KB2871630 was a non-security patch that was intended to address problems with performance and stability. But after it was installed, users discovered that the folder pane in Outlook 2013 was empty.  This made for some very unhappy customers, although uninstalling the patch does return the folder pane intact. The update was removed from Windows Update and WSUS. Microsoft published a blog post on TechNet about the issue.

Meanwhile, some users are reporting an “endless loop” problem whereby some of the other patches keep installing over and over. This has been reported in regard to KB2760411, KB2760588 and KB2760583. In addition, some are getting an error message when they try to install KB28100009.

Stay tuned and we’ll let you know of any new developments.

Only four of the September patches are rated critical, although eight carry the possibility of remote code execution and three others present the risk of elevation of privileges. Supported Windows operating systems, from XP to Windows 8/RT, are affected by one or more of these updates.

We’ll take a brief look at each of the updates individually, beginning with those rated critical. Unless otherwise indicated, the patches apply to both 32 and 64 bit operating systems. All of these patches may require a system restart after installation. For more details about each update, see the Microsoft Security Bulletin (linked).

CRITICAL

MS13-067 (KB2834052) Affects SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3, SharePoint Server 2010 SP1, SharePoint Server 2010 SP2, and SharePoint Server 2013 (including SharePoint Foundation 2013), along with Microsoft Office Web Apps 2010 SP 1 and 2, specifically the Excel and Word web apps. The Excel Services, Microsoft Business Productivity Servers component, and Word Automation Services On SharePoint Server 2007 and 2010 are impacted.  The critical rating applies to all the versions of SharePoint except SharePoint Server 2013, for which it is rated important.

This update addresses ten vulnerabilities that include the possibility of remote code execution. It corrects the problem by enabling machine authentication check (MAC) and making corrections to the way SharePoint, Microsoft Office Services and Web apps handle request sanitization, undefined workflows and parsing of specially crafted files.

MS13-068 (KB2756473) Affects supported versions of Office 2007 and 2010, specifically Outlook. It does not affect Office 2003 SP1 or Office 2013/2013 RT, nor does it affect editions of Office that don’t include Outlook. It’s rated critical for all affected software.

This update addresses one vulnerability in Microsoft Outlook that was privately reported by Alexander Kink of n.runs AG. If a user opens a specially crafted email message in an affected version of Outlook, it could result in remote code execution. The update corrects the way Outlook parses specially crafted S/MIME messages.

MS13-069 (KB2870699) Affects all currently supported versions of Internet Explorer (6, 7, 8, 9 and 10) running on all currently supported and released operating systems. It does not affect Internet Explorer 11, which is available as a developer preview and as part of the (not yet released) Windows 8.1 and Windows Server 2012 R2 operating systems. It also does not affect Server Core installations, which do not include the web browser. The critical rating applies to IE running on client operating systems (XP, Vista, Windows 7, 8 and RT). It is rated critical for IE on server operating systems.

This is a cumulative security update for IE that also addresses 10 vulnerabilities that were privately reported through HP’s Zero Day Initiative and by Google Security Team members, which could result in remote code execution.

MS13-070 (KB2876217) Affects supported versions of Windows XP and Windows Server 2003 only. Other versions of Windows client and server operating systems are not affected. The critical rating applies to all affected operating systems.

This update addresses a vulnerability that was reported privately by a member of HP’s Zero Day Initiative, which could result in remote code execution. The exploit would involve a specially crafted OLE file that would need to be opened by the user for a successful attack.

IMPORTANT

MS13-071 (KB2864063) Affects supported versions of Windows XP and Vista, as well as supported versions of Server 2003 and 2008 (except Server Core installation). Does not affect later released operating systems (Windows 7, 8, RT and Windows Server 2008 R2 or Server 2012). Also does not affect operating systems currently in preview (Windows 8.1 and Server 2012 R2). It’s rated important, rather than critical, because user action is required for an attack to succeed.

This update addresses another privately reported vulnerability that could allow remote code execution. In this case, it’s accomplished by getting a user to apply a Windows theme that is specially crafted by the attacker.  The update corrects the way theme files and screensavers are handled.

