Be cloudy and secure...

Security


Top Stories

The lead topic of every information technology (IT) conversation today is cloud computing. The key point within each of those conversations is inevitably cloud computing security.  Although this trend is understandable, the sad part is that these conversations will tend to focus on all the standard security pros, cons and requirements. While protecting data from corruption, loss, unauthorized access, etc. are all still required characteristics of any IT infrastructure, cloud computing changes the game in a much more profound way. Until now, IT security has been akin to early 20th century warfare.  After surveying and carefully cataloging all possible threats, the line of business (LOB) manager and IT professional would debate and eventually settle on appropriate and proportional risk mitigation strategies. The resulting IT security infrastructures and procedures t... (more)

Eliminating the Blind Spot in Your Data Center Security Strategy

Pop Quiz: In recent weeks, which of the following attack vectors have been successfully used to breach major corporation security? (choose all that apply) Phishing          Parameter tampering           SQL Injection           DDoS           SlowLoris           Data leakage If you selected them all, give yourself a cookie because you’re absolutely right. All six of these attacks have successfully been used recently, resulting in breaches across the globe: International Monetary Fund US Government – Senate CIA Citibank Malaysian Government Sony Brazilian governmentand Petrobraslatest LulzSecvictims That’s no surprise; attacks are ongoing, constantly. They are relentless. Many of them are mass attacks with no specific target in mind, others are more subtle, planned and designed to do serious damage to the victim. Regardless, these breaches all have one thing in commo... (more)

Reducing the Complexity of Application Security

Integration is the Enemy of Security and so is Flexibility - an attribute that is essential for organizations to survive.  A corporation that cannot service its customers and suppliers, establish long sticky relationships with them and build an infrastruture that enables rapid addition of both suppliers, buyers and partners for information exchange will perish and get demolished by a nimble and flexible competitor whose infrastructure has integration capabilities for rapid information exchange. Mike Vizard from CTOEdge talks about the business drivers that compel companies to integrate yet face security challenges that hamper integration efforts: Reducing the Complexity of Application Security Here's a snippet from Mike's article: "As business-to-business interactions over the Web become more pervasive, so too does the complexity associated with securing those transact... (more)

Governance Grows More Integral to Managing Cloud Computing Security

Most enterprises lack three essential ingredients to ensure that sensitive information stored in via cloud computing hosts remains secure: procedures, policies and tools. So says a joint survey called “Information Governance in the Cloud: A Study of IT Practitioners” from Symantec Corp. and Ponemon Institute. “Cloud computing holds a great deal of promise as a tool for providing many essential business services, but our study reveals a disturbing lack of concern for the security of sensitive corporate and personal information as companies rush to join in on the trend,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. Where is cloud security training? Despite the ongoing clamor about cloud security and the anticipated growth of cloud computing, a meager 27 percent of those surveyed said their organizations have developed procedures for approving c... (more)

Cloud Security Alliance Introduces The Security, Trust and Assurance Registry

As a vendor of security products, I see a lot of Requests for Proposal (RFPs). More often than not these consist of an Excel spreadsheet with dozens—sometimes even hundreds—of questions ranging from how our products address business concerns to security minutia that only a high-geek can understand. RFPs are a lot of work for any vendor to respond to, but they are an important part of the selling process and we always take them seriously. RFPs are also a tremendous amount of work for the customer to prepare, so it’s not surprising that they vary greatly in sophistication. I’ve always thought it would be nice if the SOA gateway space had a standardized set of basic questions that focused vendors and customers on the things that matter most in Governance, Risk and Compliance (GRC). In the cloud space, such a framework now exists. The Cloud Security Alliance (CSA) has ... (more)

