Blog
Posts tagged 'it security' | Catapult Public Relations
The following posts are associated with the tag you have selected. You may subscribe to the RSS feed for this tag to receive future updates relevant to the topic(s) of your interest.
September 19, 2008
ENTERPRISE MANAGEMENT ASSOCIATES OUTLINES STEPS TO SUCCESSFUL VIRTUALIZATION SECURITY
New research defines virtualization security and offers advice on how to simplify the process
BOULDER, Colo. Sept. 11, 2008 -Enterprise Management Associates (EMA), (www.enterprisemanagement.com), a leading IT management research and consulting firm, today released new research and recommended practices for secure virtualization in its report, “Virtualization Security: The Early Stages of a New Battleground.” EMA security and risk management analyst Mike Montecillo and research director Scott Crawford co-wrote the study to help provide a better understanding of the emerging virtualization security market while outlining best practices that IT security and operations teams can follow to successfully deploy practical and effective secure virtualization.
In this new report, EMA focuses primarily on how organizations can assure secure virtualization by identifying potential virtualization threats and vulnerabilities, and implementing techniques for securing the virtual environment.
“Virtualization is at the forefront of many security professionals’ minds. Unfortunately, it has become very difficult to create a strategy that addresses the real security issues without being drawn in by the hype,” said Montecillo. “This report is designed to help organizations understand the high-level issues and create a simplified approach to securing virtualization.”
EMA defines virtualization security in terms of the relationship between virtualization and security, including:
- Virtualized security – security solutions that are themselves virtualized, which can benefit virtualized as well as non-virtualized environments
- Secure virtualization – safeguarding primary virtualization functionality against security risks, which may leverage both virtualized and non-virtualized security techniques
- Security through virtualization – the security benefits of this emerging and disruptive technology
Given the relative youth of virtualized security, this report primarily targets the issues IT professionals face in securing virtualization and highlights its security benefits. Although the field of virtualization security is very young, there is already concern that organizations are at risk of overlooking the opportunity to create a safe environment in early stages of deployment. EMA has identified a number of potential threats against virtualization security that includes VM escapes, solution-specific threats and traditional attacks. These threats, combined with vulnerabilities in virtualization, are cause for alarm. In fact, Enterprise Management Associates’ 2008 survey on virtualization found that although many organizations extend existing security-enhancing measures to the virtualized environment, the numbers decreased when the techniques became more specific to virtualization. Nearly two-thirds of the respondents extend configuration and change controls to the virtualized environment. The lowest numbers in the survey, however, related to questions regarding specific controls to the hypervisor (an emerging virtualization platform that allows multiple operating systems to run on a host computer at the same time). Only 26 percent of respondents said they have security controls in place to prevent hypervisor threats. In addition, only 17 percent leverage measures to detect these types of threats.
“EMA research repeatedly demonstrates that a disciplined approach to IT management reduces risk while yielding business benefits across multiple interests – and nowhere is this more true than in virtualization. Security is no exception, and may in fact be one of the greatest beneficiaries of a disciplined approach to virtual systems management,” says Crawford.
Many of today’s gaps and potential security risks of virtualization are related directly to the maturity and effectiveness of management. In earlier EMA studies focused on the effectiveness of IT risk control, research indicates that the highest performers have four cardinal virtues in common: 1) They define IT risk management and compliance objectives; 2) They actually implement them; 3) They investigate the environment to monitor and assess their effectiveness; and 4) They enforce adherence to requirements – through education and positive incentives, as well as through negative consequences for deviations.
EMA believes the key to any security strategy is to simplify the approach. This especially is true in the world of virtualization security where hype and publicity has created an awareness based on a warning, rather than an actual real-world threat. By becoming aware of the environments in which virtual technologies operate and understanding the technology itself, enterprises can develop and properly implement an effective virtualization security strategy and attain the full benefits of virtualization.
To purchase a copy of the report, “Virtualization Security: The Early Stages of a New Battleground,” contact sales@enterprisemanagement.com or +1.303.543.9500.
