InformationWeek: The Business Value of Technology

Web applications are fraught with risk, but for most companies, not having them is not an option. They’re just too important to customers and to the business. In this Dark Reading report, we recommend some best practices for balancing the needs of the business with security requirements. It doesn’t take special certification or a million dollars, but it does take ­planning, time, and a smart combination of tools and best practices.

Malware costs us billions of dollars every year, and the problem shows no sign of abating. Crafting new strains is big business, and makers of standard protection suites are outgunned. So now what? This report, the companion to our online comparison, ­explains the key factors to consider when ­shopping for advanced gateway-based anti-malware systems.

The full vendor responses to our Gateway Anti-Malware Buyer's Guide.

Don’t let anyone tell you that implementing a DLP system is easy. It takes time, patience and diplomacy to ensure that technical requirements, security policy and business needs are balanced. In this Dark Reading report, we recommend the 10 steps that must be taken to keep company data safe — and business managers and users happy and productive.

There is nothing in the enterprise that warrants protection more than data, but security pros all too often focus more on perimeter security. This may be because it can be more challenging to ­secure data, but once data is locked down, any compromises to the networks and servers that transport and house it almost don’t matter. In this Dark Reading report we recommend several ways that security pros can effectively ensure that data is kept from prying eyes.  

The complexity of managing mobile devices should get easier going forward, but that’s not the case right now. As traditional laptop PCs continue to die a slow death, most IT departments will be forced to alter the way they ­approach client management. Despite the growing popularity and acceptance of the bring-your-own-device — or BYOD — movement, there are a number of things working against IT. Fortunately, there are also a number of tools, some of them free, that security professionals can use along with strong policy and best practices to close the enterprise mobile security gap.

They are out to get you, make no mistake. But there are things you can do to make sure that your organization is unappealing to a cybercriminal bent on finding easy pickings. The key is to understand what cybercriminals are looking for and how they go about the business of infiltrating vulnerable systems and networks.

A managed security service provider should lift at least some cost and ­resource burden from the IT department’s shoulders. But what if it ­doesn’t? What if you aren’t any more secure after entering into a contract with an MSSP? And how do you even know if it’s doing everything it promised? There is an art to managing the MSSP relationship after the ­initial deal is done. In this report, Dark Reading provides recommendations for testing the mettle of MSSPs and for dealing with providers if their ­performance isn’t up to snuff.

If there’s one thing that’s true about security, it’s that an organization can never be completely secure. The trick is to determine what’s most valuable to your organization, and how big the threats to those assets really are. That’s putting risk-based management simply, but it doesn’t have to be complicated. In this report we provide some perspective around risk-based security, as well as recommend some best practices for developing and effectively implementing a program.

SMBs have saved big buying complex software on a subscription model. Here's how to determine if infrastructure services can pay off, too.