Sadly, if you run an IT department, you’re probably used to IT being a reducible cost when budgets get tight, and with not much light visible at the end of the economic tunnel; this is unlikely to change any time soon.

With this in mind, it makes sense to take steps to make agility a priority for your IT infrastructure.

Although some “old school” IT managers remain stubbornly resistant to the attractions of cloud services, these individuals are becoming increasingly isolated. A recent survey from North Bridge Venture Partners, in association with GigaOM Research, revealed that 75% of respondents are now using some form of cloud service within their IT infrastructure.

One reason for the continuing march towards the cloud is the obvious and high profile push from major vendors. The past year has seen two great examples of this:

1. Microsoft discontinuing Small Business Server, the backbone of a vast number of SMB networks, in a move to push the sector towards the cloud.
2. Adobe making all future releases of their industry-leading Creative Suite products available exclusively “as a service” via Adobe Creative Cloud.

The good news for your IT department is that in reality you are far better served by the new generation of cloud services than you were by the old way of doing things.

Consider the rollout of a new system: Previously, you would have to base license counts and storage capacities on vague predictions. While this may have worked during boom times, it’s not a great model when times are hard and every penny counts. Now, you can roll out the same functionality with a cloud service but pay only for what you need right now. If demand for the system increases, cloud services bring inherent scalability. This is clearly preferable to the risk of disaster if you didn’t get the server specifications quite right.

If you’ve not been keeping track of the cloud-based alternatives to some of the things you do internally, it’s well worth having another look at the marketplace. Cloud service providers have been very responsive to customer needs and have done much to eliminate the doubts of all but the most traditional IT people!

At the same time, the focus of products has undergone some change. The very fact that businesses are now buying a service has not gone unnoticed; something illustrated by the fact that in-depth reporting for the business is almost a “given” on the features list of industry-leading cloud products.

Meanwhile, the datacenter infrastructures supporting these cloud systems have developed to use advanced multi-tenancy technology, which keeps prices low as well as ensuring clients’ data are compartmentalized and secure.

There’s no longer any IT service that can’t be handled from the cloud, from core user-facing systems that handle all the file, print and authentication that used to require “on premise” systems, to all of the back-end stuff that the IT department needs but the business always resents paying for: antivirus, patch management and monitoring being just three. It makes sense for the business to pay only for what it needs right now, rather than predict needs too far ahead, and cloud services exist that allow this to be the reality.

So, in conclusion, however long you’ve been in the industry, try not to fight progress. Cloud services are now very much “up to standard”, and provide you with the tools you need to provide a first class, agile IT service that management is sure to appreciate.

Want to learn more? Visit our website to find how GFI Cloud can keep your IT department agile with antivirus, patch management, monitoring and asset tracking all managed from the cloud.  Start a free trial and give cloud services a go!

The VBSpam comparative testing is a regular independent comparison of anti-spam solutions which offers its readers the best impartial advice about anti-spam security and products on offer. The certification is awarded to products that exceed a predefined threshold based on a combination of criteria relating to the products’ spam catch and false positive rates.

GFI MailEssentials met the VBSpam+ criteria in blocking a large percentage of emails in a live spam stream and identifying all but a very small percentage of emails in a live stream of legitimate emails.

Want to learn more about this product? Check out GFI MailEssentials, or register for a free 30-day trial and give it a spin today! 

IT solutions that save money and reduce financial risk

Date: August 22, 2013 – Time: 5 p.m. BST / 6 p.m. CEST – US: 9 a.m. PDT / 12 p.m. EDT

For most businesses email is the biggest, most critical source of company information. How are you managing this constant flow of information and addressing issues such as archiving, compliance, spam and network protection?

In this webcast Mary Watkins, ex FT reporter, shares some real life stories about companies who have learned about financial risk the hard way. We will also take a look at how organizations can create cost savings and limit risks significantly by having the right messaging and archiving systems in place.

Register now

Secure your network in minutes. Don’t let the bad guys win…

Date: August 27, 2013 – Time: 4 p.m. BST / 5 p.m. CEST – US: 8 a.m. PDT / 11 a.m. EDT

Security is paramount at Central Bank & Trust; more so, since a virus got in and did damage. Travis Homi, IT Manager at the bank shares his experiences around keeping the network secure; the challenges he faced, the solution he put in place and what he learned along the way. Join Travis, in our live webcast, hosted by Barclay Rae, an independent ITSM consultant and put your own questions to Travis during the live Q&A.