MS13-072 (KB2845537) Affects supported versions of Microsoft Office 2003, 2007 and 2010, specifically Microsoft Word. The Microsoft Office Compatibility Pack SP3 (which is used to open the new XML-based Office format files with older versions of Office) and the Microsoft Word Viewer that’s used to open Word documents without having Word installed. Office 2013 (including 2013 RT) is not affected, nor is Office for Mac 2011. It’s rated Important for all affected software.

This update addresses thirteen vulnerabilities that were reported by members of the Google Security Team and Positive Technologies personnel. Opening a specially crafted file in an unpatched, affected version of Word or Word Viewer could allow remote code execution. The update corrects the way the XML parser in Word parses these files.

MS13-073 (KB2858300) Affects supported versions of Microsoft Office 2003, 2007, 2010 and 2013 (including 2013 RT), specifically Microsoft Excel. The Compatibility Pack SP3 and Excel Viewer are also affected, and in this case Office for Mac 2011 is also affected. It’s rated Important for all affected software.

This update addresses three vulnerabilities that were privately reported by members of CERT/CC and Positive Technologies. Opening a specially crafted file in an affected version of Excel or Excel Viewer could result in remote code execution. The update corrects the way the XML parser in Excel handles these files.

MS13-074 (KB2848637) Affects supported versions of Office 2007, 2010 and 2013, specifically Microsoft Access. Does not affect Office 2003 SP3. Also does not affect editions of Office that don’t include Access (such as Office 2013 RT and Office for Mac 2011, or the Home and Student editions, etc.). It’s rated Important for all affected software.

This update addresses three vulnerabilities that were privately reported by a member of Secunia SVCRP.  Opening a specially crated file in an affected version of Access could result in remote code execution. The update corrects the way the XML parser in Access handles these files.

MS13-075 (KB2878687) Affects Microsoft Office 2010 SP1 only, with Pinyin IME (Simplified Chinese).  Microsoft Office 2010 SP2 is not affected, nor are supported versions of Office 2007 and 2013/2013 RT. Other versions of the Simplified Chinese IME are not affected. It’s rated important for affected software.

This update addresses a vulnerability in the Office Pinyin Input Method Editor component for the Simplified Chinese language that was privately reported by Wei Wang of VulnHunt. It can be exploited by launching IE from the toolbar on a computer running the Simplified Chinese Pinyin IME, which could allow the attacker to run code in kernel mode. The update corrects the way the IME exposes configuration options.

MS13-076 (KB2876315)  Affects all currently supported released versions of Windows client and server operations systems (XP, Vista, Windows 7, 8 and RT as well as Server 2003, 2008/2008 R2, and 2012), including Server Core installations. Preview versions of Windows 8.1/8.1 RT and Server 2012 R2 are not affected. It’s rated important for all affected software.

This update addresses seven vulnerabilities that were privately reported by Google and Qihoo 360 Security Center personnel. If an attacker is able to log onto the system and run a specially crafted application, this could result in elevation of privileges. The update fixes the problem by correcting the way the kernel-mode driver handles objects in memory.

MS13-077 (KB2872339) Affects Windows 7 SP1 and Server 2008 R2 SP1, including Server Core installations. Other versions of Windows client and server (XP, Vista, Windows 8 and RT, Server 2003, 2008, and 2012) are not affected.  Preview versions of Windows 8.1/8.1 RT and Server 2012 R2 are also not affected. It’s rated important for affected software.

This update addresses one vulnerability that was privately reported. An attacker would have to persuade an authenticated user to execute an application or be able to log on locally in order to successfully exploit it, in which case it could result in elevation of privileges. The update fixes the problem by correcting the way the Service Control Manager handles objects in memory.

MS13-078 (KB2825621) Affects FrontPage 2003 SP3. It does not affect any version of Microsoft SharePoint Designer. It’s unclear from the bulletin whether Expression Web is affected. It’s rated important.

This update addresses one vulnerability that was privately reported by a member of Positive Technologies. If a user opened a specially crafted FrontPage file with the affected software, it could result in disclosure of information. The update fixes the problem by correcting the way FrontPage handles Document Type Definitions (DTD).

MS13-079 (KB2853587)  Affects supported versions of Windows Vista, 7 and 8, as well as Server 2008 and 2008 R2 for x86 and x64 and 2012. This includes Server Core installations. It does not affect supported released versions of XP or RT, nor Server 2003, 2008 and 2008 R2 for Itanium. It also does not affect preview versions of Windows 8.1/8.1 RT or Server 2012 R2 (including Server Core). It’s rated important.

