During Layoffs, Superior ID Management Is an Imperative

Posted on by admini

According to a new study by security vendor McAfee of 1,000 IT decision makers, 41 percent said employee layoffs resulting from the recession represent the greatest threat to their computer security.

Organizations often over-extend their zones of trust to employees since they have a natural inclination to entrust them with privileges until their services are no longer needed or they do something to violate that trust.

For large companies executing mass layoffs—such as the 21,000-plus companies last year did—identity management is a major issue, says Brian Wolfe, co-founder and partner at Laurus Technologies, a solution provider in Itasca, Ill., that—among other things—specializes in security and identity management implementations.

“If you have large layoffs and you don’t have a provisioning system, and you’re going to revoke accounts manually, mistakes will be made,” Wolfe said.

Good identity management platforms—such as those offered by RSA Security, IBM, Courion and BMC Software—are more than just access control and single sign-on (SSO) applications. They create and provision accounts across networks and a broad array of applications based on employees’ specific job functions (role-based) or through group policies, manage accounts through the lifecycle of an account holder’s employment and, when necessary, ensure access rights are properly and thoroughly revoked when the person leaves—voluntary or involuntary—the organization.

Laurus Technologies service a number of enterprise’s identity management needs, and Wolfe says most are reaping the benefits of their investments now that they have to cut their labor forces. “For companies we’ve done implementations for, they’re able to bulk operations; they have a pretty easy time of disposing of a large number of accounts,” Wolfe says.

The situation is critical during a layoff or reduction in force, since an organization needs immediate revocation of network and application privileges to prevent pilfering of data and sabotage of systems.

http://www.channelinsider.com/c/a/Security/During-Layoffs-Superior-ID-Management-is-an-Imperative/

Read more

McAfee highlights perils of offshoring sensitive data

Posted on by admini

The security firm surveyed over 800 chief information officers in the US, UK, China and India for its report.

McAfee security analyst Greg Day argued that many firms look to offshoring in order to reduce costs without thinking of the security implications of their intellectual property being stored or processed in other regions.

The research found that Brazil, China and India, for example, are spending more money on security than Germany, the UK, the US and Japan, but that some of the former countries have poor reputations for investigating security incidents, and may be lax at enforcing policies and regulations.

http://www.infomaticsonline.co.uk/vnunet/news/2235374/firms-lost-trillion-dollars-ip

Read more

Data breach study ties fraud losses to Hannaford, TJX breaches

Posted on by admini

It studied the impact of data security breaches on Maine banks and credit unions.

More than 700 accounts were used to buy items fraudulently, although five of the 22 institutions that suffered a fraud loss did not report the number of accounts, according to the report.

The Hannaford breach cost some banks as much as $58,000 to reissue credit cards to customers. Communication to customers cost nearly $28,000, some banks and credit unions reported. Investigation expenses were as high as $21,000 for some banks.

Shostack said the rising costs associated with data breach could lead banks and merchants to find alternative payment methods. “What this means for business is that the process of data collection and analysis is starting to produce something better than ‘accepted practice,'” Shostack said.

The Ponemon Institute, which puts out an annual data breach cost report, found that the total average cost of a data breach grew to $197 per compromised record. Ponemon cautioned that the costs listed in the report are only those associated with financial institutions and don’t reflect the total costs incurred by Hannaford’s, victims, and other organizations.

http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1345455,00.html

Read more

New Report Predicts Increased Security Spend

Posted on by admini

Organizations are trying to get the most out of their spending and reduce the TCO of their IT investments – efficiency being the name of the game,” Yuval Ben-Itzhak, CTO at Finjan, said in a report summary.

“While 2008 saw IT security departments facing new challenges in protecting valuable business data against an ever-increasing wave of cybercrime attacks, 2009 is adding a further economic challenge to the mix.”

http://securitywatch.eweek.com/virus_and_spyware/new_report_predicts_increased_security_spend.html

Read more

Gartner EXP Worldwide Survey of More Than 1,500 CIOs Shows IT Spending to Be Flat in 2009

Posted on by admini

The Gartner EXP CIO report “Meeting the Challenge: The 2009 CIO Agenda” represents the most comprehensive examination of business priorities and CIO strategies.

