Group items tagged

“The IT industry had this nagging question – as more and more services move to the cloud, do they consume more or less energy?” Bernard said. “This study found that you can migrate existing infrastructure to the cloud and see not only growth in productivity but a reduction in energy consumption for those services.”

The study was aimed at understanding how the cloud performs differently from an on-premises environment, said Josh Whitney, corporate sustainability strategy lead with WSP. Using a methodology aligned to the Global eSustainability Initiative (GeSI) standards, Accenture and WSP compared the energy use and carbon emissions per user for Exchange Server 2007, SharePoint Server 2007, and Microsoft Dynamics CRM with their cloud-based equivalents: Exchange Online, SharePoint Online and Microsoft Dynamics CRM Online. The results suggest that for widely deployed and commonly used applications such as e-mail, content sharing and customer relationship management, the cloud can enable significant reduction in carbon emissions.

“The findings are actually pretty impressive,” Whitney said. “I think this study provides further reinforcement of the benefits of the cloud beyond the bottom line. It provides one of the first quantitative and measurable analyses of the impact that cloud computing can have directly compared to a traditional deployment of IT within a company.”

Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices.

The survey shows discrepancies between needs and actions regarding security policies and employee education on security best practices.

The study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them.

PGP Corporation, an enterprise data protection company, and the Poneman Institute, a privacy and information management research firm, as part of their fifth annual U.S. Cost of a Data Breach Study, tracked a wide array of cost elements

data breaches caused by malicious attacks and botnets were on the high end of severity and cost responses. These types of breaches doubled from 2008 to 2009.

Growing scrutiny of cloud computing security in the first half of this year is not surprising in light of the numerous data breaches, privacy issues and headline grabbing cloud outages that have occurred recently

The 26-page survey report returned a stunning conclusion – though one not surprising to those familiar with legal contracting for cloud computing; namely that a majority of cloud providers do not believe data security is their responsibility - but the customer’s. 

Senior compliance officers at more than 100 leading U.S. companies responded to 28 questions in four key areas critical for the compliance function: leadership, reporting relationships and structure; compliance function scope, focus and risk; metrics to gauge program effectiveness; and budget, staffing and resources. A major finding of the study: One of the biggest obstacles facing Chief Compliance Officers (CCOs) is measuring the effectiveness of their compliance functions - almost 40 percent of the companies surveyed said they make no attempt to measure the effectiveness of their compliance program.

“An effective compliance program is the cornerstone of cooperation credit allowed under the U.S. Sentencing Guidelines and stakeholders are demanding much higher transparency in how compliance risk is effectively managed,” said Miles Everson, PwC principal and global and U.S. risk and compliance leader.

“Without a clear measure of the compliance department’s effectiveness, much else is in jeopardy. Lacking this,

When small organizations (100 users) move to the cloud, the effective carbon footprint reduction could be up to a 90% savings by using a shared cloud environment instead of their own local servers

For large corporations, the savings are typically 30% or more. In a case study with a large consumer-goods company, the team calculated that 32% of energy use and resulting carbon emissions could be saved by moving 50,000 e-mail users in North America and Europe to Microsoft's equivalent cloud offering.

What accounts for these significant energy savings? Think of cloud computing as being like mass transit. The data center is essentially getting computing applications to carpool or take the bus instead of sitting in their own individual servers. However, unlike mass transit, there is no sacrifice in convenience or performance with this move. Consider the disappointing fact that a typical server in a company often runs at about 10% of capacity, meaning there are lots of servers out there drawing power without doing much computing

"Our research shows that the healthcare industry is struggling to protect sensitive medical information, putting patients at risk of medical identity fraud and costing hospitals and other healthcare services companies millions in annual breach-related costs," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.  "At this point one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH, now that it's been more than one year since it was enacted.  Instead we found enormous vulnerabilities.  The protection of patient data should be at the forefront of their efforts."

ey findings of the research: Data breaches are costing the healthcare system billions.  The total economic burden created by data breaches on the healthcare industry is nearly $6 billion annually.  The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580.  The average organization had 2.4 data breach incidents over the past two years.  Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error.Healthcare organizations are not protecting patient data.  Organizations have little or no confidence in their ability to appropriately secure patient records (58 percent).  Healthcare organizations have inadequate resources (71 percent) and insufficient policies and procedures in place (69 percent) to prevent and quickly detect patient data loss.Protecting patient data is not a priority.  Seventy percent of hospitals stated that protecting patient data is not a top priority.  Patient billing (35 percent) and medical records (26 percent) are the most susceptible to data loss or theft.  A majority of organizations have less than two staff dedicated to data protection management (67 percent).HITECH has exposed the healthcare industry's lax data protection practices rather than improved the safety of patient records.  The majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records.  The findings indicate that there is a significant number of data breaches that go undetected, and therefore unreported.