Register now

Securing your IT Infrastructure: Vigilance is the Watchword

Date: August 29, 2013 – Time: 5 p.m. BST / 6 p.m. CEST – US: 9 a.m. PDT / 12 p.m. EDT

The role of an IT administrator does not end when the network is set up and the necessary security measures are in place. The ongoing health and security of the network is also dependent on the business satisfying a number of laws and regulations which the IT administrator must be aware of. Furthermore, the admin must also monitor the network continuously for faults as well as suspicious/malicious activity.

In this webcast we will show you how to use log data analysis and other techniques to proactively address hardware faults, malicious intrusions and other unwelcomed issues in real time. As a result, you can avoid having to react after the incident has occurred when, often, the damage has already been done.

Register now

The Metrics That Matter: An Intelligent Approach for IT Service Providers

Date: August 29, 2013 – Time: 11:00 AM US EDT

Your business data may be the most powerful tool in your toolbox and if you’re not leveraging it you’re likely missing opportunities for optimization and growth. According to a recent survey that polled hundreds of IT Service providers around the world, best-in-class ITSPs are taking a data-driven approach to decision making. Please join us for a special webinar to review the findings of the 2013 IT Service Provider Benchmarking Study and hear what your peers had to say about:

• Essential metrics for running a successful business
• Identifying and measuring business efficiency, staff utilization, profitability, and client satisfaction
• Best practices

Our guest will be Leonard DiCostanzo, Senior Vice President of Community and Business Development of Autotask.

Register now

The results are based on a survey of more than 170 customers who use the GFI Cloud platform.

Functionality, ease-of-use and price were the three main reasons why the respondents chose the GFI Cloud solution, the survey shows.

Key Findings

The IT professionals who participated in the GFI survey revealed the following interesting facts:

1.     Centralized device management is crucial

50% of the IT professionals surveyed stated that the lack of a central view of devices and issues was a strong motivator in purchasing GFI Cloud.

This central view is particularly important given the increased mobility of the modern workforce, as is well illustrated by the next point.

2.     Managing remote devices is a headache for IT admins

38% of respondents complained about the difficulty of managing remote devices, such as laptops, and 32% worried about keeping them secure. This is perhaps an unsurprising reflection of how employees expect modern IT to be inherently more mobile.

The survey responses showed positive signs that GFI Cloud implementation is an effective way to make things easier for the IT team: 61% specifically highlighted that centralized management was easier post-implementation.

3.     Security is enhanced with the right solution

40% of the professionals questioned reported that they had experienced fewer security breaches due to antivirus and patch management since they implemented GFI Cloud.

38% also reported a more stable IT environment, with less unplanned downtime.

 4.     GFI Cloud saves money

While centralized IT admin and the desire to save time were both reported as strong motivators for the initial purchase of GFI Cloud, the survey results seem to imply that users of the product have also experienced unexpected cost savings.

41% of respondents reported that using GFI Cloud had reduced their costs, and 39% said that they were able to complete more tasks using fewer resources.

In totality, the survey responses present a clear picture of IT departments that are now able to enjoy a greater level of control over their infrastructures. Furthermore, the biggest “headaches” reported by respondents prior to implementation (lack of a central view, and managing and securing remote devices) are soundly addressed by the functionality of the GFI Cloud software.

The most significant finding from the survey is great news, both for GFI and for the customers who have selected the GFI Cloud package for their business:

Over 86% of respondents said that they would definitely recommend the product to others.

Finally, and worthy of a special mention, is the fact that 22% of respondents felt that implementing GFI Cloud had helped the IT department be seen as more of a business enabler than a “break / fix” team. In an age where IT is becoming so much more service-driven, it’s pleasing to see that such a change in perception can be born of the use of just one product.

Do you want to learn more about this product? Visit our website to find how GFI Cloud simplifies IT management with one centralized view of antivirus, workstation and server monitoring, patch management and asset tracking across all your servers, PCs and laptops on the move! See for yourself, with a free 30-day trial of GFI Cloud™.

Here are some of these stories I witnessed as an independent consultant: I present the 31 worst face-palm moments in IT.

1. On a project where I was a consultant, security declared a system in violation of security policy several weeks into the project. They had been advised of the overall plan before it began. When I asked to see the security policy, the security guru said the policy was confidential and couldn’t be shown to any non-employee. 95% of IT were contractors.

2. The project lead on another client engagement read an article about Java saying it was the next big thing. He declared that the project should switch to Java. What he didn’t understand was that Java was being shown as the next big thing…for security exploits!

