Tag: BYOD

Law firms in the security cross-hairs: how cloud security can level the playing field.

“Law firms are a back door to clients’ confidential information,” Business Week. As corporations have become more aware of threats to data, hackers and other fraudsters are quickly discovering a new, softer target to attack and siphon highly confidential corporate details, proprietary personal information, and trade secrets. Even as stewards of trust for their corporate and private clients, law firms have traditionally been slow to embrace new technologies. Cloud computing has been no exception because many mistakenly believe the cloud is less secure than traditional

Supporting CIO strategies and priorities from the cloud-Part 1

The biggest eye-opener in Gartner’s recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise. “CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if

The New Standard: Intelligence-Driven Security

In his most recent blog post, Art Coviello, the executive chairman at RSA posed an important question. How do we move from traditional security to intelligence-driven security? In his answer he described that the quickly interdependent exchanges between parties (B2C, B2B, B2P, etc) have grown beyond the traditional means of securing the enterprise: “IT organizations have continued to construct security infrastructures around a disintegrating perimeter of increasingly ineffective controls.” He described a new-model of cyber-security that includes 5 concepts: A thorough understanding of risk The

Adaptive Risk: Making sure you are who you say you are

Does this sound familiar? Ann, sitting at her desk eating lunch, is surfing the Net. She checks her personal Yahoo email account and sees a message from a purported survey company asking her about her music preferences. She opens the email and takes the survey. Seems harmless enough, but what Ann doesn’t know is that this survey company doesn’t exist  and embedded in some of the survey prompts  hid an undetected botnet that downloaded onto her desktop. This nasty bugger can record her keystrokes and

My Security Playlist: now playing Access Management

While I peruse my morning inbox, I enjoy listening to music on my iPod. It just so happens this morning’s first random selection served as the inspiration for today’s blog: Let ‘Em In by Paul McCartney & Wings. “Someones knockin at the door Somebody’s ringin’ the bell Do me a favor, Open the door and let em in!” There is nothing more damaging to the overall enterprise operation and business reputation than permissive access policies. Considering the all the entry points from applications to social

It’s a Wonderful Cloud-a Security Carol

It’s not Wordsworth, but hopefully worth the words. Happy holidays to all of you and thank you for reading. May the season keep your perimeters protected, your assets secure and your networks free of nasty little elves or ancient Mayan disasters! Twas the night before Christmas and all through the net No access was stirring; No hackers as yet. Murphy in sales was showing his app Tweeting and downloading with only a tap I grumble and moan ‘cause I know it to be. That his

Governance must drive all security initiatives…even cloud

“The ‘how,’ many change, but the ‘what’ is fundamental to risk management.” I heard these sage words at a recent ISSA (Information Systems Security Association) meeting from a CIO speaking about security from the cloud. He continued, “Risk is not unique to the cloud. It experiences the same issues that affect any outsourcing or third party deliverable. It is bounded by the same concerns regarding governance—does it meet the requirements of my industry? Is my data free from co-mingling? Are the proper notification protocols in

Preventing Data Leakage: Proactive Security from the Cloud

In business, data is currency. It is the oil that keeps the commercial engine in motion and databases are the digital banks that store and retrieve this valuable information. And, according to IDC, data is doubling every two years. But as the overall amount of data grows, so does the amount of sensitive and regulated data. All this data stored by enterprises requires high levels of security. Presently (again, according to IDC) only about a quarter of that data is being properly protected now. Like

So, just what is REACT? And why does it matter?

Last week I published an article about a new unified security platform called REACT (Realtime Event & Access Correlation Technology).  All in all, it received some very positive notices, but also raised some questions as to what exactly the platform is, and why it should matter. Simply put, REACT is an approach whereby an organization leverages the capabilities of several security solutions into one central correlated repository of security intelligence. For instance, key information from an Access Management tool (such as SaaS SSO logins or

REACT to the Cloud: A tale of horror and unified security

Today’s is a cautionary tale. One that you’ve probably heard before, but I promise a new spin on making sure it won’t happen again. It’s a true story. It recently happened to a colleague’s friend’s business. But it is not an isolated incident. Because the information is sensitive and the wounds still raw, I have changed the names to protect the innocent and the not-so-innocent. It was a dark and stormy night… Dan is the  CEO and CTO of a privately-owned business that develops software