Be cloudy and secure...

Security


Top Stories

Twittergate is (thankfully) behind us but it’s almost assuredly going to be the case that we’ll be rehashing this one for a while. This certainly isn’t the first time Twitter and security issues have clashed, and as in the past Twitter (and really any very public application in a similar situation) is the clear loser. And of course there comes the unsolicited advice offered regarding what Twitter needs to do to address its security issues. I am, of course, ignoring the fact that it wasn’t really even Twitter’s security that was breached and thus led to the offering of said advice. But let’s just pretend for a moment that Twitter still has security problems based on other, documented breaches in its security. You know, just like you and the 94% of other organizations out there that indicated they’ve experienced a breach in security in the last 6 months which goes a... (more)

File Virtualization and Security

Security at Cloud Expo After George Crump and I played ping-blog - His Storage Switzerland Blog, my blog mentioning it, and his InformationWeek blog, I went to post a comment on his blog and didn’t feel like giving InformationWeek my entire family history just to do so… So I give you “the comment blog!” One of the key things that I find to be a side benefit of File Virtualization is file/directory level security and centralization of security management. I personally wouldn’t buy for this reason alone, but I know others, particularly some of my security friends, who would (and a... (more)

Eliminating the Blind Spot in Your Data Center Security Strategy

Pop Quiz: In recent weeks, which of the following attack vectors have been successfully used to breach major corporation security? (choose all that apply) Phishing          Parameter tampering           SQL Injection           DDoS           SlowLoris           Data leakage If you selected them all, give yourself a cookie because you’re absolutely right. All six of these attacks have successfully been used recently, resulting in breaches across the globe: International Monetary Fund US Government – Senate CIA Citibank Malaysian Government Sony Brazilian governmentand Petrobras... (more)

In Search of a Russian Winter of Information Systems Security

Bob Gourley recently wrote about the dangers of a Maginot Line approach to network security in “The Maginot Line of Information Systems Security“, based on of the paper by Dr. Rick Forno. In the Second World War, the French relied on the Maginot Line, a string of fortifications along the German border, to repel invaders. Feeling secure behind fortified walls, they missed the developments in technology and tactics that allowed the Germans to simply bypass the Line to be well within France in just 5 days. To many cyber security experts, the Maginot Line represents the wrong approa... (more)

Vormetric Data Security for Cloud and Big Data

Cloud and Big Data present unique dilemmas: embracing the benefits of these new technologies while maintaining the security of your organization's assets. When an outside party owns, controls and manages your infrastructure and computational resources, how can you be assured that sensitive data remains private and secure? How do you best protect data in mixed use cloud and Big Data infrastructure sets? Can you still satisfy the full range of reporting, compliance and regulatory requirements? Download Slide Deck ▸ Here In his session at 5th Big Data Expo, Sol Cates, CSO at Vorme... (more)

Altor VF 2.0 Provides Defense-in-Depth Security to Virtualized Environments

Altor Networks, creator of the first purpose-built virtual firewall, today announced the availability of the Altor VF 2.0 virtual firewall which now provides additional defense-in-depth security to virtualized environments as well as tighter integration with VMware and a new customer-driven advanced reporting module.  "There are considerable security implications of virtualizing a physical environment," said Brett Waldman, IDC Research Analyst. "Security solutions today are trained to monitor traffic between servers, not within one, thus virtual infrastructures can create blind... (more)