News

NaviSite Named SVC 2014 Cloud Company of the Year

NaviSite takes home the top prize for its work with PMGC Technology Group Ltd. to deliver enterprise level services to small and mid-sized businessesLONDON - 28 November, 2014 - NaviSite Europe Limited, a wholly owned subsidiary of NaviSite, Inc., a Time Warner Cable company, today announced that it has been named Cloud Company of the Year by the Storage, Virtualization, Cloud (SVC) Awards, in partnership with PMGC.The SVC Awards recognise the achievements of end-users, channel partners and vendors alike. NaviSite was recognised for its work with PMGC to deliver Desktop-as-a-Service (DaaS) technology to power PMGC's SmartDesk virtual working environment. NaviCloud® DaaS is one of a suite of cloud offerings from NaviSite, which range from Enterprise class infrastructure for test and development and production environments, through to cloud-based storage, disaster recovery solutions and cloud-based virtualised desktops. NaviSite's DaaS delivers a leading-edge alternative to traditional VDI and labour-intensive desktop support, providing a simple, secure, and complete desktop experience in a virtual environment. This cloud-based, on-demand, scalable, pay-as-you-use platform enables a seamless and secure transition to the Cloud from costly, potentially at-risk physical machines, safeguarding data while adding a new layer to organisational resilience. By leveraging NaviSite's DaaS solution together with customised mobility and consulting services, PMGC's SmartDesk provides each user with their own Windows hosted desktop environment that can be accessed from any device with an Internet connection. This allows users to work from the office, on the road, at home or even when meeting a client, while business data remains safely stored at the secure data centre. Usually this type of offering would only be available to large scale enterprises, however combining the best in class cloud based DaaS technology from NaviSite, with the specialist expertise of PMGC extends the delivery of these high quality services to small and mid-sized businesses providing a new level of flexibility for their users and opening up the benefits of cloud to an increasingly demanding market segment. The NaviSite DaaS solution ensures that PMGC can provide a seamless user experience, with end users working across multiple devices. Each user is provided with their own SmartDesk environment, giving them secure access to their files, data and business applications, from any Internet connected device. In this way organisations can fully support mobile working and remote users; they can easily provision new desktops to cater for seasonal peaks and can embrace the growing trend of BYOD, without compromising data security. "It's a great honour to be recognised by the SVC Awards for the work that we've done with PMGC," said Sean McAvan, managing director, NaviSite Europe Ltd. "The way that PMGC is bringing to smaller and mid-sized organisations the secure and resilient offerings that are normally only available to enterprises is truly leveling the playing field for the largest business group in the UK, and we are proud to be associated with that initiative." "It's important that our customers feel enabled by technology, and NaviSite's DaaS solution provides a key piece of infrastructure that we need to deliver our solution to customers. They've not only delivered great technology, but their service is first-class," said Jason Yeomans, chief executive officer, PMGC Technology Group. "We couldn't be happier to see NaviSite recognised for the great work that they do."For more information about NaviSite and its range of services, visit www.navisite.co.uk.For more information on PMGC and their services, please go to http://www.pmgroupuk.com/The SVCAwards is an event administered by Angel Business Communications Limited. For more information on this year's winners, visit www.svcawards.com. About NaviSite Europe LimitedNaviSite Europe Limited is a wholly owned subsidiary of NaviSite, Inc., a Time Warner Cable company, is a leading international provider of enterprise-class, cloud-enabled hosting, managed applications and services. NaviSite provides a full suite of reliable and scalable managed services, including Application Services, industry-leading Enterprise Hosting, and Managed Cloud Services for organisations looking to outsource IT infrastructures and lower their capital and operational costs. Enterprise customers depend on NaviSite for customised solutions, delivered through a global footprint of state-of-the-art datacentres. For more information about NaviSite's services, please visit www.navisite.co.uk ###Contact: Michele Moore, Text100Michele.moore@text100.co.uk 0 20 8846-0784Source: RealWire

IT Security News Video Summary for November 2014

Latest summary of Security News covering the month of November 2014. The following stories are incuded: Complex Regin Cyber-Spy Malware Steals Data, Leaves Little Evidence. Citadel attackers aim to steal victims’ master passwords. Microsoft releases emergency security patch for Windows and Windows Server Phone Scams Borrow Typo squatting Strategy to Target Bank Customers DDoS attacks cost businesses average of £25,000 per hour finds study Nearly half of all web application cyber attacks target retailers, study shows EU companies unaware of proposed data protection law Operator error the root cause of Microsoft Azure failure