3. Another customer’s PMO scheduled an all-hands meeting to go over the project plan. It was mandatory attendance for all team members on the project. The room they scheduled was too small by half, and had no projector. Picture if you can 12 people looking over someone’s shoulder at MS Project on a 14″ laptop screen.

4. I once saw management at another customer approve a mid-day DNS change because they were told it was zero risk. The DNS admin made the change to the zone, but forgot the trailing dot. As a result, it took down email for 20,000 people. It was the last mid-day change ever approved at that company.

5. Another customer’s ISP had a major outage which took down their entire office. My contact asked me why their office was down, so I explained that because they had opted not to provision a backup circuit from another provider, they were down until the ISP got things fixed. His first request was that I call the second provider I had recommended and get them to install a new circuit that day. The second was to see if they could borrow some bandwidth from my company’s connection. My office was across town. The Internet –it’s like a cup of sugar.

6. Here’s one for the Netware folks. I once was called in to a client to figure out why their server crashed and no one could access any data. It turns out that a junior admin saw that Z:, Y:, and X: all had exactly the same content. EXACTLY. THE. SAME. To save space on the file server, he went into X: and deleted everything there. He then switched to Y: only to see that it was now empty too. He probably would have then looked in Z: except that suddenly everyone starting complaining that their systems crashed.

7. Here’s another one for the Netware folks. I was called in to try to help figure out why Internet access suddenly stopped for one of the two offices this customer had. It turns out this is what happened. They built a Netware 4.11 server in one office. They configured IP and IPX, got everything the way they wanted it, and then drove it to the other office and plugged it in. They configured IPX for the new location, assigned it an ip.addr for that datacenter, and thought they were done. Suddenly, no one in the office could reach the original site, or the Internet. Packets kept coming back destination unreachable. The server might have had a new ip.addr, but it was running RIP, and considered that it was directly connected to the original network. Since that was also the default route to the Internet, it effectively took down an entire office until I finally figured out it was the new server as the source of the destination unreachable messages.

8. At another customer, an admin who wanted to experiment with P2V virtualized a physical host, pulled the network cable out of the back of the original and brought up the guest on a new VMware server. All went well for a couple of weeks until he went on vacation. As it turns out, he never licensed the VMware server, so it stopped functioning at the 30-day mark. Since none of his co-workers knew about his little experiment, all they knew was that a critical server went down. They rushed to the server room to find that the network cable had been pulled. It was quick to fix, but of course, this new server was now a month out of date for all data/changes to the application. A two-fold inquisition commenced to review the access logs and video to find who entered the server room to pull the cable out that morning, and also to find who restored a month old backup to this server. Three days later the original admin got back and sheepishly confessed all.

9. I once was working with a client that deployed a full rack of servers in datacenter A, for eventual deployment in datacenter B. When it came time to move them, I urged them to unrack the servers before transport. The shipping company assured my client it was going to be okay, so they loaded up the rack and sent it on its way. They got the rack to the datacenter B, started to lower the rack on the truck’s tail lift, when the whole thing overbalanced and dropped six feet to the pavement. Only two 1U servers survived to boot up.

10. This one is probably one many of you can relate to. A client had a new datacenter going in, and the cabling vendor was giving the orientation tour of what they had done. As they all leaned inwards to see a particular area, one of the admins started to lose his balance and reached out for the wall to support himself. Of course, as you can imagine, his hand came down right on top of the emergency actuator for the fire suppression system. I was in my client’s office at the time, heard the “BANG” of the actuation charge, and spun around to see them coming running out of the datacenter with a bank of fog rolling out behind them. That cover that should have been over the emergency fire actuator? It was on backorder and due to arrive the following week.

11. A similar story was relayed to me by another customer. A vendor was running some new fiber in the datacenter. As the two techs were laying out the fiber run, and one was slowly backing up as they unspooled and laid out the fiber, he backed right into the emergency power off switch for the datacenter. Again, there was no cover protecting the EPO from accidents.

12. Several years ago I was consulting with another customer on a video conferencing pilot. The team needed new hardware so we submitted a requisition to purchasing to obtain 20 new laptops for the video conferencing project. We provided the specific model number and the breakdown of all components, and explained it was for the video conferencing project in the justification paragraph. They placed the order, but when the laptops arrived, none of them had the built-in webcams that were specified. My client assumed the vendor screwed up and went to tell purchasing they needed to get it fixed, only to have them proudly tell him they saved the project $50 per laptop by not ordering webcams, since the business didn’t have any video conferencing deployed and there wasn’t a need for webcams.

