Be cloudy and secure...

Security


Latest Blogs from Security
FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, showed how proactive and...
You can turn a microwave into a camera and I’ll teach you how in a minute, but before I do, let me share this news item. In a recent interview with a reporter from the Bergen Record, Kellyanne Conway was asked about surveillance. She responded: “There are many ways to surveil each othe...
A new report sponsored by CA Technologies examines how IT and business leaders aim to sync the security and mobile user experience. CA Technologies’ latest research determines that though top concerns of IT Security practices include the elimination of breaches, data protection and ide...
How much risk do you have of someone stealing disks from your datacenter? Take the average life span of a hard drive. The enterprise class hard drive is designed to last a minimum of 5 years. During that 5 years a SAN or NAS filled with hard disks is expected to have at least 99.999 pe...
Tis’ the season – the season where I look back at predictions I made last year, the season where I evaluate and take a deep dive into the breach landscape and the season where I look into where 2015 is headed. In a March 2014 blog post, I discussed how the sheer amount of data breaches...
Don’t emphasize network security at the cost of endpoint security; the two can be integrated and work hand in hand. The result is a safer, more secure business ready for the challenges of the future.
Just last year, a CA Technologies and Vanson Bourne survey revealed that DevOps was not a sure-fire hit— 16 percent of senior IT professionals did not know what DevOps was, and an additional 18 percent had no plans to adopt it. Fast forward one year and the results tell an entirely new...
Gone are the days when IT was seen as unimportant or unchanging. IT is no longer only about supporting employees—it integral to businesses. CEOs have taken note of the fact that customers are more likely to interact with your brand through an app than a person, and companies are trying...
During the season of politics here in the US, I would like to borrow shamelessly from topics in the political debate with a look towards the state of information security. According to CNN (Poverty Rate Rises as Incomes Decline), the number of US citizens living below what is consider...
As I write, Facebook is in the process of executing the biggest IPO in US corporate history. Yet, its security model is so involved, and changes so frequently, that not only have people found it necessary to publish sets of guidelines on how to maintain and update Facebook’s secu...
In almost all professions, report writing is a requirement. Typically, reports document the success and failures of a particular action. While it may not be your favorite part of the job, report writing does validate your work to the customer. In our profession, Cyber Security, we hav...
How many of us take for granted Microsoft’s family of tools that contribute to the security of your organization? The most commonly used and appreciated tools are: Forefront Family Microsoft Security Essentials Windows Intune / Windows Update / Microsoft System Center Family Windows Fi...
In today’s episode Sr. IT Pro Evangelists Blain Barton and Dan Stolts (the ITProGuru) talk candidly about Security concerns and issues many IT Pros and organizations face today when thinking about Cloud Computing. Tune in as they discuss the Security Lifecycle, from assessing physical ...
Everyone, I’m sure, has had the experience of calling customer service. First you get the automated system, which often asks for your account number. You know, to direct you to the right place and “serve you better.” Everyone has also likely been exasperated when the first question ask...
Over the last couple weeks, we’ve been rolling out a series of short Security Vignette videos about various IT security challenges. We’ve posted them to the F5News blog account but also wanted to share in case you missed them. If we were going to sum up the role of security in corpor...
With proliferation of consumer and enterprise data; with rapid adoption of data provider frameworks such as REST, OAuth and other APIs; with increasing adoption of cloud computing and big data systems, with growing concerns about data privacy, there is compelling need to not only enhan...
Dome9, whom you may recall is a security management-as-a-service solution that aims to take the complexity out of managing administrative access to cloud-deployed servers, recently commissioned research on the subject of cloud computing and security from the Ponemon Institute and came ...
We know many businesses have valid concerns aboutthe security of their data, privacy and identity when moving from traditionalon premises data servers to the cloud. At Shaping Cloud we manage the processfor our customers and are able to demonstrate that data and data processing onthe c...
In a recent conversation with a public cloud provider, the message was loud and clear. Software vendors that use their cloud have an intense need for security, and they need it packaged with cloud friendly APIs (Application Program Interfaces). This is actually a deep point. There hav...
We often get requests for best practices related to relational database security in the context of cloud computing. People want to install their database of choice, whether it be Oracle, MySQL, MS SQL, or IBM DB2… This is a complex question but it can be broken down by asking “what’s ...
