Tag: enterprise-it

7 Causes of Security Paralysis & Cloud-based Cures

Over and over again the team at CloudAccess are pummeled with statistics on how risk is growing in disproportion to security readiness. -91% of companies have experienced at least one IT security event from an external source. -90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders. -40% reported rogue cloud issues (shadow IT) experienced the exposure of confidential information as a result -34% share passwords with their co-workers for applications like FedEx, Twitter, Staples, LinkedIn. These are

Supporting CIO strategies and priorities from the cloud-Part 1

The biggest eye-opener in Gartner’s recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise. “CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if

Sailing the 7 C’s of security monitoring

What is it your mom used to say? “A watched pot never boils.” This might be true, but a watched pot also never spills; it never allows your younger sister to stick her hand in the hot water; prevents Uncle Jack from tasting before dinner is ready; and if something unforeseen happens, there is time to mitigate the problems. One of the established best practices in InfoSec is monitoring. People, products and companies get paid a great deal of money and expend a great deal

The New Standard: Intelligence-Driven Security

In his most recent blog post, Art Coviello, the executive chairman at RSA posed an important question. How do we move from traditional security to intelligence-driven security? In his answer he described that the quickly interdependent exchanges between parties (B2C, B2B, B2P, etc) have grown beyond the traditional means of securing the enterprise: “IT organizations have continued to construct security infrastructures around a disintegrating perimeter of increasingly ineffective controls.” He described a new-model of cyber-security that includes 5 concepts: A thorough understanding of risk The

Adaptive Risk: Making sure you are who you say you are

Does this sound familiar? Ann, sitting at her desk eating lunch, is surfing the Net. She checks her personal Yahoo email account and sees a message from a purported survey company asking her about her music preferences. She opens the email and takes the survey. Seems harmless enough, but what Ann doesn’t know is that this survey company doesn’t exist  and embedded in some of the survey prompts  hid an undetected botnet that downloaded onto her desktop. This nasty bugger can record her keystrokes and

How cloud security balances risk versus reward

I spend a great deal of my day thinking about security. How it affects the enterprise; how to best position and protect assets. How it shapes risk management and how it delivers potential benefits through smoother operations, enhanced trust and loss prevention. At its core, security is about risk versus reward. It’s no great secret that many executives look at security as a cost center. Compounded by the requirements of compliance, the expansion of technology, and the nature of the modern enterprise, no one doubts

It’s a Wonderful Cloud-a Security Carol

It’s not Wordsworth, but hopefully worth the words. Happy holidays to all of you and thank you for reading. May the season keep your perimeters protected, your assets secure and your networks free of nasty little elves or ancient Mayan disasters! Twas the night before Christmas and all through the net No access was stirring; No hackers as yet. Murphy in sales was showing his app Tweeting and downloading with only a tap I grumble and moan ‘cause I know it to be. That his

It’s money that matters in the cloud…well, at least ROI

With all the talk of fiscal cliffs, financial binds and “next year’s budget,” I started thinking about cloud security in more tangible ways. Specifically returns on investment, economic impact and total costs of ownership. Just like death and taxes, businesses can add intrusion and attack to the list of sureties. I can hear CFOs all over the world sigh in exasperation as they feel pressured to add another expense line item to minimize the building security threats to their enterprises. Before you add another decimal

When is a stack not a stack? When it’s unified in the cloud

While trawling the blogs, feeds and news I came across an analyst’s article about best security practices in which he kept referring to “the stack.” And by this he meant a multitude of various solutions that address certain security needs and capabilities; everything from email filtering, firewalling, authenticating, credentialing, logging and intrusion detection, etc… And, if you read my blogs often enough, you know I am a big proponent of unified security. However, unified security is not a stack. It is easy to be confused

Preventing Data Leakage: Proactive Security from the Cloud

In business, data is currency. It is the oil that keeps the commercial engine in motion and databases are the digital banks that store and retrieve this valuable information. And, according to IDC, data is doubling every two years. But as the overall amount of data grows, so does the amount of sensitive and regulated data. All this data stored by enterprises requires high levels of security. Presently (again, according to IDC) only about a quarter of that data is being properly protected now. Like