Best Practice Guide to Reducing Your Cost of Compliance

No matter how you look at it, compliance isn’t cheap. As IT organizations grapple with the cascade of new regulations, security standards, laws and mandates that seem to come out almost monthly, they’re placed in a seemingly impossible situation. Governing bodies offer little flexibility in compliance, which, according to Ernst & Young, has increased the cost of IT security moderately to significantly over the course of 2009 for more than half of organizations. At the same time, many organizations are still asked by business executives to maintain flat or even declining budgets to adjust to economic pressures while meeting compliance objectives.

The very smartest organizations understand that even though compliance spending is a must in the modern budget, those dollars needn’t come at the expense of other critical IT spending priorities. By following several common sense best practices and employing the right automated tools, best-inclass organizations are able to reduce compliance overhead and maximize the dollars they do spend in such a way that they not only fulfill compliance demands but also offer meaningful security improvements.

Download Whitepaper

SSH Tectia MobileID is a strong two-factor authentication service that utilizes the most readily available authentication device, the end user’s existing mobile phone, to provide higher security and ease of use for user authentication to various enterprise services.

SSH Tectia MobileID enables organizations to activate new partners, users, or ad-hoc accounts within minutes instead of days, and removes the costs of distributing, maintaining, and replacing additional hardware such as security tokens or other devices. Two-factor authentication increases security by requiring something that the user knows (user name and password), and something that the user has (e.g. the mobile phone).

The SSH Tectia MobileID authentication platform introduces a new level of flexibility, usability and security for enterprise user authentication. It enables secure access to critical business resources, without changing business processes or requiring the user to learn or install new hardware or software. The combination of high security, high usability, and low cost of maintenance lead to improved operational efficiency and lower costs.

SSH Tectia MobileID enables strong authentication for multiple enterprise services, including file transfer portals, intranet applications, business information systems, or cloud services. In addition to mobile phone based authentication, it can also be used with other authentication solutions, such as hardware tokens, reusable SMStickets, or printable lists of one-time passwords. Its fast deployment and flexible management capabilities make SSH Tectia MobileID a powerful secure access component for SaaS (Software as a Service) and cloud services.

Read full article

Despite the hostile environment for IT spending in 2009, Lumeta's revenue grew 28% year over year and its bookings increased 128%, according to the company. It capped the year off with an enterprise-wide license from the US Department of Defense. The company's goals for 2010 include doubling the number of clients, becoming profitable and launching new separately saleable modules that run on IPsonar, its core discovery product. Perhaps the most interesting possible deployment of IPsonar now is 'leak discovery,' where unauthorized connectivity between discovered networks can be detected in real time in order to prevent security breaches.

Lumeta was spun off from Bell Labs in 1998 along with some patented techniques for mapping the nodes of the Internet. It has raised an undisclosed amount of funding from several VC firms, including Draper Fisher Jurvetson, Draper Fisher Jurvetson Gotham Ventures, New Venture Partners, RBC Technology Ventures and Wachovia Strategic Ventures.

Given its roots in the narrow, not-too-obviously-in-demand realm of mapping the Internet, Lumeta has expanded the role of discovery in uncommon directions. Network discovery now means discovering unknown as well as known networks and identifying the perimeter of those networks. An obvious focus area is to host discovery, which includes discovering the entire connected IP address space, rather than just network devices. Finally, IPsonar can perform device fingerprinting, identifying device attributes for both network and host devices.

Lumeta has always had strong relationships with the DoD, but its recent contract with the agency may well assure the survival of the company for years if it chooses to remain independent. Each DoD network will install IPsonar in order to discover leaks where sensitive information could be lost.

Competition

The large management platform vendors – Hewlett-Packard, IBM, BMC and CA Inc – perform discovery, but often not to the depth and granularity of IPsonar. The less costly network management tools from SolarWinds, Ipswitch and Quest Software (via the acquired PacketTrap Networks) generally have fewer features than the platforms from HP, IBM, BMC and CA. The open source Nmap project offers downloads running on most types of Linux, Unix and Windows.