Posts Tagged ‘ linux ’

How MSPs Can Help Medical Firms Protect Their Data

17 april 2015

Physician, encrypt thyself. Guest author Doug Truitt, Kalleo Technologies CEO, offers his take on how MSPs can safeguard medical firms from costly data breaches.

By Doug Truitt

As the health care industry becomes increasingly technologically grounded, the oath taken by medical professionals to “do no harm” should extend to protecting patients’ personal data.

For doctors’ offices, pharmacies and other medical facilities, taking precautions to safeguard the sensitive information under their care is not just ethically sound in that it spares patients from harmful breaches in privacy, but also financially prudent as Health Insurance Portability and Accountability Act (HIPAA) violations and fines can severely impact the health of a business.

They say in the medical industry that an ounce of prevention is worth a pound of cure; in this case, one government fine from a HIPAA violation can easily cost in the mid-five figures, which can be about 1,000 times the expense of the monthly fee for an encryption service. And that’s not yet addressing what is actually most deadly to a medical business: loss of reputation.

For hardworking doctors with enough on their mind, investing in low-cost data security coverage can prevent being blindsided by a breach. Unfortunately, a basic barrier keeping many medical businesses from properly securing data is that they simply don’t know where to begin or how to implement the protections they need (and ought to schedule a check up with an HIPAA-focused managed service provider.)

In our day and age, with information carried on portable devices, it’s too easy to lose data. A doctor may think nothing of taking a laptop containing work that includes confidential patient information home for the weekend. But when that laptop is lost—whether stolen or simply misplaced—these medical practitioners need technology solutions that quickly resuscitate their prospects of avoiding embarrassing and costly calls to government agencies

Bron: Linux and Unix Nieuws Lees het complete artikel hier:

RSA Shows Partners the Security Ropes

14 april 2015

With the annual RSA security conference set to kick off next week, much of the attention in the channel community naturally turns to security. With demand for IT security expertise at an all-time high, more organizations than ever are looking for external services to help secure their IT environments.

The challenge is that creating a managed security service practice to serve that demand is no simple undertaking. Not only does it require a lot of technical expertise, IT professionals with IT security skills are in short supply.

To help its channel partners make the transition to becoming a managed security services provider (MSSP), RSA has launched a RSA SecurWorld Delivery Services Program. Via this program, RSA channel partners are exposed to a series of advanced technical training sessions, various security delivery methodologies and mentoring engagements with RSA. Once complete, they are deemed an RSA Certified Delivery Services Partner in a particular solution.

The first solution that RSA is providing channel partners access to under this program is RSA Identity Management and Governance. This is emerging as one of the hotter categories in security because IT organizations are trying to secure content while also coming into compliance with a whole range of regulatory requirements, said William Taylor, vice president of worldwide channels and alliances at RSA.

In general, Taylor said the RSA SecurWorld Delivery Services Program is an exercise in sales enablement for the channel. By working hand-in-glove with channel partners to get them started, instead of simply handing out leads, RSA is committed to teaching channel partners how to hunt on their own, Taylor said. Then, they can determine to what degree they want to develop their own security and compliance expertise versus reselling services provided by RSA.

Providing IT security services is clearly not a business for the faint of heart. A

Bron: Linux and Unix Nieuws Lees het complete artikel hier:

Why IT Channel Firms Need to Bolster Their Security Offerings

9 april 2015

If channel companies want to tap growth opportunities in security services, they will need to make changes, which may include retraining staff, revamping their sales structure, becoming more proactive and becoming experts on all facets of a security technology they are addressing, according to a new study from CompTIA. Sixty-three percent of the nearly 300 U.S.-based IT channel companies surveyed expect their revenue from security services to grow over the next 12 months. However, some IT channel companies will need to up their game in security, according to the study. There is strong potential for channel companies to expand into areas such as compliance management, risk management, cloud security, identity and access management, mobile security, and security information and event management, which “could all easily become components in a new security baseline,” said Seth Robinson, senior director, technology analysis, CompTIA. This is in addition to foundational security offerings such as network security, business continuity, email security and data protection, which many of them already offer. Here’s why IT channel firms should re-evaluate their portfolios.

Bron: Linux and Unix Nieuws Lees het complete artikel hier:

Maakt zich op voor de wereldtop

7 april 2015

Maakt zich op voor de wereldtop

Unit4 maakt zich op om wereldwijd uit te groeien tot een topspeler op de erp-markt. De leverancier van software voor enterprise resource planning (erp) richt zich daarbij met name op het middensegment. Met de in 2014 aan boord gestapte kapitaalkrachtige eigenaar, investeerder Advent, en nieuw buitenlands management krijgt de internationale strategie, die sinds eind jaren ’90 is ingezet, een extra impuls. Niet slecht voor een bedrijf uit Sliedrecht dat in 1980 met lokaal oliegeld is opgericht.

