Attacks targeting the intellectual property of an enterprise are often highly targeted, aided with the help of an insider and go undetected for years long after the damage is done, according to new data breach statistics released by Verizon this week.
|
Igloo Software: Cloud Collaboration That Scales With Businesses
It's no secret that cloud computing and mobile technology have changed the way modern workplaces operate. But with so many cloud-based collaboration tools available, businesses can have a hard time choosing the solution that works best for their company's needs, current size, and growth potential.
Igloo Software is a cloud-based collaboration tool that prides itself on adapting and scaling with businesses as they grow and change needs. The company also has a number of improvements changes and additions in the works, including stronger integration options with email providers, social task management, and secure instant messaging.
The company has already enacted a number of features that could be helpful for small business users, including drag and drop sharing, document reviews and approvals, editorial workflows, permission settings, and more.
Andrew Dixon, Igloo's Senior Vice President of mMarketing and Operations, says:
“For any small business owner, it is inevitable that operations are limited â€" so they need a versatile tool that will scale with them as their business grows. With Igloo being 100% cloud based, employees of a small business will have the advantage of being able to access work anytime, and anywhere.â€
This isn't a brand new concept. Both startups and large companies like Google have give businesses plenty of options to collaborate in the cloud. But Dixon said that Igloo's platform is different because it caters specifically to business users and it can be customized to fit the needs of a particular team. He also said that this type of technology can completely change the way workplaces operate, and make accomplishing tasks and collaborating much easier for employees and business owners alike:
“The virtualization of work is redefining the concept of the office. We are no longer tethered to our desk, nor do we need to be in order to be productive. For many, work is no longer a place we go to, it's just a thing we do. New forms of connection (i.e. mobile devices) and delivery (i.e. cloud computing) are enabling us to choose where we work and how we spend our day.â€
Igloo was originally launched in 2004 by a think tank called the Centre for International Governance Innovation, under an initiative to bring great ideas together in one virtual location, in order to share research and ideas pertaining to global governance issues. The company spun out of CIGI in 2008 and has been growing at a rate of 85% per year since 2009.
Running Your Small Business on Spreadsheets? Bizelo Has a Solution
Even in 2012, some businesses are using Excel spreadsheets to do everything from manage inventory to supply tracking. But while Microsoft Excel is a great product, it has its limitations. Small business app specialist provider Bizelo has a solution.
“We're crafting ‘mini-apps' â€" affordable, web-based software that is customized to specific industry needs,†Bizelo founder Ron Schmelzer says. “They work simply and they simply work.â€
Because these mini-apps snap together, a business can build the software they need. Currently Bizelo has four apps in the works, some of which are still in beta, with at least twelve more planned in the next six months. Currently, Bizelo is working on these modules:
- eRetail Centralized Inventoryâ€"This module takes your inventory tracking out of the spreadsheet format and into an easy-to-decipher interface that can track multiple storefronts in one place. You can manage your bill of materials and stay on top of your stock, knowing at a glance when you're running low on something. You can also automatically generate packing lists and know what your packing costs are.
- Supply Managementâ€"Using this app, a business can manage suppliers using manufacturer SKUs. Small businesses will also be able to create purchase orders and track shipments using this app.
- Returns Managementâ€"Returns are an important part of retail and for online stores, RMAs (Return Merchandise Authorizations) are integral. Using Bizelo's Returns Management, small business can create return shipping labels, manage restocking fees, and return inventory back to stock once it has been returned.
Bizelo will also be offering modules specific to small businesses. These include apps for construction, band tour management, fitness club management, veterinarian scheduling, and religious membership management. Construction apps will focus on labor scheduling, streamlining timesheets to make payroll a breeze. Band tour managers can stay on top of schedules using Bizelo's calendar functionality. This calendar syncs with mobile calendars to allow managers to take the schedule on the road with the band.
The fitness club app puts managers in charge of customers, allowing for tracking of locker assignments, equipment rentals, classes, and members. Veterinarians can use the app to view entire patient treatment histories, as well as automatically generate reminders and communications with customers. The religious membership management app allows churches and other religious institutions to manage members and church finances with powerful scheduling and reporting functionality.
One of the best things about Bizelo's apps is that they are easy to install. Since small businesses generally do not have IT departments, this is ideal. Plus, the apps are affordableâ€"priced at $24.95 after a free thirty-day trial. When members join, Bizelo walks them through the setup process, getting them up and running quickly, with no technical expertise required.
While the e-Retail portion is the only available app at this time, that will likely change soon. Small businesses are encouraged to get started with the app and add on the other features once they're made available.
Apple ready to unveil new \'iPad Mini\'
Anticipation built as Apple prepared to unwrap its "iPad Mini,'' launching a foray into the crowded market of smaller tablet computers dominated by Amazon, Google, and Samsung.
As is its style, Apple remained mute regarding its exact plans but took the unusual step of saying it would livestream the event, from 6am NZ time in San Jose in the heart of Silicon Valley-_ albeit only on its own products.
Invitations to the first major product launch since the death of Apple's visionary co-founder Steve Jobs last year and his replacement by Tim Cook bore only time and location details along with the message: "We've got a little more to show you.''
