Infosec Cloud
Solutions. Services. Training.

April 2015 Update

We aim to provide you with a round-up of our latest offers and essential info to help increase your productivity and keep you secure.

Gartner: 3 Key Challenges When Considering Endpoint Backup

The rise in the number of laptops, tablets, and smartphones used for work, and the amount of data stored on these devices, pose severe risks to organizations and creates challenges for IT infrastructure and operations managers.

Read this report to get Gartner’s recommendations for addressing these challenges, and learn how to:

*  Calculate the potential value of endpoint data loss using industry benchmarks and company-specific data
*  Differentiate between file sync and share, and endpoint backup solutions
*  Create best practices for end users when implementing endpoint backup

Gartner Introduction:

End-user devices, or endpoint devices, pose severe risks to organizations due to the increasingly mobile nature of these devices and their users. Many desktops have been replaced by laptops, some of which are now being replaced by tablets. The mobility of the devices leads to more frequent device damage and loss or theft, as well as more device-local business content that is not saved to the corporate file server to be backed up.

When it comes to “endpoint data protection,” technology vendors use the same term to describe very different functions and use cases, resulting in user confusion. For example, endpoint data protection could mean deploying a strategy based on various security-focused technologies such as antivirus, anti-spam, detecting sensitive data on endpoints, blocking or encrypting data copied to removable media, and so on.

These security products have different classifications by Gartner such as endpoint protection platforms, endpoint data loss prevention, mobile data protection and enterprise mobility management (formerly mobile device management).

These security products are usually the first-line defense against data breach and malicious attacks from insiders and outsiders. For more detailed endpoint and mobile security technology descriptions, see “Hype Cycle for Enterprise Mobile Security, 2014.”

Another major endpoint data protection product category is backup and recovery, which typically plays the first line of defense for nonmalicious data-loss incidents such as user errors (accidental overwrite or deletion), system errors, application corruption, and physical device damage and loss. Backup also plays the second-line defense when security products are circumvented by malicious attacks. For example, when an uncaught virus causes corrupted files, backup comes in to save the day.

Yet, when it comes to endpoint backup, Gartner sees three key challenges organizations often face.

First, many organizations struggle to justify the value and to secure funding for purchase. To further complicate the picture, the data breach risks associated with consumer-grade file sync and share (FSS) services are forcing organizations to evaluate another endpoint technology — enterprise FSS. To fight for its share of corporate IT budget, some FSS vendors claim their FSS products could also serve as endpoint backup.

So the second challenge some organizations face is to find out whether FSS services can really replace endpoint backup. While FSS service providers tout their benefit of increased user productivity, the truth is that IT’s strong interest in enterprise FSS products today is mainly driven by security concerns for data breaches, not about end-user productivity. As security breaches sometimes result in high publicity, high legal and recovery cost and employees being fired, they tend to get more attention.

A third challenge IT faces after deploying endpoint backup solutions is that users are not educated about the capabilities and are often surprised and disappointed when either backup or recovery fails.

This research presents a simplified way to calculate the risk associated with lost laptops using publicly available industry benchmark survey results, as well as our internally created conservative model. This research also compares and contrasts endpoint backup and FSS from a data protection perspective to help organizations make a decision that is in line with their business objectives. Last but not least, this note discusses the need for IT to create a best practice document for end users when implementing endpoint backup solutions.

 Email [email protected] to request your free copy of the full report

Encrypted Traffic Management for Dummies

Protecting your enterprise from cyber-attacks grows more difficult every day. Cybercriminals are relentless, so with up to a third of enterprise internet traffic now being encrypted, they are cloaking their attacks within secure sockets layer (SSL) traffic.

SSL traffic makes perimeter security devices blind to attacks, so how can you protect your enterprise?

This exclusive e-book will teach you everything you need to know about the new world of encrypted traffic management. Don’t let your enterprise security fall behind the SSL-using cybercriminals.

Read the Blue Coat guide to protecting your network in today’s world of cyber-threats.
Email [email protected] to receive your free copy.

Gartner lists Egress in ‘Define the Use Case before Investing in Email Encryption’ research paper

Egress Software Technologies Inc. has been listed in the Gartner research paper ‘Define the Use Case before Investing in Email Encryption’, originally published September 9, 2013, reviewed on the 7th January, 2015.

In the paper, Gartner identifies the five primary email encryption use cases, including the goals, requirements and potential solution providers for each.

Egress is listed in three of the defined use cases:

*  Compliance Encryption
*  Intellectual Property Protection
*  Partner-to-Partner Encryption.

For more information regarding this paper, please visit:

New Case Study: Manchester Metropolitan University goes Tokenless

The University has around 4,000 members of staff, who rely on accessing core systems such as HR, student grading and other resources. Although web-based, these systems could only be accessed by staff on campus. Growing requests for remote access to the VPN led the ICT team to look for solutions providing additional levels of user authentication. The current, on campus system, only required the entry of a username and password.

While researching online, the University IT security team identified two-factor authentication (2FA) as being able to provide the additional security that was required.

2FA demands the input of a second factor, in the form of a passcode, in addition to the first factor which is a username and password. This passcode numeric sequence is generated using a hardware device known as a token, such as a USB flash drive, which users must have with them in order to gain access. However, this could cause problems: how would staff be able to log in if they had forgotten or misplaced their token, or even had it stolen? In addition, the acquisition, management and maintenance of the tokens would be expensive and time-consuming.

The solution was to implement a tokenless 2FA approach. SecurAccess from SecurEnvoy was quickly identified as the preferred solution. Not only does SecurAccess offer rapid implementation, but instead of using dedicated hardware tokens, SecurAccess makes use of the users’ own mobile phones. The required passcode is simply sent via SMS or email, or generated using a soft token app. By using existing devices, such as mobile phones and smartphones, SecurAccess eradicates the additional expense and time associated with procuring and managing physical tokens or fobs.

MMU chose to work with SecurEnvoy Elite partner Infosec Cloud who provided the required technical information and support, and arranged a six week user trial. At the end of the trial, MMU rolled-out an initial 500 licenses, followed by a further 3,500 in November 2014. In this way, all 4,000 staff members were given external access to the university’s core systems, with user identification secured using tokenless 2FA. Integration with Active Directory streamlined the implementation process, with Infosec Cloud providing support and training as needed.

Click Here to download the case study >>

For more information or impartial advice, please
email: [email protected] or call 01256 379970

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks