Champagne is likely still popping in the LinkedIn offices in the wake of the company’s extremely successful IPO; others, including start-ups and businesses in the cleantech industry, are not so happy. While LinkedIn’s stock would seemingly have nothing to do with selling cheap solar panels, many anticipate the popularity of LinkedIn’s IPO will compel an exodus of venture capitalists and entrepreneurs from the greentech scene, causing them to return to Web investing. READ MORE
PLX Technology, of Sunnyvale, Calif., designs and makes integrated circuits for customers in the computer server, storage, communications, industrial, and consumer electronics industries. Arthur Whipple, chief financial officer of PLX, tells IncTechnology.com that upgrading to new financial software helps the publically-traded company ensure the proper internal controls that allow him to produce high quality financial statements. Elizabeth Wasserman: Tell us about your business. Arthur Whipple: We’re a high tech Silicon Valley company that builds integrated circuits, which are in an area of connectivity that goes into enterprise class electronics. Our major customers include Cisco, IBM, Huawei, Dell, and various customers that make big servers and big backbone systems. We make devices that stitch together components such as the microprocessor and memory to get them to talk to each other. We’re the glue in these systems. Wasserman: Why did you need new financial software? Whipple: We decided to go with BlackLine Systems. I’ve installed this twice now. First, at my previous company, Silicon Storage Technology. The issue here was initially about account reconciliations. In order to have reliable financial statements, you have to look at each account in the financial system and make sure each agrees with reality. If you have a petty cash box, you need to count it and make sure it’s there. You have to make sure somebody actually counted and made sure the receipts are there. If you have a bank statement, the bank doesn’t know about the checks you’ve written that haven’t been cashed yet. You have to do a reconciliation from outside to the general ledger. You’re looking for an external confirmation for an internal number. Wasserman: Why is this important? Is it just because you’re a public company? Whipple: What you are trying to do is make sure that the financial statements you put out there are correct. A lot of judgment goes into financial statements. You want to make sure you don’t have mistakes in your financial statements. The reputational risk with poor financial statements can be a real problem. You can lose credibility with your shareholders and that creates huge opportunities for attorneys and other people to come in and make claims when people make mistakes in financial statements. Wasserman: What was behind the timing of the change? Whipple: People have been doing account reconciliations forever. But up until 20 years ago they were done with pencil and paper. They made lists of numbers and added them up and reconciled them to bank statements. Over the last 20 years, people have started to use spreadsheet technology, of which Excel is the most popular. But the programming is done by amateurs. In most financial systems, the code is done by professionals, and locked up, so that you can’t change the code without someone checking it thoroughly. With Excel, an accountant can decide to make a formula change and that can throw off all your numbers. Academics have done tests and found that up to 80 percent of the Excel spreadsheets out there have some error in them. We were able to get rid of all our Excel based reconciliations and move to a program that was hard-coded by people who know what they’re doing and locked down so people can’t make errors. BlackLine automates the entire process, virtually eliminating manual errors. The other side of this is that we are also tracking tasks. We’re making sure that the things that need to get done actually get done. It’s a glorified to-do list. There are dozens or hundreds of things that have to happen and aren’t reflected as a balance in the financial statement. You have to check with the transfer agent to make sure equity is properly stated. You have to make sure you know the number of checks that are outstanding. The analyses in 10Ks or 10Qs need to be done reliably, and you need to have a history of what you did. In this case, if I write a memo to file regarding a fixed asset impairment, that impairment letter or memo can be stored for people who need access to it and it doesn’t get lost as you have with paper documents. Once we have uploaded the file, it’s protected from loss. Wasserman: What have the results been? Whipple: The results have been excellent. There are a couple of things you don’t know for many years. We haven’t had any issues at all in terms of account reconciliations not being done. I have a dashboard I can look at and I know that all the reconciliations and tasks have been completed and, if not, I know who to go to. When we get to filing SEC documents, everything that needs to be done has been done before I sign my certification that the financial statements have been properly done. CFOs and CEOs are now personally on the hook for the accuracy of those statements under Sarbanes Oxley. I am now confident that all the things required to be done have actually been done in these financial statements.