This update addresses one vulnerability in Active Directory that was privately reported. If an attacker sends a specially crafted query to the LDAP service in AD, it could result in a denial of service (DoS) attack. The update fixes the problem by correcting the way LDAP handles such queries.

SUMMARY

This will be a moderately heavy patching load for organizations running the affected versions of Windows and Microsoft Office. We will be keeping an eye out for any problems that might emerge with any of these patches and will report them here on this blog. We’ll also be posting a summary of some of the most important third party patch releases for the month, and other patch-related news, so please stay tuned.

New update since this month’s Patch Tuesday: see here  

There are a number of reasons that some companies have made the decision to hang onto XP until the very end. Change is never easy; in the IT world, it often means hidden costs, a steep learning curve (for both admins and users) and unexpected bumps in the road in the form of hardware and software incompatibilities. No wonder the philosophy of “if it’s not broke, don’t fix it” is popular. The problem is that a Windows XP that’s frozen in time in terms of security is going to be irretrievably broken.

Some XP users have been in denial, even speculating that there would be a last-minute “bailout” to extend support if only enough individuals and companies are still using XP when the deadline arrives. Even some experts believed, less than a year ago, that Microsoft would “have no choice but to continue supporting XP.”  However, Microsoft has made it clear that they are serious about XP’s end of life date. Critical updates will be provided only to companies with Premier Support contracts who also purchase a Custom Support option. Few companies can afford that, with fees reportedly starting at more than half a million dollars per year.

What does this mean to everyone else? To hackers, it means a golden opportunity. To Windows XP users, from home to enterprise, it means no more patches. It means any new vulnerabilities that are discovered will be wide open for attackers to exploit, unless third parties take it upon themselves to create fixes. That may not be possible even if there are third parties who want to take on the expense (and possible liability) of doing it. Because Windows source code is closed, those outside the company can’t legally modify it without Microsoft’s permission.

Although security companies such as Symantec have announced that they will continue to release antivirus definitions for XP “for the current product cycle,” they also caution that the lack of OS and application patches will still negatively impact the security level of Windows XP systems. McAfee says they will continue to support XP SP3 after April “for a limited time, as long as it is technically and commercially reasonable.” In the security ecosystem, AV, antimalware, vendor-provided updates and other security mechanisms must work together in a multi-layered security approach.

All of this means the potential for huge hits to the bottom line due to downtime and lost productivity when (not “if”) unprotected XP systems are compromised. And it’s not only about direct monetary loss. If unpatched systems result in exposure of client data, companies may find themselves not only losing business, but in violation of the law. In regulated industries, companies have a legal obligation to reasonably protect such data and not doing so could subject you to fines or even criminal charges.  In any industry, failure to secure systems could be viewed as negligence, resulting in civil lawsuits.

Statutory requirements in some countries, such as the U.K., explicitly impose a duty to have “modern and up-to-date software” as part of privacy laws. In other countries, such as the U.S., the standard is based on what would be considered reasonable and prudent and thus is open to interpretation by the courts. Even if a company escapes legal repercussions in the wake of an XP-related breach, media attention can drive customers away. Trust is a big factor in the business/customer relationship and a major security breach can damage a company’s reputation in ways from which it may never recover.

According to the August statistics from NetMarketShare, slightly more than a third of PCs worldwide (33.66 percent) were still running Windows XP and the Washington Post reported that Microsoft’s own statistics show about 30 percent of SMB customers haven’t yet upgraded. It’s time for the companies in that position to develop a plan – sooner rather than later.

GFI Cloud™ is offering free asset tracking which will help you start your plan by finding out which workstations are still using Windows XP.

A web search for “security updates” indicates that there is plenty of information out there, but the number of hits can only measure quantity, not quality. Meanwhile, many IT pros have told me they feel as if they’re operating in the dark when it comes to keeping the systems on their networks up to date.  They simply take it on faith that Auto Update, WSUS (Windows Server Update Services), and/or their third party patch management solution will keep them safe.

Software developers today work hard to build security into their code from the beginning, but modern programs are complex. “Black hat” hackers and attackers are always one step ahead, diligently searching for hidden vulnerabilities. No matter how hard developers try, there are bound to be security flaws that can potentially be exploited. Thus patching – the application of security updates issued by vendors of operating systems and applications – is a big part of every IT admin’s and IT security professional’s life.

