OK, so we were digital long before 2002, but it was then that the amount of data stored digitally overtook that which was stored in an analog manner. A recent analysis of ‘all’ storage also showed that we now have enough capacity for 295 exabytes of information… which is about 404 billion CDs.
Of course how much if it is actually used is not presented – and neither is how much of it is repeated, i.e. the amount of unique data is probably just a fraction of that. Finding things you know exist becomes harder each day, and a good friend Adrian Seccombe has written a short post on just this problem… losing things in your digital pocket. For enterprises this particular problem is worse, with thousands of hours of productivity lost each year due to people looking for data they know exist but can’t find – and then trying to reproduce it.
Archiving with full-text indexing is one option – but that is often catching less and less information as more ‘digital pockets’ are used. Furthermore, the loss of an unsecured ‘pocket’ could now result in a £500K fine from the Information Commissioner’s Office (ICO). Data growth is inevitable, but as the legislation evolves to encompass new working practices (the cloud, consumerization of IT, social networking sites, …) so too will the risks. As ever, it is time to revisit policies around security and data management and check that they have moved with the times… and if not, make the change before they become a liability.
A really cool bit of research from the University of Pennsylvania has looked at how smudges on your smart phone touch screen can be used to guess your password. So, while this is all research at present, as per usual it will only be a matter of time before it is exploited.
So… along with wiping SatNav marks off the windscreen so the burglars don’t pinch your SatNav, you should also think about wiping the marks off the smart phone as well after you have entered your password… bring back the mini-keyboard, all is forgiven!
There have been a couple of stories in the news recently about cached credentials. In essence, you enter your username and password and it enables you to, in this case, easily buy things from the online shop. Making it easier to use compromises the security and here meant that someone else could readily buy stuff when they shouldn’t have been able to.
Move to the business environment… what sort of compromises do you make with your security in the name of user convenience? When it comes to enterprise applications, especially those on mobile devices and / or accessed through a web browser, what is your policy on cookies and caching? If someone were to pick up your mobile phone, or iPad how easy would it be to get access to your data?
Now is the time to revise security policies and usage polices, especially where the IT equipment is used by the employee. Ensure passwords are required when the devices are switched on, have auto-lock policies after a short period of time (5-10 minutes should be ample) and review cookie credential caching for enterprise apps.
With the news that a couple of Android apps have been pulled as they misrepresented their purpose (they were used as research – duping users into downloading and installing them – to see if people would), it raises an(other) interesting question for IT departments around applications, mobile devices and keeping up with the user.
While companies have been getting stricter at what can and cannot be installed on corporate laptops, the same is not true of smartphones. There are now tens of thousands of apps for phones like the iPhone and Android, and while they do have to go through an approval purpose, it won’t be your corporate one.
I have recently been involved in writing security policies for a number of companies and it becomes very apparent as to the need for up-to-date polices coupled with a suitable education programme. Technology is moving rapidly and care needs to be taken to protect corporate data wherever it is and however it is accessed. Updates to policies are worthless if they are not effectively communicated – this is a case in point – updating the policy on downloading apps won’t stop people from doing it if they don’t know about it. If you have technology to prevent inappropriate apps from being installed on smartphones, great – if not, then you need to remind staff of some of the dangers of just downloading and installing apps from the web.
Cyber criminals go after the low hanging fruit and the smartphone is just that – a simple way into a person’s life and potentially the corporate network.
Good news… the CompactFlash Association has just released its V5 specification. This will up the maximum capacity to 144PB… as if the existing 137GB isn’t enough! Of course, it will be some time (couple of decades?) before we see devices with anywhere near this quantity of storage – but it is an indicator of where we are going, and more importantly where the supporting infrastructure, such as backup needs to move to. If you want a quick bit of mental arithmatic… how much would it cost to store 1PB of data on-line for a year today… answers on a postcard please…
Now where did I put my HD video camera…
So, the Downadup / Conficker worm has now infected 15 million systems – that’s pretty impressive considering that there was a fix last October to prevent it. What it does show is just how infrequently a significant number of users actually update their systems – even though they probably have a link to the Internet.
While the vast majority of the infections are in Asia, it now seems that there are outbreaks occurring closer to home – and within local government and business. This is more worrying – is the trend for patching vulnerabilities getting worse? Or are we seeing something different going on here? There is an increasing trend towards something call ‘consumerization of IT’. In essence, this is where you are allowed to use your own IT equipment for work – in some cases you get an allowance to purchase a system. The reason behind it is money – on a number of different levels and efficiency. However, what happens if there is a problem with the device, or it gets infected with a virus or worm. Who is responsible for sorting it out – the company, after all, if you have a worm like Downadup spread through your organization it is very expensive to resolve – or the individual, who might not be so worried or even know about the problems they are creating. Either way, these sorts of issues need to be resolved – as the problem is only going to get worse.
How’s it going to get worse? Well, connectivity is increasing, especially with the advent of Software as a Service and cloud computing, so more systems which are out of the IT department’s control will be attaching to the corporate network, furthermore consultants and other 3rd parties will also create this increased risk. The good news is… firstly, a lot of this can be prevented by regularly patching vulnerabilities in applications and the OS – so check your policy today. Secondly by using an anti-malware application for anti-virus, phishing, worms, rootkits etc you can be protected, but, again, only if they are kept up-to-date. Finally, there is a set of guidelines created by The Jericho Forumwhich will help in this new deperimiterised world… watch out for more on this next week!
Gartner has now recommended that employees buy their own laptops. There is nothing new in the concept, otherwise known as consumerisation. The idea is simple, employees buy and use their own hardware for work. In the US, it was the iPhone which has driven the move to consumerisation, lots of people rushed out to buy one and then asked their IT departments to support them. Here in lies one of the issues – support. The other one being licensing.
From a licensing perspective, who owns the software? Is it the company or the individual, what happens when they leave? From a support perspective what happens when a machine goes wrong? If there is a standard build, with a standard machine, then it is simple to fix or just to deliver a replacement. If it is down to the employee to get it fixed, do they do that on their own time? What happens if they don’t – laptops are an essential business tool if not available then productivity can drop to zero! What happens with backup? Who is responsible for doing it and how is it done? What about data loss prevention? If the machine has company information on it, what happens to it when the employee leaves?
There have been a number of successful schemes, but it is still early days. Before rushing in to save costs companies need to work through the issues and ensure that their corporate policies cover all eventualities.