Patent Trolls: Stay under your bridges

/

In case you didn’t know, a patent troll is a company that licenses patents without actually producing any products of their own. They will typically buy up patents and wait until unsuspecting companies infringe on their broad patent portfolio. Recently, a Delaware-based company named Innovatio IP Ventures has been doing exactly that and taking on small companies that offer free WiFi service to their patrons. Innovatio has demanded that small businesses such as coffee shops and restaurants provide a one-time licensing payment for the ability to provide their customers with free WiFi services. These settlements typically cost anywhere from $2300 to $5000 and are significantly cheaper than how much it would cost to hire a lawyer and fight the lawsuit. As a result, most businesses are happy to just settle because who really wants to go through the trouble and astronomical legal costs for such a small licensing fee. A good summary of the situation was written by Gregory Thomas on The Patent Examiner website. Innovatio claims they will not be targeting individual residential homes however there does not appear to be much stopping them at the moment.

Patent Trolls are not just costing small to medium sized businesses time and money. They are seriously harming technical innovation. A recent study from Boston University researchers have concluded that patent trolls have cost innovators half a trillion dollars since 1990. In the past four years the costs have risen to 83 billion per year. This doesn’t even count the massive legal battles between the major tech giants such as Apple and Microsoft. The patent system is supposed to be helping to provide incentives to be creative and stimulate innovation but the flurry of patent lawsuits are arguably hurting innovation. You cannot tap the full potential of your creativity when you are worried about some suit wearing trolls emerging from under their bridges to take you to court.

I recommend reading the study from Boston University as it provides some interesting insight into the current state of these frivolous patent lawsuits. I personally hope that these issues can be addressed from a legislation standpoint and be fixed to provide businesses with a little breathing room to be as creative as they want without fear of taking on legal trolls.

Steve S.

What are your thoughts on the effects of the patent system on innovation? Leave a comment if you have anything you'd like to add to the conversation.

(ISC)² Security Congress 2011

/

The congress was held Sept 19-22 at the Orange Country Convention Center in Orlando. This was (ISC)²’s first annual Security Congress, hopefully not the last! It was co-located with the ASIS International’s 57th annual seminar and exhibits, a move that recognizes the convergence of physical and information security.

After attending this congress, I realized how big the physical security world is. To give you the numbers, there were 280 attendees from (ISC)² versus 20,000 from ASIS, and enough exhibitors for this crowd to visit: 700.

There were 3 hour-long educational sessions per day, with about 25 topics to choose from for each session.

What were they talking about?

The 3 topics that was heard and discussed and debated on in almost every session (among the 10 or so (ISC)² sessions that I attended) were:

  1. Cloud Security
  2. Mobile Device Security
  3. Social Media

The trend and the focus for the information security industry in the next couple of years will be on addressing the above 3 topics with policies, regulations, products, and services. Below I’ll expand a little bit on why each area is attractive, and what are the security risks. 

1. Cloud Security

Why cloud? - Flexibility and scalability, cost savings, availability and disaster recovery

Threats? - Data loss/leakage, abuse of cloud, account/service hijacking, shared technology

What to do? - Like any other technology, cloud has risks associated with its benefits. All the classic principals of information security should be applied to it, having it in mind from the design/architecture phase. Have an incident response plan. Consider private/community/public/hybrid cloud options. 

2. Mobile Device Security

Why mobile devices? - Business rewards (response time, availability, flexibility), employee experience (ubiquitous mobile devices, employee owned), executive adoption

Threats? - Data loss/leakage, employee privacy concerns, compromise of corporate network from mobile device

What to do? - Look into device ownership (= liability) issues, have a corporate and a personal mobile device use policy, provide training to go along with that policy, harden mobile devices 

3. Social Media

Why social media? - It’s ubiquitous and unavoidable, it is the basis for Web 2.0, it has great potential to be used as a marketing and customer communication tool for the enterprise

Threats? - Faster spread of malware through the ‘trust’ factor, phishing attacks, worms, shortened URL’s, Evil Twin attack, session hijacking, identity theft, all leading to information leak and corporate liability issues

What to do? - Social media use policy (AUP), education and awareness, use of content filtering and DLP products to control traffic to and from social media sites

Some interesting notes:

  • Security is not about security, it’s about risk management
  • What is the perimeter of your network? It’s the end user!
  • A smartphone on your network should not be treated ANY differently from any other computer on your network
  • 1 out of 5 tweets names a product brand
  • Facebook mobile users are 50% more active than other users of the site
  • Sources of social media risk include: clients, employees, vendors, competitors, activists, and cyber criminals

Some interesting links:

Some interesting speakers:

  • Jeb Bush, Former Governor of Florida
  • Vicente Fox, former president of Mexico
  • Burt Rutan, designer of SpaceShipOne
  • Janet Napolitano, US DHS Secretary
  • Winn Schwartau, celebrity and power thinker on security/privacy/infowar/cyber-terrorism
  • Charlie Blanchard, Manager of Security & Privacy Services, Deloitte & Touche LLP
  • Simon Hunt, VP and CTO, Endpoint Security, McAfee
  • Shayne Bates, Director Security Cloud Strategy, Microsoft Global Security
  • James Hewitt, Director of Security Governance, CGI Federal

Vahid A.