With a way of automating the process, just keeping up with all the patches issued by various vendors can threaten to become a full-time job. Small and mid-sized business and enterprise networks typically run numerous applications and services on top of server and client operating systems, as well as the operating systems that power routers, switches and other network equipment.  Vulnerabilities can be lurking in any of this software. Security researchers work diligently to uncover the flaws so they can be fixed before the bad guys develop exploits and release them into the wild.

For IT pros and end users, it’s a race to get patches installed before systems are compromised, but in the business environment, it’s also a delicate balancing act. Installing patches too quickly can result in unintended negative impact on the systems they’re intended to fix – as with some Microsoft updates released on August’s Patch Tuesday, one of which corrupted Exchange’s database and another of which caused Active Directory Federation Services to stop working.

It helps to have a good patch management solution. But even then, you need as much information as possible before you apply patches to your production systems. Down time results in lost productivity and, ultimately, costs the company money. Even if there are no “bad” patches in a particular batch, it’s useful to know the nature of the vulnerabilities that are being addressed and some of the details about the changes that are made to the software by the updates. Sure, you can find that out by slogging through Microsoft’s security bulletins (or the equivalent from other applicable vendors) but they aren’t always written in the most user-friendly language. That’s where this blog comes in.

My goal is to create a centralized place in cyberspace where IT pros can come to find the latest info on recently released security fixes, in plain, easy-to-understand language. We’ll provide enough information to help you make intelligent decisions without inundating you with repetitious or overly technical data that you don’t really need. We’ll follow up if subsequent installation and testing reveals that patches are causing problems. And unlike some blogs, we won’t focus exclusively on Microsoft patches; we’ll also cover important updates from other vendors.

I also want to solicit input from readers regarding the format and content of this blog – I want it to be your number one resource when it comes to staying on top of security updates.  Patching might not be as glamorous as some other aspects of IT security, but it’s the foundation on which a multi-layered security strategy is built.

Be the first to get these posts – Subscribe to our RSS feed or email feed (on the right hand side)!  

The software update process is intended to make systems more secure and head off potential problems for users and admins but as with anything else that gets done in a hurry, sometimes those good intentions go awry. That’s what happened this month with several updates that were issued on August 13 as part of Microsoft™’s monthly Patch Tuesday release. Eight updates were released to address 23 vulnerabilities, but within hours, serious problems were emerging as a result of applying the new patches and Microsoft began withdrawing the patches.

The first update to be yanked was MS-13-061/KB2876216, which was designed to fix three vulnerabilities in WebReady Document Viewing and Data Loss Prevention features of Exchange Server 2007, 2010 and 2013 and was one of three updates rated critical.  As luck would have it, I was on a ship in the middle of the Caribbean when the news broke. By the time I got back to the office, there were reports of troubles with more of last Tuesday’s patches.

The Exchange update causes a corruption of the Exchange index database, which can impact users who attempt to search for email stored on their company networks. Servers display a “failed” message for the content index database and you may find that the Microsoft Exchange Search Host Controller service has gone missing and has been replaced by a service called Host Controller service for Exchange. Because of the similarity of the names, admins might not have immediately noticed this change.

The screenshot below shows the correct service name. If you can’t find this service in the list, look for the alternate name; this indicates that the patch has modified your database and you need to proceed with “fixing the fix.”

The good news is that if you installed the update, there’s a workaround to restore the service name. The bad news is that it requires you to edit the registry. Microsoft released KB2879739 with instructions for implementing the workaround.

The second patch problem emerged as companies applying the patches discovered that some of the updates were causing Active Directory Federation Services (ADFS) to stop working. Microsoft confirmed that updates KB 2843638, 2843639 and 2868846 (security bulletin MS-13-066) were the culprits. Installing 2843639 without having previously installed 2790338 was creating issues, and Microsoft published a list of “additional steps required to install this security update.” UPDATE: Microsoft has updated the original bulletin (MS13-066) and provided an update (2843638) for the vulnerability in Active Directory Federation Services.  

The problematic patches have been removed from Windows Update and the Download Center.