Voor Unit4 wordt de kiem eind jaren zeventig gelegd bij de toenmalige hardwaredienstverlener MAI. Het Amerikaanse bedrijf levert geïntegreerde systemen aan het midden- en kleinbedrijf (mkb) in het minicomputertijdperk. MAI verkoopt Basis/Four-computers, waarop programma’s geschreven in Business Basic draaien. In die tijd besluit het bedrijf, dat met softwarehuizen samenwerkt, ook eigen softwareproducten te gaan ontwikkelen. Het plan behelst het leveren van een complete ‘small business’ computer inclusief administratieve software, waarmee bedrijven hun financiën, voorraad, verkoop en administratie konden ondersteunen.

Dit concept is in de Verenigde Staten redelijk succesvol en dat wil MAI uitrollen naar andere landen. ‘Wat de Amerikanen even waren vergeten, was dat men in Europa niet overal Engels spreekt, dus de software, handleidingen en verkooptrainingen moesten worden vertaald. Dat vonden ze in Amerika maar lastig, en van een concept als btw hadden ze helaas ook nooit gehoord. Dus die software, zo bleek na het installeren, werkte niet’, vertelt mede-oprichter en oud-topman Chris Ouwinga (inmiddels voorzitter van de toezichthoudende raad van Unit4).

Het lokale Nederlandse management van MAI besluit vervolgens dit Amerikaanse pakket niet aan te passen, maar een nieuw Nederlands softwarepakket te bouwen met dezelfde functies. Ouwinga, die na een elektrotechnische opleiding bij het bedrijf aan de hardwarekant is binnengekomen, vindt dat een interessante ontwikkeling en stapt over

Bron: Computable Lees het complete artikel hier:

More Firms Meeting PCI DSS, but Only Temporarily

6 april 2015

Organizations may not exactly be in love with the Payment Card Industry Data Security Standard (PCI DSS), but they are increasingly complying with it with help from solution providers across the channel. The 2015 PCI Compliance Report from Verizon finds that although more companies than ever are attaining PCI DSS compliance, few of them can maintain it since the overall IT environment remains fairly dynamic. “Compliance at a point in time isn’t sufficient to protect valuable data and their reputations; organizations must make being proficient at maintaining security controls in a dynamic environment a strategic imperative,” the reports explained. “Being able to say that you were compliant three months ago will be of little solace when dealing with the aftermath of a breach.” Most of the data being stolen is accessed with credentials that have either been stolen or are easily cracked. Also, much of the stolen data is unencrypted, showing that companies still have work to do to move toward compliance.

Bron: Linux and Unix Nieuws Lees het complete artikel hier:

Amazon is de koning van cloud computing

3 april 2015

03-04-2015 10:26
| Door
Henri Koppen
| Lees meer artikelen over: IT-auditing,
| Er zijn 3 reacties op dit artikel
| Dit artikel heeft nog geen cijfer (te weinig beoordelingen)
| Permalink

Henri Koppen

Cloud Computing Consultant

Expert van Computable voor de topics: Cloud Computing en BPM


Amazon is absoluut de leider als het gaat om cloud computing. Het is een oncomfortabele waarheid die veel weerstand oproept. Tijd om eens een beschrijving te geven van al het moois dat Amazon te bieden heeft. Lees mee en oordeel zelf.

Op het gebied van generieke cloud computing, ofwel het aanbieden van rekenkracht en data opslag heb je in de feite de ‘grote 3′. Dit zijn Amazon Webservices, Google Compute Engine en Microsoft Azure. Google is minder generiek omdat het vooral krachtig is op het gebied van Linux en Microsoft uiteraard op het gebied van Microsoft en daarmee heeft Amazon al een streepje voor. Microsoft heeft echter een zeer krachtige office suite en Google is daarin de enige concurrent met Google Apps for Work. Niettemin is Amazon ook daar een zeer geduchte concurrent aan het worden.

Delen van bestanden en samenwerken kan nu al met Workdocs dit kan vergeleken worden met een business variant van Microsoft Onedrive en Google Drive. Amazon is begonnen met Workmail. Dit product mag nog niet in de schaduw staan van Outlook en Gmail, maar als je Amazon kent zal dit enorm snel veranderen, dat hebben ze al heel vaak laten zien.

Bron: Computable Lees het complete artikel hier:

Nutanix looking for a way to burst VMware’s bubble

2 april 2015

Comment Rumours are circulating about a hypervisor built by Nutanix, and Nutanix open-sourcing its software; two intriguing moves. Why would Nutanix make these moves as VMware ratchets up its attack on hyper-converged vendors with EVO:RAIL?

Start-up Nutanix is a hyper-converged infrastructure appliance (HCIA) supplier, widely-regarded as the leading such company in terms of units shipped.

It started out in 2011 as a combined hardware-software shipper, using commodity hardware powered by VMware’s ESXi hypervisor and providing a virtual SAN from its SOCS (Scale-Out Converged Storage) software.

SOCS is a virtualised controller that implements a clustered file system. The storage underneath is a combination of SSDs (Intel) and SATA disk drives. Nodes are linked across 10 GbitE cables for cluster traffic. SOCS became NDFS (Nutanix Distributed File System) and Nutanix says its appliance provides a Virtual Computing Platform.