Nothing turns off shoppers faster than having to go through the sign-in process every time they jump over to a website where they’re already a customer or subscriber. Once is enough — and that’s the whole idea behind OpenID. OpenID is a portable digital identity that lets someone type in their user name and password once to log onto any website with the application built into its user registration process. OpenID has been around since 2005, initially created so people could leave comments on blog posts without having to sign in again and again as they hopped from one blog to another. It gradually caught on with other types of websites and took off in 2008, when users reached a half billion, the number of websites on it tripled to 30,000 and major players such as AOL, Microsoft, Google and Yahoo threw their weight behind it. OpenID taking off OpenID’s open source is a free open-source protocol is one reason it’s taking off. Because no one owns it, a company’s website developer can download the code from websites such as Vidoop or JanRain and write it into the registration process at their own site. Then, once an Internet user registers at a participating OpenID website with their name, e-mail address, user name, and password, they can visit any other OpenID website and the second site will ping the first to see if the visitor is who they say they are and if verified, forego the sign-in process. Even Facebook — whose 150 million members make it the 800-pound gorilla of social networking — could be getting on board. Facebook has its own digital registration protocol called Facebook Connect, but is contemplating joining the OpenID movement, according to Scott Kveton, a Vidoop vice president and current vice chair of OpenID.net, the non-profit foundation that promotes the standard. Facebook chose a proprietary architecture because at the time it was the only option for adding extra profile data to a digital ID, but now “they’d love to be very open with what they’re doing. I foresee them getting more involved,” Kveton says. Addressing security concerns While Web developers, open-source programmers and social networking experts are big OpenID fans, they don’t expect the average Joe to care much about it — or even know it exists. If companies are doing their jobs right, Internet users will simply realize their identity can follow them anywhere — and that’s good enough, Kveton says. But some small business owners worry about security. “I don’t think I’d use it and I know people who freak out about it because they don’t want all their [passwords] in one place,” says Clyde Lerner, proprietor of In the Moment Computing, a Sunnyvale, Calif., computer services company. Instead, Lerner uses a password manager called Roboform that stores his passwords on his computer’s hard drive. According to Kveton, OpenID is no more or less safe than someone’s e-mail account. If security is a priority, people can choose to get their OpenID account through a provider that adds extra layers of security onto it, such as Vidoop or JanRain. SIDEBAR: OpenID Resources Want to learn more? Here are some resources: OpenID.net — Home of the OpenID Foundation, the non-profit organization promoting the portable digital personal identification. What is OpenID — A 4-minute video explaining how OpenID works produced by Vidoop, a Portland, Ore., OpenID platform vendor and employer of Kveton, the OpenID foundation backer. TheSocialWeb.tv Episode 24 — The Jan. 20 episode of this weekly Web TV show includes a segment highlighting the OpenID platform’s accomplishments in 2008. OpenID Wiki — A library of links to companies that have written OpenID software code in a variety of programming languages including Java, Perl, PHP, ColdFusion, and more. OpenID providers – Individuals who don’t have an OpenID through a blog or other online service can create one at websites such as myVidoop, Verisign’s Verisign Labs, JanRain’sMyOpenID and ClaimID.
