05-11-12 | Blog Post

Liveblogging from Online Tech’s Spring into IT Seminar!

Blog Posts

I’m liveblogging from Online Tech’s Ann Arbor data center – our Spring into IT seminar is underway! The first presentation of the day is You Are Vulnerable: How Not to be a Data Breach Statistic by Adam Goslin of High-Bit Security, at 8:30 A.M. There’s still time to join us for other sessions this morning until 1 P.M.

For the full schedule with times, speakers and location, check out Spring into IT.

Stay tuned for live coverage of the presentations!

8:30 A.M. – You Are Vulnerable: How Not to be a Data Breach Statistic
Speaker: Adam Goslin

There’s been an increase of small-scale breaches involving small to medium-sized businesses. Recent breaches also involve lost or stolen devices (mobile phones or laptops). Encryption allows people a false sense of security – there are many other ways that security can be breached.

Mobile threats are also increasing with the use of mobile devices. Critical infrastructure attacks are also increasing – this includes malware that is designed to attack buildings. Breach costs are now averaged at $194 per record – this includes loss of business, remediation and more.

Only 10 percent of software developers and IT were documenting their security protocols.

Vulnerability Scanning

  • Relatively inexpensive
  • Automated, pre-configured scan that will look for any configured, and known incompatibilities on your network

Penetration Testing

  • Significantly more expensive, but provides more coverage over networks, all devices, wireless systems and more
  • Detailed website and application testing
  • Performed and evaluated by a certified security engineer
  • A detailed report includes what was found, where it was found, and what the issue means, as well as specifics on how to resolve the issues

A few ways to test the security of an organization include external hacking (ethical hacking) to find vulnerabilities of a system and social engineering – attempting to gain access to a system face-to-face.

9:00 A.M. – Compliance Reporting and Remediation with VMware
Speaker: Brian Foley

Introducing vCenter Configuration Manager

Customer concerns include: lacking visibility into their environment, dealing with change management issues, industry compliance standards, ensuring systems are patched.

VCM is cloud-ready, with quick-time-to-value to meet compliance requirements – compliance standards are built into the system.

Benefits include:

  • Correlate performance to change with change management logs.
  • Allows you to create and customize your own compliance rules, as well as a number of predefined compliance standards that can check your current system against.
  • VCM also gives real-time and historical graphs of your degree of ongoing compliance, and allows for accelerated auditing with automated compliance.

9:30 A.M. – HIPAA at 16
Speaker: Joe Dylewski

HITECH was created in order to enforce the implementation of EMR (electronic medical record) systems by providing incentives for healthcare organizations. Meaningful use was created for physicians to prove the systems were being used. The maximum breach penalty was increased to $1.5 million.

Spring into IT Seminar Speaker Joe Dylewski
Spring into IT Seminar Speaker Joe Dylewski

10:00 A.M. – Data Security in the Cloud
Speaker: Steve Aiello, CISSP

Cloud computing security is a corporate strategy. Most of the vulnerabilities and threats have been around for a long time. Security concerns have risen due to the major attacks on Sony, PBS, CIA, FBI, PayPal and other large corporations. Just because you’re compliant, it does not mean you are secure.

What is Security? It’s the CIA Triad – includes the confidentiality, availability and integrity of the data.

  • Confidentiality – Keep information private. Determine what’s intellectual property to your company, and what needs to stay secure.
  • Integrity – Keeping your data intact/accurate.
  • Availability – Your data is there when you need it.

Question to ask your company: Where can you reinvest cost-savings from using cloud technologies to improve overall security?

Something to consider: the introduction of external parties/providers shouldn’t lessen your security profile. Questions to ask about your vendor:

  • Is your cloud provider audited regularly?
  • Will they share the results of their audit?
  • Do they have processes in place to pass on that tribal knowledge?

Provider offerings that increase security:

  • WAF
  • Encryption
  • Unique user IDs
  • Two-factor authentication
  • Applications
  • And more

Cloud Options vs. Security

  • The lower down the cloud stack the service providers tops, the more security you as a user absorbs

Potential targeted technology:

  • Hypervisors
  • Orchestration Tools
  • Administrative Machines
  • API Endpoints
  • Virtual Machines
  • Applications

10:30 A.M. – Two-Factor Authentication
Speaker: Chris Schmitt

Factors of authentication include something you are (biometrics), something you own (card), and something you know (pin number). Two-factor is required for PCI compliance.

Ideal for protecting sensitive data – it’s important to have wide integration with the two-factor tool you choose. TFA solves the problem of a weak password – it provides an extra layer of security, and helps with access control. TFA doesn’t solve regulatory financial compliance.

When picking a TFA solution, focus on simplicity and management – the ability to sign up all users at one time and easily manage them is ideal. Online Tech uses Duo Security, an Ann Arbor-based tech company. Uptime availability is also important.

11:00 A.M. – How to Properly Configure a High Availability Server Rack
Speaker: Noah Wolff

[This will be video-taped and posted after the seminar concludes].

High availability is the percentage of time a system is available – do you need it? Consider the costs/consequences of downtime and your mission critical applications.

Common HA misconceptions – having a UPS is enough, having two firewalls is enough, power supplies on a server is enough, and collocating in a data center is enough (although a DC may provide HA, you may not be taking advantage of it).

Reasons to go HA – ease of maintenance, a single point of failure can affect your uptime and downtime can mean a loss of clients and business.

HA does not protect you from security breaches or human error. Backup is still important, even if you do have HA. DR assumes multiple points of failure. HA does cost more, and does not cover all possible sources of failure.

The most common mistake with configuring for HA is the failure to test it.

Noah Configuring a HA Server Rack
Noah Configuring a HA Server Rack

12:00 -The Mobile Explosion: What Does it Mean for You, Your Business, and Michigan’s Economy
Speaker: Linda Daichendt

Mobile is today’s primary consumer device – 5.3 billion have mobile devices of some kind, and 1.1 billion have tablets or laptops. We have 103.9% mobile subscriptions per capita, meaning more subscriptions than our entire population.

Consumption of the internet via mobile phones has increased over 1200% in the last few years. When it comes to marketing, the average response rate to a mobile offer is between 12-15%. Depending on the type of business (consumer-based), some markets have seen over 60% response rates.

Linda Daichendt's Keynote Speech on Mobile Trends
Linda Daichendt’s Keynote Speech on Mobile Trends

Check back to our blog in the next week for a full blog post on the mobile trends, statistics and latest technology presented by Linda.

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved