"There's no excuse for businesses to store customer data on desktop or portable computers without encrypting the data," Gligorea
says. The bank recently began encrypting its backup tapes and does not allow customer data to be stored on desktops or portables.
It has also implemented additional security measures to ensure that any data files being sent outside the bank are encrypted
to prevent unauthorized disclosure of customer data.
Portable devices also are causing many IT managers to lose sleep. "In the past, organizations used to be concerned about laptops
not behind their firewall," says Warren Smith, vice president of marketing at GuardianEdge Technologies, maker of encryption
software. "Now they're concerned somebody could drop in a 3-Gig USB drive, inside or outside the corporate perimeter, and
walk away with some serious information."
Many large enterprises are quickly adopting end-to-end encryption, and SMBs are following suit, Smith says. But it's hard
to police something as small and ubiquitous as thumb drives. "Many organizations would be shocked to find out how mobile their
data really is."
Other potential sources of data leaks are those Blackberries and Treos in everyone's pocket, says Sara Gates, vice president
of identity management at Sun Microsystems. "PCs are moving down in importance in terms of accessing data. Everything is moving
to the edge -- to Blackberries, Treos, and other wireless devices," she says.
In a perfect world such devices would be "naked and dumb," with the intelligence and data residing on the network, protected
by an identity management system. "Whether you're a person, a device, a Web service, or a hacker -- we need to know who are,
what you can do, and what you will do," Gates says.
But Gates acknowledges that even the most advanced corporations are years away from that kind of bullet-proof identity management.
Nightmare on Config Street
What does it take to bring down a Web server? Try a misplaced comma in a configuration file. That tiny typo once took three
servers offline for a major player in the hospitality industry, says Jim Hickey, vice president of marketing at mValent, a
producer of configuration management products. A routine check of configuration files using mValent's Integrity app uncovered
the error, which might otherwise have gone undetected.
In fact, three-quarters of enterprises surveyed by mValent said they'd suffered application downtime during the prior month
due to a configuration glitch.
"One of the dirty little secrets of the software business is that there are hundreds of configuration files with tens of thousands
of individual parameters that need to be tuned to make the infrastructure work and keep apps running," Hickey says. "What
keeps IT pros up at night is worrying about who has access to these files, what changes are being made, and if they're happening
in a controlled fashion."
State Street, a Boston-based custody bank, uses mValent Integrity to check for errors in in-house application development
for its Wealth Management Division. Joe Kennedy, vice president of technology architecture and R&D, estimates 30 percent to
40 percent of the problems his organization encounters are due to configuration errors, not bad code. Avoiding such errors
is critical to keeping the business running.
"When there's a configuration error, nine times out of 10 you have an outage," Kennedy says. "That's just not acceptable in
finance. When you're dealing with people's money, you can't be down."
Configuration management is really part of the bigger challenge of managing in a constantly changing environment, says Charles
Ramsey, executive vice president at Service-now.com, an on-demand IT service management company.
"What's keeping IT execs awake is trying to understand what the heck is going on in their environments," Ramsey says. "I recently
met with the CIO at a major wireless carrier, which has a change management app so complicated no one uses it. They probably
have 85 systems of record in the IT org stored in Access databases, Excel spreadsheets, and on the mainframe. There's no point
of integration between them."
Ramsey says enterprises can get a handle on such problems by combining asset, change, configuration, and problem-management
tools into a single system of record -- which, not surprisingly, is what Service-now offers.
"The service desk is a critical component," Ramsey says. "If there is true integration and all applications behave in a similar
manner, processes like change, problem, asset, and release management all will contribute to having a more effective service
desk."
Help! My Network's Overrun by Rogues
Pop Quiz: How many enterprises have software installed on their desktops that their IT departments don't know about and wouldn't
approve of if they did know about them?
Answer: All of them, says Peter Evans, vice president of marketing and business development at Internet Security Services.
"Probably 100 percent of enterprises have a problem with rogue software," Evans says. He also says employees typically download
software that makes their jobs easier or favorite programs they've used in the past. Many times, though, they're installing
IM clients or peer-to-peer apps, which can cause serious problems.
"Any software installed without appropriate oversight can introduce security risks," says Ed Moyle, manager of CTG Consulting,
an IT staffing and consulting firm. "We're seeing a lot of interest in extrusion prevention software that scans outgoing network
activity for confidential or proprietary data, to make sure it doesn't leak out of the firm."
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
