Press Releases

Sinu Blog: Playing with Sand

  • Monday
    Jan262015

    Microsoft proves it "still matters" with Windows 10

    Photo: From Windows 10 release announcement on www.blogs.windows.comMicrosoft’s recent preview of Windows 10 was what some called a last chance to convince the world that Windows "still matters." And most critics have said that Windows 10 has done just that, offering many new features geared to both consumers and enterprises that makes use across devices – including productivity applications – a more seamless experience.

    Windows 10 will not be out for a few months, but some of the new or enhanced Windows 10 features previewed this week can we viewed in this 90-second video by CNN or we have outlined a few below.


    • Cortana: Microsoft’s digital assistant and search feature currently only available on Windows Phone will now be on Windows 10.
    • Synchronization between devices: Windows 10 for phones will basically act like an extension of your PC, featuring universal Windows apps that share the same central heart and design as their PC counterparts, as well as universal notifications that synchronize across devices.
    • Spartan: A new browser replaces Internet Explorer in Windows 10, offering many features including a note-taking mode that lets you annotate a webpage, then share your marked-up version with others; a clipping tool that allows you to save portions of websites directly to OneNote; and the ability to tap into the Windows Reading List app, so you can save articles to read later, synchronizing the list across multiple devices. (Unlike the Reading List app in Windows 8, the one in Windows 10 will let you save content to read offline.)
    • Easier deployment: Windows 10 will use an in-place upgrade instead of the traditional wipe-and-load approach that organizations have historically used to deploy new Windows versions. This upgrade process is designed to preserve the apps, data, and configuration from the existing Windows installation.
    • One Windows: The One Windows store will offer universal Windows apps that can be used across phone, tablet and PC platforms. For organizations, the Store will also offer a new web-based Store portal that will allow IT administrators to browse the app catalog and acquire apps in bulk.
    • Easier device management: Enhanced mobile device management (MDM) capabilities will allow enterprises to manage PCs, tablets and smartphones with one technique. Introduced in Windows 8, the original version was designed primarily for "bring your own device" (BYOD) scenarios, but in Windows 10, Microsoft will add MDM options for corporate-owned devices.
    • Better security: Improved security features will include a new two-factor authentication feature that treats the device as one factor and a user PIN or biometric signature (such as a fingerprint) as the other. Windows 10 will separate personal and corporate data – particularly helpful for organizations with BYOD environments.

    While Windows 10 looks promising for both consumers and enterprises, particularly how it integrates its applications across multiple devices, the fact is that Microsoft just skipped over Windows 9, discontinued both XP and 7 last year, and Windows 8 will soon be obsolete. It's a harsh reminder that now more than ever, businesses need to reevaluate their technology replacement cycle and be able to evaluate and adopt new tools in order to avoid the risks and inefficiencies of obsolete or aging technology (see Sinu blog: Protecting yourself from the risks of obsolete technology). Lifespans of 1 to 2 years will be the norm for the new generation of software and that means an organization's people and its IT department have to be ready for regular migrations and updates as things change. Performing these updates while not causing disruption is what organizations have to master in today’s world.

    At Sinu, we help our customers navigate the myriad of new technologies and help identify the tools and migration processes that will be most beneficial and least disruptive to the people we support. As a start, we typically recommend conducting an inventory of your technology tools, followed by development of a detailed replacement plan. For instance, a company’s operating budget should assume a 3 to 4-year lifespan for your hardware devices, and 1 to 3 years for software and mobile devices. (Use the Sinu Store as a guideline of what today’s devices cost and plan to replace 20-30% of your company’s devices yearly to ensure no device is more than 4 years old. To access the Sinu Store, go to Sinu Support and click the STORE tab on the far right.) By anticipating the lifecycle dictated by today’s technology industry, your business will be healthier, your team more productive, and your budget will have fewer surprises. 


    Friday
    Jan232015

    Obama: Government and private companies need to work together for cybersecurity

    President Obama is proposing that the government and private sector work together to address cybersecurity. “It’s going to have to be a shared mission — government and industry working hand in hand,” said Obama.

    President Barack Obama delivers the State of the Union address in the House Chamber at the U.S. Capitol in Washington, D.C., Jan. 28, 2014. (Official White House Photo by Pete Souza)The New York Times reports that Obama is calling for new legislation that would "encourage companies to share threat information — such as Internet Protocol addresses, date and time stamps, and routing information — with the Department of Homeland Security (DHS), which would swiftly pass it on to other government agencies and industry groups voluntarily formed to share such material."

    According to a White House statement, as long as companies took steps to protect consumers' personal information, the companies that participate would get "targeted liability protection" for doing so. 

    The information-sharing proposal is meant to encourage private sector entities to share cyber threat data with the DHS 24-hour cyber watch center – the National Cybersecurity and Communications Integration Center (NCCIC). NCCIC, pronounced "en-kick", is the cybersecurity operations center in Arlington, VA, that Obama signed into law last month.

    According to Politico, "Under the administration's proposal, NCCIC would share data it receives in close to real-time with other federal agencies, and with new private sector organization information sharing organizations."

    President Obama also called for law enforcement tools to combat cybercrime, such as criminalizing the overseas sale of stolen U.S. financial information. The new legislation would also allow for the prosecution of the sale or rent of botnets and would expand federal law enforcement authority to deter the sale of spyware.

    These announcements follow the administration's new proposed National Data Breach Reporting legislation. According to the White House, the updated proposal helps businesses and consumers by “simplifying and standardizing the existing patchwork of 46 state laws (plus the District of Columbia and several territories) that contain these requirements into one federal statute, and puts in place a single clear and timely notice requirement to ensure that companies notify their employees and customers about security breaches.”

    President Obama has tried for three years to persuade Congress to pass a cybersecurity bill. However, according to Politico, the administration feels that public fears about hackers and cybercrime, in the wake of the highly publicized cyber attacks on Sony, JP Morgan,Target and others, can build momentum for cybersecurity reforms that have previously stalled out in Congress. 

     

    Thursday
    Jan082015

    Humans are the key to data security

    Most organizations are taking a good, hard look at data security these days, following high-profile hacks in 2014, including iCloud, Sony and JP Morgan. Even the International Consumer Electronics Show (CES) in Las Vegas (held January 6-9, 2015) is hosting its first-ever Cyber Security Marketplace to showcase solutions to keep data and devices more secure.

    However, even when businesses adopt these security solutions, the human factor is critical to closing the loop on keeping data safe.

    JPMorgan is one example, where the human factor played a key role in its data breach. According to the New York Times: “Big corporations like JPMorgan spend millions — $250 million in the bank’s case — on computer security every year to guard against increasingly sophisticated attacks like the one on Sony Pictures. But the weak spot at JPMorgan appears to have been a very basic one…the computer breach at JPMorgan Chase this summer — the largest intrusion of an American bank to date — might have been thwarted if the bank had installed a simple security fix to an overlooked server in its vast network.”

    In previous blogs, we have advised using two-factor authentication (2FA) which requires a second one-time password to gain access to a protected system.  Most big banks, including JPMorgan use it. But, according to the report, one specific example of human error was that “JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme…That left the bank vulnerable to intrusion.”

    JPMorgan is not alone when it comes to the human factor compromising security. 95% of IT security breaches are attributed to human error, according to a recently released report from IBM.

    With the human factor so critical to keeping preventing data breaches, it is important to put a clear, easy-to-adopt security protocol in place and clearly communicate expectations to employees. Below, we have listed several considerations and tips for shoring up your data security protocol:

    1.     Streamline your technology infrastructure – most small businesses no longer need a large infrastructure and it is not only an unnecessary cost, it can be an unnecessary risk so get rid of any solutions you no longer need

    2.     Increase access to documentation, mapping out all your solutions and infrastructure and the employees who have access to them – these are potential points of access to data so it is important to keep track of all these “doors and windows” (you can see why streamlining your solutions will make this process easier)

    3.     Limit access to sensitive data to only those who need it to you limit the risk of human error

    4.     Commit to automatically generating strong passwords that are changed every six months and use two factor authentication whenever possible (see Sinu blog for more detailed information on creating strong passwords) 

    With technology becoming more mobile and data more accessible, adopting a culture of security is critical for all organizations large and small…the sooner, the better!