Blog

When the security bill comes due

I love sushi. I love big fat burritos. I love tikka masala. So now that my taste buds are salivating, what do my epicurean preferences have to do with cloud security? They all come from restaurants I frequent, and 9 time out of ten I pay for these delights with my credit card. I never thought  twice about it, until I read Tracy Kitten’s article for BankInfoSecurity here: It details how many restaurants are falling victim to attacks that put their customer’s credit card information at

Can your company afford to lose $400 million?

Of course not. But that’s the dollar figure companies stand to lose in terms of consumer trust when security protocols are breached according to a new study by the research firm Ponemon. In terms of dollars and cents on a risk analysis spreadsheet, it is easier to put a value on a particular asset than the potential recurring value of a client, customer or even partner. Beyond lawsuits and capital and operational expenses to repair a mea culpa, weak cryptography, hack defenses or shoring an

The Secret Sauce of User Provisioning

If you want the secret to user provisioning and de-provisioning in an enterprise setting, I’ll give you the one word answer, and then you can get on with the rest of your day… Integration. However, if you need to know why, how and with what…read on. The need to credential authorized users to your network and other proprietary assets is clear. You only want those with the proper rights in…and all others out. Complicating matters is that there are so many users these days…employees, channel

Cloud-based SIEM frees that one hand tied behind your back

Have you ever been asked to fight the state boxing champion with one hand tied behind your back? Or metaphorically experience the old adage of bringing a knife to a gunfight? Many security professionals face this scenario every day. For many companies with whom I talk, there isn’t a lack of IT talent when it comes to security–just a lack of hours in the day, computing resources and necessary headcount with specific expertise to change the culture from reactive to proactive and strategic risk management.

A de-provisioning proverb: When a door closes, just make sure you don’t leave a window open

Earlier this week I attended a local cloud developers group, and I met a gentleman who consults with companies to engage in deep dive forensic examinations of their networks. He looks for the virtual fingerprints of misdeeds, fraud, and misdoings that can be used for e-discovery in legal cases. He essentially gets down to the bits and bytes of how much information flows to certain IP addresses to ascertain whether or not proprietary data has been tampered or stolen. He confirmed something that I long

MSPs must practice what they preach-especially with security

What’s wrong with this picture? A man walks into the doctor’s office. He hasn’t been feeling well. A virus has been floating around the office and the man feels he’s caught it. Doctor walks in, smiles and picks up the chart. He starts examining the man and as he writes a prescription advises he keep sanitary and wash his hands several times a day. Do you trust this doctor…especially after he prescribes vigorous hand-washing, but forgot to wash his own before poking and prodding during

Avoiding the fate of Erasmus Wilson and others who ignore progress (cloud)

OR WHY THE CLOUD WILL SUPPLANT ON-PREMISE FOR SECURITY INITIATIVES Erasmus Wilson, the celebrated Oxford professor once proclaimed, “When the Paris Exhibition [of 1878] closes, electric light will close with it and no more will be heard of it.” History is littered with those who refused to embrace the obviousness of the future. Didn’t Digital founder Ken Olsen prognosticate “There is no reason anyone would want a computer in their home,” in 1977. (His company was broken up for parts after its acquisition by Compaq

Supporting CIO strategies and priorities from the cloud-Part 2

This is the second part of a two-part article entitled Supporting CIO Strategies and Priorities from the Cloud. In case you have not done so, READ PART 1. However, to briefly recap: in support of a recent Gartner study that basically states that the function of the modern CIO is in flux and that his or her future focus must incorporate digital assets (aka cloud-based data and applications) to remain relevant, I have taken their listed priorities and illustrated how they could securely work in

Supporting CIO strategies and priorities from the cloud-Part 1

The biggest eye-opener in Gartner’s recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise. “CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if

Sailing the 7 C’s of security monitoring

What is it your mom used to say? “A watched pot never boils.” This might be true, but a watched pot also never spills; it never allows your younger sister to stick her hand in the hot water; prevents Uncle Jack from tasting before dinner is ready; and if something unforeseen happens, there is time to mitigate the problems. One of the established best practices in InfoSec is monitoring. People, products and companies get paid a great deal of money and expend a great deal