Customer Decision & Big Data: A possible Journey

April 26, 2013

Customer is king. Always. Whether in B2B or B2C settings. With much writing this week on the importance of a Customer Centric approach where B2B organizations need to develop a much deeper understanding of the modern Customer Decision Journey.

Questions have been raised as per whether Multichannel Marketing Mix approaches have been based on the right models and research to measure results.

With the hype of a report to be issued by the Council for Researchcurrently investigating measurement issues related to digital video advertising, report that in turn will form the basis of an Advertising Research Foundation inquiry into the quality of the models.

We believe it’s important to bring a combination of modeling, information and expertise to decisions “a P&G spokesman said in a statement to AdAge “We have clear evidence that marketing-mix modeling, combined with other information and expertise, has helped to improve return on investment of our marketing spending and media buying.

Beside, measurements what remains key is to reach the customer with a message which will limit the risk of ad avoidance, a phenomenon which has been noticed to be on the increase lately.

Can big data really improve the customer experience with personalized ads, products and service offerings?

For certain big data can say a lot about preferences and even location. But with constantly increasing terabytes of data, in structured, semi structured and unstructured formats. To make sense of it all is to say the least challenging.

The more so for businesses, which do not have their own platform from which to gather this data, nor the technical tools or analyst expertise to navigate and make sense of data gathered from their websites, blogs and external social platforms.

Some even ask the question whether Big Data is in reality an opportunity only for big players of the likes of Google.

What do you think?

Thanks to http://moniagalardi.com/2013/04/25/customer-decision-big-data-a-possible-journey/

 

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

The State of the Breach

April 26, 2013

By coincidence, Verizon’s Data Breach Investigations Report (DBIR) for 2012 was released this week along with the results of our Privacy Survey. So it’s a good  time for a quick tour of the state of the breach. In reviewing this latest DBIR, much has stayed the same. However, Verizon’s report emphasizes two key points that caught my attention: 80% of breaches could be easily prevented with two-factor authentication; and it still takes months for most breaches to be discovered.

As in past DBIRs, hacking and malware again make it into the top threat categories, and the difficulty level of the hack-craft employed is still very primitive. This is a polite way of saying that vanilla password cracking—guessing or re-using credentials—is by far the most popular way to pass through the security gate. According to Verizon, this particular type of attack accounted for four out of five breaches involving  hacked data.

The solution is, in Verizon’s words, “to overthrow single-factor passwords” with a new king, two-factor authentication. Varonis is also hoping that TFA will gain the throne.

There are some encouraging signs, however. In our just-published Privacy Survey, over 47% told us they use multi-factor authentication for their personal email accounts. If this trend can carry over to corporate email and intranet access, then we may finally see a dip in these low-skill, but still very effective, password-based hacks.  It’s a stat will check again next year.

Another critical point made by Verizon is that companies must think beyond prevention, and come up with a second line of defense involving rapid discovery and response. Prevention is still important, but no security barrier is hack-proof.

They note that for most breaches the lag between the initial hack and the first action is far too long: 67% of incidents take several months to be discovered.  And perhaps even more dispiriting is that companies more often than not—about 70% of the time—find out about breaches through their customers and third parties (law enforcement, government agencies) instead of their own IT departments.

The obvious (and depressing) brick-and-mortar analogy?  A jewelry store owner puts a toy lock on the door, fails to install an alarm system, and then waits for a customer to say that the diamond ring she was interested in is not in its case anymore.

I’ll end this post with a link to the SANS Institute’s security controls, which were mentioned in the DBIR and which we also recommend as well. The Account Monitoring Control is a good starting point in any breach mitigation program.

The principle in account tracking and auditing is simple to state, but practically impossible to implement efficiently with standard techniques: monitor who is accessing file data and alert administrators as soon as unusual patterns of behavior are detected, likely indicating a breach-in-progress.

And by the way, I just happen to know of software that efficiently handles this problem.

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , | Permalink
Posted by david ricketts

Varonis Privacy and Trust Report

April 26, 2013

Even in an age of social media and voracious over-sharing, there are still times we need privacy online. When we engage in old-fashioned point-to-point communication, we expect the person or business at the other end to ensure that our interactions remain private. But it’s complicated.

In a new study conducted by Varonis, 91% of respondents say they trust businesses to keep their data safe despite a rise in breaches that now affects nine out of ten companies. In addition to expecting absolute security from service providers, the survey shows that 53% of consumers would be willing to pay a premium for organizations that reliably protect their data.