Are your desktop systems feeling sluggish? There might be more than slow hardware or spyware at fault — it may just be your security software. “Generally, users will experience a twenty percent decrease in performance, just from having Norton or McAfee Antivirus installed on their desktops,” says Perri Naccarato, owner of The Computer Guys, a computer service and repair shop in Saugerties, N.Y. “And that’s not taking into account any other security software you may also be running.” Naccarato believes that for all but the smallest businesses, it makes more sense to take a unified threat management (UTM) approach, placing the security on the network, and off the individual desktops. The constantly increasing need for more and better security on all workstations is a problem in any company. The trick is how can you keep a computer safe from intrusion without loading the system down to the point of non-functionality? What a UTM solution is UTM solutions are primarily hardware gateways, routers with hardened operating systems that contain centrally maintained firewall, anti-virus, anti-spyware, and anti-spam functions, as well as assorted other monitoring and blocking capabilities for the highest levels of security. This relieves the need for each workstation to provide these services, thereby freeing their resources so they can better do the work needed. According to Jon Kuhn, director of product management at SonicWALL, Inc., a secure network infrastructure company based in Sunnyvale, Calif., the security problems don’t come just from outside threats, but maintaining control over just what your employees are doing as well. The rapid growth of innovations that provide services through the Internet, and the accompanying increase in network traffic, can pose real problems for IT to manage. “The Web 2.0 approach makes for a loss of control,” says Kuhn. “Internet applications like Google Documents, Scribd, and Zoho are quite useful, but a potential security problem for IT.” UTM solutions also allow IT to control all incoming and outgoing data. This gives IT one place to manage all maintenance, and gives far more control over what Internet sites workers can access, and what they can’t. Plus, not only can you control threats of intrusion, but with some of the more sophisticated UTM solutions being offered now, you can control the content itself sent out by employees, safeguarding confidential content, like medical or legal documents, from accidental release or insider espionage. “It’s so important for admins to have access to tools to control and monitor all throughput,” says Kuhn. “The UTM solution protects your bandwidth and secures all your sensitive data.” Prices have come down UTM systems used to be more costly, too high for small and mid-sized businesses to handle. But Moore’s Law continues to apply across the tech spectrum, bringing everything within reach, and now even the smallest company can protect its network investment. “If you have just 10 employees or more, then investing in security hardware becomes cost effective,” Naccarato says. “Those aren’t cheap items for small businesses, but take into account all the money spent on multiple licenses for security software installed at each desktop, as well as all the man-hours reclaimed that used to be spent updating and patching individual computer boxes, and it suddenly looks like a bargain.” Though UTM devices and network-based software provide great protection for in-house desktops, they obviously can’t protect users’ laptops while they’re off the network, using a home Internet connection or surfing the Web from a café, airport, or hotel room. But they can use UTM to free up processing power by simply plugging it into a USB port. The Yoggie Pico, an award-winning miniature personal security server that resembles a USB flash memory, provides the mobile worker with security software solutions that include a firewall, VPN, IDS/IPS, anti-virus, anti-spam, and more. The little thumb-sized unit contains a 520 MHz Intel Processor running a hardened Linux-based OS. All data coming in and going out is seamlessly passed through the unit, keeping your data safe. And at under $200, it’s affordable for every business — even if you’re the entire company. “My customers are usually amazed at how much faster their system runs when I take all the security software off the desktop,” says Naccarato. “It can make the difference between a slow, frustrating working experience and a smooth, responsive one.” SIDEBAR: Some Companies Offering UTM Services and Products Fortinet is a provider of Unified Threat Management (UTM) security systems that enable secure business communications and deliver excellent security. Their security systems and subscription services protect more than 20,000 customers worldwide — including telecommunications carriers, service providers and enterprises of all sizes. IBM Internet Security Systems (ISS) offers a large portfolio of IT security products and services for organizations of all sizes. Their UTM solutions protect against a wide variety of attacks and Internet nuisances, and provide data security solutions to safeguard valuable information. 3Com Unified Security Platforms offer threat protection for organizations of all sizes, as well as those with multiple sites, branch offices or numerous teleworkers, including services like virtual private network (VPN), packet inspection firewall, application bandwidth management, and IP multicast routing support. Astaro Security Gateway provides protection for networks, Web access and e-mail traffic, and offer a complete range of hardware appliances. Cisco Systems provides security products that combine firewall, virtual private networking (VPN), and intrusion prevention system (IPS) technologies, and incorporate content inspection and control over applications like e-mail, Web access, instant messaging, and others. The SonicWALL network security appliances provide UTM security services with deep packet inspection to provide small, mid-size and enterprise-class organizations excellent protection. SonicWALL appliances integrate automated and dynamic security capabilities for protection and performance. ZyXEL solutions offer networking features such as quality of service (QoS), network security, and network management. Serving both corporate and home users, the companies UTM Series combine firewall, content filtering, anti-virus, anti-spam, and intrusion detection and prevention. It also supports virtual private network, load balancing, and bandwidth management features. Yoggie’s range of USB key-sized and ExpressCard-sized security mini-computers connect to any PC or laptop at home, in the office or on the road, blocking Internet threats outside the host computer and boosting computer performance by off-loading installed security software.