Microsoft and other software vendors walk a fine line between the rush to get security fixes out as quickly as possible in order to protect customers from potential exploits of existing vulnerabilities and the need to test those fixes as thoroughly as possible to detect “unintended consequences” such as those associated with several of this month’s updates. It’s important for corporate IT departments to have a program in place for testing patches on their own system configurations before deploying them on a widespread basis over the production network. Automating patch management makes the whole process easier; making sure your patch management software supports testing and having a regular testing program in place will make your life easier when the inevitable accident happens.

I’ve been using Windows 8 since early betas and overall, I like it. It’s faster and smoother and I appreciate tools like the new Task Manager as well as its enhanced support for multiple monitors. But I know I’m not the typical user. And although I like the touch-friendly UI on my Surface tablet, I sometimes find it frustrating when I’m working with my desktop system that has three large monitors that aren’t touch-enabled. The vast majority of business computers are still desktops without touch, so I can understand why they’re hesitant to upgrade.

Now Microsoft is heavily marketing the first major update, Windows 8.1, to businesses. Many of the new features seem designed to appeal to enterprise customers. Will it be enough to win companies over?  Or will Windows 7 turn into the new XP, with companies hanging onto it for a decade?

At TechEd 2013 in New Orleans, Microsoft revealed the details about new and improved features that will come with the Windows 8.1 update (formerly known by its code name “Blue”). Some of those features are more focused on consumers while others will appeal to business users, making them more productive in the office and on the road.

By now, everyone knows that Windows 8.1 brings back the Start button on the desktop – but not the Start menu. The button will take you back to the Windows 8 Start screen, which can be configured to display the All Apps screen instead of the live tiles for those who prefer it. While this falls short of what many “8 haters” were hoping for, it should make the learning curve slightly less steep for users who are encountering the new operating system for the first time – and in the business world, that means fewer help desk calls.

Another much-asked-for addition to Windows 8.1 is the ability to configure settings so that the computer will boot directly to the desktop, without installing a third party application. Business users, especially, may prefer to bypass the Windows 8 tiled Start screen and spend most of their computing time in the more familiar Windows desktop environment, and this makes it easier to do that.

The improvements to VPN functionality will benefit business users, as now Windows 8.1 will automatically prompt them to log into the VPN if an app needs to access resources that are accessed through the VPN. That applies to third party VPNs, too.  And users who are traveling on business will appreciate the ability to easily turn their Windows 8.1 laptops/tablets into wi-fi hotspots to which they can tether their phones or additional tablets and laptops to share a single Internet connection.

IT admins will appreciate the new “workplace join” feature that gives them more fine-tuned control over resources on the company network and users will like that it allows them to work from more of their devices. It works by providing a way to register devices that aren’t full-fledged domain members so that they get access to needed resources without compromising IT’s control. In addition, devices that aren’t domain members can now sync with file shares located on the corporate network through the Work Folders feature and IT can enforce Dynamic Access Control policies and Rights Management.

For those companies deploying a Virtual Desktop Infrastructure (VDI), Windows 8.1 has made improvements to the VDI user experience. It’s now faster, RemoteApps behave more like local apps, and multiple monitor support has been improved.

Perhaps most important of all for businesses, there are a number of improvements to security features baked into Windows 8.1. The new version of IE (11) has a new antimalware scanning capability of binary extensions such as ActiveX before executing the code and Windows Defender gets network behavior monitoring to help better detect malware.

Businesses will be able to wipe corporate data from a user’s device without wiping personal data, which is important in this BYOD era. Assigned Access allows you to set up particular devices for a specific purpose and lock them down to run a single app, which can be useful in a kiosk environment and other situations. Biometric (fingerprint) support has been improved, too, to work with Windows logon, remote access, UAC and so forth).

That’s a hefty basket of goodies to attempt to lure companies into upgrading (and there are more, such as NFC printing and Wi-Fi direct printing and wireless projection). What Microsoft didn’t include, despite user pleas (the old-style Start menu) can be added with third party solutions such as Start 8 to make the upgrade transition easier for users. However, many companies have fallen into an “every other new OS” pattern of upgrading after skipping Windows Vista and going directly from XP to Windows 7.  Will they see Windows 8.1 as enough of a “new” OS to fit into that pattern?  When Windows 8.1 is released this fall, we’ll begin to find out.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them! 