NOTE TO EDITORS:
For more information on this topic or to arrange an interview with Mike Montecillo or Scott Crawford, please contact Guy Murrel at gmurrel@catapultpr-ir.com or 303-581-7760 x17
About Enterprise Management Associates
Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst and consulting firm dedicated to the IT management market. The firm provides IT vendors and enterprise IT professionals with objective insight into the real-world business value of long-established and emerging technologies, ranging from security, storage and IT Service Management (ITSM) to the Configuration Management Database (CMDB), virtualization and service-oriented architecture (SOA). Even with its rapid growth, EMA has never lost sight of the client, and continues to offer personalized support and convenient access to its analysts. For more information on the firm’s extensive library of IT management research, free online IT Management Solutions Center and IT consulting offerings, visit www.enterprisemanagement.com.
# # #
April 8, 2008
EMA IDENTIFIES HOT TOPICS FOR RSA 2008
Virtualization security joins other current trends in IT security
that will be bantered about at the conference
BOULDER, Colo., April 4, 2008 – With IT virtualization one of the hottest topics in technology it’s not surprising that virtualization security will likely peg the “buzz meter” at the upcoming RSA 2008 conference. Scott Crawford, research director for the security and risk management practice at Enterprise Management Associates (EMA) (www.enterprisemanagement.com), says virtualization security has quickly become one of the highest visibility concepts in IT, and that EMA will explore the new frontier of virtualization security in a new research study that will be initiated at RSA 2008.
“RSA is a great place to kick off our research on virtualization security,” said Crawford. “As the use of virtualization continues to climb, so do questions about the security issues it raises. Virtualization security will definitely generate huge interest at this conference.”
Currently, virtualization itself is at the top of many executives’ agendas. As virtualization is adopted by more and more companies, security professionals have begun to integrate security methods into this new approach. Unfortunately, there is no real standard method for implementing virtualization, which makes it more difficult for security professionals to form a general consensus regarding the actual issues of security in virtualized environments. This has made virtualization security an elusive target.
In addition to virtualization security, EMA has identified several other hot topics for RSA 2008, including:
• Current trends highlight that there is a big difference between compliance and security. The Societe Generale case illustrates how an insider with knowledge of technical business risk controls in IT can perpetuate fraud on a massive scale. On the other hand, the recent Hannaford case shows how attackers can exploit exposures that are beyond the controls required by current regulatory mandates.
• As underground computer activity continues to mature, attacks have become more sophisticated, thus complicating the discovery and criminal prosecution of these attackers. This seedy environment has created a foundation for major investments into criminal activities.
• 2008 appears to be a year in which security strategies will focus on ground-up approaches to develop and deploy more secure systems and applications. As a result, many organizations are integrating new security processes into the pre-production phases of systems and applications.
• The number of websites with malicious codes is constantly on the rise. In addition, the exploitation of browsers and the plug-in applications that they integrate is continually growing. Vulnerable websites become a target for hackers to flip into major attackers. In addition, one of the most alarming trends is that attackers can leverage legitimate websites in a manner that even trained security professionals may not recognize as harmful.
• Information risk management continues to be a very complex challenge for many organizations. High-privilege user accounts wield a large amount of control over IT systems, but they are not necessarily well secured.
• As SaaS models and approaches to “security in the cloud” continue to mature, new product and service offerings have sprung from many security vendors. The implications for security strategy management in containing many of the risks and costs of maintaining in-house tools and expertise could lead to the outsourcing of security departments to third-party organizations.
RSA 2008 will be held April 7-11 in San Francisco, Calif. at the Moscone Center. If you would like EMA comment on virtualization security or any of these topics, please contact Guy Murrel at gmurrel@catapultpr-ir.com or 303-581-7760.