13. I once consulted for a company that wanted to put in Cisco Telepresence into a new office. The vendor came in to do all their physical and sound measurements and certification criteria, and finally signed off on the room. The next team arrived a week later to do the install, only to declare the room unsatisfactory. Apparently, the first guy measured sound while the office was essentially empty. Before the second team arrived, the cooling units for the new datacenter were installed and turned on, and the hum of that system was too loud for Telepresence.

14. At the same company, and with the same Telepresence setup. For the very first conference between this office and HQ, one of the senior leadership could not make it, and wanted to dial in. Back then, Telepresence was a completely closed system. They had to steal a speaker phone from another room, quickly make a 60 foot Ethernet cable, and run it down the hall from the closest Ethernet drop so this remote VP could listen in.

15. I once was a consultant at a company that had dozens and dozens of conference rooms. Every one of them had a projector. None of them had a screen. They were glass boxes in the middle of the floor, with windows all around all four walls. They were called fish bowls for a reason. They used to have to take large pieces of easel paper and tape them to the windows to create a projection surface.

16. At another company I consulted with, their IT team wanted to manage all their DMZ servers using Active Directory, but didn’t trust traffic coming into the internal network from the DMZ. So they moved a domain controller out to the DMZ. Because that’s more secure.

17. I once consulted for another company that was in the process of deploying Lotus Notes. They couldn’t figure out how to get the client to work correctly, so they made everyone a domain admin. Every. Single. User. Domain Admin.

18. Another company I worked with needed to move their entire datacenter, essentially in a weekend, in what these days we call a forklift operation. Rather than planning out the required connectivity and security, management made the decision to just permit IP ANY between the DMZ, the database servers network, and the internal network, planning to “clean it all up later.” Later took over two years to finally arrive.

19. I once was a consultant for a company that was trying to adopt Oracle across all seven of its business units. They literally had over 100 consultants in a giant war room for over two years trying to get it all working. One CIO change later, the entire lot were sent home and the effort was abandoned. It’s not the choice to give up that was the face palm… that should have happened ages prior. It was that two years x 100 consultants x $$$ that was wasted because the previous CIO just couldn’t admit he had made a mistake.

20. An admin with too much power deleted a user account from Active Directory by mistake. In an attempt to “fix it” this admin chose to do an authoritative restore of AD from a one month old system state backup. For those of you who aren’t AD savvy, this had the effect of restoring the entire forest back to the state it was in a month ago. In a company of 30,000 users, you can imagine how much fun that was.

21. That same admin once configured restricted groups in AD, because he read that it helped with security. He added domain admins and enterprise admins to that list, but didn’t put any users into the Member Of tab.

22. I once saw a company implement a GPO to provide one user with rights to use RDP to connect to a server, with the unintended consequence of locking every other admin in the company out of every single server in the domain. It was a simple edit, to the Default Domain Policy.

23. I once provided some security consulting to a company that refused to implement any kind of proxy server, web content filtering, or anything else that would help control outbound Internet access. However, every year the CIO would demand that the security team found a way to block access to the Final Four basketball tournament.

24. Fireproof safes are fireproof, not heat proof. A business down the street from where I once worked found that out the hard way when, following a fire in the office, they found their backup tapes so much melted slag.

25. I understand why end users want to turn off antivirus software when their machines seem slow, but why oh why would an admin do that? The worst virus outbreak I ever saw came about at a customer I regularly worked with, because the SQL team had disabled a/v on all their servers because it “slowed them down.” Then SQL Slammer hit. Slow got redefined that day.

26. I once had to help a client clean up the devastation caused when a user created a print ready PDF to send to a distribution list of around 10,000 users. That print ready PDF was about 48 MB, and their mail system had neither attachment size limits, nor recipient count limits. We’re still not sure how many got out before the entire mail system came to a halt, but we spent the next 8 hours watching the inbound servers dying from all the NDRs, purging the queues, restarting, and waiting for the next wave to come crashing in. The worst part of it? Once the mess was finally cleaned up, we took the print ready PDF and saved it for web publishing. It came in at just under 800 KB!

27. At another customer, I once saw their shiny new fiber-optic switches stacked, one atop the next, on the floor in the corner. There was no rack, no cooling, and no support. Just 48U of switches freely standing, powered up and running, without even air handling to help keep them cool.