One could argue that the IT profession today is where the medical and legal professions were two centuries ago. There’s no formal training, testing or governmental approval required to become an IT practitioner.  Some believe it’s time for that to change. They postulate that in a world where all networks are connected to one another through the global Internet, an incompetent network admin can be responsible for grave damage to companies, individuals and national infrastructures.

Does the current move toward the cloud provide an opportunity to rethink the qualifications for IT positions? What are the pros and cons of going to a “licensed professional” model?

Licensing isn’t reserved for just those “high end” professions mentioned above. From amusement ride inspectors to well diggers, plumbers to hairdressers, the state and/or professional organizations regulate occupations of all sorts at all levels of income. Some states license dog breeders, palm readers, boxers, egg handlers and other unlikely occupations. New York State licenses 126 occupations. The rationale is protection of the public and those individuals or companies who utilize the services, although of course there is almost always a monetary cost to the licensee, which may or may not cover or exceed the actual cost of administering the licensing program.

Licensees are usually required to complete a certain amount of continuing education in their fields in order to renew their licenses on a specified regular basis (which of course means additional on-going costs). A disadvantage (to the public) of licensing is that it can drive up the cost of the services performed by the licensed personnel, both by imposing costs on them that must be recouped and by creating an artificial shortage of qualified personnel. Of course, this is beneficial to those who are licensed professionals.

Some argue that licensing requirements stifle competition by imposing extra cost and sometimes irrelevant educational prerequisites on those who want to practice an occupation or profession, and that issuance is sometimes based on subjective criteria, which can allow those within the profession to exclude others they deem “undesirable” for reasons that have nothing to do with job abilities. In addition, licensing boards are usually made up of political appointees who may have their own agendas.

The closest thing to licensing that the IT industry has had, for a long time, is certification. There are hundreds of different IT certs available. Software vendors operate programs to train and test IT pros in the use of their products and issue certifications such as the MCSE (Microsoft), IBM DBA (IBM) or CCIE (Cisco) in recognition of demonstration of competency according to their standards. Vendor-independent organizations such as CompTIA and SANS also provide testing and certification in network administration and security that are not tied to particular product lines.

The big difference between licensing and certification is that the latter isn’t mandatory in order to get a job in the profession, although certified professionals may command higher pay and find it easier to get a job. Companies can set hiring policies that require certification, but they’re free to hire uncertified IT pros if they want. Generally, performing the duties of a licensed professional without a license can carry heavy penalties, such as fines or even imprisonment under the criminal laws, and/or civil lawsuits.

Those who favor the licensing model for IT pros point out that the complexity of computer networking approaches that of law and medicine, and that the ramifications of mistakes on the part of IT professionals can have similar negative impact. Those who are not in favor of licensing argue that the standards for legal and medical professionals, as well as those for most other licensed occupations, are much more established and grew out of centuries of evolution of those occupations.

Computer networking has only been around since the 1950s and widespread Internet connectivity for businesses and individuals didn’t come about until the 1990s, less than half a century ago. Thus those standards are much less absolute. Creating licensing exams that truly measure a candidate’s ability to do the job would be a challenge. Certification exams tend to be very specific, focusing on a particular vendor’s product(s) or on a specialty area (such as security) or be overly broad and high level to the point where the cert doesn’t guarantee any real in-depth knowledge of the subject matter. There is also the issue that some people who can do a job well don’t perform well on written exams, and hands-on exams (such as the CCIE) are very time-consuming and expensive to administer.

For the IT pros themselves, there would be both benefits and drawbacks to a licensing mandate. Those who made the cut might enjoy increased compensation and greater status – but entering the profession would be considerably more difficult. Am I in favor of licensing IT pros? No. Do I believe it’s inevitable, sooner or later? Probably.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

About 10 years ago, I got my first precursor to the modern “smart phone” – an HP iPAQ running Microsoft’s Pocket PC operating system. At that time, I never could have dreamed that one day the phone in my pocket would have more RAM and a more powerful processor than the desktop computer I was using back then. Today’s smart phones are handheld computers in every sense of the word, and workers are using them that way, both for personal and work-related tasks.

Mobile technology is a great convenience for users and the BYOD trend has saved companies money, but security got substantially more difficult when all those roaming endpoints came into the picture. It’s far easier to control on-premises workstations that stay put; with smart phones, tablets and laptops, you never know where they’ve been and what their users/owners have been doing with them prior to connecting them to your company network.