About Enterprise Management Associates
Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst and consulting firm dedicated to the IT management market. The firm provides IT vendors and enterprise IT professionals with objective insight into the real-world business value of long-established and emerging technologies, ranging from security, storage and IT Service Management (ITSM) to the Configuration Management Database (CMDB), virtualization and service-oriented architecture (SOA). Even with its rapid growth, EMA has never lost sight of the client, and continues to offer personalized support and convenient access to its analysts. For more information on the firm’s extensive library of IT management research, free online IT Management Solutions Center and IT consulting offerings, visit www.enterprisemanagement.com.
# # #
April 1, 2008
EMA ANNOUNCES IT MANAGEMENT WEBINARS FOR APRIL
Topics include virtualization management, enterprise service desk, ITIL ITSM in the federal government and workload automation
BOULDER, Colo., March 31, 2008 – Enterprise Management Associates (EMA) (www.enterprisemanagement.com), a leading IT management research and consulting firm, today announced it will host a number of free Webinars focused on IT management during the month of April 2008.
The EMA™ Webinars set for April include:
Tues., April 1, 2008 – 12 p.m. Eastern
Automating IT Processes to Ensure Virtualization Success
http://www.emausa.com/ema_lead.php?ls=opaliswebpr0408&bs=opalisweb0408
EMA research director Andi Mann and Opalis President and CEO Todd DeLaughter will discuss how to efficiently manage the people and process changes virtualization requires, and will share a real world example of customer success in virtual management with IT Process Automation.
Thurs., April 3, 2008 – 2 p.m. Eastern
Reducing Customer Support Costs and Improving Service Quality with Remote Support
http://www.emausa.com/ema_lead.php?ls=bomgar1webhl0408&bs=bomgar1web0408
Part one of a three part series. Listen to Lisa Erickson-Harris, EMA research director and Chris Watson, VP of strategic alliances at Bomgar explain how remote support has a direct impact on support cost structure and perceptions of IT service quality in the enterprise.
Fri., April 11, 2008 – 2 p.m. Eastern
How Federal CIOs can Leverage ITIL IT Service Management (ITSM) to Enhance Mission Effectiveness
http://www.emausa.com/ema_lead.php?ls=itsmgovwebpr0408&bs=itsmgovweb0408
EMA director of IT service management consulting, Hank Marquis and federal IT expert Bob Haycock will explain how government CIOs can gain credibility by effectively implementing commercial ITSM best practices, such as ITIL.
Thurs., April 17, 2008 – 2 p.m. Eastern
Making Your Support Organization Part of the Solution: Protecting Sensitive Data Remotely
http://www.bomgar.com/wcemaprotectingdataregisterema.htm
Part two of a three part series. Chris Matney, EMA consulting director of IT services, will review trends in risk, compliance and security management in the enterprise service desk. In addition, Joel Bomgar, president of Bomgar Corporation, will give real-life examples of how Bomgar is leading the charge to address these issues.
Wed., April 23, 2008 – 1 p.m. Eastern
Solving Critical Application Management Issues with Workload Automation
http://www.emausa.com/ema_lead.php?ls=uc4webpr0408&bs=uc4web0408
Join EMA research director Andi Mann and UC4 chief marketing officer Guenther Flamm as they discuss the critical challenges of managing applications to deliver key IT and business goals, with a focus on the best practices for application workload management and automation.
NOTE TO EDITORS:
For more information, contact Guy Murrel at gmurrel@catapultpr-ir.com or 303-581-7760 x 17.
About Enterprise Management Associates
Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst and consulting firm dedicated to the IT management market. The firm provides IT vendors and enterprise IT professionals with objective insight into the real-world business value of long-established and emerging technologies, ranging from security, storage and IT Service Management (ITSM) to the Configuration Management Database (CMDB), virtualization and service-oriented architecture (SOA). Even with its rapid growth, EMA has never lost sight of the client, and continues to offer personalized support and convenient access to its analysts. For more information on the firm’s extensive library of IT management research, free online IT Management Solutions Center and IT consulting offerings, visit www.enterprisemanagement.com.
# # #
