More client security analytics
Mobile Commerce: State of the Market
Research: 2013 Enterprise Social Networking Survey
Strategy: Heading Off Advanced Social Engineering Attacks
Strategy: Developing a Strategy for Enterprise Application Security
Strategy: How Cybercriminals Choose Their Targets and Tactics
Best Practices: 6 Security Services Every Small Business Must Have
Strategy: Mapping IAM Processes to the Business
Informed CIO: SDN and Server Virtualization on a Collision Course
Strategy: Securing The Mobile User
9 Conference Calling and Social Apps
Strategy: 3 Steps to a Hands-Free Cloud
Research: 2012 Security Staffing Survey
Strategy: Building and Maintaining Database Access Control Permissions
Best Practices: Using Apple's Global Proxy to Boost Mobile Security
InformationWeek 2013 Strategic Security Survey
InformationWeek 2013 IT Spending Priorities Survey
Take the InformationWeek 2013 Database Technology Survey
Strategy: Passwords Don't Work. Now What?
Strategy: One-Click Disaster Recovery
Research: Apple Outlook Survey
Strategy: How to Conduct an Effective IT Security Risk Assessment
Strategy: Cybersecurity on the Offense
Informed CIO: Cloud Standards
Strategy: Smartphone Smackdown: Galaxy Note II vs. Lumia 920 vs. iPhone 5
Strategy: Apple iOS 6: 6 Features You Need to Know
Every business needs a plan for what’s projected to be a $1 trillion market by 2017. Here’s how to future-proof mobile commerce investments and strategies, navigate a dynamic landscape, gauge the momentum of key companies, and weigh the pros and cons of various approaches and architectures.
Want our advice? Throw out your enterprise social network. Our survey says just 13% have meshed internal and external communications, and only 21% have seen significant reductions in email volumes. Meanwhile, 62% have yet to integrate any external social media into internal applications. Start fresh and think social technologies, not platform silos.
Social engineering attacks are getting increasingly sophisticated, but there's only so much the law and technology can do to protect your organization. In this Dark Reading report, we detail how a social engineering attack is developed and what IT professionals can do to prevent their users from being targets and victims.
Application security is challenging because of the number of applications in use at most organizations, their visibility (or lack thereof) and their constant churn. In this Dark Reading report, we examine the best ways to build an explicit, systematic plan for discovering applications, identifying vulnerabilities and mitigating risk.
They are out to get you, make no mistake. But there are things you can do to make sure that your organization is unappealing to a cybercriminal bent on finding easy pickings. The key is to understand what cybercriminals are looking for and how they go about the business of infiltrating vulnerable systems and networks.
Small and midsize businesses have a big security problem: They are vulnerable to the same kinds of attacks as large enterprises, but they often don't have the same resources for fending off, or recovering from, those attacks. Security services can help small and midsize businesses get and stay secure. In this report, Dark Reading examines the reasons why MSSPs make sense for SMBs, recommends the six categories of services that every SMB needs, and provides tips for evaluating and hiring providers.
Pinched by the cloud on one side and insider attacks on the other, enterprises are turning to smarter identity management technology to help them secure critical assets. In this Dark Reading report, we take a look at IAM's next wave.
With every data center resource -- compute, storage and networks -- now virtualized, with a software abstraction layer insulating the logical resource from physical manifestation, the push is on to consolidate operational control and programmatic automation. First came VMMs and cloud software stacks for servers and storage, then SDN for networks; soon, the two will link to form what VMware calls "software-defined data centers." It's a nexus that's disrupting strategies at major IT vendors and, ultimately if not imminently, every enterprise data center.
The complexity of managing mobile devices should get easier going forward, but that's not the case right now. As traditional laptop PCs continue to die a slow death, most IT departments will be forced to alter the way they approach client management. Despite the growing popularity and acceptance of the bring-your-own-device -- or BYOD -- movement, there are a number of things working against IT. Fortunately, there are also a number of tools, some of them free, that security professionals can use along with strong policy and best practices to close the enterprise mobile security gap.
In this installment of our quarterly series, we look at two complementary technologies that we expect to see come together in the not-too-distant future: advanced conference calling and enterprise social networking.
