Tag Archive | IT Security

2014 the year Information Technology (IT) became “Our Technology” (OT)

2014 really was the year that was. Information Technology (IT) has for quite a while threatened to play such a fundamental role in our lives that we would struggle to function without it. In my opinion 2014 was the tipping point year where the silos between “technology” at home, play or work blurred into one – “a SMART one”. Through 2014 something SMART with a processor, memory, storage and a battery at its heart became the secondary brain that the developed/developing world leveraged to optimise and enhance “living”. Personal & work smartphones became just “smartphones” as BYOD moved from a disruptive marketing fad to an important catalyst for end user behavioural change within organisations. Mobile working, once the poor relation of “working in the office” became the must have work mode through 2014 opening the door to transformed organisational working outcomes through 2015 – watch this one as it should be the biggest technology user led transformation yet.

The internet of “stuff” (I’m bonding the Internet or Things and Everything) with sensor packed connected devices alwayshutterstock_156907532_smls on and transmitting data across the wireless airspace emerged as the new battleground for customer service and market control. The IOT/IOE topic gained a head of steam through 2014 but watch it fly through 2015 as connected devices leverage harmonised data to really behave in a “human SMART” manner. And as I briefly continue with the key stories of 2014, I will be remiss not to discuss the shift from “cloud HYPE” to “cloud RIPE” as cloud service providers on mass utilising software-defined datacenter, network and security ideals presented an increasing portfolio of real world, customer validated services that deliver essential outcomes to a now captive and receptive enterprise audience. Cloud is now here ………..

Phew – all in all there was an abundance of IT good news through 2014 that should act as a springboard for greater things through 2015. But was it all good news? Back to the recap, an ever increasing population of mobile device users, generating masses of then stored or transmitted information, talking to sensors that transmit or store masses of information, that interact with enterprise IT systems that process and store a mass of information and so on and so on must be a good thing. When leveraged for beneficial personal, customer, enterprise or society based reasons the potential to drive value is unparalleled. However that same footprint of rich, relevant, always increasing data/information is equally digital gold for hackers who aim to utilise it in completely different manner.

The result, 2014 also saw a rise to unprecedented levels of one of the biggest concerns now at the executive top table, “security breaches”. With hacks now the norm within end user, offline / online enterprises and even nation states, 2014 and the mass of data moving freely around the heavily digitised world changed the importance personal consumers and enterprise organisations placed on information security. Since the dawn of the modern IT era, IT security has been just that “security for IT devices” often developed and managed by technologists. 2015 will see a major acceleration of a trend already permeating the enterprise with IT security a fundamental core of “enterprise information security” (that adopts a holistic view of enterprise end to end business security posture that includes IT).  Security not a top priority through 2015? – not an option!

But no more talk about 2014, 2015 is here and its now. If 2014 was a dry run for the new face of people centric, end user fulfilling IT, 2015 is the year to make it happen. The end user is now king and long live the king (and queen). Stay tuned as we continue with this topic – (well at least for another 11 months).

Until next time.

Colin Williams

Twitter: @colinwccuk

Black Friday, DDoS and another IT headache!

Linear Scalability would have made some retailers a lot more money on Black Friday and left them better prepared for the peak in internet traffic. Why might you ask is this possible? Anybody watching the news, surfing the web or actually leaving the comfort of their armchairs to visit a shop in person this weekend can’t have missed the phenomenon called “Black Friday” arriving in the UK.

Now I’m not one to dismiss new trends and indeed I would consider myself an “early adopter” on the axis of the maturity curve; however Black Friday bought two big issues out in to the open for retailers. The first and not my interest today, was the requirement for many of the UK Police forces to deploy teams of police in riot gear to manage the hysteria as waves of people flocked to the stores to pick up a bargain. The second was the legitimate Volumetric Denial of Service (DoS) attack that retailers invited to their sites on the back of the torrent of advertising emails that were sent out in the run up to the event.Black Friday

For those of you who don’t understand what Volumetric a Denial of Service attack is, Arbor Networks classifies it as an “attempt to consume the bandwidth either within the target network/service , or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.” And that’s exactly what happened on many commercial websites with the number of visits and site requests swamping them and causing so much congestion that people couldn’t get on them to find a bargain let alone buy one!