A couple days ago, The SANS Institute announced the release of a major update (Version 3.0) to the 20 Critical Controls, a prioritized baseline of information security measures designed to provide continuous monitoring to better protect government and commercial computers and networks ...
You’ve heard it before, I’m sure. The biggest threat to organizational security is your own employees. Most of the time we associate that with end-users who may with purposeful intent to do harm carry corporate information offsite but just as frequently we cite employees who intended n...
As a vendor of security products, I see a lot of Requests for Proposal (RFPs). More often than not these consist of an Excel spreadsheet with dozens—sometimes even hundreds—of questions ranging from how our products address business concerns to security minutia that only a high-geek ca...
The Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, recently announced that they are launching (Q4 of 2011) a publicly accessible registry that will document the se...
We’ve all seen the auto-out-of-office replies, ‘Thanks for your message but I’m out until I return – contact my boss/subordinate/someone else if you need or want anything.’ If you’ve emailed me over the last couple weeks, you’ve seen a similar note. I took some time off, then partici...
IT security is all about trying to lower risks and increase the protection of your organization. With each new technology that comes along, there’s a new security challenge. Some of those technologies – like wireless networks or the Internet – have such an impact on security that they ...
Bob Gourley recently wrote about the dangers of a Maginot Line approach to network security in “The Maginot Line of Information Systems Security“, based on of the paper by Dr. Rick Forno. In the Second World War, the French relied on the Maginot Line, a string of fortifications along t...
Attacks are ongoing, constantly. They are relentless. Many of them are mass attacks with no specific target in mind, others are more subtle, planned and designed to do serious damage to the victim. Regardless, these breaches all have one thing in common: the breach was preventable. At ...
Organizations need an end-to-end web application and database security solution to protect data, customers, and their businesses. The integrated solution from F5 and Oracle provides improved protection against SQL injection attacks and correlated reporting for richer contextual informa...
Cloud security remains a top concern for enterprise cloud deployments. Unresolved policy and control issues make it difficult to meet the requirements of corporate security and networking teams. As a result, we frequently hear from our customers that they assume they can only put the l...
We’ve talked at length about cloud computing and cybersecurity, but cloud computing can also have an effect on physical security through its application to intelligence. The U.S. Army has recently launched its first tactical cloud in Afghanistan, the Distributed Common Ground System-A...
The claim a company is not a “true security company” because they don’t focus solely on security products is a red herring. If I ask you to define a true security company, you might tend to fall back on the most obvious answer, “Well, it’s a company that focuses on securit...
Security concerns about the public cloud have always been a top priority here at CloudSwitch. Moving to the public cloud is fraught with potential risks and security managers have legitimate concerns about data integrity, an opaque security model in the cloud and unauthorized access by...
Zafesoft provides enterprises with new means of securing content while ensuring users get access to the info they need. The designers of the technology are some of the greatest minds in the security business. The company CEO, Sandeep Tiwari is a world renowned IT business professional ...
Over the next few posts, we’ll investigate how the expression “An ounce of prevention is worth a pound of cure” could also be applied to the IT world, and what are the tools to foster such prevention through behavior modification. When looking at IT security, it seems that most of the...
In every cloud survey, security consistently comes out as an inhibitor to cloud adoption. Even though this has been the case for several years, many feel that it is a temporary barrier which will be resolved once cloud offerings get more secure, mature, certified, and thus accepted. Bu...
Figured I’d write this now since many of you will be celebrating the holidays over the next couple weeks and who really wants to read a blog when you’re reveling with family and friends. It’s been an interesting year for information security, and for me too. I started the year with N...
With this post I would like to provide some personal thoughts on the key things organizations should be doing to enhance security, privacy and functionality of their IT.  This includes some specific recommendations for security solutions, including solutions I’m on advisory board...
While growing numbers of businesses understand the advantages of embracing cloud computing, they are more concerned about the risks involved, as a survey released at a cloud conference in Silicon Valley shows. Respondents showed greater concern about the risks associated with cloud com...
Years ago I wrote a piece for Network Computing Magazine about the state of Utility network security and the issues it presents. I focused largely on SCADA security, but also looked at Automated Meter Reading (AMR) and the new issues it brought to the table. That article was not withou...