However, rampant rumor fueled by industry insiders foretold of the arrival of an "iPad Mini'' priced from US$249 to $399 with a screen measuring 20 centimetres diagonally across.
"I don't think they have any choice,'' said independent analyst Rob Enderle of Enderle Group in Silicon Valley.
"The reality is that the smaller tablets seem to be much more popular because they are lower priced and easy to hold.''
Apple set the tablet computer market ablaze with the first iPad in early 2010 and stuck with its 9.7-inch screen while rivals introduced lower-price tablets with screens closer to seven-inches.
Amazon's seven-inch Kindle Fire proved popular last year, and a new version was launched last month.
Meanwhile, a Google Nexus 7 powered by Android software joined the Samsung Galaxy in the seven-inch tablet market.
With Kindle and Nexus tablets starting at US$199, Apple will be forced to keep its price low for its new model and "will not have its normal profit margin,'' said Roger Kay, a consultant and analyst with Endpoint Technologies Associates.
Some blogs say Google may come out with a tablet as low as $99.
"Apple is kind of late to the market with a small tablet,'' Enderle said.
"This is the first launch of a product that is all Tim Cook's but it is a very crowded arena with prices hard for Apple to meet.''
An iPad Mini could wind up cannibalizing sales of larger models while budget-sensitive shoppers opt for competing devices at prices too low for Apple to meet or beat, according to analysts.
Kay said that Apple would be making a "defensive'' move with the new device, but that it is unclear whether it will trounce established products from Amazon, Samsung and others.
"Apple wouldn't have gone into this if others hadn't,'' he said.
"The bar has been set by Amazon. Even though the Kindle is not the same kind of device, it does what it does very well.''
Analyst Shaw Wu at Sterne Agee said the iPad Mini"`is the competition's worst nightmare'' but that sales will depend on how Apple prices the device.
"We do not believe Apple needs to price as low as $199 to match Google's Nexus 7 and Amazon's Kindle Fire HD but believe a price point of $299 or $349 makes sense,'' he said.
- AFP
Work Is Easier When You\'re Motivated
Inspiration feels like catching a genie in a bottle - elusive and sometimes unreal. But when you tap into it for yourself, then you find a new kind of motivation. In an inspired state, every impossible question has an answer. You were probably inspired when you started your business. And if you've inherited something that you never wanted, then it's time to discover the parts of the business that set you on fire - so to speak.
In fact, the first way to inspire your team is to inspire yourself. People are drawn to passion and focus. Your drive and excitement will drive and excite your team. Of course, it's their job to do what you paid them to do, but inspired people can and will do more. Plus, inspiration does wonders for the attitude.
But if you find yourself uninspired, it usually comes down to doing the wrong work, doing the right work the wrong way or a downtime deficit. If you find your team uninspired, it could be the concerns above or a communication issue on your end.
Doing the wrong work feels like you're trying to wear somebody's hat that's two sizes too big or small. When it's too small, no matter how many times you pull and yank it, that tiny hat just won't stay. When it's too big, it swallows you up.
It's like the boss trying to be her own secretary, that hat will eventually become too small for an idea person. The owner needs to be free to strategize, network, build teams, discover the latest industry changes so that they steer the company in the right direction.
Likewise employees have to wear the right hat too. Trying to turn your secretary into the vice president - under a different name - without proper training or a demonstration of core ability can quickly burn him out. There's no emotional or financial reward in doing a job that swallows you up. You don't get the chance to master or excel at it. And success is a major player when it comes to abiding inspiration.
Doing the right work isn't enough. You have to do it the right way. There's tracking your finances and then there's tracking your finances a smarter way. There's communicating with your team in the field, and then there's having a communication system that works fast and efficiently.
If you are constantly overwhelmed, if your team is constantly overwhelmed, then it's time for a systems audit. Doing things inefficiently causes you to hire more people than you need. No matter how many people you hire to help you juggle, an inefficient system will eventually break. Instead of waiting for the break, let's update. It's about finding the right tools for your company, as well as the right training for using and setting up those tools.
Sometimes a lack of inspiration can be cured with the right vacation, a weekend sleeping instead of working, good laughter with great friends. You may find your best ideas and creatively solve your biggest challenges with a little down time.
In Creativity Happens When You Least Expect It, Psychology Professor Dr. Sian Bellock says,
App of the Week: CloudMagic 2
For the busy small business owner, it may seem like everything is everywhere. You have e-mails on six separate e-mail accounts, both personal and professional, you have Cloud-based storage for your photos, music, work documents, personal documents, and more. CloudMagic allows you to access everything you need wherever you are, through a smartphone, tablet, PC, or laptop.
Data management tool provider Webyog owns CloudMagic, which allows you to centralize all of your data and accounts in one place. This allows you to search all of your e-mail, social media, and contacts, as well as find documents across all of your connected PCs. Check out this video to see how it works:
“With over 100,000 users over the last eight months since launch, we are more confident than ever that a very quick search box across all your data is the only way to reduce the stress caused by the deluge of information,†a CloudMagic spokesperson says. “We've worked very hard to retain the lightning fast search speed we're known for.â€
With the release of CloudMagic 2, Webyog has added exciting new features, including:
- Ability to see updates for all data in one place
- More detailed previews
- Ability to forward e-mails and view attachments
- Support for Facebook and Twitter
- Ability to search Cloud-based sites like Dropbox, Google Docs, and Evernote
- iPad and iPhone app
- Android app
Because CloudMagic is known for its super-speedy searches, the company was committed to keeping that speed while adding these enhancements. For that reason, the company redesigned the entire application, top to bottom.