Are your desktop systems feeling sluggish? There might be more than slow hardware or spyware at fault — it may just be your security software. “Generally, users will experience a twenty percent decrease in performance, just from having Norton or McAfee Antivirus installed on their desktops,” says Perri Naccarato, owner of The Computer Guys, a computer service and repair shop in Saugerties, N.Y. “And that’s not taking into account any other security software you may also be running.” Naccarato believes that for all but the smallest businesses, it makes more sense to take a unified threat management (UTM) approach, placing the security on the network, and off the individual desktops. The constantly increasing need for more and better security on all workstations is a problem in any company. The trick is how can you keep a computer safe from intrusion without loading the system down to the point of non-functionality? What a UTM solution is UTM solutions are primarily hardware gateways, routers with hardened operating systems that contain centrally maintained firewall, anti-virus, anti-spyware, and anti-spam functions, as well as assorted other monitoring and blocking capabilities for the highest levels of security. This relieves the need for each workstation to provide these services, thereby freeing their resources so they can better do the work needed. According to Jon Kuhn, director of product management at SonicWALL, Inc., a secure network infrastructure company based in Sunnyvale, Calif., the security problems don’t come just from outside threats, but maintaining control over just what your employees are doing as well. The rapid growth of innovations that provide services through the Internet, and the accompanying increase in network traffic, can pose real problems for IT to manage. “The Web 2.0 approach makes for a loss of control,” says Kuhn. “Internet applications like Google Documents, Scribd, and Zoho are quite useful, but a potential security problem for IT.” UTM solutions also allow IT to control all incoming and outgoing data. This gives IT one place to manage all maintenance, and gives far more control over what Internet sites workers can access, and what they can’t. Plus, not only can you control threats of intrusion, but with some of the more sophisticated UTM solutions being offered now, you can control the content itself sent out by employees, safeguarding confidential content, like medical or legal documents, from accidental release or insider espionage. “It’s so important for admins to have access to tools to control and monitor all throughput,” says Kuhn. “The UTM solution protects your bandwidth and secures all your sensitive data.” Prices have come down UTM systems used to be more costly, too high for small and mid-sized businesses to handle. But Moore’s Law continues to apply across the tech spectrum, bringing everything within reach, and now even the smallest company can protect its network investment. “If you have just 10 employees or more, then investing in security hardware becomes cost effective,” Naccarato says. “Those aren’t cheap items for small businesses, but take into account all the money spent on multiple licenses for security software installed at each desktop, as well as all the man-hours reclaimed that used to be spent updating and patching individual computer boxes, and it suddenly looks like a bargain.” Though UTM devices and network-based software provide great protection for in-house desktops, they obviously can’t protect users’ laptops while they’re off the network, using a home Internet connection or surfing the Web from a café, airport, or hotel room. But they can use UTM to free up processing power by simply plugging it into a USB port. The Yoggie Pico, an award-winning miniature personal security server that resembles a USB flash memory, provides the mobile worker with security software solutions that include a firewall, VPN, IDS/IPS, anti-virus, anti-spam, and more. The little thumb-sized unit contains a 520 MHz Intel Processor running a hardened Linux-based OS. All data coming in and going out is seamlessly passed through the unit, keeping your data safe. And at under $200, it’s affordable for every business — even if you’re the entire company. “My customers are usually amazed at how much faster their system runs when I take all the security software off the desktop,” says Naccarato. “It can make the difference between a slow, frustrating working experience and a smooth, responsive one.” SIDEBAR: Some Companies Offering UTM Services and Products Fortinet is a provider of Unified Threat Management (UTM) security systems that enable secure business communications and deliver excellent security. Their security systems and subscription services protect more than 20,000 customers worldwide — including telecommunications carriers, service providers and enterprises of all sizes. IBM Internet Security Systems (ISS) offers a large portfolio of IT security products and services for organizations of all sizes. Their UTM solutions protect against a wide variety of attacks and Internet nuisances, and provide data security solutions to safeguard valuable information. 