At the same time, consumer online habits have room for improvement. Though almost three out of four password protect their mobile phones, an alarmingly high 67% say they send unencrypted personal information in their emails.

Download the full report to learn how consumers deal with security and privacy challenges in their digital lives.

Download the Report

Enjoy, share, embed our infographic:

Varonis Privacy and Trust Report

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

Internal Data Loss is Riskier Than You Think

April 19, 2013

In an excellent blog post, Gartner research director Anton Chuvakin poses the question: is an Excel spreadsheet full of credit card numbers on a poorly permissioned internal file share considered a data breach?

Many information security pros and even some DLP vendors would answer “no” because the risk of data loss is implied, not actual.  But I think that is an overly optimistic stance.  To me, this is equivalent to saying, “I know there’s a hole in my roof, but it hasn’t rained in a month, so it’s only an implied risk.”

Anton astutely points out that, in every large organization, you can bet your mortgage on there being unauthorized access to your environment, facilitated by any number of factors including, but not limited to: subpar authentication, BYOD, infected endpoints, or an Active Directory that looks like a rats nest.

Chuvakin says:

 ”The phenomenon of “internally lost data” is way more pervasive than most people think. I’d bet if you think that it is pretty pervasive, then it is EVEN MORE pervasive. Confidential, regulated and “merely” sensitive data on “all access” internal file shares, SharePoint boxes, team web servers, internal blogs, etc is literally all over the place.”

We can confirm this phenomenon as it’s one of the main reasons organizations evaluate Varonis.  We’ve written extensively on the Everyone Problem.  Trust us, this is actual risk.  So what do we do about it?

The Sniff → Scan Approach

Dr. Chuvakin talks about how well the Sniff → Scan approach has worked for some organizations: sniff the network to see what’s leaking and then scan your storage environment to figure out where that data lives:

“[Organizations] first saw *it* on the wire, got mad – and then got curious: just where exactly is it stored internally? “Oh, in 537 different places!”  Next they fought the battle for reducing the internal exposure and then – surprise! – the occurrences of that piece of data being seen on the wire decreased as well…”

The trouble with most DLP solutions that help with data discovery is that, once the data of interest is found, you’re on your own.  There’s no operator’s manual for reducing the exposure in a safe, methodical way without doing collateral damage to the business.  Once you’ve pinpointed where leaky data lives, wouldn’t you love to know: Who can access it? Who’s using it? Who is responsible/is the data owner? How to reduce access down to a least privilege model without cutting off people who need the data to do their jobs?

The only way to answer these questions is to combine other metadata streams with the classification information.  If you’re in the information security space, you’ll start to hear the term Context-Aware Data Loss Prevention, if you haven’t already.  Analysts have begun putting a lot of weight on the ability to determine the context of data and its usage in order to make intelligent decisions about protecting it.

Anton concludes:

“So, if you got [sic] a DLP tool, plan for using its discovery capabilities. Hit those shares, SharePoints, team servers, intranet web sites, etc, etc.  And, yes, you need a process, not just a tool!”

For an in-depth look at the Varonis process for preventing internal data loss, check out ouroperational plan blog series (which starts with data classification).  And if you’re interested to see how the Varonis Data Governance Suite brings context to DLP, let us show you!

Also, have a look at Anton Chuvakin’s blogs here and here.  He’s one of the most entertaining and prolific writers on data protection.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , , | Permalink
Posted by david ricketts

Mobile ads GPS study: How far will you drive for a deal? (infographic)

April 17, 2013

We’ll drive 2.8 miles for a sandwich, but 7.1 miles for a great Italian restaurant. And while we may only go 3.6 miles for a coffee shop, we’ll easily go almost nine miles for just the right mall.

Nagivation services company Telenav knows a little bit about what people will drive for — and when it’s worth showing hyper-local ads to them.

Powering navigation apps like Scout for iPhone and running its own advertising team gives Telenav billions of monthly data points on ads and services that people will drive for. The company has summarized that data in a new report, unveiled today.

“Location is an extremely powerful tool for targeting mobile ads, but most advertisers are still applying a one-size-fits-all approach when it comes to location targeting,” Eli Portnoy, Scout Advertising GM said in a statement. “For example, I live in Los Angeles and it makes no sense to show me an ad for coffee in Pasadena because I will never drive the nine miles it would take me to get there. That would take me over an hour.”