The best news is, the app is free. All you have to do is sign up and choose the services you'd like to include in your searches. The search can take a while, especially if you have years of files and messages out there, but once setup is complete, your search will complete in mere seconds. Need an e-mail you sent about a certain topic? Simply type in the keywords and your results will appear.
While there is no shortage of services that provide Cloud-based data storage and backup, CloudMagic's offerings are unique. The site retrieves the files you need when you need them. The service is secure, as well, using a service called OAuth for the company's system administrators to keep your data backed up without having to know your password. If you wish to delete an account, your data will be removed from CloudMagic's servers.
As small business owners spread their data across more accounts, Cloud-based document storage will become even more popular. CloudMagic allows busy entrepreneurs to easily find what they need without having to search countless accounts and devices. Whether you're in a business meeting or in a hotel room after a long day on the road, you'll be able to find the information you need to provide a professional appearance for your clients and colleagues.
The future of mobile management will be away from the device and more about applications
The next stage of mobile management will less about devices and more of a move to application security.
Speaking to SC Magazine, MobileIron CEO Bob Tinker said that the mobile control market is changing to enable users to choose and access email and applications in a secure way.
He said that the first phase was how to enable device choice, from the perspective of an IT manager, and that is where mobile device management (MDM) came in. The next is now about how to enable mobile applications and content, establishing the content of 'mobile IT'. “This is about how to enable applications and the content inside, it is not just MDM, it is turning into a bigger market,†he said.
“We believe in mobile application management; that is the next generation of mobile IT where access is to email and devices to enable application access and content. Applications that change a business to make your life easier. With mobile content, the biggest thing is access to applications and content.â€
Tinker said that he could see a big shake-up of the market as many vendors are entering the MDM market without the capability to offer secure access to applications. “Our technology is so dynamic that it is really about moving to the security of the application. To be successful in mobile you need to focus on mobile, as many are struggling to keep up,†he said.
Alan Giles, managing director EMEA at Fiberlink, told SC Magazine that the concept of bring your own device (BYOD) doesn't have to be about providing for big business as small and medium enterprises are also opting into the policy.
He said: “A 'containerised' approach will not work as it affects the user experience. If you take that away, the policy does not work so you want more of a lighter touch so the user can use the device as they want to but have secure access to corporate assets. However the IT manager needs to be safe in the knowledge that it is done securely.
“Most vendors in the space are still growing, but we see more maturity in policy setting. Everyone knows that you can save money with BYOD and it is convenient, but companies are getting away from saving money as the driver to moving from it being a capital expenditure to an operational expenditure.â€
Asked if he felt that MDM was 'last year's technology', Giles said it was in terms of blocking and wiping, but a year ago application management took off for Fiberlink as it was about being security-centric. “Half of our business is application management so the corporate can decide what they allow from what is bought in-house and what is developed by a third party,†he said.
“The distribution of apps is based on access right and need, and you can build a profile based on what goes where and how. On a personal device you cannot say 'you cannot use Angry Birds' but on a corporate device you can. You need to separate consumer from professional applications.â€
Analyst Alan Goode said that he had never been a fan of MDM, but felt that this was a maturing market as the wave of devices coming into the workplace continued. “We are getting reports of C-level executives and down wanting mobile management and wanting to use their own device,†he said.
“We see instances with a sandbox for access to email and corporate applications in a silo and you authenticate into it, then the user experience is very poor. Do users like a client on their own device? Probably not. The market is maturing as it is another tool and a burden. We will see MAM coming more from vendors to improve the user interface to fix the inadequacies of MDM, and I think we will see that going into the platform.
“Application management makes sense as it is understanding mobility and it will improve the development of applications in the lifecycle and how code is tested.â€
Users neglect enterprise mobile device security measures, survey finds
Smartphone and tablet users are neglecting basic security measures and could be placing sensitive enterprise data at risk if the devices are lost or stolen, according to the findings of recent study.
These devices are providing attackers or even individuals with a back door into your businesses.
James Lyne,
director of technology strategy, Sophos Ltd.
A survey of 1,008 consumers in the U.K. found that 36% had lost an electronic device in public. Among the devices lost or left in an unsecure place, 42% had no active security measures.
The survey of consumers ages 16 to 64 was conducted by TNS Omnibus on behalf of U.K.-based security firm Sophos Ltd. Many of those surveyed used their mobile devices for work purposes or mixed purposes (work and personal).
One in five of those lost devices had access to the owner's work email, potentially exposing confidential corporate information, said James Lyne, director of technology strategy at Sophos.
"These devices are providing attackers or even individuals with a back door into your businesses," Lyne said. "They're very integrated into the work place."
Enterprise protection begins with basic mobile device security controls
The statistics should be alarming to consumers and CISOs trying to keep sensitive data locked down despite an increased use of smartphones and tablets in the workplace, Lyne said. The lack of security could be attributed to ignorance and a false belief of security among users. Basic measures of protection fall by the wayside, even though it is easy to secure devices, Lyne said. Patching, passwords and encrypting can make a significant improvement on security.
