The lead topic of every information technology (IT) conversation today is
cloud computing. The key point within each of those conversations is
inevitably cloud computing security. Although this trend is understandable,
the sad part is that these conversations will tend to focus on all the
standard security pros, cons and requirements. While protecting data from
corruption, loss, unauthorized access, etc. are all still required
characteristics of any IT infrastructure, cloud computing changes the game in
a much more profound way.
Until now, IT security has been akin to early 20th century warfare. After
surveying and carefully cataloging all possible threats, the line of business
(LOB) manager and IT professional would debate and eventually settle on
appropriate and proportional risk mitigation strategies. The resulting IT
security infrastructures and procedures t... (more)
Pop Quiz: In recent weeks, which of the following attack vectors have been
successfully used to breach major corporation security? (choose all that
Phishing Parameter tampering SQL
SlowLoris Data leakage
If you selected them all, give yourself a cookie because you’re absolutely
right. All six of these attacks have successfully been used recently,
resulting in breaches across the globe:
International Monetary Fund US Government – Senate CIA Citibank Malaysian
Government Sony Brazilian governmentand Petrobraslatest LulzSecvictims
That’s no surprise; attacks are ongoing, constantly. They are relentless.
Many of them are mass attacks with no specific target in mind, others are
more subtle, planned and designed to do serious damage to the victim.
Regardless, these breaches all have one thing in commo... (more)
Integration is the Enemy of Security and so is Flexibility - an attribute
that is essential for organizations to survive.
A corporation that cannot service its customers and suppliers, establish long
sticky relationships with them and build an infrastruture that enables rapid
addition of both suppliers, buyers and partners for information exchange will
perish and get demolished by a nimble and flexible competitor whose
infrastructure has integration capabilities for rapid information exchange.
Mike Vizard from CTOEdge talks about the business drivers that compel
companies to integrate yet face security challenges that hamper integration
efforts: Reducing the Complexity of Application Security
Here's a snippet from Mike's article:
"As business-to-business interactions over the Web become more pervasive, so
too does the complexity associated with securing those transact... (more)
Most enterprises lack three essential ingredients to ensure that sensitive
information stored in via cloud computing hosts remains secure: procedures,
policies and tools. So says a joint survey called “Information Governance
in the Cloud: A Study of IT Practitioners” from Symantec Corp. and Ponemon
“Cloud computing holds a great deal of promise as a tool for providing many
essential business services, but our study reveals a disturbing lack of
concern for the security of sensitive corporate and personal information as
companies rush to join in on the trend,” said Dr. Larry Ponemon, chairman
and founder of the Ponemon Institute.
Where is cloud security training?
Despite the ongoing clamor about cloud security and the anticipated growth of
cloud computing, a meager 27 percent of those surveyed said their
organizations have developed procedures for approving c... (more)
As a vendor of security products, I see a lot of Requests for Proposal
(RFPs). More often than not these consist of an Excel spreadsheet with
dozens—sometimes even hundreds—of questions ranging from how our products
address business concerns to security minutia that only a high-geek can
understand. RFPs are a lot of work for any vendor to respond to, but they are
an important part of the selling process and we always take them seriously.
RFPs are also a tremendous amount of work for the customer to prepare, so
it’s not surprising that they vary greatly in sophistication.
I’ve always thought it would be nice if the SOA gateway space had a
standardized set of basic questions that focused vendors and customers on the
things that matter most in Governance, Risk and Compliance (GRC). In the
cloud space, such a framework now exists. The Cloud Security Alliance (CSA)
has ... (more)
In most organizations today, there is sensitive data that is overexposed and
vulnerable to misuse or theft, leaving IT in an ongoing race to prevent data
loss. Packet sniffers, firewalls, virus scanners, and spam filters are doing
a good job securing the borders, but what about insider threats? The threat
of legitimate, authorized users unwittingly (or wittingly) leaking critical
data just by accessing data that is available to them is all too real.
Analyst firms such as IDC estimate that in 5 years, unstructured data, which
makes up 80% of organizational data, will grow by 650%. The risk of data loss
is increasing above and beyond this explosive rate, as more dynamic,
cross-functional teams collaborate and data is continually transferred
between network shares, email accounts, SharePoint sites, mobile devices, and
other platforms. As a result, security professional... (more)
New and flexible ways to make changes of a Windows Server 2012 installation
after the fact are available. And IT pros can now convert a server from and
to Server Core, and change the availability of server components that are
previously committed at an installation time. This introduces new dynamics
and exciting scenarios for improving supportability, efficiency, and
security. This article highlights the three available installation options
and some key operations based on the Release Candidate, Build 8400. There is
additional information of Windows Server 2012 including: a free eBook,
available editions, and a reference table summarizing the available features
in each installation option available elsewhere.
This is the default and preferred configuration for deploying Windows Server
2012. Server Core was introduced in Windows Server 2008 as a minimal ... (more)
As the pace of life appears to quicken, customers are demanding services that
are faster, more mobile and more convenient. Microwave meals are ready in two
ticks, a trip to an exotic island is only a couple of mouse clicks away and
when travelling to a new destination, we trust GPS devices blindly without
once consulting a road map. We continually expect speed, ease and
In our virtual lives, it is the same story. We want access to all our
applications in a split second, with minimal effort. In fact, in this world
of high technology and instant communications, we have come to expect each
new innovation to make our lives more convenient than ever before.
However, one of the most often discussed conundrums in IT is the constant
trade off between security and usability or convenience. The sad truth is
that often the more convenient we tend to make things, t... (more)
Andi Mann from CA Technologies recently pointed out that, at every turn,
customers are interacting more and more with businesses through applications.
"Think of real estate businesses like Trulia, Zillow and Realtor.com," he
wrote in Wired's Innovation Insights. "Or think about restaurants. It used to
be that we'd call a restaurant to make a reservation, or even drop in and
make a reservation. Now it's all on-line, through OpenTable, or Foursquare."
This is the emergence of the Application Economy, where the application
becomes the primary point of contact between the business and the customer.
Much of this is being made possible through the use of Application
Programming Interfaces (APIs) to link front-end applications to back-end
information systems. This approach is exploding in popularity because it
builds on well-understood techniques from the web and leverages ... (more)
Security Track at Cloud Computing Expo
A couple of recent surveys reveal that for 2010, Security is back at the top
of IT’s focus.
It seemed for a while there that Cloud Computing was starring in most
questionnaires that asked about future IT spending plans. If you remember,
Security was still riding shot-gun slamming on the imaginary brakes in the
passenger seat. ‘Hey Cloud, You still can’t turn down that alley
without my presence,’ Security would constantly nag from the navigator
position. Don’t get me wrong, Cloud Computing is still a powerful IT
resource but according to a recent Infonetics survey,
‘Security upgrades, both for IT security and physical security, was the #1
change named by respondent organizations when asked what major changes they
planned for their data centers over the next two years……For those who are
expecting ‘the cloud’ to be a savior of... (more)
Websense, a provider of content security, on Wednesday introduced the new
Websense TRITON unified security architecture, combining Websense Web, data
and email security technologies into a single platform delivering unified
content analysis and management. The Websense TRITON architecture integrates
the real-time Web content analysis and malware protection of the Websense Web
Security Gateway with Websense Data Security Suite and Websense Email
Security to protect organizations and their essential information from
blended threats and targeted attacks while easing administration and lowering
total cost of ownership.
According to Brian Burke, program director, Security Products at IDC
Research, the need has never been greater for a new unified security paradigm
to provide consistent protection from both inbound threats and outbound risk
with single policy management ... (more)