What We're Reading, Week of 9/21

The Forrester Blog | Infrastructure & Operations Professionals… It’s Flu Season, Connect AND Optimize Your Workers As businesses prepare for office closures due to H1N1 (and other potential disasters), friend of NCP, Chris Silva reflects on employees’ remote connectivity experiences and questions the influence it can have on productivity levels. In addition to speed and responsiveness, optimization is needed for remote access—this ensures employees have the adequate resources they require. Chris leaves us with some food for thought—the next time you log on remotely, ‘take note of the experience; is this the way your entire organization should be served in the event of a disaster’? SearchCIO… 10 Must-Have Steps for an Effective SMB Information Security Program Linda Tucci discusses The National Institute of Standards and Technology’s guide to help small businesses and organizations implement an effective information security program. It lists 10 absolutely necessary actions a small business should take to protect its information, systems and networks, along with 10 highly recommended practices. It also includes a short section on contingency and disaster recovery planning, as well as business policies for information security. This is a great resource for small businesses to turn to; do you feel these tips are valuable? Endpoint-Security.Info… New US healthcare rules criticized by encryption experts Agent Smith reports on the new data breach rules which became effective September 23rd. According to the HITECH Act, US health organizations that use encryption will no longer be required to notify clients of breaches. Furthermore, only HIPAA-covered healthcare providers and health plans that neglect to use encryption will be required to notify individuals about a breach. Encryption experts...

What We’re Reading, Week of 9/21

The Forrester Blog | Infrastructure & Operations Professionals… It’s Flu Season, Connect AND Optimize Your Workers As businesses prepare for office closures due to H1N1 (and other potential disasters), friend of NCP, Chris Silva reflects on employees’ remote connectivity experiences and questions the influence it can have on productivity levels. In addition to speed and responsiveness, optimization is needed for remote access—this ensures employees have the adequate resources they require. Chris leaves us with some food for thought—the next time you log on remotely, ‘take note of the experience; is this the way your entire organization should be served in the event of a disaster’? SearchCIO… 10 Must-Have Steps for an Effective SMB Information Security Program Linda Tucci discusses The National Institute of Standards and Technology’s guide to help small businesses and organizations implement an effective information security program. It lists 10 absolutely necessary actions a small business should take to protect its information, systems and networks, along with 10 highly recommended practices. It also includes a short section on contingency and disaster recovery planning, as well as business policies for information security. This is a great resource for small businesses to turn to; do you feel these tips are valuable? Endpoint-Security.Info… New US healthcare rules criticized by encryption experts Agent Smith reports on the new data breach rules which became effective September 23rd. According to the HITECH Act, US health organizations that use encryption will no longer be required to notify clients of breaches. Furthermore, only HIPAA-covered healthcare providers and health plans that neglect to use encryption will be required to notify individuals about a breach. Encryption experts...

Pat the Device Down

Read an interesting article on InfoWorld earlier this week about the iPhone falsely reporting VPN policies and encryption support.  While the iPhone has been updated and fixed, miscommunication with Exchange VPN servers brings up a larger question—should the server do more than just query the device client and should the enterprise VPN take on a NAC function through a device ‘pat down’? Allowing for a full ‘pat-down’ before allowing a VPN connection, the NCP Secure Enterprise Management System looks at the actual individual device rather than a standard set of queries.  NCPs ‘pat down’ checks and makes certain that security software is up-to-date, the right form of encryption is being used, firewall settings are enabled, and the machine is compliant to pre-set network policy enforcement parameters.  By running this pat-down, the administrator will be reassured its employees’ devices are compliant, and those who aren’t are alerted to take the necessary steps to reach compliance.  Without an endpoint device ‘pat-down’ enterprise remote access can be compromised, just as the InfoWorld article illustrates. For more information on this issue, check out a recent article published in Processor or visit...

What We're Reading, Week of 9/14

ComputerWorld… Cloud security through control vs. ownership Guest writer and analyst, Andreas M. Antonopoulos explains the complexity of cloud computing security from an auditor’s point of view. As cloud computing becomes mainstream, the questions of location, ownership and control become major concerns. In response to these concerns, Andreas raises an interesting point—“We do not need to own the assets in order to exert security, anymore than we need to own the Internet in order to trust a VPN”. What are your thoughts on Andreas’ point? Do you agree or disagree? Network Computing… Does Windows 7 Make VPNs Obsolete? Blogger, Alexander Wolfe describes Windows 7’s DirectAccess and Windows Server 2008 R2. There are clear benefits of using the DirectAccess feature, however, if your company does not upgrade its’ sever to 2008 R2—you are out of luck. NCP Secure Entry Client does not require this upgrades, and will work with existing equipment. Inside INTEROP Blog… Working the Mobile Enterprise Blogger, Curt Franklin loves his iPhone, but expresses his concern about the security issues associated with it, particularly, using it for work. With employees accessing confidential documents on their phones (and laptops), it is important to protect your information with encryption and OTP password tokens and certificates through a VPN—this way information is not spied out, and information remains...

What We’re Reading, Week of 9/14

ComputerWorld… Cloud security through control vs. ownership Guest writer and analyst, Andreas M. Antonopoulos explains the complexity of cloud computing security from an auditor’s point of view. As cloud computing becomes mainstream, the questions of location, ownership and control become major concerns. In response to these concerns, Andreas raises an interesting point—“We do not need to own the assets in order to exert security, anymore than we need to own the Internet in order to trust a VPN”. What are your thoughts on Andreas’ point? Do you agree or disagree? Network Computing… Does Windows 7 Make VPNs Obsolete? Blogger, Alexander Wolfe describes Windows 7’s DirectAccess and Windows Server 2008 R2. There are clear benefits of using the DirectAccess feature, however, if your company does not upgrade its’ sever to 2008 R2—you are out of luck. NCP Secure Entry Client does not require this upgrades, and will work with existing equipment. Inside INTEROP Blog… Working the Mobile Enterprise Blogger, Curt Franklin loves his iPhone, but expresses his concern about the security issues associated with it, particularly, using it for work. With employees accessing confidential documents on their phones (and laptops), it is important to protect your information with encryption and OTP password tokens and certificates through a VPN—this way information is not spied out, and information remains...