3Com Unified Security Platforms offer threat protection for organizations of all sizes, as well as those with multiple sites, branch offices or numerous teleworkers, including services like virtual private network (VPN), packet inspection firewall, application bandwidth management, and IP multicast routing support. Astaro Security Gateway provides protection for networks, Web access and e-mail traffic, and offer a complete range of hardware appliances. Cisco Systems provides security products that combine firewall, virtual private networking (VPN), and intrusion prevention system (IPS) technologies, and incorporate content inspection and control over applications like e-mail, Web access, instant messaging, and others. The SonicWALL network security appliances provide UTM security services with deep packet inspection to provide small, mid-size and enterprise-class organizations excellent protection. SonicWALL appliances integrate automated and dynamic security capabilities for protection and performance. ZyXEL solutions offer networking features such as quality of service (QoS), network security, and network management. Serving both corporate and home users, the companies UTM Series combine firewall, content filtering, anti-virus, anti-spam, and intrusion detection and prevention. It also supports virtual private network, load balancing, and bandwidth management features. Yoggie’s range of USB key-sized and ExpressCard-sized security mini-computers connect to any PC or laptop at home, in the office or on the road, blocking Internet threats outside the host computer and boosting computer performance by off-loading installed security software.
You’ve purchased a firewall to protect your entire network. You’ve installed anti-virus software which updates its definitions daily. You’ve downloaded and installed all security patches for your operating system. You have anti-spyware software regularly scanning your system and removing any unwanted downloads. You may think you’ve done everything necessary to protect your network and devices from security threats. But you might be wrong. “About 80 percent of security breaches are physical in nature,” says Peter Dougherty, president and CEO of OnPATH Technologies, which provides physically secure switches. Physical security is key Indeed, if your network and equipment don’t have physical security, you almost may as well not bother with the firewall. “If a hacker gets physical access to a device, all bets are off,” notes Sean Convery, CTO of Identity Engines, a Sunnyvale, Calif. Company that provides network access control. How can you make sure your network is safe from physical as well as software breaches? Here are some steps to consider: 1. Lock down servers. Limit access to server rooms and data centers only to those, such as IT staff, who have a legitimate need to be there. “It’s a good idea to lock the doors on the server racks themselves as well,” Dougherty says. He also recommends placing the “management server” — the device used to control and configure the network — in a separate location with its own locked access as a further measure to ensure the network’s physical safety. 2. Don’t forget wiring and switches. Once the servers are secure, take a look at the wires and switches connecting them. “Where is your wire closet? Can the local cable technician get in without authorization?” asks Dougherty. If outsiders have access to the wires and switches that transmit your data, you run the risk of a security breach. 3. Treat cables with care. “Companies typically have some sort of firewall device protecting their network,” Dougherty says. “But because your Internet access comes in from outside, you may have one router on the non-secure side of the network, outside the firewall.” Given the confusing array of devices that are often plugged in side by side, it’s frighteningly easy for an inexperienced or distracted employee to plug in a device outside the firewall. “That’s a very big risk,” Dougherty says. “There are companies set up to do nothing but ping for unprotected networks.” How can you protect yourself from this type of error? One simple, but effective solution is to attach a color-coded label to each cable, showing exactly where it should be plugged in. 4. Set some alarms. Consider installing software alarms that will alert IT administrators every time a cable or device is unplugged from the network — or plugged into it. “It should not only generate an alarm, but also automatically lock down the network,” he adds. Don’t count on encryption Whatever you do, don’t count on encryption to protect your data in case of a physical security breach. Recently, a research team at Princeton University revealed that, by the relatively simple means of freezing DRAM chips with the liquid nitrogen in canned air, they were able to retrieve encryption keys. And, if the data is password-protected, access is even easier. “Most operating systems have either a well-known or not-well-known method for password retrieval or reset, such as by booting from a CD,” Convery says. The reason, he adds is obvious. If a legitimate user loses his or her password, the device becomes an expensive pile of useless metal and silicon without some way to override password protections. And this feature is not limited to computers or servers but includes every piece of electronics, including firewalls themselves, Convery says. “If you can touch the device, and cut power to it, you can reset the password.”
