Tag: chief technology officer

Supporting CIO strategies and priorities from the cloud-Part 1

The biggest eye-opener in Gartner’s recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise. “CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if

The New Standard: Intelligence-Driven Security

In his most recent blog post, Art Coviello, the executive chairman at RSA posed an important question. How do we move from traditional security to intelligence-driven security? In his answer he described that the quickly interdependent exchanges between parties (B2C, B2B, B2P, etc) have grown beyond the traditional means of securing the enterprise: “IT organizations have continued to construct security infrastructures around a disintegrating perimeter of increasingly ineffective controls.” He described a new-model of cyber-security that includes 5 concepts: A thorough understanding of risk The

How cloud security balances risk versus reward

I spend a great deal of my day thinking about security. How it affects the enterprise; how to best position and protect assets. How it shapes risk management and how it delivers potential benefits through smoother operations, enhanced trust and loss prevention. At its core, security is about risk versus reward. It’s no great secret that many executives look at security as a cost center. Compounded by the requirements of compliance, the expansion of technology, and the nature of the modern enterprise, no one doubts

It’s a Wonderful Cloud-a Security Carol

It’s not Wordsworth, but hopefully worth the words. Happy holidays to all of you and thank you for reading. May the season keep your perimeters protected, your assets secure and your networks free of nasty little elves or ancient Mayan disasters! Twas the night before Christmas and all through the net No access was stirring; No hackers as yet. Murphy in sales was showing his app Tweeting and downloading with only a tap I grumble and moan ‘cause I know it to be. That his

Governance must drive all security initiatives…even cloud

“The ‘how,’ many change, but the ‘what’ is fundamental to risk management.” I heard these sage words at a recent ISSA (Information Systems Security Association) meeting from a CIO speaking about security from the cloud. He continued, “Risk is not unique to the cloud. It experiences the same issues that affect any outsourcing or third party deliverable. It is bounded by the same concerns regarding governance—does it meet the requirements of my industry? Is my data free from co-mingling? Are the proper notification protocols in

REACT to the Cloud: A tale of horror and unified security

Today’s is a cautionary tale. One that you’ve probably heard before, but I promise a new spin on making sure it won’t happen again. It’s a true story. It recently happened to a colleague’s friend’s business. But it is not an isolated incident. Because the information is sensitive and the wounds still raw, I have changed the names to protect the innocent and the not-so-innocent. It was a dark and stormy night… Dan is the  CEO and CTO of a privately-owned business that develops software

A cloud security conversation with the SMB

I just got off the phone with a friend of mine. His name is AJ and he was particularly grouchy. He had just spent the last 12 work hours scouring month-old machine logs so that he could compile a quarter-end audit that met his company’s compliance requirement. AJ is the Director of IT for what would be considered an SMB. It’s a modest home warranty related company that deals with homeowner end users, finance and loan offices, mortgage companies and manufacturers. It does roughly 15-20

The Cloud Guide to PCI Compliance for Retailers

One of the key drivers to IT security investment is compliance. Several industries are bound by various mandates that require certain transparencies and security features. They are designed to mitigate aspects of risk including maintaining the sacrosanctity of customer information, financial data and other proprietary information. One such affected vertical is retail. No matter if you’re Wal-Mart or Nana’s Knitted Kittens, if you store customer information; if you process payments using customer’s credit cards, you are required by law to comply with a variety of

Do you want to know what you don’t know?

In my experience there are two types of enterprise IT departments -those that maintain the status quo and those looking to continuously explore and improve. It is truly unfortunate how many fall into the former category.  But the problem with IT security is that it’s an ever-evolving and moving target. So the decision to not dip your toe in the water and understand all available options could mean the difference between a panicked 3am call regarding a breach alert or a good night’s sleep. I

The Holistic Application of Cloud Security (a white paper excerpt)

The following is an excerpt from the  executive summary of CloudAccess’ latest white paper titled “Applying Security Holistically from the Cloud: A Paradigm Shift of Applying Situational Awareness in SIEM deployments. To view the entire white paper (for free) simply visit: http://www.cloudaccess.com/contact fill out the form and  put “white paper” in the message box. The landscape of a typical business no longer reflects ones that were operating 10 years ago. The advancements in communication, collaboration, information and/or currency exchange/processing and the speed in which they