On July 16, 2001 Bruce Schneier gave testimony before the Senate Subcommittee on Science, Technology, and Space of the Committee on Commerce, Science and Transportation.  A complete transcript of his testimony is available here, and I strongly encourage it be read in its entirety.  However, I want to emphasize a central theme from Mr. Schneier’s testimony:

Real-world security includes prevention, detection, and response. If the prevention mechanisms were perfect, you wouldn’t need detection and response. But no prevention mechanism is perfect. This is especially true for computer networks.

I expect there are a number of network administrators who will roll their eyes and say to themselves “oh please, not another soapbox on the need for better network security measures.”  I agree vigorously with those readers and offer that in an age of increasing state sponsored cyber-warfare/terrorism and increasingly sophisticated private sector industrial espionage that we should give up the arms race.   As technology professionals, developers, and engineers building the better mousetrap has not and will not prevent breaches, thefts, or the embarrassing publication of diplomatic “secrets” (http://www.wikileaks.ch/).

According to the archaeological record the lock was invented nearly 4,000 years ago and in 4000 years no lock has been created that cannot be picked, broken or circumvented.  As Mr. Schneier points out in his testimony, criminals rarely even try to break the lock itself and find creative ways around the lock by any means necessary.  We live in a world where the data, including credit card numbers, of 45.7 million customers can be stolen from a retail outlet without ever setting foot inside the building.

When I say we give up the arms race, I don’t mean to imply we give away that which must be protected, we just need to pay attention. Deploying more prevention measures, adding more locks to the doors, isn’t making our information assets substantially safer, but deploying monitoring solutions that have been effectively tuned and configured will increase the safety of those assets significantly.  Chances are such that if you are an organization of any size you already have all the pieces you need to effectively mitigate the risks your assets are exposed to, but you may not have effectively deployed and configured those tools to maximize your ability to detect and respond to potential attacks.  You may be in the position where all you really need is a good watch dog to make sure you know when someone is trying to climb the fence. Training that watch dog so that it doesn’t bark at every passing car but lets you know when a true threat presents itself is where true protection and security lie.

Poll: IT Regulation Challenges

From an IT standpoint, what is the most challenging regulation to comply with?

(click on one of the answers below to see the results)

Enhanced by Zemanta

Here’s a great story of how retail giant Home Hardware is using Ipswitch MessageWay solutions to efficiently manage, secure and share over 4 million business-critical files annually among its 1,000+ retailers.  And best of all, MessageWay is saving Home Hardware money every single day!

Speed, automation and validation were among Home Hardware’s the key business requirements.  They send over 75,000 essential business files per week (including vendor/product info, pricing and POS software updates, and order confirmations) and also need to reduce download times and validate orders.

Home Hardware is now able to:

  • Move files faster – cutting transfer time from hours to minutes
  • Automate and speed product orders and software updates
  • Prevent lost orders do to file transfer glitches
  • Tighten security around sensitive data transfers
  • Accelerate time to revenue by expediting orders, payments and settlements
  • Ensure compliance and accountability with full visibility into the file transfer process

Why Home Hardware selected MessageWay for Managed File Transfer:

“MessageWay is second-to-none, and our efficiency improved dramatically as soon as we implemented, ”  said Brent Horst, Director of Corporate Applications at Home Hardware.

“MessageWay transformed the way we send and receive files. The speed, automation and reliability are the best we’ve seen.  The most important features that Ipswitch MessageWay provides are the speed of file transfer, file validation and guaranteed delivery,” said Horst.

Got a great Ipswitch story of your own to tell?  Email us at mystories@ipswitch.com…. We can’t wait to hear all about it!

Available as of January, 18, WhatsConnected 3.0 and WhatsUp Gold 14.4 deliver the dynamic, robust and secure IT management you’ve come to know from Ipswitch.

WhatsConnected 3.0 – It will discover, map, inventory and document your network and port-to-port connectivity quickly and efficiently in a matter of minutes. And with new auto-discovery, dynamic mapping and one-click integration with Microsoft Visio and WhatsUp Gold, your team will always have crucial information at their fingertips.

• WhatsConnected 3.0 at a glance: A powerful discovery engine – automatically gather comprehensive inventory, port-to-port connectivity and configuration information across servers, workstations and networking devices
• NEW Asset Management capabilitie
• NEW Auto-discovery and dynamic mapping capabilities will give you an accurate and up-to-date topology view of your network at all times NEW Network and System Map-Level Tools to simplify troubleshooting tasks

Discover how WhatsUp Gold and WhatsConnected 3.0 can help you streamline your network monitoring and management. Give it a try today with our free 30 day evaluation – let us know what you think!

Enhanced by Zemanta

During the past year, we shared news of our expanded partner program and new partner web portal, reinforcing our commitment to the channel.