For businesses, Lyne believes there are a few steps CISOs need to take to create a secure environment. Companies should have a mobile security strategy and should re-evaluate it every six months so security teams are not outpaced by new threats. A mobile device management strategy is helpful in implementing frameworks companies can control, such as how long passwords need to be, and how much time passes before a device locks out.
Security experts say many enterprises have systems already in place that can support basic security controls across various mobile device platforms. Microsoft Active Sync can be used to manage access to email and other data. Lyne said most mobile device management platforms offer similar features in addition to more advanced capabilities. As with a mobile security strategy though, they need to be set up before a mobile device is lost.
Effective user awareness and education is also needed, Lyne said. CISOs should also have a strategy for how they communicate this education. For example, Lyne said it is more effective for CISOs to inform employees how they are putting themselves at risk by being lax on security than it is for the corporate risk to be emphasized.
The Sophos survey reflected the danger to personal information as well. Of people who lost a mobile device, 20% had sensitive personal information, such as national insurance numbers, addresses and dates of birth on it, and over 10% could have revealed payment information, such as credit card numbers and PINs; 35% had access to social networking accounts via applications or Web browser-stored cookies.
Even with security measures in place, enterprises and employees need to face the reality that a lost device may never be found. Fifty-eight percent of those surveyed were never able to recover the lost device, and although one-fifth did locate the device within 24 hours, the return rate dropped significantly after this time, the survey found.
In the case that a device is never recovered, Lyne said the owner can use a Web-based portal to remotely lock the device. A hacker could still break in, however, so another option is to remotely purge the device of all information, which takes just a few seconds.
Doing Business As (DBA) Filing: Sole Proprietorship
Choosing a business name is one of the first things you need to consider when you start a business. If you decide to incorporate a business as a corporation or LLC, you need to give your business legal entity a name.  Even if you don't decide to incorporate, you should still give your business an official name by filing a “Doing Business As†(DBA) form to protect your rights, make it possible to get a business bank account and build your credibility with customers.
What is a “Doing Business As†(DBA) Filing?
“Doing Business As†forms, or DBAs, are official business filings that provide notice to the public of the true owner of a business (in case the identity would not otherwise be known from the name of the business itself). DBAs are sometimes called Fictitious Business Names (FBNs), assumed business names or trade names. To help notify the public, many jurisdictions require that the FBN or DBA be published in the legal notices section of a newspaper meeting specific requirements over a specified time period.
Which types of businesses need to file a “Doing Business As†(DBA)?
A “Doing Business As†(DBA) must be filed anytime you are operating a business using a name that is different from your own name if you are a sole proprietor or general partnership, or that is different from your company name if you are operating your business through a corporation or a limited liability company.
For example, if Jane Doe is operating a cookbook store called “Jane Doe's Cookbooks,†then she would not need to file a DBA. If Jane were calling her bookstore “Books for Cooks,†then she would need to file a DBA because her business name is different from her actual name. If her company name was Books for Cooks, Inc. then she could use the “Books for Cooks†name without a separate DBA filing, since she has already incorporated the business under that name.
When do you need to file a “Doing Business As†(DBA)?
“Doing Business As†(DBA) should be filed before you start conducting business using the fictitious business name. Some jurisdictions allow you to file a DBA within a short time period of first using the name. However, since you usually need a DBA before you open a business bank account or use your business name in contracts, it is best to get the DBA done upfront.
Where do you need to file a “Doing Business As†(DBA) â€" at the state or county level?
Where the filing should be made depends on the state where you are conducting your business. DBAs are usually filed at the state or county level. In addition, some jurisdictions have a publication requirement â€" meaning that when you file your DBA, you need to give public notice by publishing an official announcement of your business name in an approved newspaper. For example, the requirement may be that the DBA be published once per week for a period of four weeks in a specific newspaper in the legal notices section. Of course, specific publication requirements vary, and there may be additional fees or costs involved with buying space in the newspaper.
How can a “Doing Business As†(DBA) filing help your business?
Filing a “Doing Business As†(DBA) will help keep you in compliance with the law, and makes it possible to open bank accounts and receive payments in the name of your business. Most banks will not allow you to open an account without receiving a copy of your filed DBA.
For those business owners who have decided not to incorporate or form a limited liability company, filing a DBA allows them the freedom to use a business name that helps market the products and services of the business and to create a professional business identity separate from their personal identity.
Is a “Doing Business As†(DBA) the same thing as a trademark?
No. A DBA gives you certain benefits, but it does not protect your use of your business name from others. For that, you would need to seek separate trademark protection.
Can I use “Inc.†“Co.†or “LLC†in my “Doing Business As†(DBA) filing?
No. One of the few limitations on which types of business names you can choose with a DBA filing is that you cannot use a name that contains words or abbreviations that would make it sound like it is a corporate entity. This means you cannot use Corporation (or Co.), Incorporated (or Inc.), or LLC in your DBA name.
This limitation is to prevent businesses from using DBAs to create a misimpression about the ownership structure or corporate status of the business. In some jurisdictions, you must do a name search to make sure your name is not already being used. In other places, no such search is required (and someone else may be using the exact same name).