One size especially doesn’t fit all when you look at different cities.

While shoppers in Dallas, Seattle, and California’s Bay Area routinely drive between 7-8.5 miles for shopping, New Yorkers and Chicagoans drive few than five. And in San Diego, car owners travel on 2.7 miles for gas, while Houston drivers almost need a top-up station on the way to the gas bar, driving 7.1 miles, on average, to fill ‘er up.

All of which data needs to inform your local marketing strategy.

Here’s all the information, in visual form:

hyper local marketing infographic
Read more at http://venturebeat.com/2013/04/16/mobile-ads-gps-study-how-far-will-you-drive-for-a-deal-infographic/#fOJHa7Ec1DVMKaq0.99

Leave a Comment » | Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Buyers of expensive IT security ask why they’re still insecure

April 15, 2013

We do a lot of work for IT security clients and the numbers they share with us about attacks and monetary losses numb the brain. The money spent by corporate America to maintain some semblance of protection and to fend off cyber attacks is astronomical. If you’re reading this, you know what we mean. Still, the attacks and the cost of defending yourself grow unabated. What’s going on here?

One of these clients who does big work for big brands told us recently that a perception of low return on their security dollar has created a growing, board-level frustration and alarm within these companies.  “They question the ROI on the hundreds of millions of dollars invested in IT defenses and they have every right to be pissed,” he said. Of course, our clients have a vested interest in encouraging the upgrade of aging defenses so easily overcome by wily, super-smart and well-financed cyber-criminals today.

Computer security is a multi-billion industry employing some of the most brilliant technologists in the world.  They labor relentlessly to stay a step ahead of the bad guys who, just like terrorists, only have to be successful once, while techno-sleuths and defenders must succeed 100% of the time.  Yet, even in the breaches that merit the bigget headlines, most of the time the crooks used ridiculously simple methods to break in.  In other words, many organizations are overlooking basic precautions even as their security systems grow more complex and expensive.  Just like street crime,  bad guys preyed on victims of opportunity.

Like muggers, Cyber-attackers scan for companies who may not be properly utilizing the defenses they have or whose passwords fail the tough-to-guess test. To us in the business of marketing some truly amazing preventive technology, this is an eye-opener.  Here’s hoping they can open more corporate-security eyes as well.  The chain around the company’s digital assets is only as strong as the weakest link. And the bad guys go straight to it.

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Data Retention in the Social Media Era

April 11, 2013

A variety of industry research analystshave indicated that 3 of the top 10 priorities for IT in 2013 will be initiatives focusing on BYOD, cloud computing and business analytics obtained via Social Media.  While these initiatives provide clear business benefits, they will challenge data retention and records management policies for most organizations.

BYOD, cloud computing and social media have a common thread – they all create data repositories that have been geared towards the non-IT consumer, where governance, management and retention have taken a backseat to ease of use.  With the introduction of these technologies into the enterprise, companies are obligated to develop backup, archiving, and classification strategies to ensure that relevant data is available in the event of litigation and a discovery request.

The Federal Rules of Civil Procedure state that the moment a company receives a legal hold request they must not dispose of data without having a clearly defined and demonstrable retention and disposal policy. These policies cannot be developed and implemented in the midst of litigation as an opposing  litigant could claim that destruction of data was intentional, resulting in damages and penalties awarded to the opposition.

In the article, eDiscovery Rules Applied to Social Media: What This Means in Practical Terms for Businesses, statistics show that the FRCP rules are being enforced— sanctions were ordered in 50% of the cases where sanctions were sought, with a few resulting in large monetary penalties. Needless to say, companies are compelled to comply.

While many companies have chosen the pack-rat approach – save and archive all of the data they manage, including customer data, personal data, etc., this approach is not practical due to everincreasing volumes of data, especially when considering the information generated by mobile devices and social media.