Today, we’re very excited to share news that our suite of MOVEit solutions will now be made available for sale through North American distributor Tech Data.

“Adding MOVEit to their portfolio ensures that our partners will have a strategic offering to meet the evolving needs of their customers.” said Gary Shottes, president, Ipswitch File Transfer.

“Businesses of all sizes are looking to VARs to support their security and compliance needs, and Tech Data and Ipswitch are working together to ensure that VARs have access to the support they need to add the MOVEit solutions to their offerings.” said Stacy Nethercoat, vice president at Tech Data.

Our channel partners will continue to be a critical component of the Ipswitch File Transfer worldwide sales team, providing customers with advisory and consultative solutions.  Please do visit our partner webpage to find a local Distributor or Reseller.

If your file transfer solution could look into the future and predict 3 things for you, what would they be?

To kick this off, here’s a list of predictive needs I often hear from customers:

1) Am I about to miss my service levels, and which ones are about to cost me the most?

2) If I grow X% next year or bring on body Y of new traffic, what do I need to plan for in terms of system capacity, staffing and related technology?

3) Can I test a new transmissions proposal as if the test items were really coming from real people during real transmissions windows…all without affecting production?

Would these be your top 3 predictors as well?  We’d love to know either way.

In wrapping up 2010, Time’s Techland issued a list of their Top 25 Tech Fails of the Year. We thought it was an interesting read and we picked a few of our favorites.

First off, and even more relevant with the recent announcement of the iPhone coming to Verizon in February, Consumer Reports names AT&T the worst cell phone carrier of 2010 and the only one to drop significantly in customer satisfaction as of late. (Thankfully I’m due for an upgrade on my Verizon smartphone soon.)

And how can we forget the BP Oil Rig Machinery disaster? It marked the largest accidental oil spill in history and was only subdued nearly 3 months after it had started, but not before leaking over 200 million gallons of oil into the ocean. Almost as embarrassing as the accident itself – the fruitless attempts to plug the oil well and CEO Tony Hayward’s halfhearted and often parodied apology.

Two particularly other noteworthy events of 2010 belong to Google. Google Wave and Google Buzz were ill-fated product releases with inherent issues that prevented viral success. Google Wave was meant to revolutionize online messaging by integrating Email and IM along with some other features, but it failed to find an audience. Invitation-only, it didn’t really offer anything that people couldn’t already do with their existing IM and Email clients and thus wasn’t worth telling your friends. The site remains active, but it’s up to users to access the now open-sourced code of future maintenance.

Google Buzz certainly created some Buzz, but not the kind Google was looking for. It turns out users don’t like exposing their Email address along with that of all of their contacts’ by default. The URL to one’s Buzz profile contained their Gmail username … oops. As a result, an $8.5 million class action suit was filed against them.

There were a few other noteworth fails in 2010 but you can read about them in the article. Let us know what your favorite is.

You may have noticed some of our banner ads springing up (look on the left-hand side of the screen) for the Planting Trees for Our Friends promotion. Since kicking off this initiave in December, we’ve been really energized with the response rate. As a result we are excited to make a donation to Trees for Life – and YOU can help make that donation even bigger.

If you’re not familiar with this effort, we have pledged to plant one tree, through Trees for Life, for every friend and Twitter follower we have as of January 31st. So if you’re not already a fan on Facebook or a follower on Twitter, visit us and click away. Help us save the world one tree at a time, while also becoming a part of a growing community of IT professionals with a vast knowledge base on IT management.

Enhanced by Zemanta

Does it feel like you’re hearing about a new data breach almost every day?

Well guess what — you likely are.  The Identity Theft Resource Center recorded 662 data breaches on its 2010 ITRC Breach List.  That averages to over a dozen reported breaches per week…. And a whopping total of over 16,000,000 reported exposed records in 2010.  The fact that social security numbers and/or credit card information is included in the majority of breaches just makes things even more alarming!

Denise Richardson
lays out a solid argument for mandatory data breach reporting, as well as some key takeaways from the ITRC Breach List, including:

  • Malicious attacks still account for more breaches than human error, with hacking at 17% and insider theft at 15%
  • 39% of listed breaches did not identify the cause — Indicating a clear lack of transparency and full reporting to the public
  • 49% of breaches did not list number of potentially exposed records — A clear sign of inaccuracy and incompleteness of reporting
  • 62% of breaches reported exposure of Social Security Numbers
  • 26% of breaches involved credit or debit cards

As I’ve blogged about before, I firmly believe that breached individuals have the right to timely notification.  Delays are unacceptable, and hiding it is unthinkable.  Afflicted people deserve quick notification so they can ensure their credit report isn’t showing strange activity and that their social security number isn’t being used to open new credit cards or being used to fraudulently report wages.