Now we’ve all seen this kind of issue with ticket sites – you want to buy tickets for the latest band and spend hours waiting to get in to a queue to buy them. But retailers were caught out and several implemented queuing systems through the course of the day which I’m sure infuriated many people as they had to wait up to an hour to get access to the site. Some might say that this isn’t an issue as it’s a British tradition to queue patiently for things – however the internet isn’t British and in this “always on, always connected world” we are moving towards, a queuing system quite frankly doesn’t cut it with today’s “always on, always connected” internet consumers.

The dilemma facing retailers is that to implement infrastructure that supports that amount of availability when it isn’t used for much of the year isn’t cost effective. Which is why many have resorted to a queuing system that throttles traffic to the back end systems and ensures that the website stays up and running and delivering acceptable performance and reaction times to those accessing it. In doing so however a large proportion of the potential spending population will go elsewhere and therefore whilst no doubt profitable, many retailers failed to maximise the potential of Black Friday.

So what are the alternatives? Linear Scalability is one solution to this problem – the ability to deliver continuous throughput through the provision of on the fly additional infrastructure. This where cloud services can provide the answer and Computacenter can assist. Cloud adoption has been slow in the main as a result of security concerns – why would you trust your crown jewels and intellection property (IP) to a cloud provider when it’s a challenge to protect it within your own datacenters? And this is where we are missing a trick… Most organisations if they looked at the bottlenecks in their systems on Friday would have quickly realised that the issue lay in the web delivery capability which wasn’t able to meet the number of requests being made and not the application or database servers sitting at the back end. By moving or complementing the delivery engine in the cloud, many retailers would be able to maintain performance and the IP would have stayed in the corporate datacenter but the content delivery would have expanded exponentially to cope with demand.

In a “Pay Per CPU Per Hour” cloud model Computacenter can help you implement the necessary architecture to provision and decommission infrastructure on the fly thus allowing you to maximise the money making potential of events such as Black Friday and other peaks in sales throughout the year. Taking the analogy further, if you were able to provision such infrastructure on the fly then why have a DR datacenter sitting idle for much of the year and why not do this to mitigate nefarious Distributed Denial of Service (DDoS) attacks? Equally why tie yourself to one cloud provider when you can go where the most cost effective solution is on a month to month basis?

Computacenter is one of the few organisations that can help you with the end to end delivery of such solutions and won F5’s 2014 “Rising Star” award this year in recognition of our innovation and integration of the F5 portfolio in to our solutions. To implement linear scalability you need a raft of vendors – from load balancing and provisioning to networking and datacenter; we have one of the most comprehensive capabilities in Europe and can build and demonstrate this to you in our Customer Solutions Centre in Hatfield.

In an always on, always connected world where website usability and reaction times are proportional to the profitability, why wouldn’t you come and talk to us?

“Security Breach” – Stop, think, act now – Don’t lose your money or data to “GameOverZeus”

As we continue to accelerate towards a personal and professional society almost dependant on a digital umbilical cord, the level concern and negative impact equally increases. Zeus (the well known malware Trojan) and Ransomware are now the terms on the lips of all as they have moved through 2014 from a security point of interest to an industry-crippling threat. It is written that circa $500m of banking related financial loss and Cryptolocker ransom requests (who knows the true figure) have been paid to date by those unfortunate enough to have critical information sealed under the digital lock & key of the attacker in question, or siphoned off through a malware Trojan secret back door. But that was then, the news bulletins of the past 24 hours have been carefully crafted to heighten the awareness levels of all of a far more worrying threat sitting above us right now.

The NSA, FBI, UK based cyber agencies and worldwide cyber intelligence organisations have targeted a major global banking/ransomware threat and have shSecurity Image 1ut down communication between the attackers and the currently affected platforms (and hundreds of thousands of compromised systems already exist globally).  The multi-faceted attack consists of the well-known “GameOverZeus” banking malware Trojan (that hides until banking applications are launched) and Cryptolocker (locks and encrypts all data on a disk drive until a ransom is paid). At present over 16,000 UK-based computers are affected by the malware payload, but for now, with the attacker communications (command and control) site down or out of reach the malicious payload cannot be launched. However the real worry is those grand efforts are only delaying or slowing an even larger, more destructive attack, as within a fortnight the attacker communications environment could return to service and enable the global attack on any malware-compromised Microsoft Windows-based unprotected device.

