What We’re Reading, Week of 4/26

CNET…
On iPhone, beware of that AT&T Wi-Fi hot spot
CNET reports, any wireless network can mask itself as an AT&T Wi-Fi hot spot, drawing iPhone users to a potentially dangerous connection. Samy Kamkar, best known for building a worm in 2005 that collected a million overnight friends on MySpace, revealed this unsettling news about Wi-Fi this week. iPhone users protect themselves by disabling their Wi-Fi or disabling the phone’s ability to automatically join AT&T’s Wi-Fi network. Questions remain, however, whether this is an iPhone-specific vulnerability or if any AT&T Wi-fi handset is at risk.

WSJ…
Symantec Pays $370 Million for Two Security Firms
Antivirus provider Symantec plans to purchase two privately held email-and-data encryption companies to buoy its position in the encryption technology market, reports the Wall Street Journal. Symantec will buy PGP Corp and GuardianEdge in deals that total nearly $400 million. The deals point to the growing demand for encryption services for major technology companies.

CBS News…
Announce A Data Breach And Say It’s No Big Deal?
Evan Schuman tackles data breach etiquette in a column for CBSnews.com. He warns retailers against taking the “it’s not as bad as look approach” when cyber criminals have hacked into their systems, stealing sensitive customer data. Schuman points a finger to last week’s security breach by Blippy, a shopping social networking site that stores credit card numbers so users can share shopping habits.

IT departments should make the case for corporate resources

NetworkWorld’s Tim Greene takes on the issue of information security and corporate resources this week. The piece focuses on John Pironti’s, president of IT Architects, talk at the Interop conference in Las Vegas.

Pironti asserts, industry compliance standards don’t fully protect organizations from security leaks, and in many cases, outsourcing has added to the problem. While Pironti’s stance seems intuitive, the truth is, organizations often take information security for granted, culling a false sense of security from compliance standards or automated technology.

Martin Hack, EVP at NCP, has long been an advocate for organizations taking greater care in provisioning employees on-and-off the network. He says, organizations sometimes neglect to immediately provision dismissed employees off the network, leaving it hugely vulnerable to data leaks. More innocuous scenarios, like connecting to the network remotely or giving network access to business partners or consultants, can also cause data leakage.

This is why using a secure VPN is so critical. After all, how frequently do IT professionals meet with senior financial officers at a company to make a case for corporate resources? It’s unfortunately common for IT professionals to assume that those allocating the resources understand the importance of information security. But in this business environment, where budget talks frequently disintegrate into outright land grabs, departments have to be bolder than ever.

What do you think? Are IT departments doing enough to be in front of CFOs? Let us know your thoughts.

What We’re Reading, Week of 4/19

Infosecurity…
PwC report shows bleak security landscape
Nearly two-thirds of businesses have seen attempts to break into their networks in the past year, reports Infosecurity on the latest security survey from Pricewaterhouse Coopers. The survey points to cloud computing and social networks within enterprises as the primary culprits. The report drives home the importance of secure network access as connectivity standards loosen.  In fact, a PWC security partners points out, “only 17% of those with highly confidential data at external providers ensure that it is encrypted.”

OneMedPlace…
Providers May Be Overconfident in Data Security, Report Finds
A new study finds that healthcare organizations might not be securing electronic health data as well as they think. The HIMSS Analytics report found that organizations ranked themselves high for compliance, yet 19% reported a data breach in the last year. Even more surprising, the report shows that majority of these incidents came not from hackers but from carelessness, like losing mobile devices that can access the network. The piece emphasizes training and awareness as ways to safeguard against such threats.

The Boston Globe…
Seize control — remotely, that is, of a home or office PC
The Boston Globe’s Hiawatha Bray reviews LogMeIn’s capabilities for remote access on an iPad. The review considers features like convenience, control options, and price points in using the application on the iPhone and iPad.

iPad Highlights Wireless Strains on College Campuses

The Wall Street Journal has reported on security issues hindering the adoption of tablets, like the iPad, at some colleges. Students are expected to be a major market for tablets, given the availability of electronic books and growth of wireless networks. But the piece casts doubt on the feasibility of this, with security issues among several factors leaving the college market in question.

While several colleges are openly embracing the iPad, network administrators are having fits over how to protect their campus systems under such strains. Sheer volume of wireless demand aside, students represent complex issues, ranging from rampant malware spread to jumping from on/off campus hotspots to outright network abuse.

Why the logjam? It appears the ‘latest and greatest’ wireless devices are truly next generation technology, so much so that college network technologies are being left in the dust. And rethinking wireless remote access is aging network administrators at a rapid clip.

Case in point, George Washington University has said its wireless network security features don’t support the iPad and Princeton University said earlier this week that it has blocked about 20% of the devices on its network after detecting malfunctions, with potential to impact the entire school’s systems, according to the WSJ. Cornell University has also encountered networking and connectivity snafus related to the iPad.

Despite these issues, the tablet’s appeal for colleges is evident and will likely grow. Many of the schools mentioned in the WSJ article are working to mitigate these networking problems, and solutions are expected to emerge. Even so, wrestling with network integration of hot new wireless technologies will continue to frustrate colleges as tablets become mainstream and as students demand better network access for these products.

What do you think? Should colleges restrict tablet usage because of networking problems? What can manufacturers such as Apple do to help these institutions adopt more quickly?

Let us know your thoughts.

VPN Legal Issues Haunt W7 / 2008 Server

There is an interesting continuation of news at the end of March being reported regarding Redmond’s famous tenant and VirnetX. We don’t often see patent issues in the VPN market, let alone a successfully waged one with Microsoft. This will mark the second legal issue over this technology and it appears the United States Patent and Trademark Office (USPTO) has given the green light for the W7 / 2008 Server suit to continue.

As reported by ZDNet blogger, Mary-Jo Foley, this one could get ugly:

“Last month, the East Texas jury recommended Microsoft be required to pay VirnetX $106 million, but VirnetX believes it deserves more, due to Microsoft’s size, ‘financial condition’ and its failure to take remedial action.”

What does this mean for the market? Practically speaking, most likely not much. Although it could drive costs up for customers as VirnetX seems only interested in receiving money over the spat. Or it could be that we see a stripping out of the technology from DirectConnect as has been done with Office Communicator over the initial suit.

Questions remain.

What becomes of DirectConnect?

Will functionality be impacted?
How will the market respond to another potential shift in VPN options?

Haus will continue to monitor.