Many enterprises are lacking key tools for protecting Web 2.0 data, study says

Enterprises are allowing increasingly wider use of Web 2.0 technologies in the workplace for both business and personal use, but many are not ready to secure those applications, according to a study released Wednesday.

According to “Web 2.0 At Work,” a study conducted by research firm Dynamic Markets and commissioned by Web security vendor Websense, some 95 percent of companies currently let their employees access some Web 2.0 applications — including Webmail, mashups, and wikis — and 62 percent of IT managers believe that Web 2.0 is necessary to their businesses. IT executives are feeling pressure from all levels of the organization to expand support for Web 2.0 technologies across the enterprise, the study says.

Read full story

Advertisements

The most basic facts about your data – like where it is exactly and how it is replicated – become difficult to find out when you entrust it to a cloud, a new study says.  Read full story

The security gaps in cloud computing demand greater scrutiny than traditional IT outsourcing models, a new Forrester report says.

With traditional outsourcing models, a customer places its own servers in someone else’s data center, or a service provider manages devices dedicated to that customer. But multi-tenancy rules the day in cloud computing, and customers may not know where their data is stored or how it’s replicated, Forrester analyst Chenxi Wang writes in a report titled “How secure is your cloud?

Read more …

Security experts say enterprises spend anywhere from $400 to several thousand dollars to fix a single vulnerability in their internally Web developed applications

The cleanup cost for fixing a bug in a homegrown Web application ranges anywhere from $400 to $4,000 to repair, depending on the vulnerability and the way it’s fixed.

Security experts traditionally have been hesitant to calculate the actual cost associated with bug fixes because there are so many variables, including the severity of the vulnerability, differences in man-hour rates, and the makeup of the actual fix.

Read more …

Wie Sie Datenmissbrauch vermeiden


Mitarbeiterentlassungen erhöhen das Risiko des Datendiebstahls – die Sicherung kritischer Firmeninformationen ist daher in Krisenzeiten besonders wichtig. Lesen Sie, wie Sie gravierende Sicherheitslücken schließen.

Privilegierte Accounts, wie sie Administratoren besitzen, stellen ein besonders hohes Sicherheitsrisiko dar: Ihre Passwörter sind der Schlüssel zu sämtlichen unternehmenskritischen Datenbeständen. Nichtsdestotrotz finden sich auf den IT-Systemen häufig identische, leicht zu entschlüsselnde Kennwörter, die – wenn überhaupt – nur selten geändert werden, da dies in der Regel mit erheblichem manuellem Aufwand verbunden ist. Darüber hinaus hat oft eine ganze Gruppe von Administratoren Zugriff auf Shared-Account-Passwörter – hier zu überprüfen, wer wann was aus welchem Grund gemacht hat, ist nahezu unmöglich.

Weiter lesen …

Internet-Banditen locken User bereits über eigens programmierte Suchmaschinen in die Falle. Die angezeigten Links leiten unbedarfte Nutzer zu infizierten Web-Seiten weiter.

Im Zuge des Konsumierens von dort abrufbaren Inhalten wird schadbringender Code auf die Client-Rechner geladen. Panda Security warnt daher vor der Nutzung unbekannter Suchmaschinen. Auf eines der entdeckten Suchmaschine-Plagiate sei bereits 195.000 Mal zugegriffen worden. “Wir haben verdächtige Suchmaschinen mit häufig verwendeten Begriffen wie ‘Schweinegrippe’ oder ‘Paris Hilton’ gefüttert. Dies hat uns zu zahlreichen Web-Seiten geführt, die entwickelt wurden, um Malware zu verbreiten”, warnt Luis Corrons, technischer Direktor von Panda Security.

Weiter lesen …

Passwords have been standing guard over our computer user accounts seemingly forever; for a long while, and for most purposes, they could go it alone.

But it’s no secret that passwords are no longer sufficient as the sole means of granting access to critical networks, applications, and data, particularly as the number of applications requiring passwords at any given firm has skyrocketed. Either passwords are too weak, not changed regularly enough, or users write them down in a publicly accessible (read: not very secure) place, or theyre long enough, complex enough, and changed regularly, and thus impossible to remember.

Read more …