You’ve purchased a firewall to protect your entire network. You’ve installed anti-virus software which updates its definitions daily. You’ve downloaded and installed all security patches for your operating system. You have anti-spyware software regularly scanning your system and removing any unwanted downloads. You may think you’ve done everything necessary to protect your network and devices from security threats. But you might be wrong. “About 80 percent of security breaches are physical in nature,” says Peter Dougherty, president and CEO of OnPATH Technologies, which provides physically secure switches. Physical security is key Indeed, if your network and equipment don’t have physical security, you almost may as well not bother with the firewall. “If a hacker gets physical access to a device, all bets are off,” notes Sean Convery, CTO of Identity Engines, a Sunnyvale, Calif. Company that provides network access control. How can you make sure your network is safe from physical as well as software breaches? Here are some steps to consider: 1. Lock down servers. Limit access to server rooms and data centers only to those, such as IT staff, who have a legitimate need to be there. “It’s a good idea to lock the doors on the server racks themselves as well,” Dougherty says. He also recommends placing the “management server” — the device used to control and configure the network — in a separate location with its own locked access as a further measure to ensure the network’s physical safety. 2. Don’t forget wiring and switches. Once the servers are secure, take a look at the wires and switches connecting them. “Where is your wire closet? Can the local cable technician get in without authorization?” asks Dougherty. If outsiders have access to the wires and switches that transmit your data, you run the risk of a security breach. 3. Treat cables with care. “Companies typically have some sort of firewall device protecting their network,” Dougherty says. “But because your Internet access comes in from outside, you may have one router on the non-secure side of the network, outside the firewall.” Given the confusing array of devices that are often plugged in side by side, it’s frighteningly easy for an inexperienced or distracted employee to plug in a device outside the firewall. “That’s a very big risk,” Dougherty says. “There are companies set up to do nothing but ping for unprotected networks.” How can you protect yourself from this type of error? One simple, but effective solution is to attach a color-coded label to each cable, showing exactly where it should be plugged in. 4. Set some alarms. Consider installing software alarms that will alert IT administrators every time a cable or device is unplugged from the network — or plugged into it. “It should not only generate an alarm, but also automatically lock down the network,” he adds. Don’t count on encryption Whatever you do, don’t count on encryption to protect your data in case of a physical security breach. Recently, a research team at Princeton University revealed that, by the relatively simple means of freezing DRAM chips with the liquid nitrogen in canned air, they were able to retrieve encryption keys. And, if the data is password-protected, access is even easier. “Most operating systems have either a well-known or not-well-known method for password retrieval or reset, such as by booting from a CD,” Convery says. The reason, he adds is obvious. If a legitimate user loses his or her password, the device becomes an expensive pile of useless metal and silicon without some way to override password protections. And this feature is not limited to computers or servers but includes every piece of electronics, including firewalls themselves, Convery says. “If you can touch the device, and cut power to it, you can reset the password.”