Competitor and fellow HCIA shipper SimpliVity took a similar route, but uses ASIC hardware and firmware to accelerate its performance. Latecomers such as Maxta provide a SW-only HCIA offering, with channel partners building complete HCIAs from hardware meeting required standards for performance and capacity.

Nutanix SW capabilities

The NDFS software has developed and now supports both Microsoft Hyper-V (in 2013) and Red Hat KVM (in 2012) hypervisors. It does not support Docker containers. Its storage capabilities have grown and a brief list shows it having:

  • Cluster RAID
  • HOTcache tiering to put high-priority data in flash and ordinary data on disk
  • Medusa distributed metadata
  • Curator data distribution services
  • Snapshots
  • Thin-provisioning
  • In-line or post-process compression
  • Replication for disaster recovery
  • Prism user interface
  • Real-time inline deduplication
  • Post-process deduplication using MapReduce
  • Synchronous mirroring
  • Cloud Connect data protection using an Amazon cloud target

Bron: The Register Lees het complete artikel hier:

Hardware eenvoudige prooi voor hackers

2 april 2015

Niet alleen eindpuntdevices zoals servers, pc’s, tablets en telefoons, zijn te hacken. Ook apparatuur als routers en draadloze access points zijn interessante doelen voor aanvallers. Een recent voorbeeld is een kwetsbaarheid in de routers van bekende leveranciers als D-Link, ZTE en TP-Link.

Softwarekwetsbaarheden zijn overal. We zijn inmiddels wel gewend aan een fout in Windows, Adobe Flags, Linux of iOS, waardoor een slimme hacker toegang kan krijgen tot een netwerk of individueel device. En dan hebben we het nog niet over hardware. We beschouwen hardware meestal als iets dat alleen kwetsbaar is voor een mechanische storing door bijvoorbeeld slijtage of een schade. Maar dan vergeten we dat er nog een component aanwezig is tussen hardware en software: de firmware.

Firmware is ook gewoon software, maar in tegenstelling tot besturingssystemen en applicaties heel nauw verbonden met de hardware. Ook firmware bestaat uit een set van instructies om een systeem te besturen. Het belangrijkste verschil met andere software is dat firmware zich niet zomaar laat verwijderen. Moderne versies zijn echter wel te wijzigen of te upgraden.

Vroeger vond je firmware terug in het read only memory (rom) waardoor het niet aan te passen was. Nu is het gebruikelijk om firmware-instructies in het eeprom (electronically eraseable programmable read only memory) te plaatsen. Ondanks de term ‘read only’ in eeprom is code nu dus wel te verwijderen of te herschrijven. Ook firmwarecode kan kwetsbaar zijn, zo is gebleken. 

Een voorbeeld is Zynos, dat terug te vinden is in veel routers voor consumenten en kleine bedrijven. Deze routers zijn via het internet te configureren met een webbrowser. In januari 2015 ontdekte beveiligingsexpert Todor Donev een kwetsbaarheid in Zynos. Daardoor is een router over te nemen en kan een hacker de domain name system (dns)-serverinstellingen aanpassen en zo het

Bron: Computable Lees het complete artikel hier:

Why Service Providers Should Rethink Their DDoS Strategies

1 april 2015

In distributed denial-of-service (DDoS) attacks, an IT infrastructure, Website or network becomes overwhelmed with requests, making it impossible to deliver services properly. The majority of 129 service providers surveyed by DDoS protection provider Black Lotus have experienced such attacks, with a large percentage reporting “customer churn” as a result. The study shows a disparity between how threatened providers feel about potential DDoS attacks and how prepared they are to mitigate an attack. While the report shows that 92 percent of service providers have some form of DDoS protection in place, it’s often not enough to stop an attack before the damage is done. Plus, there seems to be a disconnect between what customers and their service providers believe are their responsibilities during a DDoS attack. Nearly half the service providers said they are solely responsible for the viability of their infrastructures during an attack, but they also believe the direct impact of the DDoS attacks are the customer’s responsibility. The bottom line is that DDoS attacks can result in significant revenue losses.

Bron: Linux and Unix Nieuws Lees het complete artikel hier:

Why Improving Mobile App Security Is So Hard

30 maart 2015

While demand for mobile applications is growing at astronomical rates, so too are the security vulnerabilities that affect those apps. Although the vast majority considers the risk significant, just a small percentage of mobile application development budgets is being allocated to securing those applications, according to a survey of 640 IT professionals conducted by the Ponemon Institute on behalf of IBM. Worse yet, only 29 percent of those polled said they have the resources they need to address the issue, and only 14 percent gave high ratings to their capabilities in this area. “For a variety of reasons, companies find it difficult to improve the security of their mobile applications,” the study stated. The report recommends frequent testing of mobile apps, ensuring the “rush to release” does not have a negative impact on coding practices, conducting training and education programs for development teams, increasing budgets for mobile app security, and implementing policies and procedures to control employees’ risky behavior. For solution providers across the channel, testing and securing mobile applications represents a major opportunity.

Bron: Linux and Unix Nieuws Lees het complete artikel hier: