Group items tagged

IT security typically has been deemed one of those services best provided in-house. But the stigma attached to outsourcing security and Security as a Service -- namely that an outsider does not know your company well enough to protect it -- may be falling away, as businesses look for more ways to cut costs. Certainly, some heavy-hitter providers believe attitudes are changing. This month, McAfee Inc. announced its new SaaS Security Business Unit. Headed by former Hewlett-Packard Co. SaaS executive Marc Olesen, the unit will oversee all McAfee products delivered over the Internet, including security scanning services, Web and email security services and remote managed host-based security software and hardware. Meanwhile, last April, IBM launched some hosted and managed services that it says help midsized businesses better manage risk and improve the security of their IT systems, all while offering cost savings over traditional products. Indeed, much of IBM's security strategy during the next 24 months will focus on moving security technologies into the cloud and expanding its managed services offerings, said Jason Hilling, an enterprise services business line executive with IBM Internet Security Systems. That includes providing some hosted implementations of technologies that once were located only at the customer premises. "Because the economy is struggling, I think there will be enough excitement in the marketplace over the cost benefits of Security as a Service that we are going to see a much higher degree of willingness to look at it as a real viable option," Hilling said. Hilling contended that a midmarket company with between 500 and 700 employees can realize costs savings from 35% to upwards of 60% by doing security as a managed service. Savings diminish as the deployment gets larger and more complicated, and the costs of managed services escalate. Yet outsourcing security is not just about cost. The world is becoming very hostile, said Sadik Al-Abdulla,

Bits readers have a serious case of broadband envy. I've been writing about the debate about how the government might encourage more high-speed Internet use and you've complained loudly that people in other countries have faster, cheaper, more widely available broadband service. Even customer-service representatives of Internet service providers overseas are nicer too. I don't know about manners, but it's easy to find examples that American's broadband is second-rate: In Japan, broadband service running at 150 megabits per second (Mbps) costs $60 a month. The fastest service available now in the United States is 50 Mbps at a price of $90 to $150 a month. In London, $9 a month buys 8 Mbps service. In New York, broadband starts at $20 per month, for 1 Mbps. In Iceland, 83 percent of the households are connected to broadband. In the United States, the adoption rate is 59 percent. There's more than just envy at stake here. President Obama campaigned on a promise of fast broadband service for all. On the White House Web site, he writes "America should lead the world in broadband penetration and Internet access." And the recent stimulus bill requires the Federal Communications Commission to create a national broadband plan in order to make high-speed Internet service both more available and more affordable. I've spent the last week trolling through reports and talking to people who study broadband deployment around the world to see what explains the faster and cheaper service in many countries. We'll start with where the United States isn't doing quite so badly: the basic speed of broadband service. If you take out the countries that have made significant investment in fiber optic networks - Japan, Korea and Sweden - the United States is in the middle of the pack when it comes to network speed.

This summer, spammers suddenly happened onto URL shortening services as a prime weapon of choice. The popularity of URL shortening services has increased in recent years - particularly with the rapid adoption of sites like Twitter, where users have a character limit placed on their messages. There are many different URL shortening sites in operation around the globe. Most allow users to post a long URL into a field and get back a short URL within their domain name. Little in the way of security - such as Captcha puzzles - is built into such sites. This makes them a valuable tool for spammers, as they can introduce e-mail recipients or individuals on peer networking sites to predatory URLs that don't appear malicious. "The attraction from the spammers is not only is it easy to set up in advance using a number of different services for perhaps the same long URL, that will give a number of different domains that they can then use in their spam messages, and they don't have to break any Captcha in order to do that," said Paul Wood, senior analyst at MessageLabs Intelligence. MessageLabs started seeing slight spam use of URL shortening services in April. By late June and early July, the company saw three significant spikes in such usage. On July 9, 6.2 percent of all spam was observed using URL shortening services - 9 billion messages in one day alone.