You’ve purchased a firewall to protect your entire network. You’ve installed anti-virus software which updates its definitions daily. You’ve downloaded and installed all security patches for your operating system. You have anti-spyware software regularly scanning your system and removing any unwanted downloads. You may think you’ve done everything necessary to protect your network and devices from security threats. But you might be wrong. “About 80 percent of security breaches are physical in nature,” says Peter Dougherty, president and CEO of OnPATH Technologies, which provides physically secure switches. Physical security is key Indeed, if your network and equipment don’t have physical security, you almost may as well not bother with the firewall. “If a hacker gets physical access to a device, all bets are off,” notes Sean Convery, CTO of Identity Engines, a Sunnyvale, Calif. Company that provides network access control. How can you make sure your network is safe from physical as well as software breaches? Here are some steps to consider: 1. Lock down servers. Limit access to server rooms and data centers only to those, such as IT staff, who have a legitimate need to be there. “It’s a good idea to lock the doors on the server racks themselves as well,” Dougherty says. He also recommends placing the “management server” — the device used to control and configure the network — in a separate location with its own locked access as a further measure to ensure the network’s physical safety. 2. Don’t forget wiring and switches. Once the servers are secure, take a look at the wires and switches connecting them. “Where is your wire closet? Can the local cable technician get in without authorization?” asks Dougherty. If outsiders have access to the wires and switches that transmit your data, you run the risk of a security breach. 3. Treat cables with care. “Companies typically have some sort of firewall device protecting their network,” Dougherty says. “But because your Internet access comes in from outside, you may have one router on the non-secure side of the network, outside the firewall.” Given the confusing array of devices that are often plugged in side by side, it’s frighteningly easy for an inexperienced or distracted employee to plug in a device outside the firewall. “That’s a very big risk,” Dougherty says. “There are companies set up to do nothing but ping for unprotected networks.” How can you protect yourself from this type of error? One simple, but effective solution is to attach a color-coded label to each cable, showing exactly where it should be plugged in. 4. Set some alarms. Consider installing software alarms that will alert IT administrators every time a cable or device is unplugged from the network — or plugged into it. “It should not only generate an alarm, but also automatically lock down the network,” he adds. Don’t count on encryption Whatever you do, don’t count on encryption to protect your data in case of a physical security breach. Recently, a research team at Princeton University revealed that, by the relatively simple means of freezing DRAM chips with the liquid nitrogen in canned air, they were able to retrieve encryption keys. And, if the data is password-protected, access is even easier. “Most operating systems have either a well-known or not-well-known method for password retrieval or reset, such as by booting from a CD,” Convery says. The reason, he adds is obvious. If a legitimate user loses his or her password, the device becomes an expensive pile of useless metal and silicon without some way to override password protections. And this feature is not limited to computers or servers but includes every piece of electronics, including firewalls themselves, Convery says. “If you can touch the device, and cut power to it, you can reset the password.”
Businesses appear to be falling behind in the eternal war against spammers. Just when they manage to block one variety of unsolicited junk email to their office inboxes, another variety is developed. Until new technological advances come along, the best they can hope to do is use existing technology to stem the flow or outsource the work to companies that fight spam full time. In the last year, the amount of spam rose 250 percent over 2005 levels, according to security software firm SonicWall, in Sunnyvale, Calif. There are two main reasons for this surge: Image spam and botnets. Making it past spam filters Botnets, in which a virus takes over a PC and turns it into a spam-sending machine, have helped increase the overall amount of spam. The way it works is that perpetrators that want to take over other people’s computers for the purpose of sending spam first distribute viruses or worms to mostly Windows PCs. The code also contains a bot, or software robot, that automatically logs onto a server. Spammers access the server and order it to force the PC to send out spam to mail servers. While botnets are dangerous, some businesses try to block bots from being deployed through the use of intrusion prevention systems, either through a hosted service or at the network level. While effective against network-base infections, IPS offers little to defend against infections caused by employees willingly downloading bot infection payloads deceptively marketed as screen savers or browser toolbars. And once infected, these systems won’t stop bots from communication with botnets using standard http and https protocols. Image spam is also proving difficult to combat. Image spam has added to the amount of spam that makes it past spam filters employed by many businesses or Internet providers. Image spam was devised to foil filters looking for words like “Viagra” or “XXX.” When text is presented in a JPEG or PDF, such text-seeking filters are rendered useless. Image spam has been around for a while, but until 2004 or so most of it was filtered out by software that was looking for “signatures” — domains, common words or phrases, bulk recipients, etc. — that were common to emails sent en masse. The spammers came up with “snowflake spam,” in which every image is unique, although they look the same to the naked eye. Spammers quickly discovered the technique works: In 2005, only 3 percent of spam was imaged-based. In 2006, that figure rose to 30 percent, according to IronPort Sytems, a San Bruno, Calif., gateway security provider. Patrick Peterson, vice president of technology for IronPort Systems, says signature-based filters don’t work very well anymore. IronPort does do some image-based filtering, like looking for similar background colors, but the technique is far from foolproof and optical character analysis — the ability to recognize image-based text — is still way too ineffective. How to block the new flavors of spam Another way to address image spam is to simply block all images unless they are sent from an address that has been pre-selected by the recipient. The downside, of course, is that some legitimate emails will inevitably be lost in the shuffle. In addition to of filtering and blocking, many spam-fighters are focusing on “reputation analysis,” that is, assessing the validity of the recipient based on the incoming email address. Such reputation analysis finds out where the spam is coming from and then creates a blacklist. Analysts say while reputation analysis is the most effective ways to combat spam right now, it is far from a total solution. The other problem is that, like with image spam blocking, legitimate emails may be blacklisted. “These are small steps,” says Jeanniey Mullen, executive director of email marketing for Ogilvy, the New York ad agency. “I don’t think anyone has the answer yet.” Arabella Hallawell, research vice president for Gartner Research, of Stamford, Conn., recommends either getting an email appliance to limit a system’s exposure to spam and/or outsourcing -mail management to someone else. Not surprisingly, Peterson agrees with her. “The ante has really gone up,” he says. “In the old days, five to 10 really smart guys could put together a spam solution that’s pretty good. Now we’ve got 30-plus guys working on spam just to stay ahead of what the bad guys are doing.”