Mandatory disclosure would provide the structure, discipline and enforcement required for consistent and transparent breach information.  Compliance would require a very high level of visibility and control of all files that enter, bounce around and exit an organization.  This would benefit not only breached individuals, but also the organizations and their business partners.

Did you know that you can extend performance tools’ uses to include systems management? It may not seem intuitive, at first glance, to consider performance management tools as useful for security management tasks. In fact, many administrators’ knowledge of performance management is limited to the built-in Windows Task Manager or the free Process Monitor tool from Microsoft. But these are not true performance management solutions.

The reality is that performance management solutions are software suites deeply integrated within an entire infrastructure. This tight integration enables rich data reporting from across a workgroup, a data center, or a worldwide enterprise. Most performance management solutions have reporting tools that can also give both instant summaries and detailed reports of what’s happening on all systems.

Not surprisingly, when the solution is configured to retrieve security data as well as performance data, the solution’s functionality is extended to become a great security dashboard and reporting tool. That’s the case with most performance suites today. IT professionals want centralized security analysis and reporting across an enterprise, so most software vendors in this space have enabled their systems to provide this feature – either through simple customization or right out of the box.

So how do you configure your performance management tools to serve as a security management solution? Most performance management tools are already being extended to configure any part of a network – operating systems (OSs), routers, switches, and so on.

Its marketing material mostly illustrates examples with virtual machine, OS, and switch management, with various plug – in modules to extend functionality. But a brief look at the interface shows that the solution is much more of a generic configuration framework for configuring and monitoring heterogeneous systems. This same solution allows you to load configurations, execute custom scripts, and even back up, restore, apply, report on, and enforce configuration sets. On top of all that, the suite still does a great job of performance management.

That last point is actually a big differentiator. There are a number of solutions in the IT space that enable server configuration automation. But many of them have limited reporting and monitoring capabilities. Although these configuration monitoring techniques may not be central to performance management (performance monitoring is far more important than configuration monitoring in that space), security management absolutely relies on auditing including configuration monitoring, reporting, and change-control alerting.

Want to learn more about auditing with performance monitoring tools? Read the whitepaper.

Enhanced by Zemanta

Software as a Service (SaaS)

Ennio Carboni shares more of his thoughts for 2011. Continuing with the theme of rapid network growth, 2011 could present more challenges.

An increasing number of enterprises are now using a variety of SaaS applications from multiple vendors, procured and deployed without participation from IT, creating a slew of management issues. SaaS deployments are becoming larger, with deals more frequently appearing in the range of thousands to tens of thousands of users within large enterprises. Content, communications, and collaboration (CCC) continues to lead the enterprise SaaS market with worldwide CCC revenue on pace followed by customer relationship management. Gartner projects SaaS application revenues will grow by over 16% in 2011. Not only will IT have their hands full with monitoring, mapping, documenting and configuring an expanding network, but also with SaaS solutions implemented by non-IT employees.

Green IT solutions

Regardless of the maelstrom ‘Going Green’ easily creates in the political world, corporate organizations will rapidly embrace energy consumption monitoring and energy efficiency solutions across their infrastructures to cut costs. This is especially true of datacenters where as research firm Gartner estimates –“ if current trends continue, the energy needed to operate a server over a three year period of time will actually exceed the cost of the technology itself.” It comes as no surprise then that Green Datacenters are now considered mainstream rather than just a strategic trend.

The impact on IT Management? Technologies that monitor, report and act on environmental monitoring data to better align datacenter operation with power consumption will be in high demand.

Consolidation of IT Management Tools

While the Great Recession may be officially over, the belt tightening habits that business have developed will not go away in a hurry. Organizations small and large will continue to look to cut costs from existing IT management systems and the infrastructure they manage. Customers saddled with bloated, high-cost and disparate IT management tools (whether sold under single or multiple brands) that are little used – are at real danger of replacement with simpler, efficient and smaller footprint products that get the job done effectively.

At the same time, customers expect the new tools to give them an integrated view of their infrastructure across networks, systems and applications – effectively cutting down on the number of tools that are deployed. Together, the effect of fewer and simpler management tools will boost IT operations productivity. Does that mean more money on the table for upgrades and new add-ons to stuff that works? Yes, especially after the kind of upward trend that we have seen in 2010.

Enhanced by Zemanta

We are honored and excited to be named a CDW Partner of the Year as part of their fourth annual awards ceremony in Las Vegas. This award honors CDW partners that offer exceptional products, programs and support to CDW and its customers. It also accounts for the growth of partner sales through CDW as well as financial performance.

In a shout-out from CDW VP of product and partner management, Matt Troka, WhatsUp Gold was honored as a partner with “outstanding support of CDW’s initiatives and values, as well as [a] high level of commitment to the technology industry.”

We are very proud to continue our relationship with CDW and we look forward to the future!


Enhanced by Zemanta