Blog

REACT to the Cloud: A tale of horror and unified security

Today’s is a cautionary tale. One that you’ve probably heard before, but I promise a new spin on making sure it won’t happen again. It’s a true story. It recently happened to a colleague’s friend’s business. But it is not an isolated incident. Because the information is sensitive and the wounds still raw, I have changed the names to protect the innocent and the not-so-innocent. It was a dark and stormy night… Dan is the  CEO and CTO of a privately-owned business that develops software

Deploying cloud security for shifting and evolving defenses

I was watching my beloved San Diego Chargers lose in a most embarrassing way on Monday night. And in the waning seconds of blaming the quarterback for such ineffectual 2nd half play, it occurred to me, it wasn’t his fault.  It was the coach. It was the lack of planning for the type of attack the Denver Broncos would bring. It was the lack of leadership that should have easily closed the deal. In short, it was sticking to the status quo while everything around

A vote for CloudAccess is like a vote for sunshine: UP Awards

I don’t often use my blog as a bully pulpit to promote my company CloudAccess…but I thought I would do so today and have a little fun along the way.  CloudAccess has been nominated for a trio of Up Awards through the Up 2012 Cloud Computing Conference. I am not shy about asking for your vote…Please go to http://up-con.com/vote?page=1 and place your vote for us. Then do the same on Page 3 and Page 9 (there are 20 different awards, but we are only nominated

Beyond intrusion detection: 8 best practices for Cloud SIEM deployment

For all the right reasons, your company has been thinking about deploying SIEM…to create an alert system when those with less than good intentions come knocking; to remediate potential network threats; to comply with federal, state or industry regulations; and identify the risks and vulnerabilities throughout the enterprise IT infrastructure and architecture. If you maintain even a modest (SMB -> Fortune 1000) organization that has any online identity, SIEM should be the cornerstone of your asset protection strategy. First and foremost, SIEM (and to a

A cloud security conversation with the SMB

I just got off the phone with a friend of mine. His name is AJ and he was particularly grouchy. He had just spent the last 12 work hours scouring month-old machine logs so that he could compile a quarter-end audit that met his company’s compliance requirement. AJ is the Director of IT for what would be considered an SMB. It’s a modest home warranty related company that deals with homeowner end users, finance and loan offices, mortgage companies and manufacturers. It does roughly 15-20

The Cloud Guide to PCI Compliance for Retailers

One of the key drivers to IT security investment is compliance. Several industries are bound by various mandates that require certain transparencies and security features. They are designed to mitigate aspects of risk including maintaining the sacrosanctity of customer information, financial data and other proprietary information. One such affected vertical is retail. No matter if you’re Wal-Mart or Nana’s Knitted Kittens, if you store customer information; if you process payments using customer’s credit cards, you are required by law to comply with a variety of

Is your security initiative “one inch into a mile”?

In the software universe we’ve all heard the saying “We are One Inch into a Mile of Functionality but we are paying for the entire mile.” That pretty much sums up every technology initiative ever embarked upon. Whether we are talking, ERP, CRM, SIEM or a variety of other alphabet soup programs, it always looks so simple in the demo, but when rubber meets the road, there’s always some gremlin preventing or delaying full realization of the benefits or expected ROI. Now I am not

Do you want to know what you don’t know?

In my experience there are two types of enterprise IT departments -those that maintain the status quo and those looking to continuously explore and improve. It is truly unfortunate how many fall into the former category.  But the problem with IT security is that it’s an ever-evolving and moving target. So the decision to not dip your toe in the water and understand all available options could mean the difference between a panicked 3am call regarding a breach alert or a good night’s sleep. I

The Holistic Application of Cloud Security (a white paper excerpt)

The following is an excerpt from the  executive summary of CloudAccess’ latest white paper titled “Applying Security Holistically from the Cloud: A Paradigm Shift of Applying Situational Awareness in SIEM deployments. To view the entire white paper (for free) simply visit: http://www.cloudaccess.com/contact fill out the form and  put “white paper” in the message box. The landscape of a typical business no longer reflects ones that were operating 10 years ago. The advancements in communication, collaboration, information and/or currency exchange/processing and the speed in which they