A Clean Slate for Enterprise Scheduling

You’ll learn why the current model for enterprise scheduling solutions is considered aging technology, with growing hardware requirements that don’t meet new regulations and total costs of ownership that continue to rise. You’ll also learn about the new model for Enterprise Scheduling, that offers multiple access points, ease of deployment, reduced costs, and increased security. And, you’ll learn about Skybot Scheduler, the newest enterprise scheduling solution for your Windows, UNIX, and Linux servers.

Topics include:

An overview of current enterprise scheduling solutionsBenefits of Web 2.0 technologiesThe cloud computing advantageSkybot Scheduler

View the original article here

A Clean Slate for Enterprise Scheduling

You’ll learn why the current model for enterprise scheduling solutions is considered aging technology, with growing hardware requirements that don’t meet new regulations and total costs of ownership that continue to rise. You’ll also learn about the new model for Enterprise Scheduling, that offers multiple access points, ease of deployment, reduced costs, and increased security. And, you’ll learn about Skybot Scheduler, the newest enterprise scheduling solution for your Windows, UNIX, and Linux servers.

Topics include:

An overview of current enterprise scheduling solutionsBenefits of Web 2.0 technologiesThe cloud computing advantageSkybot Scheduler

View the original article here

E-Guide-- Risk-Based Audit Methodology: How to Achieve Enterprise Security

Risk-based auditing is a broad topic, one that can be applied to many areas such as finance and information technology (IT). This e-guide focuses on risk-based auditing from an enterprise IT perspective. It covers the requirements for a risk-based audit and the steps necessary before, during and after an audit. Additionally, it discusses risk mitigation methods, and provides analysis for selecting controls and measuring control effectiveness. This e-guide offers a simple risk-based audit methodology for organizations to develop an internal IT audit program, or those looking for new ways to assess security risks.

View the original article here

E-Guide-- Risk-Based Audit Methodology: How to Achieve Enterprise Security

Risk-based auditing is a broad topic, one that can be applied to many areas such as finance and information technology (IT). This e-guide focuses on risk-based auditing from an enterprise IT perspective. It covers the requirements for a risk-based audit and the steps necessary before, during and after an audit. Additionally, it discusses risk mitigation methods, and provides analysis for selecting controls and measuring control effectiveness. This e-guide offers a simple risk-based audit methodology for organizations to develop an internal IT audit program, or those looking for new ways to assess security risks.

View the original article here

Single Sign On, Digital Signage, Enterprise Apps

Using a single password or biometric fingerprint, SSO allows authorized users to log on to a PC or network one time, yet achieve access to multiple clinical, financial, and other applications and systems.

Look to CDW Healthcare for an SSO solution that aligns with your hospital’s needs and:

Streamlines secure access to patient dataEnsures privacy of patient recordsImproves HIPAA complianceIncreases speed and quality of careEliminates time-consuming password resetting

Continue reading to learn more about single sign on log in applications.

View the original article here

Single Sign On, Digital Signage, Enterprise Apps

Using a single password or biometric fingerprint, SSO allows authorized users to log on to a PC or network one time, yet achieve access to multiple clinical, financial, and other applications and systems.

Look to CDW Healthcare for an SSO solution that aligns with your hospital’s needs and:

Streamlines secure access to patient dataEnsures privacy of patient recordsImproves HIPAA complianceIncreases speed and quality of careEliminates time-consuming password resetting

Continue reading to learn more about single sign on log in applications.

View the original article here

Enterprise Data Storage Reaches for the Cloud

Mike Prieto, Vice President and General Manager, Storage Works Division, HP Asia Pacific and Japan in conversation with Geetaj Channana about the ways to curtail information explosion.

Q:What are the three ways of curtailing information explosion in an organisation?

A: In terms of optimisation and data reduction – thin provisioning, deduplication and tiering are the three ways to manage the explosive data. Thin provisioning is the ability of the system to distribute data to a large number of users to be used efficiently.

It is more like a debit system, rather than employees having 1 GB of available storage, they have a 100 MB, and as they use that 100 MB you are given more as you require. The clear benefit of thin provisioning is that it gives you reduction in disk space.

With de-duplication you reduce the requirement of disk capacity. Tiering enables you to organise the data requirements that you have and push it to various devices. This has the ability to optimise the data that you need in various scenarios. The benefits are in the form of management and automation.

Q: Unstructured Data – how to we solve the mess?

A: It is one of the biggest problems in storage. We have various products that specialise in handling unstructured data. They enable you to manage that, together with de-duplication and disk to disk backup.

Q:What according to you are the biggest challenges for storage virtualisation?

A: From my perspective the biggest challenge is around the planning and understanding of what-its-going-to-take-to-get-there. It needs to be well thought out.

The real benefit will be in virtualising an infrastructure end-to-end. You must not treat virtualisation in silos. Most organisations work on the server piece and forget about the rest.

You are going to get the best ROI when you have an end-to-end virtualised infrastructure. That’s where we can really help. We can provide this service to help you virtualise everything. We have IP in all areas including desktops, servers etc. to help organisations get there.

Q:What approaches should be taken while adopting a hybrid model with the cloud for storage?

A: It is a hard question to answer. There is no straight answer to this. You may have to go case by case. You may typically go with a consulting organisation to help you – it will depend on the size of the organisation and the number of data centres they have.

You would want the best returns from the investments that you have made in hardware by virtualising it – this is the underline while planning and assessing the systems.