Broadband is cheaper in many other countries than in the United States. "You have a pretty uncompetitive market by European standards," said Tim Johnson, the chief analyst at Point-Topic, a London consulting firm. Other countries have lower costs for the same reasons their DSL service is faster. Dense urban areas reduce some of the cost of building networks. In addition, governments in some countries subsidized fiber networks. But the big difference between the United States and most other countries is competition. "Now hold on there," you might say to me. Since I wrote that many countries don't have cable systems and the bulk of broadband is run by way of DSL through existing phone wires, how can there be competition? Aren't those owned by monopoly phone companies? True enough. But most big countries have devised a system to create competition by forcing the phone companies to share their lines and facilities with rival Internet providers. Not surprisingly, the phone companies hate this idea, often called unbundling, and tend to drag their feet when it is introduced. So it requires rather diligent regulators to force the telcos to play fair. And the effect of this scheme depends a lot on details of what equipment is shared and at what prices. Britain has gone the furthest, forcing BT Group to split off a unit that operates the actual network and sells to various voice and Internet providers, including its own telephone service, on an equal basis. The United States was early with this sort of approach, requiring telephone companies to allow rival Internet service providers to sell DSL service using their networks. The way these rules were written, however, meant the wholesale cost was so high that providers like AOL and Earthlink couldn't offer a better deal than the telcos themselves. And the plan was largely abandoned in 2003 by the Federal Communications Commission on the theory that the country is better served by encouraging competition

Cloud services are now vulnerable to malicious use, a security company has suggested, after a techie worked out how Amazon's EC2 service could be used as a BitTorrent file harvester and host. Amazon's Elastic Compute Cloud (EC2) is a web service software developers can use to access computing, compilation and software trialling power on a dynamic basis, without having to install the resources locally. Now a developer, Brett O'Connor, has come up with a step-by-step method for using the same service to host an open source BitTorrent application called TorrentFlux. Getting this up and running on Amazon would require some technical know-how, but would be within the reach of a moderately experienced user, right down to following O'Connor's command line low-down on how to install the public TorrentFlux app straight to Amazon's EC2 rather than a user's local machine. Finding an alternative way of using BitTorrent matters to hardcore file sharers because ISPs and admins alike are increasingly keen to block such bandwidth-eating traffic on home and business links, and O'Connor's EC2 guide was clearly written to that end - using the Amazon service would make such blocking unlikely. "I created a web-based, open-source Bittorrent 'machine' that liberated my network and leveraged Amazon's instead," says O'Connor. He then quips "I can access it from anywhere, uploading Torrent files from wherever, and manage them from my iPhone." However, security company GSS claims the guide shows the scope for possible abuse, using EC2 to host or 'seed' non-legitimate BitTorrent file distribution. "This means, says Hobson, that hackers and other interested parties can simply use a prepaid (and anonymous) debit card to pay the $75 a month fee to Amazon and harvest BitTorrent applications at high speed with little or no chance of detection," said David Hobson of GSS. "The danger here is that companies may find their staff FTPing files from Amazon EC2 - a completely legitimate domain -

The Electronic Privacy Information Center formally asked the Federal Trade Commission on Tuesday to investigate the privacy and security safeguards of Gmail, Google Docs and other so-called cloud computing services offered by Google to consumers. The filing points to a security breach earlier this month that may have improperly exposed the files of Google Docs users to others. It asks the F.T.C. to look into the adequacy of privacy and security safeguards of Google's services and to require Google to be accountable for breaches. It also asks the agency to force Google to make its security policies more transparent and to disclose any breaches. It also asks the F.T.C. to enjoin Google from offering cloud computing services until it establishes verifiable safeguards. The full filing is available here. Marc Rotenberg, EPIC's executive director, said he was concerned about all cloud computing services, which encourage users to store a growing number of documents on the servers of companies like Google, Yahoo, Microsoft and others. But he said that EPIC focused on Google because it is the primary provider of cloud computing services to consumers.

