Network Management Systems

Jul 16 2008   3:14PM GMT

Green is mean and lean but is it the ticket to prosperity? SAS70

Posted by: sas70expert
Security management, Third-party services, Security, Identity & Access Management, Management, Security Program Management, Compliance, Risk management, Auditing, Access control, Network Management Systems, CIO, DataCenter, Exchange, power systems, SAS 70, TrendMirco

Exchange Servers are increasingly being added to the electric grid and increasing the world’s energy consumption, carbon emissions and stream wastes. A recent report stated that “U.S. server electricity consumption has doubled in the past five years and now equals that of color TV’s. SAS70 audits review logical and network related controls for servers, but they don’t consider the energy consumption or quality of company environmental efforts.

 

All kinds of new energy saving ideas are being developed, including air-compressed backup generators. Greenpeace has developed a “Guide to Greener Electronics.” The guide ranks the 18 top manufacturers of personal computers, mobile phones, TV’s and games consoles according to their policies on toxic chemicals and recycling.

I think that this is great, but is it sustainable considering our populations demand for service NOW!? In an electronic age, where I can practically order anything, see any tv show, or buy any music at the touch of a button on my i-Phone, can we expect businesses to  choose green over a quick dollar? As datacenter demand grows and the need for servers bandwidth is required – will you stop and say  “No, I want my children to enjoy clean air, and clean water.” Or will you push forward with a browner (less green) alternative computing solution? Should SAS70 audits evaluate environmental and energy efforts?  sas70expert at gamil.com

Jul 6 2008   4:18PM GMT

How laptops become serial killers? - SAS70

Posted by: sas70expert
Security management, Administration, Security, Information risk management, Management, Security Program Management, Compliance, Risk management, human factors, Auditing, Monitoring, Access, Access control, Network Management Systems, Network, CIO, DataCenter, CFO, SAS 70, CSO

My business requires distribution and collection of data. Much of it resides on a centrally located server; however, there is data on the laptop that has never been transferred over to the server or that may have  been taken off the server for project work. As human beings we will never be perfect. Someone will lend access to their laptop to a friend or customer, a laptop will be lost or stolen, and an unprotected USB drive is a loaded gun just waiting to have the trigger pulled so that data can be transferred off your laptop. Laptops with sensitive data that goes unprotected, can become a media nightmare, a legal hassle and a may limit your customer retention and market growth — a serial killer that stops your business growth and the vendors that support you.

 

To protect data loss, we now have L0-jack services for laptops when they are stolen. The laptop can be found and once connected to a network will be shut down.But what about the ease we have to install and transfer data to others using USB drives. Even if you use a USB drive that requires a password, is that enough security? I have read recently that laptops were returned after being lost that contained sensitive data such as social security numbers for big companies – including Google. Now that they have the laptop back, is the risk over? What if the data was transferred off the laptop onto a USB drive?

 

Just like for the SAS70 audit, you have to perform a risk assessment to determine the controls that must be in place, and identify those that can be implemented as time permits. In the situation above, I don’t think focusing on the number of ways that data can be taken off laptops is the key to reducing risk. You should focus more on identifying the type of data that you have, mark the sensitive data, and control access to it – by limiting users, strengthening laptop controls around the sensitive data, and identifying opportunities to record transfer of sensitive data which would provide an audit trail. How are you controlling your data on your laptops?   

Jul 1 2008   5:45PM GMT

Do you need the Secret Service to guard your data? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Database issues, Disaster Recovery, Networking, Active Directory, Network security, Storage, Security, Network monitoring, Servers, Microsoft Windows, Information risk management, Management, Security Program Management, Risk management, human factors, Database, Database Management Systems, business/IT alignment, Access, Financials, Access control, Industry Solutions, Data center operations, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Single sign-on, FTP, CFO, cooling systems, Backup & recovery, Exchange, Backup, power systems, SAS 70, budget, bugeting, CSO

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

 

Jun 30 2008   3:19AM GMT

DataCenters that go Green! – SAS70

Posted by: sas70expert
Third-party services, Networking, Network security, Network monitoring, Strategic Enterprise Management, Microsoft Windows, Management, Database Management Systems, Industry Solutions, Data center operations, Network Management Systems, Blackberry, Data center design, CIO, Mobile, DataCenter, DataManagement, CEO, CFO, storage arrays, cooling systems, Exchange, power systems, SAS 70, CSO, Rack systems

Can we believe all the hype? Is there a green revolution afoot? From cars to energy to datacenters, everyone is going green. Datacenters have become very complex, with so many interactions among processors, rack systems, power and cooling systems, storage arrays, networks, and communications channels - that they can be regarded as unique virtual environments that consume large amounts of energy. Our need to have access to the internet anywhere and everywhere, requires more capacity and increasing speeds of datacenter components. What steps are you taking to become Green?   

Jun 26 2008   4:30AM GMT

What’s your data loss prevention strategy? – SAS70

Posted by: sas70expert
Security management, Third-party services, Database issues, Networking, Network security, Firewalls, Incident response, Security, Network monitoring, Identity & Access Management, Information risk management, routers, Management, Security Program Management, Compliance, Viruses, Database, patching, Configuration, Database Management Systems, business/IT alignment, Auditing, Monitoring, Access, Access control, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Security tokens, Patch management, CFO, router configuration, SAS 70, CSO, Intrustion management, TrendMirco

Are you reviewing you firewall rules quarterly? Have you implemented an (IDS) intrusion detection system? Are your routers set up to prevent unauthorized intruders? Do you have the latest and greatest virus protection? Are you performing a SAS70 audit every six months? Database security breaches are increasing daily and costing tremendous amounts of dollars that should have been spent on IT projects. You should at least have an emergency plan in place when data loss occurs. Without an emergency plan in place, the breach could continue and the legal costs could continue to escalate.