The proliferation of mobile devices greatly increases the risk of data leakage – the unauthorized transfer of internal data to persons or places outside the company. This could be company financial information, trade secrets, intellectual property, personal information about clients or employees, or any other type of data that should remain confidential. Mobile devices facilitate both intentional and unintentional leakage. Most studies show that a very large percentage of data leakage is unintentional, but that makes it no less damaging.

Data leakage can take place through many different vectors, including traditional email, web mail, instant messaging, malicious web pages, theft or loss of devices to which company information has been downloaded or on which it has been created and saved, and more.

In a world where so many of the endpoint devices on our networks are located physically outside of the perimeter, the importance of edge-based firewalls has faded into the background and securing the endpoint has become the logical focus of our new security paradigm. The endpoint has also become the favorite target of hackers and attackers, who see it as an easy way into the network.

Just as retailers and other businesses that maintain product inventory institute loss prevention programs to prevent theft of tangible goods, IT departments now recognize that data loss prevention measures play a vital role in protecting the company from the consequences of data leakage.

This means you need to be able to control what information travels to and from the mobile endpoints, and identify potential leakage sources. Mobile devices need to be monitored just as closely as stationary desktops are – or even more so, due to the heightened risk. You want to know when new devices connect to the network and you want to know what they’re doing after they connect. A good endpoint security solution will give you the ability to see into the activities of the mobile devices on your network and even track the specific files that are transferred to and from those devices.

However, protecting the endpoint – and protecting the network from the endpoint – needs to go further than that. With real-time alerts, you can take action when suspicious activity occurs. Even so, there may be times when data leakage occurs. Thus you want to ensure any data that gets into the wrong hands is rendered indecipherable. That can be accomplished by encrypting data on the devices and using encrypted, secure connections to transmit data between the endpoints and the company network.

In the past, endpoint security consisted primarily of antivirus software and maybe a host firewall. Today, with the perimeter walls figuratively falling down as the local network changes from a stable and geographically contained entity to a fluid one where devices move in, out and through, that’s no longer sufficient. The endpoints, particularly mobile endpoints, are the weakest link in the security chain. If your security strategy is aimed primarily at protecting your servers, it’s time to take a look at the endpoints.

Fast forward to today. Companies are utilizing cloud services in droves, but IT admins are still around, and they’re busier than ever. The era when admins sat in the server room all day are in the past. You’re just as likely to be on the go, maybe bouncing between multiple physical locations as your network expands beyond the boundaries of your company’s main premises. And with the budget limitations under which many companies are operating, you just might be on call 24/7. Instead of having nothing to do, many of you are feeling more overworked than ever.

One way to make your tough job easier is to give you the ability to monitor what’s going on with all of the computers on your network and fix any problems that arise without having to trek down to the office. That’s where cloud-based monitoring, management and remote control can make the difference.

Sure, we’ve been able to access, monitor and manage our servers remotely for a long time, and there are already a number of different ways to do it. Remember the excitement when KVM over IP was introduced? Raise your hand if you remember PCAnywhere. Yes, Virginia, there was a time when Microsoft servers didn’t have Remote Desktop Protocol (RDP) services built in. What, exactly, does cloud-based monitoring give you that those other methods didn’t?

For one thing, it saves you precious time by automating the process of monitoring and managing your servers and workstations. But wait – automated monitoring is already available to you through solutions such as System Center, SolarWinds, WhatsUp Gold and others. Why should you consider paying a subscription fee for “monitoring as a service” when you can buy monitoring software and run it on-premises?

The answer is that it can cut costs, both directly and by freeing you of the chore of maintaining the hardware and software that make up an on-premises monitoring solution. There’s no hefty capital investment required. You don’t have to worry about patching and upgrading the monitoring software.  Deployment takes less than a day instead of days or weeks. With some services, you can be up and running literally in minutes. You don’t have to worry about installing any special software on the machine from which you’re monitoring (although you might have to install agents on the monitored computers).

Once it’s configured, there’s very little learning curve. Everything you need to see is all in one place and it’s easy for you to access it no matter where you are, as long as you have an Internet connection. You don’t have to worry about establishing a VPN connection. You don’t have to worry about RDP issues.  You can do everything from a web-based console.  You can log on with a mobile device, so you don’t even have to be at a computer to keep tabs on the state of the network. In all likelihood, you would not be able to provide the same degree of redundancy (and thus reliability) for an on-premises monitoring solution that a service provider can give you. You get to take advantage of the economies of scale without spending a fortune.