What’s Missing from Data Loss Prevention Solutions

In most organizations today, there is sensitive data that is overexposed and vulnerable to misuse or theft, leaving IT in an ongoing race to prevent data loss. Packet sniffers, firewalls, virus scanners, and spam filters are doing a good job securing the borders, but what about insider threats? The threat of legitimate, authorized users unwittingly (or wittingly) leaking critical data just by accessing data that is available to them is all too real. Analyst firms such as IDC estimate that in 5 years, unstructured data, which makes up 80% of organizational data, will grow by 650%. The risk of data loss is increasing above and beyond this explosive rate, as more dynamic, cross-functional teams collaborate and data is continually transferred between network shares, email accounts, SharePoint sites, mobile devices, and other platforms. As a result, security professional... (more)

Windows Server 2012 Installation Options

New and flexible ways to make changes of a Windows Server 2012 installation after the fact are available. And IT pros can now convert a server from and to Server Core, and change the availability of server components that are previously committed at an installation time. This introduces new dynamics and exciting scenarios for improving supportability, efficiency, and security. This article highlights the three available installation options and some key operations based on the Release Candidate, Build 8400. There is additional information of Windows Server 2012 including: a free eBook, available editions, and a reference table summarizing the available features in each installation option available elsewhere. Server Core This is the default and preferred configuration for deploying Windows Server 2012. Server Core was introduced in Windows Server 2008 as a minimal ... (more)

Security and Convenience - Like Oil and Water?

As the pace of life appears to quicken, customers are demanding services that are faster, more mobile and more convenient. Microwave meals are ready in two ticks, a trip to an exotic island is only a couple of mouse clicks away and when travelling to a new destination, we trust GPS devices blindly without once consulting a road map. We continually expect speed, ease and convenience. In our virtual lives, it is the same story. We want access to all our applications in a split second, with minimal effort. In fact, in this world of high technology and instant communications, we have come to expect each new innovation to make our lives more convenient than ever before. However, one of the most often discussed conundrums in IT is the constant trade off between security and usability or convenience. The sad truth is that often the more convenient we tend to make things, t... (more)

How Risky Are Your APIs?

Andi Mann from CA Technologies recently pointed out that, at every turn, customers are interacting more and more with businesses through applications. "Think of real estate businesses like Trulia, Zillow and Realtor.com," he wrote in Wired's Innovation Insights. "Or think about restaurants. It used to be that we'd call a restaurant to make a reservation, or even drop in and make a reservation. Now it's all on-line, through OpenTable, or Foursquare." This is the emergence of the Application Economy, where the application becomes the primary point of contact between the business and the customer. Much of this is being made possible through the use of Application Programming Interfaces (APIs) to link front-end applications to back-end information systems. This approach is exploding in popularity because it builds on well-understood techniques from the web and leverages ... (more)

Security – Still in the Driver’s Seat

Security Track at Cloud Computing Expo A couple of recent surveys reveal that for 2010, Security is back at the top of IT’s focus.  It seemed for a while there that Cloud Computing was starring in most questionnaires that asked about future IT spending plans.  If you remember, Security was still riding shot-gun slamming on the imaginary brakes in the passenger seat.  ‘Hey Cloud, You still can’t turn down that alley without my presence,’ Security would constantly nag from the navigator position.  Don’t get me wrong, Cloud Computing is still a powerful IT resource but according to a recent Infonetics survey, ‘Security upgrades, both for IT security and physical security, was the #1 change named by respondent organizations when asked what major changes they planned for their data centers over the next two years……For those who are expecting ‘the cloud’ to be a savior of... (more)

Websense Unveils TRITON Architecture Unifying Web, Data and Email Security

Websense, a provider of content security, on Wednesday introduced the new Websense TRITON unified security architecture, combining Websense Web, data and email security technologies into a single platform delivering unified content analysis and management. The Websense TRITON architecture integrates the real-time Web content analysis and malware protection of the Websense Web Security Gateway with Websense Data Security Suite and Websense Email Security to protect organizations and their essential information from blended threats and targeted attacks while easing administration and lowering total cost of ownership. According to Brian Burke, program director, Security Products at IDC Research, the need has never been greater for a new unified security paradigm to provide consistent protection from both inbound threats and outbound risk with single policy management ... (more)