 

Farewell, Steve - Consider the Universe Dented

/

Standing in a check-out line at the grocery store; that is where I was when I heard the news that Steve Jobs had passed away, and I doubt this is something that I will ever forget.

I will not say very much, as I do not believe I have the right words to describe what an incredible dent Steve has put in our universe. Look around and you can see it for yourself. Instead, I will simply leave you with Steve’s 2005 Stanford Commencement Address, and challenge you to try to bring the same level of passion, vision, and innovation to your personal and work lives.

“The only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do. If you haven’t found it yet, keep looking.” – Steve Jobs

Farewell, Steve. For many people, the search for “it” still continues, but your life has been a roadmap to what to do when you find it.

Dan C.

Customer Maintenance/Support - Worth the $ or Not?

/

Question: Maintenance, is it worth the money we need to pay every year?

Answer: Yes, unless you want to stale date your technology to the date of purchase.

Maintenance renewals can seem costly but are necessary to reap the rewards of the ever changing and adapting technologies. Manufacturers use this annual income to support R&D of their solution and continue to provide you with the best technology of that moment.

Think of it like your car or home insurance, you might not need it on a daily basis but when you do, it is available and there for you.

Renewing your maintenance should be easy, consistent, accurate and on time. Here are some of my processes that help me to assist our customers.

  1. Prepare renewals 2 – 3 months before expiry: This allows our customers time to process and provide a Purchase Order prior to expiry
  2. Co-Term expiry dates:  I work closely with our sales team, manufacturers/vendors and distributors to coordinate renewal end dates that best suit our client’s needs. Whether it’s annual, semi-annual or whenever the customer’s budget dictates.
  3. Always work with the customer’s requirements in mind, not the manufacturer

Renew your maintenance and keep your assets up to date with technology. If you do not receive updates, patches, access to upgrades, or access to added functionality, you may no longer be receiving the level of protection required for your environment.

Call us today, I will show you how easy it can be to renew.

Kathy H.

 

Designing by Dollars in a Wireless World

/

I’ve said it before and I’ll say it again, the worst thing that can happen to the wireless industry is commoditization. Specifically, when I say commoditization, I am referring to the thinking that all WLANs are the same so we should just put out an RFQ and go with the lowest offer. Or, even worse, the quality of the WLAN can be determined by the price tag so we should just buy the most expensive solution we can afford. I’ve seen this happening more and more in the information security industry and I refuse to let it happen to the wireless industry without a fight. After all, look at all the good that commoditization has done for the state of security today.

Take a look at any industry and you will see examples of good products and bad products, feature-rich solutions and feature-poor solutions, feature-focused and unfocused solutions. There will always be a broad spectrum of craftsmanship to choose from but that doesn’t mean you can predict how well the solution will perform just by looking at the price tag. For example, give me a brand new Steinway & Sons Concert Grand Model D and I will play you a horrible rendition of Three Blind Mice. Take that same piano and give it to someone like Nora Jones and she’d play something that is much more worthy of such a fine instrument. When it comes to music, you can’t buy talent. Either you can play the piano well or you can’t and no amount of money is going to fix that.

The same holds true for WLANs. Either you, or your consultant, can design a WLAN properly or not. Give a skilled WLAN professional a low-cost WLAN solution and he/she will still be able to give you a functional and somewhat efficient WLAN. Conversely, give the top-line WLAN solution to an unskilled person and they will give you the type of WLAN disaster that will be used as a cautionary tale to others for years to come. How is this possible? The answer is quite simple, really. I’ve broken it down into three parts below:

  1. A skilled WLAN professional has a deep understand of the underlying technology. Instead of just learning which checkboxes to select, a WLAN professional makes a point of knowing what happens under-the-hood when any given checkbox is selected.
  2. A skilled WLAN professional probably has more experience deploying WLAN solutions. Remember the old saying: Practice makes perfect.
  3. Lastly, and this is probably the most important reason, a skilled WLAN professional designs a WLAN with the intention of fulfilling specific business needs instead of just to implement the latest and greatest technology. Start a WLAN deployment by focusing on why it is being deployed instead of on what is being deployed and your chances of a successful deployment will increase dramatically.

We owe it to ourselves not to let commoditization get the best of our wireless networks. Maybe you have the budget for the Concert Grand Model D of WLANs and maybe you don’t. Focus on your business needs and you may find that a regular run-of-the-mill up-right piano is all you really needed to make beautiful music.

Dan C. @simplywifi

Are you currently stuck in the piano store staring, wide-eyed at all of the choices? You’re not alone. Leave a comment or send us a message and we would be happy to discuss your business needs and get you started down the road to wireless success.