05-11-12 | Blog Post
I’m liveblogging from Online Tech’s Ann Arbor data center – our Spring into IT seminar is underway! The first presentation of the day is You Are Vulnerable: How Not to be a Data Breach Statistic by Adam Goslin of High-Bit Security, at 8:30 A.M. There’s still time to join us for other sessions this morning until 1 P.M.
For the full schedule with times, speakers and location, check out Spring into IT.
Stay tuned for live coverage of the presentations!
8:30 A.M. – You Are Vulnerable: How Not to be a Data Breach Statistic
Speaker: Adam Goslin
There’s been an increase of small-scale breaches involving small to medium-sized businesses. Recent breaches also involve lost or stolen devices (mobile phones or laptops). Encryption allows people a false sense of security – there are many other ways that security can be breached.
Mobile threats are also increasing with the use of mobile devices. Critical infrastructure attacks are also increasing – this includes malware that is designed to attack buildings. Breach costs are now averaged at $194 per record – this includes loss of business, remediation and more.
Only 10 percent of software developers and IT were documenting their security protocols.
Vulnerability Scanning
Penetration Testing
A few ways to test the security of an organization include external hacking (ethical hacking) to find vulnerabilities of a system and social engineering – attempting to gain access to a system face-to-face.
9:00 A.M. – Compliance Reporting and Remediation with VMware
Speaker: Brian Foley
Introducing vCenter Configuration Manager
Customer concerns include: lacking visibility into their environment, dealing with change management issues, industry compliance standards, ensuring systems are patched.
VCM is cloud-ready, with quick-time-to-value to meet compliance requirements – compliance standards are built into the system.
Benefits include:
9:30 A.M. – HIPAA at 16
Speaker: Joe Dylewski
HITECH was created in order to enforce the implementation of EMR (electronic medical record) systems by providing incentives for healthcare organizations. Meaningful use was created for physicians to prove the systems were being used. The maximum breach penalty was increased to $1.5 million.
10:00 A.M. – Data Security in the Cloud
Speaker: Steve Aiello, CISSP
Cloud computing security is a corporate strategy. Most of the vulnerabilities and threats have been around for a long time. Security concerns have risen due to the major attacks on Sony, PBS, CIA, FBI, PayPal and other large corporations. Just because you’re compliant, it does not mean you are secure.
What is Security? It’s the CIA Triad – includes the confidentiality, availability and integrity of the data.
Question to ask your company: Where can you reinvest cost-savings from using cloud technologies to improve overall security?
Something to consider: the introduction of external parties/providers shouldn’t lessen your security profile. Questions to ask about your vendor:
Provider offerings that increase security:
Cloud Options vs. Security
Potential targeted technology:
10:30 A.M. – Two-Factor Authentication
Speaker: Chris Schmitt
Factors of authentication include something you are (biometrics), something you own (card), and something you know (pin number). Two-factor is required for PCI compliance.
Ideal for protecting sensitive data – it’s important to have wide integration with the two-factor tool you choose. TFA solves the problem of a weak password – it provides an extra layer of security, and helps with access control. TFA doesn’t solve regulatory financial compliance.
When picking a TFA solution, focus on simplicity and management – the ability to sign up all users at one time and easily manage them is ideal. Online Tech uses Duo Security, an Ann Arbor-based tech company. Uptime availability is also important.
11:00 A.M. – How to Properly Configure a High Availability Server Rack
Speaker: Noah Wolff
[This will be video-taped and posted after the seminar concludes].
High availability is the percentage of time a system is available – do you need it? Consider the costs/consequences of downtime and your mission critical applications.
Common HA misconceptions – having a UPS is enough, having two firewalls is enough, power supplies on a server is enough, and collocating in a data center is enough (although a DC may provide HA, you may not be taking advantage of it).
Reasons to go HA – ease of maintenance, a single point of failure can affect your uptime and downtime can mean a loss of clients and business.
HA does not protect you from security breaches or human error. Backup is still important, even if you do have HA. DR assumes multiple points of failure. HA does cost more, and does not cover all possible sources of failure.
The most common mistake with configuring for HA is the failure to test it.
12:00 -The Mobile Explosion: What Does it Mean for You, Your Business, and Michigan’s Economy
Speaker: Linda Daichendt
Mobile is today’s primary consumer device – 5.3 billion have mobile devices of some kind, and 1.1 billion have tablets or laptops. We have 103.9% mobile subscriptions per capita, meaning more subscriptions than our entire population.
Consumption of the internet via mobile phones has increased over 1200% in the last few years. When it comes to marketing, the average response rate to a mobile offer is between 12-15%. Depending on the type of business (consumer-based), some markets have seen over 60% response rates.
Check back to our blog in the next week for a full blog post on the mobile trends, statistics and latest technology presented by Linda.
