No business is safe from email security issues. As a consultant or VAR, you have to deal with customers’ spam, phishing and denial-of-service attacks, and you’ve probably tried to solve these problems with encryption, digital certificates and rerouting traffic, among other tactics. But despite your best efforts, the employees themselves are often to blame for security threats.
In a recent New York Times article, prominent security professionals discussed the growing trend where employees forward company email to personal Web accounts — like Google and Yahoo — for easy access. No matter how strong your customer’s office email security may be (see our Email Security Project Guide), once the information leaves the office, there’s almost no way to control it. So what’s the answer?
Some companies block access to external email accounts through Internet policies, and others monitor all outbound mail to Web accounts searching for perpetrators who forward private company information to insecure sites, but employees complain about the lack of trust these solutions suggest. In Email threats: Educating your SMB Customer, Larry Loeb says: “Email is not just text transmissions any more. It is the flow of information that supports and makes a business possible. A VAR or consultant has to appreciate this reality, and make sure their customers do, too.”
Take those words to heart in today’s scary email security environment. If you can help your customers understand that many real threats come from employees clicking on bogus links and forwarding sensitive information to their personal accounts, you’ll become an invaluable resource. You might also consider solutions that allow employees to access company email just as quickly and easily as personal email, but with office security policies in place. That way they won’t even be tempted to hit the forward button.
Do you have an email security breach horror story? Post it here or pose a question to Russell Dean Vines, our information security threat expert.
SearchSecurityChannel’s sister site SearchSMB compiled their top 10 tips for 2006 — seven of which are security related. It seems SMBs can’t get enough security, and the topics run the gamut. Here they are, in no particular order:
- Email encryption
- VoIP security
- Mobile device security
- Linux security
- Security buying
- Endpoint security
- Disaster recovery
Do these topics match your SMB customers’ concerns? As we plan our editorial calendar for 2007, we’d like to hear what SMB security issues you’re repeatedly addressing. Drop me a line at firstname.lastname@example.org, and in the meantime, visit SearchSMB to read those top 10 tips.
It’s clear that Microsoft’s strategy on dealing with open source has a split-personality problem. Without dropping a beat after the company’s announced Linux partnership with Novell, Microsoft CEO Steve Ballmer reasserted Microsoft’s legal challenges to Linux, and claimed that Novell’s agreement conceded that Microsoft’s intellectual property is infringed by parts of the open-source operating system.
Steve Ballmer and Co. have long been hostile to the Linux community, while at the same time trying to capture more developers to the Windows camp by using a variety of community licenses and pushing some components of the Windows and .NET development architecture as “open” standards through ECMA and other standards bodies.
The recent announcement of a strategic partnership with Novell and its SuSE Linux unit, which appears to be focused on improving compatibility between Windows and Linux networking, isn’t really a deviation from that path. Both Novell and Microsoft are seeking to make enterprise server virtualization customers happy, while Microsoft is still trying to find a way to snuff Linux as a competitor.
The same sort of customer-driven concerns were at the heart of Microsoft’s deal last year with Sun, which ended Sun’s Java lawsuit against Microsoft — Scott McNealy and Steve Ballmer both said enterprise customer demands for things like better compatibility between Sun’s LDAP-based enterprise directory services and Microsoft’s ActiveDirectory helped push them to the table.
Novell needs a competitive edge over Red Hat with big customers, and this agreement might help. In the long run, Novell gets better support for Windows virtual sessions running on SuSE servers, and Microsoft perhaps gets better support for Linux sessions running on its own Windows-based virtualization platform. But the real question is whether there is a long run for Novell, and whether there’s any real value for customers and the channel in the deal. Most of the reaction thus far has been lukewarm at best– and the propaganda value to Microsoft in its FUD war on Linux as a whole has gotten more of a boost than anything else.
Various constituencies have been nagging Sun Microsystems to open-source the Java platform since almost the day it was launched. Former CEO and current chairman Scott McNealy had resisted for a long time, challenging IBM to open-source DB2 when IBM execs chided Sun on the open source issue. Then Sun created its own open-source license — CDDL (Common Development and Distribution License)–and used it for the Solaris OS and for Glassfish, an implementation of Java Enterprise Edition. and Jonathan Schwartz promised Java would follow Solaris into the open world.
And now, Sun has delivered–the entire Java family has been open-sourced under the GNU Public License version 2.0. That means that Java can now live peacefully with other software distributions that fall under the GPL, such as Linux, without barriers to free redistribution.
The first thing this means to the channel is that resellers, integrators and ISVs can now build fully-blessed Java applications and integration software without royalties. Sun is still providing for a commercial license of Java that provides indemnification for customers, but having the entire code base in GPL open source means that people can develop new mobile, desktop and server applications and distribute them–and that open-source projects based on the GPL can incorporate Java into their code without legal fears.