At this point, you may be wondering: What about security? That’s been one of the biggest concerns of organizations that are considering cloud-based services – but is the cloud inherently less secure?  If you think about it, you’ll realize that an on-premises network that’s connected to the cloud is exposed to the same threats as those that might impact a hosted service. The biggest difference lies in who has control – and the corresponding responsibility – for implementing security measures to counter those threats. And if you think it through even further, you’ll realize that it’s very likely a good cloud services provider will invest as much or more money, personnel and other resources in securing their services. Their reputation depends on it, and it’s an integral part of their business model, whereas your company quite naturally focuses its resources on its own primary business, which probably isn’t IT.

Let’s face it: There are probably some computing tasks that your company will never trust to an outside provider, but server/workstation/mobile monitoring and management is one area where going to the cloud, sooner rather than later, can really make good business sense.

See for yourself how easy it is to manage and secure all your servers, workstations and laptops while you’re on the move – You can start a free 30-day trial of GFI Cloud today!

In the IT world, network admins often find themselves in the DIY role for different reasons. Some are just control freaks – you almost have to be, to some degree, to do the job properly – and they subscribe to the notion that if you want something done right, you have to do it yourself. Others are placed in the DIY position out of necessity; budgetary restrictions or management decisions originating “upstairs” may force you to take on projects that are beyond your level of expertise or for which you don’t have time.

Email archiving is one of those tasks that would seem, at first glance, to be an easy fit for DIY.  To “old school” folks, archiving is a pretty simple and straightforward thing; it just means storing old records somewhere, separate from current working files. However, modern archiving is a bit more complicated than that.

First we need to look at why we archive records in general, and email in particular. There are a number of business reasons for keeping old messages. A high percentage of business communications today are conducted via email. Having access to past messages is a part of business continuity, whether in the more familiar sense of recovery from a disaster or in the broader sense of maintaining consistency and avoiding reinvention of the wheel, as well as verifying and understanding the reasoning behind past decisions and actions. Personnel turnover can result in chaos, but if a history of discussions about a particular project or issue has been preserved, new employees and managers can get up to speed in their roles much more easily and quickly. Email messages may also yield valuable information that is needed in case of an internal personnel investigation or an audit.

However, there’s an even more compelling reason to archive email messages. In many cases, it’s the law. Governmental and regulatory agencies often require businesses to retain email messages in order to be in compliance with their standards. Not only might you be required to keep the messages, but you also may be legally obligated to ensure that they are stored securely.

Even if your organization doesn’t belong to a regulated industry, email messages are frequently a prime target in the discovery process in case of a civil lawsuit (e-discovery). In the U.S., the Federal Rules of Civil Procedure say that all emails and other communications files that may be relevant to current or future litigation must be produced when requested in a lawsuit. Failure to comply with the FRCP can subject you to penalties that include fines, sanctions, or contempt of court charges and can result in your organization losing the lawsuit.

Email messages may also be subpoenaed in the case of a criminal investigation. When email messages become evidence in a legal proceeding, you may have to do more than simply produce the messages. You may also have to prove that they are authentic and haven’t been changed or tampered with.  A few years ago, I co-authored a white paper with Mike Wolf at Microsoft (Establishing the Foundation of Authenticity for Electronically Stored Information: Strategies Using Microsoft Technologies) that explored this issue in some detail.

When you take all these factors into consideration, email archiving starts to look like very serious business, and something that you might want to leave to the professionals, in the same way you probably wouldn’t attempt to perform surgery on yourself or act as your own attorney in court.

The solution might be to contract with a provider of hosted email archiving services – and let them manage your archiving for you. But you might be (understandably) wary of storing all those messages, some containing sensitive information, in a cloud-based service. That’s why it’s important to use a provider you can trust – a company with a long history of focusing on security as well as email archiving. Archiving can be integrated into a comprehensive email security solution that also protects against spam, email-based malware and can even block inappropriate outbound messages.

There are a number of good reasons to consider integrating email security and storage and taking it “to the cloud” and the security of your archive is an important one.

If you’re looking for a cloud-based email security, continuity and archiving solution, have a look at GFI MailEssentials® Online, or register for a free trial and give it a spin today!