If your name is important to the business, we recommend that you conduct a business name search and search for existing trademarks prior to filing a DBA. CorpNet offers a free business name search that you can use to make sure that your chosen business name is available for your use, to avoid any complications or disputes with other businesses.
How can CorpNet help you file a “Doing Business As†(DBA)?
Since exact filing and publication requirements vary from state to state and county to county, you may wish to have CorpNet handle your DBA filing, including checking to see if the name you want to use is already in use (where that is a requirement to making a filing), filling out the forms based on information that you provide, filing the form, and publishing the name in the right newspaper for the right length of time (where required).
Once you give us the necessary information, we prepare the DBA documents for you. If the appropriate jurisdiction for your filing requires a name search, we will do that for you. After you sign the DBA forms, we file them and, for those states with a publication requirement, we work directly with the newspapers to meet that requirement on your behalf. Using CorpNet can save you both time and money with service that is fast, reliable and affordable. And remember, our services are backed by a 100% satisfaction guarantee. We make everything easy for you so that you can focus on what you do best â€" running your business!
Talk to CorpNet today about how we can help you with your DBA forms and other business filings â€" contact us for a free business consultation.
Naming your business doesn't have to be time-consuming or complicated. You can get all the help you need to make your business “official†and protect your legal rights by filing a DBA form to give your business a name.
Filing Papers Photo via Shutterstock
NetWrix Identity Management Suite
The NetWrix Identity Management Suite is actually a combination of several products that are bundled together and can be installed individually or together as one large suite.
This suite includes Password Manager, Account Lockout Examiner, Inactive Users Tracker, Logon Reporter and Password Expiration Notifier. All of these work together to create a fairly comprehensive identity management suite that helps both administrators and end-users manage accounts and perform account maintenance.
We found installation of this product to be quite simple, but it did require a lot of steps. There are a few prerequisites that need to be in place before the various components are installed, including an SQL Server, Internet Information Services (IIS) and .Net.
Once the prerequisites are installed and ready, each bit of the suite needs to be installed individually. While the installation was not overly complicated and was guided by easy-to-follow setup wizards, we would have liked to have seen an integrated installer to help streamline deployment.
This set of applications offers a lot in the way of functionality.
The Password Manager is designed to provide users with self-service password and account management through a web- based portal.
The Account Lockout Examiner provides automated account lockout management by monitoring event logs for lockouts and then automatically notifying specified recipients of the lockout.
One of the most useful tools in the suite is the Inactive Users Tracker. This helps manage inactive accounts that may pose possible security risks. When an account is found to be inactive, the tracker automatically deactivates the account and notifies specified recipients of actions taken.
Documentation included administrator, quick-start and installation guides in PDF format for all the individual products. While we found the documentation to be well organised and easy to follow, we would have liked to have seen a single guide for the suite, as it is much easier to keep track of a single guide than it is many PDF documents.
Having said that, we did find all materials to include a good amount of screen shots, configuration examples and step-by-step instructions.
NetWrix offers full phone and email-based technical support for customers evaluating the suite for the first 20 days. Once customers obtain the product, they must also purchase a maintenance contract to continue to receive support. This offers customers access to eight-hours-a-day/five-days-a-week phone and email-based technical support, as well as a portal on the website that offers a knowledgebase, support ticket management and a full user forum, along with many other helpful resources.
At a price starting at just over c£6 per user for up to 150 users, we find this tool to be good value for the money. While this suite is more like a bundle of products for one price rather than a fully integrated suite of functionality, we do find it to have a lot of strong features that can make user management easy.
We would like to see the NetWrix Identity Management Suite become more integrated in the future, but overall we liked our experience with it.
Peter Stephenson
Echoworx Encrypted Mail Gateway
The Encrypted Mail Gateway from Echoworx offers a full cloud-based platform for seamless email encryption throughout the enterprise. Since this product is based completely in the cloud, there is no need for administrators to install or deploy any software or hardware within the existing environment. This policy-based encryption appears completely transparent to end-users, and policy can be configured to meet the compliance needs of almost any organisation - ensuring all sensitive email is transmitted securely to meet regulatory and compliance standards.
Since there was no hardware or software to install, deployment of this gateway product was quite simple. The initial rollout consisted of pointing outbound email to the Echoworx cloud. After that, all policy configuration was done via a web-based management console. We found the console to be well organised and intuitive to navigate.
This product is highly configurable. Policies can be created to use very granular or broad conditions for email encryption and there are several pre-configured policies. Some of these include regulatory compliance, such as HIPAA, as well as basic policies for managing personally identifiable data.
On the end-user side, all functionality is completely transparent and users can deploy their existing email client, including mobile email clients, just as they always have. When a user sends an outbound email, it is automatically forwarded to the cloud and encrypted if it meets policy conditions. This ensures that sensitive email is always encrypted when leaving the enterprise, which avoids human error. Users also can retrieve email from a secure pick-up portal, allowing for secure email to be easily transmitted to anyone.
Documentation was limited and only included a few reference manuals that could be found in the help section of the management consoles for the tool's components. We found these helpful, but there was a lack of detail. The material did include step-by-step instructions and many screen shots, though there were no administrator or configuration guides submitted at the time of review.