28. In this same datacenter, the “doorbell” you had to ring to gain access was literally two low voltage wires sticking out of the wall in the corner. You pressed them together to ring the bell, and separated them to silence the bell. There’s nothing like a 50 volt jolt to make you ask yourself if you really want to go in.

29. And again in the same datacenter, to that same stack of fiber switches, the trunk fiber to connect the stack to the main network was zip-tied up the wall and across the ceiling. Some zip ties were so loose the fiber was swinging in the breeze, while other zip ties were so tight it must have been fracturing the cores.

30. At another organization I used to work with, they had central IT for seven different companies all tied together by the parent’s ownership. All change requests had to be approved by unanimous vote. It took the company almost a year to replace a failed switch because it would cause an outage (in the middle of the night, during a weekend change window) because one org kept vetoing in case it caused them problems during their testing.

31. A company I consulted for had outsourced their IT to a major provider about a year before. I discovered that not a single patch had been applied to any of the 100+ servers in that entire time, because the outsource provider didn’t think patching was a part of server maintenance and support.

While these face-palm moments were all personally experienced by me, I bet you have some you’d like to share. Leave a comment and let us know the best (or the worst) face-palm moment you’ve ever experienced. We’d love to hear about them!

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

One could argue that the IT profession today is where the medical and legal professions were two centuries ago. There’s no formal training, testing or governmental approval required to become an IT practitioner.  Some believe it’s time for that to change. They postulate that in a world where all networks are connected to one another through the global Internet, an incompetent network admin can be responsible for grave damage to companies, individuals and national infrastructures.

Does the current move toward the cloud provide an opportunity to rethink the qualifications for IT positions? What are the pros and cons of going to a “licensed professional” model?

Licensing isn’t reserved for just those “high end” professions mentioned above. From amusement ride inspectors to well diggers, plumbers to hairdressers, the state and/or professional organizations regulate occupations of all sorts at all levels of income. Some states license dog breeders, palm readers, boxers, egg handlers and other unlikely occupations. New York State licenses 126 occupations. The rationale is protection of the public and those individuals or companies who utilize the services, although of course there is almost always a monetary cost to the licensee, which may or may not cover or exceed the actual cost of administering the licensing program.

Licensees are usually required to complete a certain amount of continuing education in their fields in order to renew their licenses on a specified regular basis (which of course means additional on-going costs). A disadvantage (to the public) of licensing is that it can drive up the cost of the services performed by the licensed personnel, both by imposing costs on them that must be recouped and by creating an artificial shortage of qualified personnel. Of course, this is beneficial to those who are licensed professionals.

Some argue that licensing requirements stifle competition by imposing extra cost and sometimes irrelevant educational prerequisites on those who want to practice an occupation or profession, and that issuance is sometimes based on subjective criteria, which can allow those within the profession to exclude others they deem “undesirable” for reasons that have nothing to do with job abilities. In addition, licensing boards are usually made up of political appointees who may have their own agendas.

The closest thing to licensing that the IT industry has had, for a long time, is certification. There are hundreds of different IT certs available. Software vendors operate programs to train and test IT pros in the use of their products and issue certifications such as the MCSE (Microsoft), IBM DBA (IBM) or CCIE (Cisco) in recognition of demonstration of competency according to their standards. Vendor-independent organizations such as CompTIA and SANS also provide testing and certification in network administration and security that are not tied to particular product lines.

The big difference between licensing and certification is that the latter isn’t mandatory in order to get a job in the profession, although certified professionals may command higher pay and find it easier to get a job. Companies can set hiring policies that require certification, but they’re free to hire uncertified IT pros if they want. Generally, performing the duties of a licensed professional without a license can carry heavy penalties, such as fines or even imprisonment under the criminal laws, and/or civil lawsuits.

Those who favor the licensing model for IT pros point out that the complexity of computer networking approaches that of law and medicine, and that the ramifications of mistakes on the part of IT professionals can have similar negative impact. Those who are not in favor of licensing argue that the standards for legal and medical professionals, as well as those for most other licensed occupations, are much more established and grew out of centuries of evolution of those occupations.

Computer networking has only been around since the 1950s and widespread Internet connectivity for businesses and individuals didn’t come about until the 1990s, less than half a century ago. Thus those standards are much less absolute. Creating licensing exams that truly measure a candidate’s ability to do the job would be a challenge. Certification exams tend to be very specific, focusing on a particular vendor’s product(s) or on a specialty area (such as security) or be overly broad and high level to the point where the cert doesn’t guarantee any real in-depth knowledge of the subject matter. There is also the issue that some people who can do a job well don’t perform well on written exams, and hands-on exams (such as the CCIE) are very time-consuming and expensive to administer.