In the event that a company does need to develop a defined retention policy that takes these initiatives into account, their requirements should be part of a larger blueprint for securing their data, linking their retention strategies with governance and accessibility.  These 6 steps provide some basic guidelines:

  1.  Determine the age at which each type of data that has not been accessed would be considered stale – 1 year?  2 years? 5 years?
  2. Implement a solution that can identify where stale data is located based on actual usage (not just file timestamps)
  3. Automate the classification of data based on content, activity, accessibility, data sensitivity and data owner involvement
  4. Automatically archive or delete data that is meets your retention guidelines
  5. Automatically migrate data that is stale but contains sensitive information to a secure folder or archive with access limited to only those people who need to have access (e.g. the General Counsel)
  6. Make sure your solution can provide evidence (e.g. reports) of your defensible data retention and disposal policy

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

5 Steps to Get Data Owners Started : What to do with my data

April 8, 2013

During a recent conversation a customer asked if we had a Getting Started Guide for Data Owners. After using Varonis to identify and assign owners, one of the new data owners asked, “What am I supposed to do now? What do data owners do?”  In order to help him—and anyone else in this situation—I created 5 high-level steps business users can follow to get started as a data owner.

Step 1: Take inventory of your data and confirm ownership

One of the first things data owners should do is review the data for which they are responsible; IT should provide them a report listing all the folders, SharePoint sites, etc. that they own. Owners should carefully review this report and confirm with IT that they are, in fact, the correct owners of this data. It is also important that they understand which, if any, of these folders contain sensitive data, which folders are open to other groups in the organization, and which teams they expect to collaborating with.

Once they have reviewed their data assets, they will be able to start governing and protecting their data effectively. In addition, they should determine if other users will need to be involved in the authorization process (delegated “authorizers” for specific folders), and coordinate with them on how access requests will be processed.

Step 2: Review permissions/users with access

Once they’ve confirmed ownership and they understand the types of data contained in these folders, the next step would be to perform an initial Entitlement Review.  These can either be done manually with IT provided lists of people to review, or with automated solutions, like Varonis DatAdvantage and DataPrivilege.

During an initial entitlement review, data owners will review which users have access to which data and make decisions about which users should be removed or added. Solutions that provide automated entitlement reviews, like DataPrivilege, automate this task end to end, providing actionable information to data owners, (e.g. recommendations based on access activity and cluster analysis) and effect changes to the appropriate ACL’s and groups without IT intervention.

It is important that this step be carefully performed, whether manual or automated, as this will be the first step in cleaning up excess access and ensuring that only the right people have access to data.

Step 3: Ensure all requests are processed for the appropriate reasons

Once owners have performed their initial review, they should now be in “maintenance mode” and ongoing data ownership activities shouldn’t take much time– they’ll mostly need to approve/decline access requests as they come up, either with an automated solution (like DataPrivilege) or through a manual process. As a best practice, every access request should ask the requestor to enter a reason for requesting access, either selected from a menu of legitimate reasons, or manually entered.

Data owners should consider access requests carefully, especially when the data they’re managing is sensitive:

  • What data are they requesting access to?
  • If I grant access, is there anything in that folder that they should treat as confidential?
  • Should access be granted permanently, or temporarily?
  • If access should be granted temporarily, how will we remember to revoke it? (Manual process or with automation like DataPrivilege)

Step 4: Do periodic entitlement reviews

On a regular basis—once a quarter, every 6 months, etc.—IT should require owners to complete an attestation, or entitlement review. This will ensure data owners review any changes or new recommendations made since their last review and ensure that organizational changes have not granted unwarranted access. Owners should have the option to specify where access should be restricted or stay the same, and a record of their decisions should be kept. Entitlement reviews help organizations efficiently maintain a least privilege model.

Step 5: Review access statistics on your data

If available, data owners should have the ability to access a dashboard which includes permissions and access activity relevant to their data, as with DataPrivilege’s Self-Service Portal. Data owners can make better decisions if they are able to see who is accessing their data, which folders are most accessed, least accessed, or stale, and who is accessing folders that hold sensitive data.

Conclusion

While there are a lot more details on data ownership, we hope this list provides a starting point for Data Owners on how to govern their data effectively. For more information you can visit our collection of blogs on data ownership or download our whitepapers from our resource center.

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , , , , , | Permalink
Posted by david ricketts

Watch Google Show Off 4 Glass Apps

April 5, 2013

Leave a Comment » | Marketing, Retail IT Solutions | Tagged: , , , | Permalink
Posted by david ricketts

IT Concerns About Targeted Malware Rising

April 4, 2013

When it comes to servers, IT and security professionals’ concerns about targeted malware and data breaches are escalating while their confidence in their ability to identify and stop advanced threats is on the decline, according to a new survey by security firm Bit9.

