancy ads, following her from once-visited pregnancy sites.

There is also the security issue. The collection of unfathomable amounts of data about people’s interests and habits can fall into the wrong hands. If such data landed in the hands of someone with malintent, the Internet user’s information could then be used to steal their identity, access bank accounts or medical records.

While some advertising companies already offer the ability to opt-out from behavioral targeting, most often Internet users are not given an explanation/disclaimer about how they are being tracked.

How can Internet users avoid being tracked by advertisers

Not surprisingly, when an Internet user learns about the amount of information that advertisers are collecting on their daily activities, they may get scared and wish to protect their privacy. There are a few methods that can be easily implemented by anyone who is using the Internet:

1. Ad-blockers. Ad blocking software provides Internet users with a list of third-party trackers, and users can choose to allow some sites to track them or they can choose to block them. For example, AdBlock Plus effectively blocks banner ads, pop-up ads, and other types of ads. It disables third-party tracking cookies and scripts.

2. Deleting cookies. Internet users may be tracked by many different entities: ISPs (Internet Service Providers), ad networks, publishers and other third parties. One of the most common ways to track online behaviour is through cookies – small pieces of code that are downloaded into a user’s browser when they visit a website. When a user visits that website again, this will be recorded through the cookie, and targeted ads can be directed towards that person. Users need to regularly clear their browsing data in order to get rid of all the cookies. Fortunately, websites in the U.S. and Europe, now have to declare that their page is collecting cookies. 

2. VPNs. A VPN encrypts the data between a user’s device and the VPN server, and is the safest security mechanism to ensure the Internet browsing history remains confidential. NordVPN has a reputation of focusing on privacy, security and having a zero logs policy, and is fast and easy to use. The developers at NordVPN have launched powerful apps for Mac, Android, iOS and Windows that are also intuitive and good-looking. The apps reroute and encrypt all Internet traffic by hiding a user’s IP address. Once Internet traffic is encrypted and real IP address is hidden, it becomes difficult to track this person.  As an added benefit, VPN users can also access geo-blocked content online.

3. Browser add-ons. Anti-tracking and anti-cookie extensions are one of the best ways to stay private. For example, Disconnect Private Browsing protects from tracking and malware. It blocks third party cookies and from tracking by social networks like Facebook, Google, and Twitter. Another advisable option is Privacy Badger by the non-profit Electronic Frontier Foundation.

Before ad companies figure out a fair way of informing consumers about their intent and giving a choice about which information can be tracked, users who wish to stay private should be proactive and take care of their own online privacy and security.

In Depth: Rolling Out BYOD In Your Company

Posted in Commentary with tags on February 14, 2017 by itnerd

BYOD or Bring Your Own Device is a trend in businesses everywhere, and the struggle to roll it out properly to  employees is real. There are so many factors to consider from how to support smartphones, tablets, and laptops, to how to manage them. It can be very overwhelming to the people tasked with implementing BYOD. To help those people out, I connected to Ching Mac of Citrix Canada to get his advice on rolling out BYOD. The advantage of going to Citrix Canada to talk about BYOD is that they themselves have an excellent BYOD policy that allows their employees to use whatever device or devices that work for them and they cover part of the cost. Thus they talk the talk and walk the walk on the BYOD front using their own suite of products. That makes them uniquely qualified to speak to the subject.

First of all, why go the BYOD route? There are many reasons. It increases productivity and employee satisfaction. That’s because you now have an employee that is using the device or devices that they feel will make them most productive. It can save the company money and allow the employee to work anywhere. The latter item being a huge point as that can tie into the employee being more productive. Finally, a key point is that it stops “shadow IT” from popping up in your company. That’s when employees do everything possible to do what they want and avoid corporate IT in the process.

Now, what do you have to keep in mind when you come up with a BYOD policy for your company? One thing to keep in mind is that a successful BYOD policy will touch many areas of the business. Finance, HR, IT just to name three. This will help you do things like define who is eligible to take part as not every employee can or should be part of this. Or which devices are allowed? What corporate services are available to you on a BYOD device? Plus making sure that every employe understands what the policy is. Finally there’s the issues of who’s paying for what, and the IT security considerations that may affect a BYOD policy. If you’re a heavily regulated environment such as health care, that can be a major consideration as data leakage can be “career limiting.” Not to mention what the implications of a lost or stolen device, or using a device on an unsecured network. All of these need to be thought through before rolling out a BYOD policy.

Can a BYOD policy be platform agnostic? That’s an issue as there are some businesses who for example won’t support an Apple product and force users down the path of Windows or Android for example. Properly structured, it can be platform agnostic. If you take offerings for Citrix as an example be it their Xen Mobile or Citrix receiver for example, they support every plaform out there with a similar look and field. Thus users truly have a choice in terms of what device to use without placing an undue burden on IT.

For more infomation on this important topic, Citrix has a great white paper that is full of all sorts of information that businesses need to know when going down this path. In my mind, businesses cannot affort not to look at BYOD. Despite the fact that there’s a lot to consider, BYOD can be a positive for an employer if it is properly implemented.