For the IT pros themselves, there would be both benefits and drawbacks to a licensing mandate. Those who made the cut might enjoy increased compensation and greater status – but entering the profession would be considerably more difficult. Am I in favor of licensing IT pros? No. Do I believe it’s inevitable, sooner or later? Probably.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

Meanwhile you have myriad systems to patch, and endless patches to test and then install. Then you have to do it all over again. And again. And again.

No wonder a recent study by the UK-based Federation of Small Business shows that little more than a third (36%) of small shops patch regularly. Then these shops wonder why they got compromised, or blame their software vendors, especially Microsoft® – a common security punching bag!

Patching, well, patching properly, solves the majority of security problems. In fact 90% of successful exploits are against unpatched systems.

Even environments that should presumably be highly secure too often fail to patch. Last year an audit at the U.S. Department of Energy found that some 60% of their desktops lacked important patches.

Unpatched systems are so vulnerable because most hackers are lazy. Script kiddies are one the laziest – they take existing exploits and maybe tweak a few lines and release it as their own creation. And because the script worked before, chances are it will again. Most tech savvy people these days can become successful hackers if proper defenses – like patching – aren’t mounted.

Patches offer another shortcut, and a main artery right into the heart of your computers. There are two ways this works. The worst is when some security researcher looking for a headline finds and then blabs about an exploit that the software maker is then forced to quickly patch. This is an alarm for hackers to devise and mount attacks against this vulnerability.

The second is a patch that is released to fix a hole that only the vendor really knows about.

Either way the patch defines the hole and acts as a blueprint for a hack attack. Even though the hole is presumably fixed by the patch, it is only fixed for those that install the patch.

Unfortunately many never patch (that crazy 36% again) and even those that do don’t always fix holes immediately due to time constraints and the need to test patches for conflicts.

Patching Microsoft Isn’t Enough

Microsoft, for all the knocks it takes, is pretty darn good at handling patches, and actually a bit of a role model. The company is open about its problems, and the second Tuesday of every month, Patch Tuesday, publicly releases its fixes. It even gives a heads up as to what’s coming.

And it has a decent free tool, Window Server Update Services (WSUS), to install these patches – think of this as Windows Update on steroids. That’s why Microsoft patches are the most commonly and regularly installed.

But when was the last time you came across an all Microsoft shop? These days FireFox, Adobe Web tools, and even Oracle® all have more patches than a pair of old hippy pants. In June alone Oracle released fixes for 40 holes in Java. And most of these holes allow attacks that bypass user names and passwords. In April Oracle fixed 128 holes in its applications, middleware and database. Still think Microsoft is all you have to worry about?

Gartner is all worked up about this problem:

“In the darkest woods of IT, patching 3rd party application on a desktop remains a significant challenge for many organizations. Patching server OSs (Windows and Linux/UNIX) and 3rd party server applications also remains challenging due to fragility of many server environments. Add virtualization to the mix – and you have a full-blown slow-cooking disaster. And then you have Java…a security disaster in a league of its own,” wrote Gartner analyst Anton Chuvakin in a recent blog. “Java, Adobe Reader and Flash, Firefox, Oracle fat clients as well as many vertical and business-specific applications are often patched MUCH later than Windows and Office.”

BYOD only makes this all worse. These days you have to patch anything and everything. And fix these holes before the hackers jump in!

If patches are the hackers’ best roadmap, shouldn’t patching be a top priority?

WSUS is not enough. You need a broader tool that embraces multiple platforms and automates as much as possible patch testing and deployment.

With today’s world of distributed enterprises, mobile workers, BYOD and telecommuting you need to keep remote off network machines patched. You simply can’t have IT travel to update all these devices or ask end users to patch the machines themselves. Here a cloud patch management tool is the perfect answer.

See for yourself how easy it is to keep your servers, PCs and laptops up-to-date, with a free 30-day trial of GFI Cloud™. Whether your users are in the office, on the road or working from home, GFI Cloud is the easy way to keep their devices patched, secure and running efficiently, from one central console.  Learn more

About 10 years ago, I got my first precursor to the modern “smart phone” – an HP iPAQ running Microsoft’s Pocket PC operating system. At that time, I never could have dreamed that one day the phone in my pocket would have more RAM and a more powerful processor than the desktop computer I was using back then. Today’s smart phones are handheld computers in every sense of the word, and workers are using them that way, both for personal and work-related tasks.

