Friday, December 21, 2012

IT Style (Gangnam Style Parody)

In case you missed F5's latest video, you can check it out right off our home page, F5.com.
IT Style honors the heroes which make the connected world run better. Watch it. Like it. Share it. Wear it. Sweepstakes: Enter for a chance to win a Cloud Ninja t-shirt like the one featured in the video. www.f5.com/cloud-ninja-tshirt
Enjoy and Happy Holiday's from F5!
ps
Related:
Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Monday, December 17, 2012

Blog Roll 2012

It’s that time of year when we gift and re-gift, just like this text.  And the perfect opportunity to re-post, re-purpose and re-use all my 2012 blog entries.  If you missed any of the approximately 130 blogs including 73 videos, here they are wrapped in one simple entry.  I read somewhere that lists in blogs are good.

Have a Safe and Happy New Year.

ps

Related

Blog Roll 2011

Technorati Tags: blog, social media, 2012, f5, statistics, big-ip, security, silva, mobile device, analytics, video

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, December 12, 2012

The Top 10, Top 10 2013 Predictions

Like last year, everyone has their Technology predictions with their annual lists for the coming year.  Instead of coming up with my own, I figured I’d simply regurgitate what many others are expecting to happen.

Cloud computing in 2013: Two warnings: @DavidLinthicum has his two tragic cloud computing predictions for 2013 (price wars & skills shortage).  Nice to see some realism mixed with all the 'this is the greatest.'

10 Cloud Predictions for 2013: CIO has an interesting slide show covering things like Hybrid Cloud, Management, Brokers, SDN, Outages and a few other critical components.

RSA's Art Coviello: 8 Computer Security Predictions For 2013: Attacks grow, Hackers grow, business's not prepared grows along with investment, analysis and intelligence to mitigate threats.

Security Predictions 2013-2014: Emerging Trends in IT and Security: SANS gets some input from various industry folks on what they think.  Areas like authentication, mobile devices, Windows 8, geo-forensics, gamification and others are highlighted

Top 6 security predictions for 2013: InformationWeek India lists FortiGuard Labs predictions covering APT, two factor auth, M2M exploits. mobile malware, and botnets.

Tech Guru Mark Anderson's Top 10 Predictions For 2013: Forbes' list is cool since it goes beyond just security, cloud and IT.  Yes, mobile and hacktivism are covered but also Driverless Cars, eBooks, Net TVs and the LTE vs. Fiber battle.

Top predictions, about IT predictions, for 2013: Of course I love the title and this article digs into the question of  'is any real insight uncovered' with these predictions?.

Forrester: Networking predictions for 2013: ComputerWeekly shares 4 of Forrester's report on eight critical predictions for 2013.  SDN, WLAN, Strategic sourcing and staffing make the list.

7 Predictions for Cloud Computing in 2013 That Make Perfect Sense: Back to Forbes again, this time specific to cloud.  Private clouds, personal clouds, community clouds, cloud brokers, and even a prediction that the term 'cloud' starts to fade.

2013 Astrology Predictions: Gotta have a little fun and give you something to look forward to based on your astrological sign.  That is, of course, if we make it past Dec 21.

Certainly not even close to an exhaustive list of all the various 2013 predictions but a good swath of what some experts believe is coming.

OK, and here are just a few of my own:

BYOD Matures - instead of managing entire device, only those corporate apps and data will be in control.  Mobile Security and BYOD come together.  Also, things like cars and TVs that have internet connections will get added to the BYOD realm.  Why couldn't a road warrior access his VDI from the car's NAV screen?  Why couldn't someone check their email between commercials.  Anything with an IP and screen is game.

Major Mobile Malware - we've seen some here and there but think there will be a big jump in attempts to get at device's info...especially as more BYOD gets deployed.

Cloud Classification (Pub/Pri/Hy) - lines become even more blurry as they all are used to create Hybrid Infrastructures.  No one cloud will take over but will be a part of the entire infrastructure which includes in-house, cloud, leased raised floor, and just about any place that data can live.  There might also be some movement on Cloud Standards.

More Breaches/DoS/Hacktivism - if 2012 is any indication, this will continue.