More than 50 per cent of internet users say they would be more interested in advertisements if they were tailored to their own interests, according to a new report from Q Interactive. Furthermore, another 50 per cent of respondents said they would view an advertiser favourably if they received personalised ads. Despite a number of obstacles that prevent marketers from obtaining too much personal information, 53 per cent of internet users would rather have free online services and insider information in exchange for relevant targeting data. However, 32 per cent of the respondents said they would accept worse service in exchange for privacy, and 15 per cent would prefer to pay for premium service and view no advertising whatsoever. Last year, a survey from Dynamic Markets on behalf of Coremetrics, found that half of UK consumers were happy for marketers to use behavioural targeting to track their online behaviour.

Likely a bit of bias in the survey, but indicitive that targeted ads are not going away. Like most things digital, doing it safely is important for consumers. - Karl More than 50 per cent of internet users say they would be more interested in advertisements if they were tailored to their own interests, according to a new report from Q Interactive. Furthermore, another 50 per cent of respondents said they would view an advertiser favourably if they received personalised ads. Despite a number of obstacles that prevent marketers from obtaining too much personal information, 53 per cent of internet users would rather have free online services and insider information in exchange for relevant targeting data. However, 32 per cent of the respondents said they would accept worse service in exchange for privacy, and 15 per cent would prefer to pay for premium service and view no advertising whatsoever. Last year, a survey from Dynamic Markets on behalf of Coremetrics, found that half of UK consumers were happy for marketers to use behavioural targeting to track their online behaviour.

"In light of a spike in identity theft and the frequency with which personal information is stored on portable devices, the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) have expanded Generally Accepted Privacy Principles (GAPP) to include protocols for securing and disposing of personal information. "Safeguarding personal information is one of the most challenging responsibilities facing an organization, whether such information pertains to employees or customers," said Everett C. Johnson, CPA, chair of AICPA/CICA Privacy Task Force and a past international president of ISACA, a global information technology association. "We've updated the criteria of our privacy principles to minimize the risks to personal information." GAPP offers guidance and best practices on securing portable devices, breach management and ensuring continued effectiveness of privacy controls. The guidance additionally covers disposal and destruction of personal information. The principles are designed for chief privacy officers, executive management, compliance officers, legal counsel, CPAs and CAs offering technology advisory services. "Portable tools such as laptops and memory sticks provide convenience to employees but appropriate measures must be put in place to secure them and the data they contain," said Donald Sheehy, CA.CISA, CIPP/C, associate partner with Deloitte (Canada) and a member of the AICPA/CICA Privacy Task Force. "We must stay abreast of technological advances to assure that proper measures are put into place to defend against any new threats." Created by the AICPA/CICA Privacy Task Force, GAPP is designed to help an organization's management team assess an existing privacy program or address privacy obligations and risks. The principles provide a framework for CPAs and CAs to offer privacy services to their clients and employers, such as advisory services, privacy risk assessments and attestation or

Plans by Internet service providers to deliver targeted adverts to consumers based on their Web searches threaten online privacy and should be opposed, the founder of the Web said Wednesday. "I just want to know that when I click on a link it is between me and the Web, and the Internet service provider is not going to immediately characterise me in different categories for advertising or insurance of for government use," Tim Berners-Lee told a Web conference in Madrid. "The postman does not open my mail, the telephone company does not listen to my telephone conversations. Internet use is often more intimate than those things," he added. New software called Webwise allows Internet service providers to show adverts to their clients based on their Web browsing habits instead of based on the content of a single Web page as currently happens. Several British Internet service providers, including BT and Virgin Media, have said they are considering using the software, which is aimed at making the Web more financially profitable for advertisers. With the help of other scientists at the European Organisation for Nuclear Research (CERN), Berners-Lee set up the Web in 1989 to allow thousands of scientists around the world to stay in touch. The WWW technology -- which simplifies the process of searching for information on the Internet -- was first made more widely available from 1991 after CERN was unable to ensure its development, and the organisation made a landmark decision two years later not to levy royalties.