“Targeted malware was the top security concern for the second year in a row,” says Ilana Goddess, product marketing manager for Bit9, noting that 52.4 percent of survey respondents (up 15 percent from a year ago), cite targeted malware as their primary concern.

“The whole thing with targeted malware is that targeted threats are aimed at you,” says Goddess. “They are the most difficult to defend against because it’s like a virus that only affects you. And the attackers are not stopping. They’ll persist until they get in whether it takes months or years. Antivirus isn’t going to work because people haven’t seen the signatures before.”

In November and December of 2012, Bit9 polled 966 IT and security professionals worldwide for its second annual Server Security Survey. Most respondents (58 percent) administered up to 50 servers; 29 percent administered 100 to 500 servers; and 13 percent administered, on average, 2,000 servers. About one-half (51 percent) said they are running Windows as their primary platform (i.e., Windows comprises more than 75 percent of total servers); 12 percent said they are running Linux as their primary platform (up 13 percent from last year); 2 percent said they run Unix as their primary platform.

One-Quarter of Firms Have Been Victims of Targeted Malware

Goddess notes that it comes as no surprise that respondents again identified targeted malware and data breaches as a top server security concern, given the proliferation of such attacks in 2012. Attacks like Flame, Gauss, mini-Flame and the Flashback Trojan garnered significant media attention last year. Twenty-five percent of Bit9′s respondents say they had been the victims of advanced malware (up 8 percent since 2012), while 18 percent said they didn’t know whether they had been attacked (according to the F.B.I., two-thirds of breaches are detected by a third party). And according to security firm Mandiant, attackers have, on average, been in place for 416 days prior to detection.

At the same time, server data has become much more vulnerable to attack. Verizon’s 2012 Data Breach Investigations report found that 94 percent of all data compromised in 2012 involved servers (an increase of 18 percent from 2011). Goddess says IT and security professionals are losing confidence in their ability to identify and thwart these advanced threats: Only 18 percent of respondents said they were very confident in their ability to stop advanced malware; 59 percent said they were somewhat confident, 20 percent said they were not confident (up from 10 percent in 2011) and 4 percent said they were unsure.

Security Pros Mistakenly Believe Virtual Servers Are More Secure

In addition to an increase in the use of Linux as the primary server platform, companies are increasingly going virtual. One-third of survey respondents say that more than 50 percent of their servers are virtual. Also, half of the respondents said they had deployed virtual desktops, are in the process of rolling them out or have plans to do so.

Goddess says many IT and security professionals believe that their virtual servers are more secure than their physical servers, despite a 2012 Gartner study that found 60 percent of virtualized servers were less secure than the physical servers they replaced.

“People think their virtual servers are more secure than their physical servers, but that’s just not the case,” Goddess says. “They’re really the same vulnerabilities that you find elsewhere in physical servers, but somehow they think of virtual servers as not being as much on the frontline.”

For instance, she says, many professionals think the frequent re-imaging of virtual servers protects them from advanced threats. However, she notes, these threats frequently get in and do their damage within 15 minutes, moving on to other areas quickly.

In fact, when asked to rank types of servers according to the risk they represent, only 6 percent of respondents considered virtual servers to be high risk. Most respondents (66 percent) felt Web servers were the most high risk; 38 percent felt file servers were high risk; 34 percent pointed to email servers; 26 percent cited domain controllers; 14 percent labeled application servers high risk; and 11 percent ranked databases as high risk.

Goddess says that may indicate that IT and security professionals are looking in the wrong direction. After all, the most valuable enterprise information is found on file servers (e.g., intellectual property), databases (e.g., customer information) and especially domain controllers (e.g., passwords, administrative rights).

IT and security professionals are also concerned about the administrative effort required by security solutions. When asked to rank their top concerns about server security, nearly 12 percent cited “too much administrative effort on security solution” as a top concern, ranking it even higher than an actual attack.

“These results highlight the need for greater control in identifying and stopping advanced attacks on valuable server resources-before they execute-while decreasing the security-related administrative workloads of IT and security professionals,” said Brian Hazzard, vice president of product management for Bit9. “The key to securing enterprise servers-both physical and virtual-is to allow only trusted software to execute and prevent all other files from running.”

via IT Concerns About Targeted Malware Rising – Network World.

Leave a Comment » | Application Hosting, Managed Service Hosting, Retail IT Solutions, Tier 4 Hosting | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

« Previous Entries
Next Entries »
Follow

Get every new post delivered to your Inbox.

Join 746 other followers