Mobile technology is a great convenience for users and the BYOD trend has saved companies money, but security got substantially more difficult when all those roaming endpoints came into the picture. It’s far easier to control on-premises workstations that stay put; with smart phones, tablets and laptops, you never know where they’ve been and what their users/owners have been doing with them prior to connecting them to your company network.

The proliferation of mobile devices greatly increases the risk of data leakage – the unauthorized transfer of internal data to persons or places outside the company. This could be company financial information, trade secrets, intellectual property, personal information about clients or employees, or any other type of data that should remain confidential. Mobile devices facilitate both intentional and unintentional leakage. Most studies show that a very large percentage of data leakage is unintentional, but that makes it no less damaging.

Data leakage can take place through many different vectors, including traditional email, web mail, instant messaging, malicious web pages, theft or loss of devices to which company information has been downloaded or on which it has been created and saved, and more.

In a world where so many of the endpoint devices on our networks are located physically outside of the perimeter, the importance of edge-based firewalls has faded into the background and securing the endpoint has become the logical focus of our new security paradigm. The endpoint has also become the favorite target of hackers and attackers, who see it as an easy way into the network.

Just as retailers and other businesses that maintain product inventory institute loss prevention programs to prevent theft of tangible goods, IT departments now recognize that data loss prevention measures play a vital role in protecting the company from the consequences of data leakage.

This means you need to be able to control what information travels to and from the mobile endpoints, and identify potential leakage sources. Mobile devices need to be monitored just as closely as stationary desktops are – or even more so, due to the heightened risk. You want to know when new devices connect to the network and you want to know what they’re doing after they connect. A good endpoint security solution will give you the ability to see into the activities of the mobile devices on your network and even track the specific files that are transferred to and from those devices.

However, protecting the endpoint – and protecting the network from the endpoint – needs to go further than that. With real-time alerts, you can take action when suspicious activity occurs. Even so, there may be times when data leakage occurs. Thus you want to ensure any data that gets into the wrong hands is rendered indecipherable. That can be accomplished by encrypting data on the devices and using encrypted, secure connections to transmit data between the endpoints and the company network.

In the past, endpoint security consisted primarily of antivirus software and maybe a host firewall. Today, with the perimeter walls figuratively falling down as the local network changes from a stable and geographically contained entity to a fluid one where devices move in, out and through, that’s no longer sufficient. The endpoints, particularly mobile endpoints, are the weakest link in the security chain. If your security strategy is aimed primarily at protecting your servers, it’s time to take a look at the endpoints.

According to the Los Angeles Times citing anonymous sources familiar with the official investigation, Snowden used a USB drive to remove the data from the NSA. Apparently he simply made a copy of files to which he had access, and then just walked them out the door. While the NSA, like so many corporations today, has a policy against using USB drives, authorized administrators can use them when necessary. We all know that there are many tools available for download that work from USB, admins might use a thumb drive to apply firmware updates or to install new drivers, and any one of hundreds of other valid reasons for an admin to use such a flash drive. Apparently the NSA needs a little more than just a written policy. But they are far from alone in this.

According to a study by the Ponemon Institute published about two years ago that surveyed over 700 IT pros, 70% of businesses that lost sensitive or confidential data could attribute that loss in at least some fashion to the use of USB flash drives. While more than half were attributed to malware introduced onto systems from flash drives, 45% of the incidents came from lost, stolen, or misappropriated devices. Of the same study, while about half of the respondents indicated that their company had a policy regarding USB flash drives, less than half of those who do have technical means to enforce policy.

USB flash drives have also been implicated in security incidents at two US power plants last year. ISC-CERT reported that in two separate incidents, a USB flash drive containing malware was connected to a computer within a power plant, which then spread to other systems. In the more extreme case, the plant restart was delayed by almost three weeks as a result of the malware infection.

Earlier this year, a USB flash drive containing NPI for some 6000 citizens in Utah was lost. While Social Security numbers were not included in the lost data, the State still needs to undertake measures to protect the affected individuals. This loss of data by a third party contractor comes on the heels of a previous breach that led to the resignation of the State’s CIO, and appears to portend serious legal issues for the contractor as the State plans to pursue “whatever financial or contractual remedies are available in order to ensure GHS [Gold Health Systems] is held accountable for this serious mistake.”