For once, this is NOT a drill and now is the time for vigilance by all. Cyber-attacks are now so ferocious with the potential for personal disruption so great, malaise and ignorance have no place. First step, ensure the Windows update operating system patches that underpin your desktop and mobile devices are working and FULLY up to date. Next, ensure all anti-virus / malware signatures are updated daily (irrespective of the external news commentary the paid-for solutions of the leading end point security vendors are materially better than freeware options). Be aware of targeted emails encouraging you to click on links unknown to you or to download files you are not expecting – just don’t !! And most importantly of all (and the option many frequently ignore) back up critical files, documents, pictures onto another offline storage medium (cloud, usb key, external hard drive) – it is imperative that your key digital data assets exist safety elsewhere (to protect against the worst case data loss scenario).

The world’s leading security agencies are highlighting the critical time-frame of a fortnight to ensure all Windows-based computers are fully up to date, with updated anti-virus / malware software and formally scanned to remove any trace of the GameOverZeus/Cryptolocker malware. Fail to act over the next fortnight (on all the points mentioned) and the result could be a compromised machine at the end of that short period (with the potential for data / financial loss).

The IT, corporate and social network communities are used to prophets of doom highlighting that digital Armageddon is just around the corner. That may normally be somewhat over played on the grand scale, but if you personally lose or lock out digital information unique to you, unavailable elsewhere – the emotional, financial and professional impact may be far more than you can bear.

Act now, protect now – tomorrow may be one day too late.

Until next time,

Colin W

Twitter: @colinwccuk

It’s the New Year – Out with the Old McAfee and in with the New Intel Security?

Intel’s announcement last week that the McAfee name was being retired was greeted with varied responses but McAfee is and always was a serious security vendor and the always connected strategy is one that plays well in the current threat landscape.  At Computacenter we view security across Workplace and Datacenter, network and cloud and as such Intel Security is one of the few vendors that can stake a claim right the way across the organisation.  Visibility across this piece with effective correlation of security events alongside the Global Threat Intelligence platform makes Intel Security a great solution if visibility were key.

Vendors get acquired and product names change so what’s different about Intel’s rebranding of McAfee?  Well this marks the completion of the integration of Intel and Mcafee’s security organisations and brings two logos that are synominous with computing and security together.  In the same conference Intel Security Group announced their intention to make mobile security free later this year.  Some components of mobile versions of McAfee software will be free to use on iOS and Android devices, while Intel will introduce Intel Device Protection technology this year to improve enterprise security of all Intel-based Android mobile decisions.  This move I have to applaud as malware on the Android platform has been an issue for some time now and it’s long been my assertion that with the increased processing power and unlimited bandwidth of many phone contracts lays open the potential abuse of these platforms for nefarious means.

Fear, uncertainty and doubt aside Intel have the potential to dramatically change the threat landscape and mitigation of the majority of malware on mobile devices is to be applauded – in the commoditised world of mobile phones consumers shouldn’t have to worry about malware stealing information from devices that are increasingly more trusted than online banking apps in a standard browser.  It does however beg the question why Windows Mobile 8 seems to be missing from the mix and maybe the answer lies in the integrated security of the platform – only time will tell whether this becomes the next target for criminals and state hactivists.

So what are the implications of a grown up Intel Security Proposition?  2013 was the year in which the market shifted from a prevention strategy to one of detection and mitigation – from “It’s not when you are breached but how soon you detect and mitigate a breach.”  From an organisation that drives the global computing evolution I’m expecting great things – imagine a safe internet where computing environments self heal and mitigate against a trusted baseline and where there is no scope for running malware to impact or exfiltrate information.  Let’s be honest the only thing that is probably preventing this is sheer computing power – A cohesive Intel Security Strategy promises great things and I look forward to what Intel Security has in store.