"We talk with healthcare compliance people dealing with data breach risks every day and they just can't get their arms around the problem of data exposure," said Rick Kam, president and co-founder of ID Experts.  "Unfortunately, in healthcare organizations, patient revenue trumps risk management."

An even greater number, 66 percent, would be prepared to work for lower pay if a job offered more flexibility, at least when compared with a better-paid job without such flexibility. Businesses are uncertain about the move to home working, mainly because of security. According to the Cisco survey, they should also factor in some of the advantages. Almost half of those employees who do work from home reckon they put in between two and three extra work hours per day as a result.

Employees' dislike of offices is nothing new but what has changed is that it is now technically possible to make an employee productive without asking them to travel to a building every day.

It seems just as likely that the death of the office, predicted many times in the last 40 years, might be as much about the changing economics of work than any desire of employees to escape to the back room and the VPN.

"Three-fourths of businesses are deleting files, reformatting or destroying drives, or 'do not know' how they are erasing sensitive data. Deleting files from a hard drive only marks the files to be rewritten, which may never occur. Furthermore, reformatting the drive only removes the entries in the index or table of contents that point to the data. And, physically destroying a drive is not a guaranteed method of protection, as Kroll Ontrack has been recovering data from severely damaged drives, such as the Columbia space shuttle, for more than 25 years.

"Surveying more than 1,500 participants from 12 countries across North America, Europe and Asia Pacific regarding their data wiping practices also revealed that four in 10 businesses gave away their used hard drive to another individual and 22 percent do not know what happened to their old computer.

Only 19 percent of businesses deploy data eraser software and fewer, 6 percent, use a degausser to erase media. When asked if and how businesses verify their data has been deleted, very few (16 percent) reported relying on a product or service report to confirm all of their data had been wiped.

Now, in a survey of more than 600 small business owners and executives, the Ponemon Institute has tried to put a number on the cost of credit card account fraud for those vulnerable targets, comparing the damage with the cost of physical theft by employees or burglars. The result: While identity theft takes less from businesses per incident than either robberies or crooked employees, it hits them often enough that it's an equally costly or even costlier problem. According to Ponemon's study, the median account fraud incident costs a business $5,136. That's much less than the $9,913 the respondents attributed to the median cost of a burglary or $17,517, the cost they attributed to an employee theft case. But take the frequency of those incidents into account, and the pain adds up. About 86% of businesses have suffered from account fraud, more than the 77% who have been robbed or the 63% whose employees have stolen from them. And among those victims, most businesses experience employee theft either once (32%) or zero times a year (41%). Robberies are less costly but more frequent: Most businesses report them either once (29%) or between two and five times a year (38%). Account fraud is far more frequent: 45% of businesses have been digitally defrauded two to five times in the last year, and 38% have been defrauded more than five times.

The results indicate that "there are more cloud implementations within the enterprise than people were aware of," Jay Fry, vice president of marketing for the cloud computing division at CA Technologies, told eWEEK. The report indicates that IT administrators are starting to get some visibility on what the various groups within the organization are working on, he said. As more people begin to discuss the cloud within the enterprise, the visibility will continue to improve, said Fry.

In the past, there were "rogue deployments" that the company’s IT staff didn’t even know about, because the individual line of business was purchasing software-as-a-service offerings without involving IT.

Collaboration tools such as hosted e-mail, antivirus and spam filtering and Web conferencing software accounted for a bulk of cloud deployments, at 75 percent, according to the report

“The fact that passwords remain the cornerstone of enterprise authentication represents a significant and increasing risk. The vulnerability of password-based authentication is widely recognized: From the earliest phishing attacks to the most sophisticated spyware, passwords still represent one of the most common methods hackers target and use to access corporate systems and sensitive data”, the study observed.The way to reduce the costs of lost passwords and the increased vulnerability of similar user passwords is through the use of strong multi-factor authentication, explained Chatterjee. For example, two-factor authentication involves the use of something the user remembers, such as a password, and something the user has, like a token.

This approach increases security because a hacker needs both to gain access to a system or account; figuring out the password is not enough. It also reduces the need for users to have multiple, complex passwords. The system's two factors provide the complexity from a security point of view, he explained. Chatterjee used the example of a bank ATM card, which requires the use of the card along with the password for the user to gain access to his or her account.

With the two-factor authentication, users do not need to have complex passwords that change frequently. This reduces the burden on the employees as well as on the help desk, he noted.