Virtualization let IT automate the entire life cycle of a server, from provisioning and initialization through steady-state and change management to termination. But this is only the first step on the path to fully coordinated, automated and managed systems. The ultimate goal: orchestration, where business needs can be defined and executed without human intervention. We'll examine the essential elements of orchestration, focusing on public and private clouds.
Hiring the wrong security pro can be a costly mistake that could set your company back years in terms of risk reduction. But finding the right person isn't easy: 39% of respondents to our staffing survey at security-focused companies say people with the required skill sets may be hard to find, and 18% say salary demands may exceed their budgets. But don't despair. We'll walk you through the steps you need to take to find the best security professionals.
Knotted and complex database access permissions are among the biggest threats to enterprise data security. In this Dark Reading report, we examine the problems associated with granting permissions to sensitive data, and recommend solutions that will help organizations thoughtfully and effectively grant privilege when and where it is needed -- and only when and where it is needed.
The addition of a global HTTP proxy in Apple's iOS 6, in combination with more mature cloud security services and enterprise mobility management tools, makes it easier, technically, to protect users. But privacy, policy and platform support are still sticking points.
This survey will take approximately 15 minutes to complete. Your responses will be kept confidential and used in aggregate only. Nothing will be attributed to you or to your organization. The results will appear in an upcoming issue of InformationWeek as well as in an in-depth report. Upon completing the survey, you will be eligible to enter a drawing to receive one Apple 64 GB iPad with retina display and Wi-Fi + cellular valued at $829 from UBM Tech. This survey sweepstakes is not sponsored, endorsed or administered by Apple. You will also receive a special priority code enabling you to save an additional $200 off the early bird discount on All Access and Conference Passes to attend Interop Las Vegas, May 6-10. The code is valid through March 22.
InformationWeek is conducting its annual survey on IT spending priorities. The results will appear in an upcoming issue of InformationWeek as well as in an in-depth report. This survey will take about 10 minutes to complete. Upon completion, you will be eligible to enter a drawing to receive one Apple 32GB iPad mini valued at $429 from UBM Tech. This survey sweepstakes is not sponsored, endorsed or administered by Apple. Your responses will remain confidential and will only be reported in aggregate.
InformationWeek is conducting a survey on the state of database technology in the enterprise. Take our InformationWeek 2013 Database Technology Survey now. Survey ends Feb. 22.
Major database breaches and easy-to-crack selections underscore the vulnerability of our most common authentication mechanism. So what's the alternative for protecting our online lives? To find out, we polled a range of security experts.
Automation and orchestration are all the rage among IT architects these days. One of the best places to apply the technology is to disaster recovery. Most organizations still want a "go" button, but after that, timely recovery requires automation. Here's what you need to know to make it happen.
It wasn't long ago that only IT pros in education and creative services markets supported Apple products on a large scale. Sure, other orgs might have had a few Mac users tucked away, islands of quirkiness in an ocean of Windows corporate conformity, but they were largely on their own. Times have changed thanks to iPhones and iPads, but the question remains: Will Apple step up to become an enduring enterprise presence?
Assessing an organization's security risk is an important element of an effective enterprise security strategy. It's also a key way to justify future security spending to upper management. In this Dark Reading report, we recommend how to conduct an IT security risk assessment -- and how to translate the results into terms that make sense in dollars.
Can you -- and should you -- strike back at attackers? It's a complex question with deep ethical, legal and practical considerations. While governments have drawn lines in the sand, for the private sector it's still early days in the offensive cyber security era. You can, however, be proactive. Here's how.
IT has good reason to demand standardization in SaaS, IaaS and PaaS offerings. But what’s interesting is that vendors themselves are just as interested and, in many cases, are driving standards efforts. In a market this fast-moving, the old top-down model is being turned on its head.
Android and Windows Phone are not ceding ground to iOS -- far from it. While lawyers for Apple, Samsung and Google battled in the courtroom, engineers geared up for the next battle in the smartphone war. And now Microsoft and its hardware partners have joined the fray with a new OS and fresh devices. We analyze the best each camp has to offer.
Devices running Apple's latest mobile operating system -- including the iPhone 5 -- are all over your network. Learn how to keep your users safe and productive, and find out about the six features in iOS 6 IT pros will love or hate.
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.