Hacker Defection - I think there will be more ex-malicious hackers going mainstream and joining legit companies - and they will expose some of the tricks of the trade.

ps

Resources

The Top 10, Top Predictions for 2012 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, December 4, 2012

Security’s FUD Factor

Had a short but interesting twitter exchange with @securityincite @Gillis57 and @essobi(Mike Rothman, Gillis Jones and not sure (sorry!!) respectively) about using Fear, Uncertainty and Doubt when talking IT security services.  @Gillis57 initially asked, ‘Question: We discuss FUD constantly (and I agree that it's too prominent) But isn't security inherently built upon fear?’  I sent an ‘09 Rothman article (@securityincite said it was ‘old school’ but still has some great comments) about that very topic.  Soon, @essobi chimed in with, ‘Our foundation shouldn't be fear, it should be education. :D,’  @Gillis57 responded, ‘So, look. I agree wholeheartedly, but why do people need to be educated?’  @essobi answered, ‘imo? Bad programming/exploitable logic processes. we need to raise the bar or lower expectations.’  @Gillis57 added, ‘I really don't think we need to keep selling fear, but denying that we are a fear based industry isn't helping.’  @securityincite wizdom’d with, ‘Fear is a tactic like anything else. Depends in situation, context, catalyst. And use sparingly.’  And I conceded that, ‘splitting hairs but I try to talk about risk rather than fear -  what's the risk if...which often generates fear.’

Most of the time when we talk about security there is a fear factor because we are talking about risk.  Risk is the potential for something Bad happening and typically those things scare or make us uncomfortable.  Often when vendors talk about things like protection, benefits, etc, it’s measured in terms of numbers, stats, performance…metrics. 

Security is also about Peace of Mind; a feeling that you have.  Those military people who can get some good sleep even with bullets flying over their heads have peace of mind.  Even in a very high risk, dangerous, vulnerable and insecure environment, they feel secure.

I saw an article about the difference between selling insurance and the lottery – Fear vs. Dreams.  Maybe we should discuss IT Security in terms of how it has made an IT guy’s life better?  I think it would be cool if ‘security’ case studies included a side bar or something with a quote that brags, ‘Now that we have this solution installed, I’m able to attend my daughter’s piano recitals.’  ‘I’m able to get a good night’s sleep knowing that our web site is ok/won’t get paged at 3AM/won’t have to work for 16hrs.’  Adding to the quality of life over and above the usual ROI/TCO/performance/$$.

How it may have enhanced life.

How it gave peace of mind.

How it Reduced Stress.

How it allowed someone to be home for dinner.

How it allowed someone to enjoy the weekend, do that Science Fair thing with the kid, take a longer vacation…

It might be cool for the industry (and the general public) to read how another’s life improved when security is deployed along with all the breaches and headaches.  Ultimately, that’s what we are all chasing as humans anyway – that harmony, balance, peace of mind, quality of life, family, love…the cores of our being rather than what we do for a job – even though our work does have a lot to do with quality of life.  I also think that education is part of our duty.  Not in the ‘Knights of the Roundtable’ duty but if someone needs our security expertise and is willing to learn, sharing (and ultimately, awareness) is important to ensure a more informed public.  That is simply being a good internet citizen.  And yes, fear does have it’s place especially when someone is not getting it or ignoring that others are at risk.

We frequently talk in terms of rational thinking ($$/performance) when security is quite often about an emotional feeling.  That’s why some often use FUD to sell security: Fear: emotional, Uncertainly: more emotional than rational, Doubt: gut feeling with little data.  But instead of tapping those negative emotions, we should shoot for the Feel Good emotions that provide safety and security.  The Dream.

-eh, just an idea.  And many Mahalos to @securityincite @Gillis57 and @essobi for a blog idea.

ps

References

Technorati Tags: F5, smartphone, insiders, byod, Pete Silva, security, business, education, technology, fud, threat,human behavior, kiosk, malware, fear, web,internet, twitter

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, November 28, 2012

You’ll Shoot Your Eye Out…

…is probably one of the most memorable lines of any Holiday Classic.  Of course I’m referring to A Christmas Story, where a young Ralphie tries to convince his parents, teachers and Santa that the Red Ryder BB Gun is the perfect present.  I don’t know of there was a warning label on the 1940’s edition box but it is a good reminder from a security perspective that often we, meaning humans, are our own worst enemy when it comes to protecting ourselves.  Every year about 100 or so homes  burn down due to fried turkeys.  A frozen one with ice crystals straight in or the ever famous too much oil that overflows and toasts everything it touches.  Even with the warnings and precautions, humans still take the risk.  Warning: You can get burned badly.

As if the RSA breach wasn’t warning enough about the perils of falling for a phishing scam, we now learn that the South Carolina Department of Revenue breach was also due to an employee, and it only takes one, clicking a malicious email link.  That curiosity lead to over 3.8 million Social Security numbers, 3.3 million bank accounts, thousands of credit cards along with 1.9 million dependant’s information being exposed.  While the single click started it all, 2-factor authentication was not required and the stored info was not encrypted, so there is a lot of human error to go around.  Plus a lot of blame being tossed back and forth – another well used human trait – deflection.  Warning: Someone else may not protect your information.