Echoworx offers customers full 24/7 email and phone-based technical support as part of the subscription cost. Customers can also access several support resources via a section on the website. This includes a knowledgebase, an FAQ section and technical resources.
At a cost of c62 pence per user per month, we find Encrypted Mail Gateway to be reasonable value for money. Since it is completely hosted, there are no additional overheads, operating costs or hardware to buy. Plus, support adds quite a bit to the overall value of the product. We also found it was quite easy to use and manage - both from an administrative standpoint, as well as from the side of the end-user. While it has an ongoing recurring cost, we find it reasonable given its features and functionality.
Peter Stephenson
Cisco Email Security Appliance
The Cisco Email Security Appliance offers a wide variety of email security and content management features bundled into one package. With this tool in place, administrators can protect their environment from spam, viruses and other mail-based malware, while managing email content and providing a solid level of data leak prevention and email control.
This highly configurable appliance was easy to build and deploy into our environment. The initial installation of the appliance consisted of connecting a network cable between a machine and the appliance and setting the IP of the machine to one that could connect to the default IP of the appliance. At this point, we were able to browse to the appliance's web-based setup wizard using a browser. We found the setup wizard to be easy-to-follow and, at completion, we had a pretty solid base configuration in place.
Once the setup wizard was complete, all further administration and management was done using the web-based management administration GUI.
While this was not one of the flashiest GUIs we have ever seen, we found it to be intuitive and easy to navigate, with many configurable options.
As we looked deeper into the appliance's policy configuration, we found that it comes with some preconfigured policies on board and ready to go. These included a vast array of regulatory compliance policies that could be put in place immediately or copied and customised to meet the needs of the environment or enterprise.
This solution offers a wide array of virus protection, with a few different anti-virus filters, out-of-the-box spam filters and built-in email encryption. Furthermore, the appliance offers on-board encryption for securing both inbound and outbound email. Different encryption profiles can be created to meet the needs of specific users or groups to ensure email is properly encrypted.
Documentation included quick-start and complete administrator guides. We also found a few other pieces of supplemental material and user guides via the website support area. The quick-start guide provided a brief overview of how to get the appliance up and running, with an initial configuration and a short summary of the setup wizard steps. We found all documentation to include clear step-by-step instructions, configuration examples and screen shots in a well organised layout.
Cisco provides a fee-based-only support model for customers. Assistance can be purchased as part of an annual agreement that includes access to many options. Pricing for aid starts at around c£828 and includes phone, email and web-based technical support, as well as access to a full online area where customers can interact with a knowledgebase, user forum, technical documentation and support case submission and tracking.
At a price starting at c£4,737, we found the Cisco Email Security Appliance to be excellent value for money. It was not only easy to configure and to use, but also included a solid feature set and many ready-to-go functions right out of the box. It is cost-effective and easy to deploy. This product can provide value and security to almost any type of enterprise environment.
Peter Stephenson
WordPress Backup Tool Review: BlogVault
Last year we did a post reviewing 10 backup tools and utilities for WordPress. There are plenty of options, but I came across the BlogVault WordPress backup system recently and felt it is an excellent solution for small business owners who simply don’t have time to fuss with the backup process.
BlogVault is a Web-based service that allows you to backup your entire WordPress blog or website with just a few simple clicks.
What you can see in the screenshot Read More
The post WordPress Backup Tool Review: BlogVault appeared first on Small Business Trends.
Tradesparency: Business Supplier Reviews
For companies that import products or supplies from other businesses, finding partners and suppliers to work with that are trustworthy and professional can be a challenge. Choosing suppliers without knowing exactly how high quality their product is and how quick and easy the process is can cost too much money, time and resources for small businesses.
Now, business-to-business review site Tradesparency.com plans to give these businesses a venue to learn about suppliers and voice their opinions about what has and Read More
The post Tradesparency: Business Supplier Reviews appeared first on Small Business Trends.
Take Advantage of Pinterest\'s “Buying Intentâ€
Last week Cynthia Boris pointed me to some new social site research which found that while Facebook may come with the larger user base, Pinterest offers something even more valuable to marketers â€" users looking to buy. For small business owners, that's the kind of social media finding we want to hear!
Marketing Pilgrim reported on a Bizrate Insight survey which asked consumers to list the reasons they use certain social media sites and compared the results. The most recent Read More
The post Take Advantage of Pinterest’s “Buying Intent†appeared first on Small Business Trends.
Mobile Device Management Is A New Issue To Deal With, But Do You Really Know What You Need To Look For?
Mobile device management (MDM) platforms come in many shapes and sizes. They help protect you from data leakage, but  they often differ in how effective their services are delivered. Which one should you choose? A few days ago, I've had the pleasure of interviewing Alan Dabbiere, the chairman of AirWatch â€" a global leader in mobile device management and winner of the 2012 Cloud Computing Excellence Award. We discussed the importance of mobile device management to smaller businesses and why it's important for them to adopt such solutions as quickly as possible.
Implementing mobile device management rids you of a host of problems when employees bring their own devices (known as the BYOD revolution) to their workplaces. There's an issue, though. There are so many different versions of Android and iOS, and a flurry of other operating systems that devices use.
