By Chuck McEwen and Stan Oien

Government agencies operate some of the largest networks in the country, and managing and protecting the data these networks support is a critical and ever-evolving process. As agencies continue to add servers and storage to accommodate a growing number of applications, data and files, many are finding that more is not necessarily better. Although the new servers provide vast space and computing power, the introduction of new servers to an already large system can cause a variety of problems, including high operational and IT costs, hard-to-find data and inefficient use of resources. As a result, server consolidation and virtualization is becoming the next rage.

Virtualization allows a server to run different operating systems and applications on the same physical system. Today a fairly well-known technology approach, virtualization allows a single host computer to emulate several virtual computers, each of which has a self-contained operating system. Additionally, virtualization helps the system run more smoothly and as a unit so if one virtual system fails, another can take over instantly and perform the same tasks.

Sure, Skype truly is a technical marvel. Nine million users can’t be wrong. Voice quality is reasonable to very good and you can’t beat the cost; it is free when calling from any Skype-enabled PC to another Skype-enabled PC. Further, calling a landline phone from a Skype-enabled PC is reasonably priced--even when considering international calls.

Clearly, the widespread adoption, quality, and price of Skype calls is changing telephony communications, as we (and the Telco’s) know it today.

Using Skype in the Enterprise — Opening Pandora’s Box

Still, there are several inherent security risks to permitting the use of Skype within an enterprise environment:

By Allan Peters

Most business enterprises are well aware of the need to protect their production computers from unauthorized access. Data security procedures are now routinely required by governmental regulation, such as Sarbanes-Oxley or HIPAA, or by industry self-regulation, such as through the PCI Security Standards Council. Even with such requirements, reports of data breaches are regularly reported in the press, exposing businesses to fallout ranging from unwanted media attention as the most basic response to potential legal exposure and costs as the most severe.

While the industry has moved to deal with the most egregious aspects of data theft, many computer systems still remain vulnerable to attack at some level. But there is yet another tier of computer data that remains practically untouched and unprotected by today’s new data security procedures – non-production systems used for in-house development, testing and training purposes. These “open” systems leave a large hole in the security practices at companies of all sizes and locations across the globe.

The scope of threats to information technology (IT) infrastructure continues to expand, ranging from external threats such as viruses, worms, hackers, and spyware; to internal threats from employees within the organization. Combined with key technology trends such as the increasing pervasiveness of remote access for mobile employees and the implementation of wireless networks, IT departments continue to struggle in the ongoing battle to secure communications, data and networks.

In increasing numbers, organizations are implementing a multi-layered approach to security that leverages new technologies. But an increased reliance on technology alone is not the cure-all to secure the perimeter of corporate networks. There is a strong need for specialized training and certification for IT and security personnel; as well as security awareness training for all corporate employees, from the clerk in the mail room to the CEO in the corner office.

By Marissa Waddell and Derek Finch

While smart card identification has been helping companies enhance the physical security of their data centers for many years, they are now beginning to also be used in conjunction with KVM (Keyboard, Video & Mouse) switch-based access solutions to manage the security of the logical realm of the data center -- the software and application systems on servers. KVM system users -- in a data center, network operating center, lab or any facility -- that rely on a KVM system for efficient server management and data center operations can benefit greatly by adding smart-card authentication.

A physical security system that incorporates smart cards is straightforward to implement; however, logical security using Public Key Infrastructure (PKI)-based authentication requires a different set of implementation consideration. While smart card readers themselves are inexpensive, one-to-one mapping of card readers to server hardware abrogates much of the efficiencies in a high-density server environment with few user touch-points.

By Gregg Davis

It is no surprise that email provides the communications foundation for companies of virtually all sizes across nearly all industries. In fact, email is now mission-critical; without it, organizations struggle to meet corporate objectives and lose what has become a fundamental tool for doing business in the digital age.

Yet, email use is not without its challenges. As more business information is exchanged and stored via email, and government and industry regulations directed at such communications increase, organizations must find a way to comply with strict requirements without impacting user productivity, overburdening IT, or exceeding tight budgets.

Webcor Builders found the answer to such challenges in an intelligence email archiving and e-discovery solution. With it, the company has saved thousands of dollars in both manpower and IT infrastructure while meeting regulatory and legal demands.