While working the SharePoint Conference 2012 in Vegas a couple weeks ago, I came across a interesting kiosk where it allows you to take a picture and post online for free to any number of social media sites.  It says ‘Post a picture online for free.’ but there didn’t seem to be a Warning: ‘You are also about to potentially share your sensitive social media credentials or email, which might also be tied to your bank account, into this freestanding machine that you know nothing about.’  I’m sure if that was printed somewhere, betters would think twice about that risk.  If you prefer not to enter social media info, you can always have the image emailed to you (to then share) but that also (obviously) requires you to enter that information.  While logon info might not be stored, email is.  Yet another reason to get a throw away email address.  I’m always amazed at all the ways various companies try to make it so easy for us to offer up our information…and many of us do without considering the risks.  In 2010, there were a number of photo kiosks that were spreading malware.  Warning: They are computers after all and connected to the internet.

Insider threats are also getting a lot of attention these days with some statistics indicating that 33% of malicious or criminal attacks are from insiders.  In August, an insider at Saudi Aramco released a virus that infected about 75% of the employee desktops.  It is considered one of the most destructive computer sabotages inflicted upon a private company.  And within the last 2 days, we’ve learned that the White House issued an Executive Order to all government agencies informing them of new standards and best practices around gathering, analyzing and responding to insider threats.  This could be actual malicious, disgruntled employees, those influenced by a get rich quick scheme from an outsider or just ‘compromised’ employees, like getting a USB from a friend and inserting it into your work computer.  It could even be simple misuse by accident.  In any event, intellectual property or personally identifiable information is typically the target.  Warning: Not everyone is a saint.

The Holidays are still Happy but wear your safety glasses, don’t click questionable links even from friends, don’t enter your logon credentials into a stray kiosk and a third of your staff is a potential threat.  And if you are in NYC for the holidays, a limited run of "Ralphie to the Rescue!" A Christmas Story, The Musical is playing at the Lunt-Fontanne Theatre until Dec 30th.

ps

References

Technorati Tags: F5, smartphone, insiders, byod, Pete Silva, security, business, education, technology, a christmas story, threat,mobile device, kiosk, malware, iPhone, web, internet, phishing

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Monday, November 19, 2012

Holiday Shopping SmartPhone Style

Close to 70% of smartphone owners plan to use the devices for holiday shopping, according to Deloitte (pdf).  Smartphone ownership has jumped from 39.7% last year to 46.1% this year and tablet owners have doubled from 10.5% to 22.4% according to 9,000 shoppers surveyed by BIGinsught.  This will probably also spur an increasing number of people colliding heads and walking into fountains as everyone in the mall will be looking down at their mobile devices instead of watching where they are walking. 

Print Knowing that these devices have become permanent fixtures on our bodies, retailers are using the technology in an attempt to enhance the shopping experience.  As soon as you cross the mall threshold, your phone will buzz with merchant coupons or even better, your online shopping cart has been paid and converted to real items for you walk out, bags in hand, without standing in the check-out aisle.  You’ll be able to browse inventory to know if that incredible deal is in stock or simply purchasing the item on the smartphone while standing in the store and have it arrive, already wrapped, the next day.  Retailers are trying to combat the behavior of looking for the best deals on an item, only to go home and purchase online elsewhere.  Many retailers are equipping employees with tablets and checkout areas with mobile payment systems.  Employees have apps that offer richer information in case a shopper wants to know what a coat is made of, or specific warranty info on an electronic item.  These employee handhelds could also check-out a shopper in the middle of the store, avoiding any lines.  Some stores have even installed iPads in the dressing room so shoppers can choose what music to listen to while parading their selections in the mirror.  Hopefully on those, the cameras are disabled since I can already see a remote ‘Peeping in the Dressing Room’ breach in the headlines.

Coupon sites are starting to deploy Geofencing, or the ability to offer deals that are within range.  You cross a digital boundary and the phone lights up with scan-able deals from area merchants.  While retailers will be trying to entice the shopper, mobile technology also helps the shopper.  They can look up items, prices and reviews; see who has the best selection/inventory/deals; who offers free shipping and a host of other data to help complete Santa’s list while staying under budget.

More stores will also be offering free WiFi for shoppers.  Boingo Wireless indicates that 20%-30% of retailers have deployed wireless in the stores and they expect that to grow to 30%-40% in the coming years.  While it’s wonderful not to be ‘connected’ while shopping, most of these WiFi zones are not secure and all the security rules of open WiFi still apply.  Watch the type of sensitive info you enter while connected since there is virtually no protection.

In other Holiday Shopping news, Consumer Reports released its 2011 Naughty & Nice Holiday List, which looks at the good and not-so-good shopping policies and the companies behind them.  And, Toy sales down after early rush.

ps

Related:

Technorati Tags: F5, smartphone, shopping, byod, Pete Silva, security, business, education, technology, application delivery, ipad, mobile device, context-aware,android, iPhone, web, internet, security

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]