“When you think of a mobile device, it's not a single instance of an operating system like it was in the PC world,†said Dabbiere. “You don't just have Apple and Android. Android is splintered, so you've got the Samsung version, the Lenovo version, the HTC version, the 3LM version; and every one of these versions have two releases a year. Every one that comes out has security implications.â€
He then goes on to explain an embarrassing situation one small-ish business faced because it lacked control over its mobile ecosystem: “There was an investment bank, relatively small, with about 400 employees. Somebody picked up a phone a week after iOS 5 was released, hit the Siri button, and wrote an email to trade 10,000 shares of stock in a customer account. That's a really significant problem if you're an investment bank!â€
Here's a shocker: The bank actually had MDM. When they went to their provider to complain, the provider immediately realized that it didn't implement protection against this kind of issue and started working on implementing it for future mishaps. This primarily occurs in businesses that aren't wise in their choices in mobile security.
“These are problems that don't happen often, but when they do you're in the front page of the news,†he adds.
How do you know that MDM is really going to take care of you? According to Dabbiere, there are over 80 different providers. This means that we have solutions sprawled everywhere, and no idea which one to choose. Of course, you can always read reviews. MDM customers sometimes write reviews about the providers they use. If one of the providers doesn't quickly come up with a patch for managing that new operating system, you'll know about it in reviews. Services that are slow to respond to changes in operating systems not only jeopardize your firm, but they also make you force your employees to wait to get that brand new shiny phone because of the security implications.
Don't let your business kick the bucket just because of a measly little screen print or Siri mishap. In most cases, you just end up paying a few bucks for each device you add. Why not spare the cash and save you the tons of trouble you would get into if you don't comply with regulations or something really embarrassing leaks into the public?
Centrify Suite 2012
Centrify Suite 2012 provides user provisioning and access control across the enterprise. The company's approach to identity management and protection of user accounts, as well as system resources, made reviewing this product interesting and engaging. In a security market flooded with contenders, Centrify's ID management approach is creative and practical. It is easy to install and configuration takes the sting out of centralising various identity stores.
Key to Centrify's ability to aggregate the management of identities is the graphic interface. The easy-to-navigate screens help the IT and security administrators quickly and easily manage the network resources. The evaluation included the integration of Linux into Microsoft's Active Directory. This took just minutes to complete and we were on our way to controlling user creation, authorisation and permissions.
Reporting was very intuitive and easy to read. We did not see a group of cryptic details that required a security engineer to interpret. Centrify enhanced central control extends to mobile devices and applications.
Centrify Suite provides a true single sign-on architecture for centralised access and privilege management for more than 375 platforms across Windows, Unix, Linux and Mac OS X operating systems. For those that are concerned about agent-managed systems, the product can operate with or without the use of agents. Centrify postures itself as an essential prerequisite for secure access and data leak prevention strategies by managing privileges and encrypting communication between systems to protect sensitive information.
It is important to have an installer that understands Windows, Linux, Unix and/or Mac (depending on the customer's environment). Our basic setup included a Windows workstation for administration, Microsoft Active Directory, a DNS Server configured to allow dynamic updates for Active Directory services, and a Linux system hosted on both virtual and traditional hardware environments.
Centrify provided a simple installation application along with scripts that helped set up the Linux environment. The tool automated the entire process of deployment, so it was not necessary to manually touch the SQL server at any time. Complete documentation was included on a CD provided by Centrify. This was rich with instructions, pictures and diagrams. Once the initial setup was complete, the intuitive user interface made the job of enrolling systems simple. Where there was a need for specific agents, tools and instructions, Centrify provided access to the customer support portal, as well as access to friendly and knowledgeable support staff.
The company offers a basic, no-cost support service in addition to its standard and premium options. Standard provides eight-hours-a-day/five-days-a-week phone assistance. Premium provides 24/7 phone aid. Both options provide email support. In addition, Centrify offers a fairly comprehensive knowledgebase and an FAQ section on its website. Basic cost for the product is c£238.50 per server and c£40 per workstation.
Support costs are based on a percentage of the list price: 20 per cent for standard and 25 per cent for premium support.
Peter Stephenson
ISSE: 1970s culture clash led to challenges we face today
The paradigm shift of IT has come from the connection to the internet and a lack of collaboration to deal with new challenges.
Speaking in a panel debate on the 'paradigm shift in IT' at the Information Security Solutions Europe (ISSE) Conference in Brussels, Kim Cameron, chief architect of identity at Microsoft, said that there were three things that underlined security in the 1970s when people were not interested in security: the world was disconnected; there was the thrill of innovation; and a sophisticated theory of security and a notion of separation.
Cameron said: “What happened was there was a collision of these three things, as we had single user machines and they were disconnected, and then the world woke up and it was connected. I see a collision of factors and once the catastrophe hit, we saw it getting connected. The only thing to do was cast off processes with the thrill of innovation.â€
He said that the move to lightweight computing meant that processes were needed in order to protect ourselves. “This led to a security lifecycle management philosophy, so Microsoft introduced processors for the components of a system for a lifecycle review,†he said.
“People were unhappy with the security of the internet, but the world had gone on and we needed a paradigm shift and we needed new processes, secure processes. Security has become so complicated to do effectively, as it is only done effectively by providing and subscribing to processes. It is now about how to move to a world of service provision.â€
Tom Kohler, CEO of Cassidian CyberSecurity, said that we are living in a world where there is still silos and the language of people needs to be addressed, as well as common standards such as the National Institute of Standards and Technology (NIST) and the Data Protection Act. “Also, application data, if you have ten business applications you will see the complexity,†he said.
“With internal regulations, the third pillar or silo is technology with identity, storage, etc. My belief is that we should work closer together and define continuous key performance indicators to understand each other in our silo and be able to give a handshake to another.
“Data is moving extremely fast in petabytes and we need an over-arching process, decide what type of platform we should develop in terms of identity and network traffic and have a base-language to communicate.â€
Kohler also said that there should be a shared port for communication, and that while ENISA was doing a great job in this area, greater collaboration and cooperation would benefit businesses.
Udo Helmbrecht, director of ENISA Europe, said: “We have cooperation going on but in different systems. There is a horizontal community and a lot of trust building and people can ask about a problem. We need more government structure in IT and standardisation and discussion in this area so a user can see what is being done.â€
XSS remains the most frequently attacked flaw
The third quarter of 2012 showed another increase in attacks against cross-site scripting (XSS) flaws.
Analysis of 15 million cyber attacks by FireHost users found XSS, directory traversals, SQL injections, and cross-site request forgery (CSRF) attacks to be the most serious and frequent and are part of FireHost's 'Superfecta' group. In Q3 of 2012, XSS and CSRF represented 64 per cent of attacks in this group.
The report claimed that XSS is now the most common attack type, with more than one million XSS attacks blocked during this period alone, a rise from 603,016 separate attacks in Q2 to 1,018,817 in Q3. There were 843,517 CSRF attacks reported.
Chris Hinkley, senior security engineer at FireHost, said: “XSS attacks are a severe threat to business operations, especially if servers aren't properly prepared. It's vital that any site dealing with confidential or private user data takes the necessary precautions to ensure applications remain protected.
“Locating and fixing any website vulnerabilities and flaws is a key step in ensuring your business and your customers, don't fall victim to an attack of this nature. The consequences of which can be significant, in terms of both financial and reputational damage.â€
As with the second quarter of 2012, the majority of attacks that FireHost blocked during Q3 2012 originated in the United States. However, this quarter saw a shift in the number of attacks originating from Europe, with 17 per cent of all malicious attack traffic seen by FireHost coming from this region. Europe overtook Southern Asia (which was responsible for six per cent), to become the second most likely origin of malicious traffic. The US was responsible for 74 per cent, or 11 million attacks.
Facebook Wooes Small Biz, Merchants Reluctant
Facebook reaches out to small businesses as customers for its advertising services, but a recent study suggests this target group may remain reluctant to pay for advertising or any other promotional services from the social networking site. Here's a look at where things stand with Facebook's efforts to woo more small business advertising dollars and what other ways you can use the social media site to benefit your small business.
Facing Advertising Realities
Laying it on thick. This post looks at how Facebook has been “laying it one thick†in an effort to convince small businesses to advertise to its members. Note the site's development of an interface created to nudge Facebook page owners to upgrade from regular to promoted posts. Facebook also upgraded its mobile page app to sell ads to business customers. Wired
Setting things in motion. One Facebook intern gives us a tour of the mobile advertising interface he helped create, the very first mobile advertising interface ever implemented on Facebook, he proudly reminds us. The effort was motivated in part by a desire to create advertising services to reach 600 million users now active on the social network's mobile app every month. Facebook Engineering
Keeping it real. The trouble with all this is that, while businesses like using Facebook's free features to promote their brands, they aren't too keen on paying for anything extra. A recent e-mail survey of 3,434 member merchants of MerhantCircle.com suggested that while 68.7 percent favored using Facebook's free platform to promote their businesses, only 6.6 percent said they used Facebook's pay options. AllFacebook
How Do You “Like†It?
Building your fan base. Getting “likes†on your Facebook page as a way to promote your business isn't a matter of luck or popularity alone. In fact, blogger Samuel Pustea insists there are a number of simple steps any online business owner can take to increase the number of “likes†their page receives. Here's one approach for growing your fan base. Internet Dreams
Staying on schedule. But there may be an even simpler approach to improving your marketing results with Facebook. Just as with your business blog, establishing a posting schedule for Facebook will work wonders, says online marketing consultant Allison Semancik. Here are some benefits of establishing a Facebook posting schedule and some advice on how to create one. Idea Sprouts
Getting on the ball. If you haven't got one yet, it's time to start a Facebook page for your business today. Guest blogger Jennifer Koebele gives some examples of how to create content for your small business or brand, and looks at some of the obvious benefits too. Though maintaining a Facebook page for your business will take some time, the benefits outweigh the investment. Small Biz Diamonds
Setting up shop. You may have heard that Facebook and other social media are for marketing and building your brand, not for selling products. But guest blogger Debbie Dragon has these suggestions for setting up shop on the social networking giant using the Facebook Store App. Then follow these simple steps to start selling your products to Facebook users following you. Denise O'Berry