TicketsNow, an online ticket portal based in Crystal Lake, Ill., needed to streamline the way its growing volume of content was uploaded to its website. A content management system was in order for the growing business. “Because it’s important for TicketsNow to provide customers with the best experience possible, we needed a content management system to continually update our site quickly and provide relevant, persuasive and personalized content,” explains Frank Giannantonio, the company’s chief technology officer. As its name suggests, a content management system (CMS) can best be described as software designed to help companies store, organize, and share content anywhere and anytime via the Web — be it documents (such as sales materials), artwork (e.g. a company logo) or any other content that requires attention. If your site is anything more than a simple brochure, you may want to consider a CMS to help you manage the adding and updating of pages and sections to your site. Giannantonio says his company went with CMS technology provider Interwoven, “because it eliminated IT bottlenecks and put the ownership of the site’s content in the hands of the content creators.” Interwoven has nearly 3,700 customers worldwide, including prestigious accounts such as Hilton, British Telecom, and Adidas. One system, one version of content One reason why fast-growing companies need to consider a CMS is to make sure that everyone is working from the same version of content — whether it’s in Microsoft Word or Adobe PhotoShop. Say a company is e-mailing around a press release to staff for approval. Each executive is editing the copy, adding notes and then sending it onto to someone else to sign off on it. What if somewhere in the process, the wrong version is saved as “final”? The next thing you know, the document — with incorrect information — is posted to the website for all the world to see. “The idea is to streamline the entire system, to provide a single source of truth for managing and delivering information,” says Eben Miller, director of product marketing for Web content management at Interwoven, a Sunnyvale, Calif. CMS vendor. “Content is king, and a CMS owns this content assembly line from creation to management to approval to delivery.” Tips on choosing a CMS The following are a few tips on what to look for in a content management system: A CMS must be easy to install, learn and use. “Even a non-technical person should be able to publish content through the system easily,” says Miller. Look for open standards in your CMS. An open platform that integrates to your existing system with creative tools will help your content creators keep your site fresh. A good CMS should work with all popular content creation programs, such as adding the option to “Publish to Web” after clicking on File within Microsoft Word. Find a CMS that has security features for content storage and access. A CMS system can help customers help themselves via the Net instead of using expensive call centers. Using Interwoven’s CMS, British Telecom successfully “e-shifted” more than 12 percent of its call center traffic to the Web for self-service support. For the customer, it means an easier, faster, and more convenient way to find the info they need. A CMS helps the info to be itemized, tagged (with keywords) and implemented into the central database. A CMS should enable multi-channel publishing. The content may be designed for the Web but may evolve into other channels, such as print or wireless. CMS solutions need not be expensive, although it depends on your needs, such as whether it’s for departmental use or for global collaboration. On the flipside, a CMS will help your business be more productive, will cut costs, can help efficiently manage your brand and speed up your time to market for launching new products, services or campaigns. “Companies cannot compete on price and location alone these days,” says Miller. “You need accurate and up-to-date content to compete in today’s world.” And to help a company comply with the growing number of regulations impacting financial reporting, customer privacy and other aspects of business, an IT department needs a CMS that offers a full audit trail for all types of content.