The CIOs surveyed represent more than $138 billion in corporate and public-sector IT spending, encompassing 1,527 enterprises across 48 countries and 30 industries.

“In 2009, executives face challenging global economic conditions that have not existed for more than 50 years,” said Mark McDonald, group vice president and head of research for Gartner EXP. “This environment is reflected in IT budgets, priorities and strategies as one third of CIOs reported no change in their budget from 2008, while 46 percent reported a slight increase, and 21 percent reported a cut in IT budgets.” “All CIOs will face the need to restructure their budgets, cutting in some areas and investing in others, including those reporting no change in their overall spending level,” Mr. McDonald said. “Enterprises expect IT to contribute results in an uncertain economy. CIOs need to be decisive and resourceful in building an effective enterprise that can meet current and future challenges. Leading enterprises recognize the seriousness of economic conditions, but they are not paralyzed by them. Their leaders have confidence in their ability to use IT to achieve results.”

Senior enterprise executives recognize that IT’s contribution to economic performance extends beyond managing expenditures. They expect IT to play a role in reducing enterprise costs, not merely with cost cutting but by changing business processes, workforce practices and information use.

The business priority “improving business processes” has been the No. 1 business expectation of IT since its introduction to the CIO Agenda survey in 2005.

In 2009, more than 57 percent of CIOs reported this as one of their top five business expectations.

“It’s time for CIOs to develop business process improvement capabilities as part of the core of IT,” Mr. McDonald said. CIOs continue to invest in technologies beyond the infrastructure core.

* Invest in business intelligence applications and information consolidation in order to raise enterprise visibility and transparency, particularly around sales and operational performance. These investments coincide with the priority that CIOs are giving to legacy application modernization.

Top 10 Business and Technology Priorities in 2009>

Top 10 Business Priorities Ranking Top 10 Technology Priorities Ranking
Business process improvement 1 Business intelligence 1
Reducing enterprise costs 2 Enterprise applications (ERP, CRM and others) 2
Improving enterprise workforce effectiveness 3 Servers and storage technologies (virtualization) 3
Attracting and retaining new customers 4 Legacy application modernization 4
Increasing the use of information/analytics 5 Collaboration technologies 5
Creating new products or services (innovation) 6 Networking, voice and data communications 6
Targeting customers and markets more effectively 7 Technical infrastructure 7
Managing change initiatives 8 Security technologies 8
Expanding current customer relationships 9 Service-oriented applications and architecture 9
Expanding into new markets and geographies 10 Document management 10

Source: Gartner EXP (January 2009)

http://security.itbusinessnet.com/articles/viewarticle.jsp?id=629658

Read more

Vendors Tie Database Activity Monitoring to Security Event Management

Posted on by admini

Security vendors from Imperva to Guardium are increasingly tying security information management to database activity monitoring. The latest example of this trend is NitroSecurity. More and more vendors are tying together database activity monitoring and security information management, a move that could benefit enterprise data protection efforts. Late last year, Imperva and ArcSight announced interoperability between their products. Earlier in 2008, Guardium announced integration with a number of security information management (SIM) vendors, including ArcSight, CA and LogLogic. Six months after purchasing RippleTech for its database activity monitoring (DAM) and log management tools, NitroSecurity announced today it has fully integrated its NitroView DBM and NitroView ESM products.

From a management perspective, combining SIM – or SIEM, security information event management – and DAM centralizes monitoring and policy implementation.

“The example of a pooled application comes to mind, where an application is accessing a database, but multiple users are logging into the application,” said Frank Hayes, vice president of marketing at NitroSecurity.

http://www.eweek.com/c/a/Security/Vendors-Tie-Database-Activity-Monitoring-to-Security-Event-Management/

Read more