Find patterns in security threats to minimize risk
Current Analysis blogger and analyst Amy Larsen DeCarlo discusses how to follow patterns to recognize security threats. DeCarlo references the Verizon Data Breach Investigation Report that shows that most security incidents follow one of nine distinct patterns. Some of the categories include: crimeware/malware, insider/privilege misuse, denial of service attacks, cyber espionage and point-of-sale intrusions. While nine categories can still seem like a lot to determine risk, DeCarlo says that a single industry – be it healthcare, retail, etc. – will have three of the nine dominating its risk. DeCarlo says about 72% of the risk factors will come from three categories.
To monitor the cyber-security supply chain, use an outside-in approach
Enterprise Strategy Group senior analyst Jon Oltsik says that CISOs need to focus on the entire cybe- security supply chain and not just the aspects of IT that they can physically touch within their networks. The cyber-security supply chain refers to anyone who comes in contact with an organization's IT systems, networks, services or applications. It includes among others hardware or software suppliers, VARs, business partners and contractors. Instead of relying on a more basic auditing approach, Oltsik suggests an outside-in continuous monitoring methodology, similar to the continuous monitoring that takes place from withinIT networks.
Managed mobility services aren't as similar as they might seem
Current Analysis analyst Kathryn Weldon says that while managed mobility operators provide similar services, there are a few aspects that separate one from the other. For example, while most services include mobile device management, only some offer add-on security capabilities. Weldon says that mobile enterprise application management (MEAP) is another differentiator as some companies choose not to word missing???MEAP services or offer their own application development capabilities. Aside from these specific examples, Weldon says that obvious differences can be seen in mobile operators' partnering strategies, global footprints and view of their roles in enterprise mobility.
iSCSI is capable of large-scale storage deployments
VirtualizedGeek analyst and blogger Keith Townsend defends the notion that Internet small computer system interface (iSCSI) can be a viable option for large enterprise storage vendors. Townsend says that while traditionally, Fiber Channel has been the go-to form of interconnection, taking into account the innovative option of iSCSI could be just as useful. While Townsend acknowledges only one vendor, SolidFire, which uses iSCSI with Tier 1 applications, he says that it is important to consider that iSCSI has proven to be capable of anchoring large-scale deployments.