Archive for May 21, 2020

Terranova Security Releases Accessibility Features Across Entire Security Awareness Training Library

Posted in Commentary with tags on May 21, 2020 by itnerd

Terranova Security, a global leader in security awareness training, announced a new set of enhanced accessibility features across its entire library of security awareness training content.

To coincide with Global Accessibility Awareness Day (GAAD), this release boasts an enriched learning experience that’s inclusive for all users, with plans to make content available in 40+ languages. These measures deliver on the Terranova Security commitment to ensure that everyone can have access to the knowledge they need to keep themselves, their organizations, and all sensitive information safe.

Major accessibility features in this release include:

  • Ongoing language support: Terranova Security is recognized for its very high-quality content, strong support for customers, the ability to customize content and for supporting the most languages of all vendors (both text and narration). The company has continued to deliver in this area, with a training library that includes modules, microlearning and nanolearning content, all of which will be available in over 40 different languages. This ongoing initiative represents the Terranova Security commitment to bring security awareness training to users in their preferred language.
  • WCAG 2.1 compliance: Terranova Security is level A and AA compliant with WCAG 2.1 standards for accessibility. The Terranova Security accessibility measures implemented all conform to the guidelines and success criteria in making training content universally perceivable, operable, understandable, and robust. Terranova Security achieved this high level of content accessibility by providing text alternatives for non-text content, synchronized multimedia alternatives, and interface usability improvements.
  • The same high-quality content users love: The Terranova Security accessibility measures have been made with interactivity in mind. All training material maintains a high standard for interactivity and engagement. This ensures that users always have access to the fun, informative security awareness training that remains Terranova Security’s hallmark.

A lot of online content still excludes many users every day. 80% of online content is available in only one of 10 languages: English, Chinese, Spanish, Japanese, Arabic, Portuguese, German, French, Russian, and Korean. Of those, less than half of the world’s population speaks one of those languages as their preferred language.

In terms of WCAG 2.1 compliance, GAAD research found that 98.1% of home pages have at least one failure, while the average website home page contains 60.9 accessibility errors.

The accessible versions of Terranova Security’s security awareness training course material are now available to new and existing customers.

EnGenius Launching New Contact Tracking Features In The EnGenius Cloud platform

Posted in Commentary with tags on May 21, 2020 by itnerd

EnGenius Technologies Inc., a multinational wireless networking company, known for delivering future-proof Wi-Fi solutions for consumers and businesses, today revealed contact tracking within their Client Timeline feature in the EnGenius Cloud platform.  The new feature will provide the ability to identify surrounding client devices to assist in scenarios such as COVID-19 over Wi-Fi.

The new feature provides network insight into user locations through their devices to help mitigate epidemic scenarios.   This works in understanding ownership of each client device on the network and adding in “alias” markers within EnGenius Cloud.  In using the scenario of COVID-19, this then creates the opportunity to track when and where client devices were within the Client Timeline dashboard to allow the network controller to isolate where the outbreak originated and trace back all devices, and device owners, who were within contact of the infected.  The new Client Timeline feature also allows for easy export of data.   

EnGenius Cloud offers a fully scalable network management solution with many features that provide complete network control and management.  With the license-free platform, companies can easily deploy reliable wireless networks and stay on top of network traffic to isolate suspected client devices and ensure network health.  

With companies, such as Apple and Google, leveraging BLE to aid in tracking contact of COVID-19, the new Client Timeline feature that allows for contact tracking within EnGenius Cloud will allow the similar capabilities over Wi-Fi.

The new contact tracking feature, along with enhanced two-factor authentication (TFA) and alias naming, will go live May 30th.  Learn more about the EnGenius Cloud platform by clicking here.

Dell Technologies Cloud & Google Cloud Launch Hybrid Storage Solution

Posted in Commentary with tags on May 21, 2020 by itnerd

Dell Technologies and Google Cloud launch Dell Technologies Cloud OneFS for Google Cloudto help organizations control exponential data and application growth and ease the flow of files across their private clouds and Google Cloud.

Dell also is reducing the barrier of entry and improving overall capabilities for hybrid cloud deployments with additional Dell Technologies Cloud advancements. Customers now can move workloads across public and private clouds with greater flexibility and adopt a hybrid cloud approach that best fits their needs while reducing costs. According to Forrester, customers using Dell Technologies Cloud over the course of three years could see an incremental return on investment of more than 170% and recoup their costs in fewer than six months1.

Dell Technologies Cloud and Google Cloud deliver hybrid cloud for file storage

OneFS for Google Cloud delivers a native cloud experience that combines the scalability and performance of scale-out network-attached storage from the industry’s number one provider of storage systems, Dell Technologies2, with Google Cloud’s analytics and compute services.Now, companies can easily move and access high performance computing and demanding workloads, as large as 50 petabytes, in a single filesystem between on-premises Dell EMC Isilon filesystems and Google Cloud without having to make changes or adjustments to their applications.

According to a recent report from Enterprise Strategy Group (ESG), while file data often accounts for at least half of an organization’s on-premises data, very little of it is stored in public clouds, primarily due to performance and scale limitations3. Take the media and entertainment industry, for example. Video files with 4K resolution demand terabytes of storage and require high throughput and low latency file storage, which makes it challenging for production companies to manage large file workloads in public clouds. But, now with OneFS for Google Cloud, they can easily work across private and public clouds with consistent operations and have the flexibility to scale as needed.