"Knowledge is the currency of the future," says Sidney Pearl, Global Director of Enterprise Security Solution management for the Unisys Global Financial Services business. And according to the latest Unisys Security Index, Americans are getting much smarter - and more demanding - about the basic information security they expect from government and businesses. In an exclusive interview, Pearl discusses: Results of the latest Unisys Security Index; The security topics that mean the most to U.S. consumers; What these findings mean for government agencies and banking institutions. Pearl's Enterprise Security Solutions Management Group has worldwide responsibility for defining and managing the company's Fraud, Risk Management and Enterprise Security services offerings for the financial industry. Unisys provides Security Business Operations services and solutions to financial services clients in over 40 countries.

There is an old axiom in marketing circles that it costs more money to acquire new customers than to retain and service your old ones. In this precarious financial environment, the focus for many companies is now on keeping the existing customers satisfied, rather than worrying only about adding new ones to the fold. Since the business environment has slowed for now, showing your clients additional "value added" services rather than simply a lower price, for example, will be critical. Companies should be taking an introspective look for differentiating factors in the areas of security and privacy "value," and how they can leverage what they uncover - a competitive advantage. How can an organization best position their privacy and security programs to be used as a competitive advantage? First, of course, you need to ensure that your privacy and security program is robust, well-tested, formally documented and meets or exceeds whatever legislation that your company is subject to or regulated against. It is also important to give your customers a point of reference about the validity of your programs so they easily translate the value into a currency they recognize. Further, you should take advantage of any other internal and external audits, assessments and oversights that you can reasonably share with external parties by crafting the results of these documents as a consumable for external parties. It has been my experience that clients, especially their security teams, really appreciate this effort. Another innovative way to deliver a competitive advantage today is in the realm of vendor management. This discipline is quickly becoming an increasingly high-profile topic of discussion and interest between clients, customers and their service providers. The onus is on you anyway to demonstrate oversight of your third-party service provider(s). This is where you should also have the "value add" conversation and validate why your clients placed their trus

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Banks and cellphone companies have a long way to go to persuade U.S. consumers to use their cellphones for banking, as many worry about security and extra fees and others are not even aware they can. In a survey of about 500 U.S. consumers, accounting firm KPMG found that only about 9 percent had tried mobile banking. In comparison, about 76 percent "consistently use" online banking services on computers. As many as 95 percent said they were so uncomfortable with conducting financial transactions on their phones that they've never used them to make a purchase on a retailer's Web site. About 48 percent of respondents cited security and privacy worries as their reason for not banking on their cellphones, according to KPMG. While many respondents said they believe mobile banking is important, according to the accounting firm, they do not think it is important enough to pay extra for it. Roughly 19 percent of respondents said they are "somewhat likely" to a use a mobile device for online banking in the next 12 months but only seven percent said are willing to pay a nominal fee for cellphone banking, according to the survey. And even though most of the major U.S. banks offer a mobile banking service, about 68 percent of the survey respondents said their bank does not offer the service. "The fact that the majority of U.S. consumers are not aware that their current banks offer mobile banking is clearly more perception than reality," said Carl Carande, a principal in KPMG LLP's Advisory and Banking and Finance practices. Banks offering mobile services include Citigroup Bank of America and Wells Fargo.

With the ink barely dry on headlines about what could be the biggest security breach in history (identity thieves hacked into payment processor Heartland Payment Services, possibly gaining access to the credit-card information of millions of consumers) signing up for a credit-monitoring service may have jumped a few notches on your to-do list. After all, paying $12 or so a month seems like a small price to pay for the peace of mind that -- through regular alerts about activity on your credit reports and other monitoring services -- you'll be protected from identity theft. Right? Think again.