These anecdotes all have a common theme – USB flash drives are dangerous. While they are great tools in the right hands and used for the right purposes, the risks they present to critical systems and sensitive data cannot be ignored. A government’s secrets were made public. Critical infrastructure systems were compromised. Individuals’ personal information has been stolen. The risks outweigh the benefits of these devices, and permitting their unrestricted use is just too dangerous. Loss of data, serious downtime, legal actions, and loss of jobs are all common themes. Written policies are required, but do not go far enough to protect companies from the threats.

What companies need is endpoint security. There are a number of technical measures that endpoint security solutions can employ to protect businesses from the risks presented by USB flash drives, while still enabling their legitimate use. No one wants to completely ban them from any and all uses, considering how beneficial they can be. Endpoint security allows you to use USB drives, just in a safe and secure manner. Endpoint security solutions first and foremost can enforce encryption for all portable devices. That way, if a flash drive is ever lost or stolen, the data stored on the device is safe from prying eyes.

There’s far more to endpoint security than just encryption though. Endpoint security can log and audit all uses of portable media, and enforce data-loss prevention (DLP) measures that can scan data for things like Social Security numbers or credit card numbers to ensure that sensitive data is not moved to portable media, or that it can only be moved to secure media by authorized personnel. That way, just because a user can access the data on the network, they cannot transport that data away unless specifically allowed to do so. And if they are authorized, you have an audit log that tells you exactly what files were copied to the portable media.

Endpoint security can also provide real-time status monitoring of all the systems on your network, automatically enabling protection to new machines that join your domain.

Now that you are aware of, and no doubt very interested in, endpoint security, make sure you look at products that are compatible with all your operating systems, including Windows 8 and Server 2012, and that can apply policy based on your existing Active Directory so that you can leverage and protect your existing investments.

USB flash drives are extremely useful, valuable tools when used properly. Endpoint security solutions can help to make sure that your written policies around the safe and secure use of these devices is enforced technically to keep your data safe, and your company off the front page news. Endpoint security is the right way to secure your company against the threats USB flash drives present, while still enabling you to use them.

Don’t get stuck in the technology trap

How to take control of your technology and business strategy

Date: July 18, 2013 – Time: 8:00 a.m. PST / 11:00 a.m. EDT / 4:00 p.m. BST / 5:00 p.m. CET
Register now

APAC Date: July 18, 2013 – Time: 10:30 a.m. IST / 1:00 p.m. CST / 3:00 p.m. AEST / 5:00 p.m. NZST
Register now

Learn how you can take control of your technology and business strategy with cloud-based software services. In this webcast we will discuss the challenges of technology, experts, costs and upgrades that are not just time-consuming, but which impact and limit business development and strategy. We will look at the advantages of SaaS (Software as a Service) and how GFI® has solved the problem with GFI Cloud™.

5 Ways to claw back lost time and improve efficiency

Date: July 25, 2013 – Time: 9:00 a.m. PST / 12:00 p.m. EDT / 5:00 p.m. BST / 6:00 p.m. CET
Register now

APAC Date: July 31, 2013 – Time: 9:30 a.m. IST / 12:00 p.m. CST / 2:00 p.m. AEST / 4:00 p.m. NZST
Register now

In this webcast we will look at five common areas where a company potentially claws back valuable time and resources so that that they can focus on the important business of making money.  With just a few simple IT focused solutions that help to automate manual processes and improve efficiency, managers and employees are able to get more out of their working day.

Securing your IT Infrastructure: It’s a Jungle Out There

Date: July 30, 2013 – Time: 9:00 a.m. PST / 12:00 p.m. EDT / 5:00 p.m. BST / 6:00 p.m. CET
Register now

APAC Date: August 2, 2013 – Time: 9:30 a.m. IST / 12:00 p.m. CST / 2:00 p.m. AEST / 4:00 p.m. NZST
Register now

The data on computer systems are an enterprise’s single most valuable resource. Data loss can be very costly, particularly for organizations in the small and mid-sized business market where the difference between survival and closure can be razor thin.  A network without proper security is an invitation to economic ruination, public humiliation, customer loss of trust and in some cases legal action.

In this webcast we will review and examine the threats facing networks today; including internal threats, malware, Internet-based and cyber-attacks. The basic methodology of each threat, and how to mount effective counter measures, will be examined and reviewed.

Seats fill up fast, so be sure to register today!