Tag: compliance

What retailer BCBGMAXAZRIA learned about cloud security, SIEM

The following is an excerpt of the recently released case study on how a major retailer, BCBG, migrated to a cloud security platform and discovered how SIEM and Log Management capabilities enhanced their abilities for enterprise security. For the entire case study, you may download a PDF version here. There was a time the only security issues retailers needed to be concerned with was theft. Put a guard in the store and a couple of video cameras and prevent as much loss as possible. Those

Law firms in the security cross-hairs: how cloud security can level the playing field.

“Law firms are a back door to clients’ confidential information,” Business Week. As corporations have become more aware of threats to data, hackers and other fraudsters are quickly discovering a new, softer target to attack and siphon highly confidential corporate details, proprietary personal information, and trade secrets. Even as stewards of trust for their corporate and private clients, law firms have traditionally been slow to embrace new technologies. Cloud computing has been no exception because many mistakenly believe the cloud is less secure than traditional

How do you eat a network security elephant?

One byte at a time. Now before you roll your eyes at my stupid pun, consider the deeper wisdom to this IT twist on an very old adage. Security is big. It encompasses a great many definitions, confronts a great many issues and is addressed through a great many solutions using a great many formats. For many organizations, it can be an overwhelming proposition. Beyond the issues of data defense, regulatory compliance, traffic management, identity regulation, archiving, reporting, access control, intrusion detection, encryption, app administration,

Mapping Compliance Requirements to an Integrated Cloud Security Platform

Much has been written about compliance. Best practices. New regulations. Technology cure-alls. Nevertheless, regulatory compliance remains a critical and strategic business need for most companies. If you process payments online; if you store sensitive customer data; if you transit financial or health information; you are bound by the mandates of an alphabet soup of state, federal and industrial regulatory agencies. Compliance is a reality of everyday business life, but often times becomes a burdensome cost center. Over the past several months I have had the

Maneuvering though the IT Threatscape: A video blog

I was fortunate to receive an invitation to speak at the recent 2013 Credit Union InfoSec Conference in Las Vegas. One of the key drivers for many of the attendees is the burden of compliance and finding ways to remove nagging blindspots due to the creation of technology islands meant to analyze and monitor different aspects of keeping applications secure, data  and account information private, devices inventories and identities properly managed. In my hour long chat, I looked to frame the issues in terms of

7 Causes of Security Paralysis & Cloud-based Cures

Over and over again the team at CloudAccess are pummeled with statistics on how risk is growing in disproportion to security readiness. -91% of companies have experienced at least one IT security event from an external source. -90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders. -40% reported rogue cloud issues (shadow IT) experienced the exposure of confidential information as a result -34% share passwords with their co-workers for applications like FedEx, Twitter, Staples, LinkedIn. These are

When the security bill comes due

I love sushi. I love big fat burritos. I love tikka masala. So now that my taste buds are salivating, what do my epicurean preferences have to do with cloud security? They all come from restaurants I frequent, and 9 time out of ten I pay for these delights with my credit card. I never thought  twice about it, until I read Tracy Kitten’s article for BankInfoSecurity here: It details how many restaurants are falling victim to attacks that put their customer’s credit card information at

MSPs must practice what they preach-especially with security

What’s wrong with this picture? A man walks into the doctor’s office. He hasn’t been feeling well. A virus has been floating around the office and the man feels he’s caught it. Doctor walks in, smiles and picks up the chart. He starts examining the man and as he writes a prescription advises he keep sanitary and wash his hands several times a day. Do you trust this doctor…especially after he prescribes vigorous hand-washing, but forgot to wash his own before poking and prodding during

Supporting CIO strategies and priorities from the cloud-Part 1

The biggest eye-opener in Gartner’s recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise. “CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if

Sailing the 7 C’s of security monitoring

What is it your mom used to say? “A watched pot never boils.” This might be true, but a watched pot also never spills; it never allows your younger sister to stick her hand in the hot water; prevents Uncle Jack from tasting before dinner is ready; and if something unforeseen happens, there is time to mitigate the problems. One of the established best practices in InfoSec is monitoring. People, products and companies get paid a great deal of money and expend a great deal