A modern apps experience in every cloud

Dell Technologies Cloud, which tightly integrates infrastructure and services across the Dell Technologies portfolio, makes hybrid clouds simpler to deploy and manage regardless of where data and applications reside. With new Dell Technologies Cloud advancements, organizations can more easily create a modern applications experience in every cloud, close the cloud-native skills gap and get the most out of their entire infrastructure.

Dell Technologies Cloud Platform now provides a simple and direct path to Kubernetes from a single environment, with support for containerized workloads and traditional virtual machines on the same Dell EMC VxRail infrastructure. This approach integrates VMware Cloud Foundation 4.0 and Dell EMC VxRail into a single solution, enabling a consistent approach across all cloud locations. VMware administrators can use familiar tools to manage modern apps that combine both containers and virtual machines from a single operating environment.

Lowering adoption barriers and expanding support

With the Dell Technologies Cloud Platform subscription model and deployment services, available through Dell Technologies On Demand, customers now have more choices for consuming cloud infrastructure and can get up and running in as little as two weeks. With new node configuration options that include as few as four nodes, customers can begin their hybrid cloud journey at approximately half the cost and smaller footprint and grow their cloud deployment over time.

Dell Technologies Cloud Platform offers customers a self-managed solution. For customers seeking a cloud service, Dell Technologies today also announced the next-generation of VMware Cloud on Dell EMC featuring an enterprise scale, 42 rack unit infrastructure, doubling the amount of supported processor cores, memory options and NVMe all-flash storage. The cloud service is now also certified with VMware Horizon to support business continuity efforts through the delivery of virtual desktops and applications to remote workforces as well as to healthcare workers in hospitals and clinics. VMware Cloud on Dell EMC, which offers data center as-a-service capabilities, provides customers with more simple, secure and scalable infrastructure at their on-premises data center and edge locations.

Modernized networking with SD-WAN

Dell Technologies Cloud is extending its – capabilities to networking with new updates to Dell EMC SD-WAN Solution powered by VMware. Customers now have more appliance and bandwidth capability options for rapid deployment of SD-WAN in a single solution. This helps improve performance for demanding workloads, like VOIP, video streaming and VDI, and ensure application performance and business continuity. 

Additional resources

iOS 13.5 Is Out, But Apple Still Has To Address Their Issues With How They Handle Security Issues

Posted in Commentary with tags on May 21, 2020 by itnerd

Yesterday, Apple released iOS 13.5 which addresses  a zero day iOS Mail exploit which despite what Apple thought, was so serious that Germany said that the flaw was critical and they recommends the removal iOS Mail so that users could protect themselves. But on top of that, there was a Messages bug that can cause your iDevice to crash. Now Apple promised that an emergency patch would be released a couple of weeks to address the Messages bug at the very least. But that didn’t happen. And I among others have been critical of Apple’s response to this ever since.

So now that Apple has released iOS 13.5 which fixes these two bugs, is everything okay on this front?

No. Absolutely not!

Before I tell you way Apple doesn’t deserve to be let off the hook. Let me tell you what they (finally) did right. Let’s start with the release of iOS 13.5. According to ZecOps who are the people who found the iOS Mail exploit, which by the way has been around since iOS 3.1.3, this is now fixed:

Also, Apple released iOS 12.4.7 alongside iOS 13.5 which one would think would contains the same fix. That’s good news for users who cannot or will not upgrade to iOS 13.x. But that’s a guess for reasons that I will get into momentarily. When it comes to the text message bug that can crash your iOS device, that’s apparently been fixed as well based on people who have been brave enough to test this. But we don’t know for sure because as I type this, Apple has not yet updated their security documentation with this information. And I am typing this on the day after these updates were released. Here’s a screenshot that illustrates this:

It’s pretty bad when you have to rely on third parties to help you decide whether to install a software update because a software company like Apple doesn’t want to provide you that information for whatever reason. I’m sure it will eventually appear, but you have to wonder why Apple didn’t put this information out there when they released these updates.

But despite all of that good news, there are things that Apple needs to explain.

Apple needs to really to explain why they had exploits hanging out there for so long a national government had to call them on it. Apple needs to explain why they had fixes ready to go, but didn’t release them in the emergency patch that they promised. And finally Apple needs to explain why hold its users in such disdain. Because this whole episode has left many Apple users with the feeling that the security of their products is an afterthought which Apple only has to worry about when it makes the press in a very negative way.

Apple is a company that claims to want to protect their users from threats. Apple is also a company that claims to want to get into the enterprise. To do both of those things, Apple seriously needs up their game when it comes to dealing with exploits like this because responding to them as badly as they have in this case erodes the belief that Apple is different than Google or Facebook. Plus it takes away any credibility that Apple is trying to build in the enterprise. On top of that, Apple’s lack of action takes away one key advantage that they have over Google for example. If they update something in iOS, the majority of their users will install it almost instantly because updates come directly from Apple. They’re not filtered through the handset manufacturer, then to the carrier before they maybe get to you as is the case with Android. And iPhones tend to get software updates for years unlike many Android handsets who may stop getting updates a year after you bought them. Thus you would think Apple would leverage that by using it as a vehicle to quickly distribute fixes for exploits like this. But as demonstrated in this case, that may not be the case.

Now do I expect Apple to address these concerns in public? Of course not. This is Apple we’re talking about. A company that is at best opaque about what they do. But if they were smart they would address all of this and explain what they’re going to do to make sure that these are not issues going forward. But I’m not holding my breath on that front. And that’s something that will hurt Apple in the long run.