CGI secures communications between pilots and air traffic control

Satellite communications firm Inmarsat has outsourced the provision of security IT and services to CGI as part of a European Space Agency (ESA) air traffic management project. CGI is providing IT security services to the company behind the latest satellite communications system used to manage European airspace, in a contract worth £2.8m. The ESA commissioned satellite communications supplier Inmarsat to provide the communications system between pilots and air traffic control in European airspace. IT services company CGI will develop safety systems integration and IT security services to the project known as Iris Precursor. The service will use Inmarsat’s satellite broadband, SwiftBroadband, and CGI will provide integration with air traffic management systems and introduce security to protect against cyber attack on the communications links. The systems will enter initial flight trials in 2016. Inmarsat CEO Rupert Pearce said the project will enable the company’s SwiftBroadband service to meet the European regulations and standards for data link communications.  “It will play an integral role in the future of European air traffic services infrastructure. CGI’s role in developing, integrating and deploying the required ground network systems is a central component of the work and we selected the company based on its deep space industry experience, safety and security systems expertise and proven delivery track record,” he said. CGI has worked directly with the ESA for over 35 years. Iris Precursor project is designed to make sure the communications network used will have the capacity and reliability to add applications in the future as part of the Single European Skies ATM Research (SESAR) programme. This includes adding the ability to update flight plans en-route and improve the sequencing of aircraft into busy airport. In June, British Airways announced it was the launch customer for Inmarsat’s in-flight passenger broadband service. Inmarsat provides mobile satellite communication services. In December 2013, it launched the first of three Inmarsat-5 satellites and is on schedule to achieve full global coverage by the end of 2014. It has 1,600 staff in more than 60 global locations.  Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

CW500 Video: Identity and access management – Gatwick Airport

As organisations turn to cloud services and mobile apps to boost productivity and cut costs, managing identity and access to IT resources has never been so important or challenging. In this emerging IT environment, a key challenge is managing access to applications and data by employees and partners from multiple devices and locations without compromising security. In this CW500 video, Michael Ibbitson, CIO, Gatwick Airport, discusses the growing challenges of expanding access management to third parties and avoiding the potential pitfalls. Read more about what was discussed at the event, as well as its business challenges and benefits here. 

CW500 Video: Identity and access management – GDS

As organisations turn to cloud services and mobile apps to boost productivity and cut costs, managing identity and access to IT resources has never been so important or challenging. In this emerging IT environment, a key challenge is managing access to applications and data by employees and partners from multiple devices and locations without compromising security. In this CW500 video, Janet Hughes, Head of Policy & Engagement for the Identity Assurance Programme, Government Digital Service, discusses the growing challenges of expanding access management to third parties and avoiding the potential pitfalls. Read more about what was discussed at the event, as well as its business challenges and benefits here. 

European parliament votes in favor of breaking up Google

Although the vote is non-binding, it's a definite setback for the company.

Switch to ‘100% On-net’ Connectivity Pays Off for Dialogue Group

27 November 2014 - Dialogue Group, the global A2P (Application-to-Person) SMS messaging specialist, today announced that its revenues have doubled in the last year, since launching its A2P SMART initiative. The company's continued success has been stre...

Pilots report increased near-collisions with drones, FAA data says

Many hobbyist drones found flying over 2,000 ft.

Post Office Takes Unusual Approach to Handling Breach

NEWS ANALYSIS: Full details emerge on the U.S. Postal Service breach, and some of the insights are surprising, including the fact that the USPS didn't immediately block compromised servers. The United States Postal Service (USPS) publicly admitted that it was the victim of a cyber-intrusion on Nov. 10. As it turns out, the USPS had been aware of a potential intrusion since Sept. 11, and it took several months of planning and strategic actions until the public and USPS employees were informed. Full details on the USPS breach were provided by Randy Miskanic, vice president of secure digital solutions at the USPS, in testimony before the Subcommittee on Federal Workforce, U.S. Postal Service & the Census at the U.S. House of Representatives. The testimony, which took place on Nov. 19, is posted online and provides 11 pages of details on the actions and timeline of the USPS breach incident. The testimony gives insight into how much time and process is involved in detecting and responding to a breach, which is far from a rapid process. Miskanic testified that on Sept. 11, 2014, the U.S. Postal Service Office of Inspector General (USPS OIG) received information from the U.S. Computer Emergency Readiness Team (US-CERT) regarding four Postal Service servers that may have been compromised. Rather than immediately take action to shut down or otherwise block the compromised servers, the USPS was advised to take no action. "The USPS OIG provided the CISO [Chief Information Security Officer] with an operational security warning advising that actions taken without coordination are likely to adversely impact the Postal Service's overall security posture," Miskanic testified. "The guidance document instructed the CISO to take no action—including further investigative activity, scanning, re-imaging, resetting account passwords, taking systems offline or searching IP addresses." Initially, the USPS suspected that only four servers were compromised, but through monitoring actions that occurred from Sept. 19 to Oct. 2, an additional 29 servers were identified as potentially being compromised. The USPS identified three Postal Service user accounts as potentially being compromised as well. On Oct. 20, USPS staff provided a classified briefing to the National Security Council staff and the White House cyber-security director about the incident. It wasn't until Nov. 7, nearly two months after first being alerted to the breach in September, that the USPS activated a full remediation plan to remove the attacker risk from the network. "Implementing remediation plan elements required initiation of an information systems network brownout period, which limited communications between the Postal Service network and the Internet," Miskanic testified. "During the Nov. 8-Nov. 9 brownout period, virtual private network (VPN) connections were blocked and remote network access was denied." The USPS also put in additional security controls during the two-day brownout, including two-factor authentication for administrative accounts. Going a step further, the USPS began to block access to personal online email services, including Gmail and Yahoo. "In addition, direct database access is now only enabled to technology support staff, and a number of business applications have been retired," Miskanic testified. "These safeguards will continue to be reviewed and enhanced over the coming months in order to increase our overall security posture." What the Miskanic testimony clearly illustrates is that detecting or being alerted to a breach is only the first step in what can be a lengthy process to recovery. It's interesting to note that the USPS itself did not initially detect the breach, but rather was alerted to it by US-CERT. The fact that the initial course of action was to not immediately block the impacted servers is also very interesting. The USPS and its security partners wanted to be thorough and make sure they fully understood the problem so it could be properly fixed in a coordinated manner. In many security incidents, there is often a rush to judgment, but that's not necessarily always the right course of action. The USPS attack and response provide organizations with a case study in how a thoughtful process can be implemented in the event of a cyber-security incident. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

AT&T backtracks on fiber claims, says it won’t really halt 100-city...

Either way, AT&T says net neutrality will limit fiber and DSL upgrades.

EU May Ask Google to Extend ‘Right to Be Forgotten’ Beyond...

Google may be asked to apply the privacy obligation to its main Google.com site. European Union privacy regulators may ask Google to extend users' "right to be forgotten" to its Websites outside the EU as well. Regulators meeting in Brussels, Belgium, Nov. 26 have prepared a proposal that will require Google to apply the EU privacy obligation—which gives its citizens the right to ask Google to remove content—to its main Google.com site in the United States and to other sites viewable from the EU, Bloomberg Businessweek reported today. The decision apparently is rooted in concerns that information blocked by Google in the EU will still be accessible to Internet users there simply by visiting Google search sites in other countries, Bloomberg said, quoting unnamed sources. If the proposal is approved, all search engine companies, and not just Google, will be required to abide by it. Isabelle Falque-Pierrotin, the chairman of the EU data protection council, is expected to present the guidelines later today, possibly with some modifications, the Bloomberg report noted. A Google spokesman said the company hasn't seen the EU Article 29 Working Party's new guidelines yet. "But we will study them carefully when they're published," he said. Marc Rotenberg, president of the Electronic Privacy Information Center (EPIC), said the proposal that is reportedly being considered by the EU makes sense. "This is a logical and sensible request from the European Union since Google is the entity that gathers the personal data and chooses to make the subsequent disclosure," he said in emailed comments. "It would make little sense to allow Google to publish in domains outside of Europe private facts concerning EU citizens that should be removed from Google search results." The more interesting question now is how Google will respond to growing expectation that the company will recognize a similar legal right in the United States and other countries, he said. In May of this year, the Court of Justice for the European Union held that European privacy law gives citizens the right to ask Internet search engine companies like Google to remove search results pointing to inaccurate, outdated or incomplete data about them. The Right to Be Forgotten decision was related to a lawsuit filed by an individual in Spain who wanted Google to remove search results pointing to two articles in a Spanish-language newspaper from 1998 that mentioned his name in connection with the recovery of Social Security debts. Since the European court ruling this May, Google says it has received more than 174,000 right-to-be-forgotten requests from EU citizens and has evaluated some 602,000 URLs for removal. So far, the company has removed 42 percent of the URLs that people have asked it to remove and is in the process of working through the remaining requests. The removal requests have involved a wide range of content, including criminal records, embarrassing photos, slander, online bullying, negative press mentions and content pertaining to sexual crimes, Google has noted. Google has maintained that while it wants to be respectful of EU law, the right-to-be-forgotten obligation is a new and difficult challenge for the company. It requires Google "to weigh, on a case-by-case basis, an individual's right to be forgotten with the public's right to information," Google's Advisory Council on the Right to be Forgotten has noted. "We want to strike this balance right." This week's proposal, if adopted, would extend Google's obligation to remove content at the request of EU users to its main Website as well. It is unclear how the company will respond to the new development or even what its legal obligations will be under the new proposal. Either way, the company is likely going to have to find a way to respond to the issue quickly because there are signs of similar demands from countries outside the EU as well. In October, for instance, a court in Tokyo ordered Google to remove about 120 search engine results pointing to articles hinting about a certain individual's involvement in a crime from more than 10 years ago. Some privacy groups, such as the Electronic Frontier Foundation, have expressed alarm at the EU requirement and have likened it to censorship. "The court has created a vague and unappealable model, where Internet intermediaries must censor their own references to publicly available information in the name of privacy, with little guidance or obligation to balance the needs of free expression," the EFF noted in a blog in July. "That won't work in keeping that information private, and will make matters worse in the global battle against state censorship."

Senator tells Visa and MasterCard to stop serving “cyberlockers”

Sen. Patrick Leahy says 30 named locker sites have "no legitimate purpose."