Concerned that Google knows too much about you? The company provides many ways to protect your privacy online -- you just need to find them. Here are six good ones. 1. Know your privacy rights: Use the Google Privacy Center. This site includes all of Google's privacy policies, as well as privacy best practices for each of its products and services. Although the "legalese" of privacy policies can be difficult to understand, Google's Privacy Channel offers a library of short YouTube videos with practical tips on protecting your data when using Google products and services. Try the "Google Search Privacy" and "Google Privacy Tips" series. 2. Protect your content on the services you use. Some content that Google stores for you, such as photos uploaded in Picasa Web Albums, are public by default. You can protect your privacy when you upload photos by choosing the appropriate checkbox. Choices include "unlisted" (accessible only if you have the Web link, and not indexed by Web search engines) or private (viewable only by named users who must sign in). Another example: You can take a Google Chat "off the record" if you don't want the instant messaging transcript stored. In contrast, Google Latitude, which tracks your whereabouts by way of GPS-enabled cell phones, does not share your location data by default. You must authorize others to see it. Latitude stores your last known location, but not your history. 3. Turn off the suggestion feature in the Chrome browser. By default, Chrome retains a history of Web sites you've visited -- and the full text of those pages -- so it can try to guess which Web address you want as you type in the "Omnibox." You can turn the feature off by going to "Under the Hood" under Options and unchecking the "Use a suggestion service" box. You can also select other privacy options, including surfing in Chrome's "incognito" mode. 4. Turn off Web History. You may have turned on the Web History option, also called Personalized Search, when yo

Google never fails to surprise. It's the scope and scale of their ambitions that impresses me ranging as they do from relatively simple applications that are just way cool such as Sky Map, through their Chrome Web browser (which is now looking pretty stable), to the subject of this newsletter: Google Health. Google Health, which was launched as a beta (of course) in spring 2008, is a free repository for your personal health information. Using the service you can create online health profiles for yourself, family members or others you care for (these profiles can include health conditions, medications, allergies and lab results), you can import medical records from hospitals and pharmacies, share your health records with "your care network" (which may include family members, friends and doctors), and browse an online health services directory to find services that are integrated with Google Health. After you sign up you can import your medical records from Allscripts, Anvita Health, The Beth Israel Deaconess Medical Center, Blue Cross Blue Shield of Massachusetts, The Cleveland Clinic, CVS Caremark, Healthgrades, Longs Drugs, Medco Health Solutions, Quest Diagnostics, RxAmerica and Walgreens. What you'll wind up with if you update all of the sections is a pretty complete health profile, which means that privacy has to be a concern. Interestingly, because becoming a subscriber is voluntary it appears that the service is exempt from the provisions of the Health Insurance Portability and Accountability Act of 1996.

"Sun Microsystems, Inc. and Deloitte today announced a collaborative initiative to help companies develop efficient, cost-effective and sustainable technology and business processes to address their unique regulatory compliance and technology governance challenges. As part of this initiative, Sun and Deloitte today announced their plans for the Center for Technology Governance and Compliance (CTGC), which combines Deloitte's consulting and advisory services with Sun's IT management solutions and services, including its Information Lifecycle Management (ILM) and Identity Management technology portfolios. Access to the professionals and services within the CTGC is available through Sun Solution Centers. To learn more, please visit http://www.sun.com/compliance or http://www.deloitte.com/ . As a worldwide leader in network computing systems, Sun provides scalable solutions designed to protect and manage business-critical information through its lifecycle. The combination of Deloitte and Sun brings together complementary competencies to deliver a business-driven, technology-enabled framework for creating and implementing technology governance and compliance strategies and programs."

"All Facebook users can deactivate their profiles, but doing so quietly might not make quite the same statement as using another service to slam the door on the site. One such service, Seppukoo.com, created by the Italian group Les Liens Invisibles, drew attention late last year after launching a campaign to convince people to commit Facebook suicide. Wannabe ex-Facebook members can provide Seppukoo.com with their names and passwords and Seppukoo then not only deactivates their profiles, but also creates a "memorial" page that it sends to users' former Facebook friends. Facebook evidently isn't happy about this development. Last month, the company fired off a cease-and-desist letter to Les Liens Invisibles, complaining that users who provide log-in data are violating Facebook's terms of service. The company also alleges that the scraping of its data violates a host of laws, including an anti-hacking law, the federal spam law and the copyright statute. "

FaceBook is sooooo concerned about our privacy!