(Mike Bantick, ITWire) Security firm Sophos has recently produced its 2010 mid-year Security Threat Report, and whilst many things remain the same, there are plenty of new security vectors for the connected among us to deal with.

If there is one thing that is clear from the latest Sophos mid-year security threat report, it is that traditional attacks on private data are still prevalent.  Perhaps the vectors are shifting but figures show Spam, Phishing and Malware are still a major source of worry for security personnel world-wide.

The Security Threat Report shows that the traditional security attacks are migrating to social networks such as Facebook and Twitter.  Since April 2009, moving into 2010 reported Spam attacks reported from social networks increased from 33.4% to 57%, Phishing from 21% to 30% and Malware from 21.2% to 36%.  It is clear that criminal activity is moving into the online worlds increasingly populated by everyday Internet users.

(Chad Perrin, TechRepublic) Email security is about a lot more than just using a good password on your POP or IMAP server. Perhaps the most important part of email security is ensuring you don’t shoot yourself in the foot.

These tips focus on the ways users break their own security rather than on protecting against the predations of malicious security crackers. Security can be violated through careless acts more easily than by outside forces.
1. Turn off automated addressing features
2. Use BCC when sending to multiple recipients
3. Save emails only in a safe place
4. Use private accounts for private emails
5. Double-check the recipient, every time — especially on mailing lists

(M.E.Kabay, NetworkWorld) The recently-released free Sophos booklet, "10 myths of safe web browsing", is a simple, short summary of some basic Web safety information that can serve our purposes in raising security consciousness and involvement.

Each of the following myths is discussed in a short paragraph:
- Myth No.1: The Web is safe because I've never been infected by malware
- Myth No.2: My users aren't wasting time surfing inappropriate content
- Myth No.3: We control Web usage and our users can't get around our policy
[...]
This booklet would make a perfect subject for a brown-bag lunchtime discussion among the IT staff; it could be used as the basis for a user-education session to spark discussion of the issues.

Read more by following the full article link.

(David Heath, ITWire) You'd think that a virtualized environment would be a safe way to encapsulate a server, but that appears to be far from the truth. Earlier this year, Gartner released its own research  into the security of virtualized environments.  The results weren't pretty.  Gartner estimated that by 2012, 60% of virtual servers will be less secure that the physical servers they replace, although this is expected to drop to 30% by the end of 2015.

The Gartner report identified six major categories of risk:
- Information security isn't initially involved in the virtualization projects
- A compromise of the virtualization layer could result in the compromise of all hosted workloads
- The lack of visibility and controls on internal virtual networks created for VM-to-VM communications blinds existing security policy enforcement mechanisms
- Workloads of different trust levels are consolidated onto a single physical server without sufficient separation
- Adequate controls on administrative access to the hypervisor/VMM layer and to administrative tools are lacking
- There is a potential loss of separation of duties for network and security controls

"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."  However, according to a BeyondTrust spokesman, "that hasn't stopped 90% of virtualized data centers from putting their most sensitive data on virtualized servers."

(Maxwell Cooter, CIO) The battle for email cloud is set to heat up as enterprises start to rethink their email strategies, that's according to Forrester chief analyst, Ted Schadler.

In a new Forrester report, Four Giants Compete For Your Cloud Email Business, Schadler explains how the advent of cloud services is going to shake up enterprises' spending on email.

Email is going to the first large-scale cloud application wrote Schadler. "The reasons are simple: Email in the cloud is cheaper; it will evolve faster; and it is a commodity application that an email provider can run." Not only that, it's a great test bed to master the issues of cloud computing providers. And we're not talking about being a little cheaper either. Cloud-based email is going to be a lot cheaper "unless you're a 50,000-person company with a highly centralised email platform or you run hardware and software until it's old and crusty and a decade behind the times." Schadler wrote.

But when it comes to deciding which company is going to dominate the market, the issue is not so clear cut. With four major companies offering similarly priced services, the differentiators are going to be the level of integration that they offer.