As the ship date for Microsoft. Corp.’s Windows Vista operating system grows closer, the marketing to both end-users and solution providers gets more intense – and not only from Redmond. CDW Corp., for example, released a report this morning predicting that 86% of U.S. companies expect to adopt Windows Vista, with a total of 20% of organizations doing so within 12 months. The 86% figure sounds impressive, but ultimately it means that fewer companies are currently planning to upgrade to Vista than are currently running on Windows. It turns out saying “eventually” was a way of touting the most optimistic figure without being too precise about saying either how fast people will upgrade, or whether they ultimately have a choice.
Network Access Control is all the rage these days when it comes to network security technologies. “All of the vendors have something they call NAC,” says Gartner Inc. vice president and distinguished analyst John Pescatore in a SearchNetworking.com article. Indeed, you and your customers have myriad offerings to choose from — if you decide NAC is the way to go. But making that decision isn’t an easy one. The same article offers strategies that can help you and your customer determine if NAC is in order and to what degree. Certain vendors may have you believe that NAC should be present throughout the network, but that’s not necessarily the case. After you read SearchNetworking’s article, cruise on over to SearchSecurityChannel.com and take a look at our Network Access Control Crash Course, which provides an overview of network access control technologies, their role in network security and where the market stands, with a focus on the three big players — Cisco, Microsoft and Trusted Computing Group.
Steve Ballmer, in an interview with the India Economic Times, said that while he still sees a place for traditional software distribution, “I would say we are moving to a world where there is a lot more electronic distribution. It is a new style of software, not the old-style distributed electronically.”
No surprise there–Microsoft is facing increasing competition (especially for its Office suite) from downloadable software, most of it free. Google is moving into the space with web-based services. Salesforce.com and other software-as-a-service players have proven the model works for pay as well, and service provider USinternetworking has done well enough at delivering others’ software (including PeopleSoft, Oracle, and other packaged applications) as services that AT&T acquired them.
But Microsoft’s play is something entirely different. Right now, Microsoft depends on its partners for more than 90% of its revenue–and its Live efforts could dramatically change that. Windows Live (and more specifically, Office Live) could put Microsoft into direct competition with many of its current channel partners for business from small and medium companies — especially those partners who have already started to provide hosted services for customers.
Forget the scandals, the trash-talking, and the rhetoric of this electoral campaign season. The big issue for the coming year is going to be economic uncertainty–and that uncertainty is distinctly non-partisan. Regardless of who wins, 2007 promises to be dicey for small and medium-sized businesses, and for the channel as a result.
It’s not all bad news. Concerns about energy costs and inflation will continue to drive projects that squeeze more efficiency out of customers’ computing investments (like server consolidation and virtualization, business process re-eengineering, etc.). And the available pool of IT talent is again starting to shrink, boding well for an increase in managed services, hosting and support deals. But those same forces are going to affect how quickly service providers, systems integrators and VARs will be able to respond to those increasing demands, and put pressures on how those services are priced.
Over the next few months, we’ll be looking on SearchITChannel.com and the other channel sites at the market and technology forces that will drive channel business in 2007. But as far as the underlying economic conditions go, the only sure thing for 2007 is that nothing is for sure, regardless of who wins how many seats in Congress in November. Now’s the time to take a hard look at what you’re planning for your business, and to make sure you’ve got your financial bases all covered for a bumpy ride.
How many times have you “made the sale” with IT managers at small and midsized companies, only to find out that they couldn’t follow through? Well, now there’s research that supports the anectdotal evidence that winning the hearts and minds of the IT staff at smaller companies, while not necessarily a waste of time, is an activity with very little ROI.
Shamus McGillicudy reports a survey by Info-Tech Research Group Inc., found that the smaller a company is, the less likely its IT managers are to be making spending decisions. “At companies with 40 or fewer employees, only 20% of IT managers had a say in such decisions,” he reports. For companies of 41-100 employees, only 30% had any influence; and at companies with between 101 and 200 employees, 45% claimed to have a stake in the company’s purchasing decisions.
If you’ve been around the SMB market at all, it’s easy to understand this data. Companies with fewer than 40 employees seldom have an “IT manager” that rates as an executive within the company. In my experience, the majority of companies of that size lump IT with facilities management, unless they’re technology-focused. Business managers of smaller companies tend to hold purchasing authority closely.
In other words, this research seems to provide metrics to the obvious. In fact, the influence of IT managers at SMBs is probably even less than the survey reports . What would be more interesting is to find out how many companies of that size have effectively outsourced the IT manager job to a managed service provider.
As we prepared to launch SearchITChannel and its daughter sites over the past few months, I spent a lot of time listening to people who labor in the IT channel, and to the people who run the channel programs at a number of major information technology companies. And I took away two major themes: vendors are as hungry as ever for channel partners; and resellers, integrators and consultants are more suspicious than ever of vendors.
The reasons for the former are pretty clear: regardless of how much they invest in direct sales and services organizations, the major IT players are utterly dependent on the channel to get their product in the hands (or the data centers) of most of their customers. The reason for the suspicion is equally evident: channel companies increasingly see suppliers’ services efforts and other initiatives competing with them for their customers.