You would also need to classify the application with the kind of service levels that you need with them. It needs to be well thought out. It leads me back to the question that you asked me about storage virtualisation challenges.

This is one of them – of being able to understand the service levels of applications in the application layer. You must understand which are the mission critical apps, tier 2 apps, etc. before you virtualise.

Q:How have the backup policies changed with the advent of cloud and virtualisation?

A: It is a very good question. Am not sure about India, but in certain countries in the APJ region, I can tell them that it is a risk and opportunity at the same time.  I see customers are still not addressing data processing well enough.

I am seeing customers who have made a significant investment in hardware in SAN technology for example to find out later on that there is no data protection strategy in place in the system. This is a huge risk.

With virtualisation you have the ability, but it is still not enough and you need a good DR strategy in place. It is important that you answer the questions of Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

Some of the first questions that need to be answered are: how critical is your data and how fast do you need it back. The next step is to figure out the technology that you may want to invest in. Virtualisation and cloud add to the choice.

Q:How important is de-duplication? Where should it be on the storage roadmap of the organisation?

A: I think de-duplication has gone from nice to-have to a must-have in an organisation. It is critical in terms of being one of the key pillars of the enterprise converged infrastructure strategy. The four pillars of this strategy are Platform Convergence, Storage Optimisation, Virtualisation and Management.

De-duplication is a key part of storage optimisation. It has become a necessity from being a luxury.

Q: Please tell us more about your Store Once product.

A: There are different technologies today for de-duplication. From a regional branch where you have a single node, to a regional office that has a few nodes to a data centre with many nodes you may need different technologies for de-duplication.

You may have to do the de-duplication process again and once you go from one site to another, depending on the technology. Store Once on the other hand allows you to do de-duplication from one location for all the nodes.

This technology has been developed from the ground up by HP Labs. It is a single software design that reduces complexity end-to-end. It runs on all our disk-to-disk backup products available in the market.

Q:Any final thoughts?

A: I would like to make a couple of key points here. Firstly, we are leading the charge in terms of breaking down the boundaries between server storage and network.  We have got devices now that are purposefully built for Virtual Desktop Infrastructure (VDI).

We are seeing a lot of demand. Though a lot of people are not adopting it they are showing a lot of interest in it. We have recently finished a big installation in Korea.

We are also driving very hard on industry standard hardware. We have a lot of products that are based on the x86 platform that makes management a lot more easier. This helps in bringing the costs down substantially.

Cross-posted from CTO Forum

Note: the views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post. Infosec Island reserves the right to remove or edit the content of all material submitted by our members.

View the original article here

Password Management in the Enterprise

Preface: I am not on the payroll for any vendor. This is not a paid endorsement/advertisement. I am simply sharing what I have found in my research in the Enterprise password management space.

Password management is an essential part of every organization’s security program. Even if you have a well implemented single sign on (SSO) solution, your employees will still need to remember and use passwords for new external websites.

The demands we put on our employees to remember more and more passwords, and to make those passwords more and more complex, have become unmanageable.

Consider all the rules we ask our employees to follow:

Passwords must be at least [X number] characters longMust include special characters, capitals, numbers, etcChange your passwords every [X number] of daysUse a different password for every systemDo not use a predictable pattern in your passwordsDon’t write your passwords down anywhere

These demands usually lead to one of two results. Either the users will write passwords down (often in a text or Word document on their computer’s desktop) or they ignore the rules and reuse passwords between systems.

Some of our more technical and security savvy users will go find a tool like Password Safe (or one of the many others like it) which does a wonderful job of giving the users a safe place to put passwords, but is very clunky in an Enterprise environment.

These types of tools do not accommodate passwords that need to be shared between users, and do not allow integration with Active Directory, or role based permissioning. And when an employee leaves the organization, those passwords are lost, potentially leaving the employer in the lurch.

There are several products that attempt to work in this space, but most of them offer SSO type functionality. While there is certainly a place for that in some organizations, it requires a very significant amount of back-end configuration by the IT department. And whenever a new application gets added there needs to be configuration changes to support it.

What I want is a tool that works like Password Safe, allowing users to create and manage all their own passwords with little to no interaction from IT, but still allows centralized management and ease of deployment. After looking through dozens of tools, I have found that Thycotic software’s Secret Server meets all of my needs.

The technology really is pretty simple. The system can tie into Active Directory for authentication and group memberships.

By default, users have their own secure area where they can create as many system passwords (which this system calls “secrets”) as they want. They can either create secrets just for their own use or they can assign permissions to other users or groups in the system.

Secret Server allows users to create auto-launcher links within the secrets. These launchers will open a web browser, SSH or Remote Desktop connection to a system with the username and password pre-populated.

More, the system can be configured so that the password is not even visible if there is a launcher available. I can give you access to sign in with my account without you ever actually knowing my password.

Secret Server can also be used to automatically change passwords on a predetermined schedule. So if you don’t want to have to log into that server every 90 days to change your password, you can tell Secret Server to do it. Then when you need the password you just log in and get it.

Secret Server is not perfect. It’s got a sizable price tag. The UI leaves something to be desired, and some of the administration configuration can use a little work.

But overall it’s a powerful tool that provides users with a real option for saving their passwords in a secure location, eliminating the need to memorize dozens of 8+ character complex passwords.

In a world where security is continually becoming more onerous for our users, this tool can help stem that tide just a little bit.

Cross-posted from Enterprise InfoSec Blog from Robb Reck

Note: the views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post. Infosec Island reserves the right to remove or edit the content of all material submitted by our members.

View the original article here