Follow Us:

For retailers: 2014 has been the flagship of security blunders

Published on 12/18/14 05:49PM

Enterprise Security

As we enter the busiest and most lucrative period of the year for retailers, it’s a good time to take a look at some of the key security issues and challenges facing the industry.

Retail has certainly been in the news a lot of late when it comes to information security, and not for good reasons. One of the most recent, high-profile security breaches hit The Home Depot, with the world's largest home improvement retailer in early September disclosing a months-long attack of its payment data system.

Read More

Shedding light on the long IT Shadows

Published on 12/17/14 04:04PM

SMB Security, Enterprise Security, Cloud Security

The tech industry – and especially info security– love their acronyms and buzzwords: cloud, APT, IDS/WIPs, DLP, NAC, blended threats, “You name it”-as-a-Service, and the list goes on. One of the reasons the terms that fade away do so is because there is a real-world issue and narrative behind the term. They are real, and the term survives. Those that are the fantasy of marketing teams tend to fade away. The term Shadow IT, sometimes called Rogue IT, is a buzzphrase that is real.

When the term Shadow IT surfaced a few years ago, it was a relatively small percentage of employees who were sidestepping corporate IT and finding their cloud services.

Read More

Sony’s Big Takeaway

Published on 12/10/14 05:18PM

Enterprise Security

As a reporter, I’ve covered many breaches over the years. Attacks of the magnitude we’re witnessing at Sony Pictures, a subsidiary of Sony Corp. are rare. The breach is quite bad as far as data breaches go. But other companies would be short-sighted to think their organizations are protected from, and are above, data breaches of similar magnitude.

I’ve interviewed many CIOs and CISOs on and off the record over the years – and they all believe that they are quite vulnerable. Vulnerable to determined attackers, a disgruntled insider, or a careless IT misstep that proves itself quite serious and damaging.

Read More

The Next Cloud Frontier: True Software-Defined Security

Published on 12/08/14 03:44PM

Enterprise Security, Virtualization

In last post of this series, I described what a Software-Defined Data Center (SDDC) is, and asked the question, “In a SDDC environment, should security simply be treated as another layer in a software stack? If so, where should it go?” I presented the first scenario for creating Software-Defined Security (SDS), which is basically migrating security from physical to virtual, but found it lacking. Here, I’ll cover a better approach to SDS.

The next way to look at SDDC security is on a “per layer” basis. Security tools are integrated into the hypervisor layer (or compute layer), the storage layer, the networking layer, and the operating system and application layers. This extends the idea of a virtualized control model, with multiple integration points that may be collectively more capable than a single “layer”.

Read More

Protecting the Grid: Utilities and Energy Companies Need to Be Smart About Security

Published on 12/04/14 03:52PM

Enterprise Security, Service Provider, DevOps, Vertical Series

In this latest installment of our series on security issues in a variety of industries, we look at the utilities and energy sectors. These companies represent a prime market for managed services providers (MSPs) and value-added resellers (VARs), because for any country, protecting the energy grid must be a high priority.

A chilling and widely reported bit of news surfaced recently when the director of the U.S. National Security Agency (NSA) warned that Chinese cyber attacks could shut down the U.S. infrastructure, including the power grid.

As reported by Reuters, China and "probably one or two" other countries have the ability to invade and possibly shut down computer systems of U.S. power utilities, aviation networks and financial companies, Admiral Mike Rogers, director of the NSA testified to the U.S. House of Representatives Intelligence Committee on cyber threats.

Read More

The Next Cloud Frontier: The Security Layer in the Stack?

Published on 12/03/14 04:30PM

Enterprise Security

Based on what we’re seeing with organizations implementing heavily virtualized infrastructure, followed by private clouds, hybrid clouds, and all things in-between, it’s a logical conclusion that IT organizations are moving toward a Software-Defined Data Center (SDDC).

What exactly is a software-defined data center?

In my last two posts in this series, I’ve covered hardware abstraction and virtualization, and new technologies like software-defined networking, where data and control planes are separate. Organizations extrapolating this to represent the entirety of a data center environment; everything is virtualized and abstracted.

Read More

Why Aurora is more than a sunrise

Published on 11/25/14 04:13PM

Amazon Web Services

A short while ago, Amazon announced a new offering called Aurora. In a nutshell, Aurora is a MySQL database engine wrapped as a service. It’s relatively cheap, and Amazon handles the nitty-gritty of the thing.

It begs the question, why does it matter? As Amazon declares, it’s the fifth SQL database engine that they have made available. So, why the big deal? It is a big deal because it says quite a bit about how Amazon operates.

First, let’s have a look at the product page:

 

Amazon Aurora provides up to five times better performance than MySQL at a price point one tenth that of a commercial database while delivering similar performance and availability.”

 

Read More

Government Agencies: Prime Targets for Security Breaches

Published on 11/20/14 03:00PM

Enterprise Security, Vertical Series

Up to now in our series about security in various sectors, we have been covering different types of businesses and the information security and compliance challenges and issues they face. In this post, we examine the security challenges and needs of the public sector.

Because of the array of services that federal, state and local government agencies offer to the public, and the vast amounts of information they gather and share about citizens and businesses—including financial data—these organizations are a likely target for cyber attacks.

The United States federal government is the largest employer in the country and maintains a “massive volume” of data on both its employees and constituents, according to Verizon’s 2014 Data Breach Investigations Report, which looked at security threats in 20 different industries.

Read More

No Big Surprise: Security Lessons Fail to Hit Home

Published on 11/18/14 02:30PM

Enterprise Security

Despite years of data security failures, enterprises fail to heed the many lessons learned.

I wasn’t surprised when the Home Depot breach notification hit my inbox this past weekend. But I knew that rarely only one shoe drops following a breach disclosure of the 56-million-user magnitude Home Depot disclosed earlier.

Here is the second shoe:

 

Today, we are providing an update on the investigation into the breach of our payment data systems. Our investigation to date has determined the hackers stole separate files containing email addresses, in addition to the payment card data we announced in September that may have been compromised.”

Read More

Re-thinking “trust”: Security in software-defined networking

Published on 11/13/14 03:42PM

Virtualization

One of the hottest topics in IT today is software-defined networking, or SDN. SDN separates the control layer for the network from the underlying hardware typically associated with networking functionality. Applications that interact with the network are also separate, and can potentially communicate with the control plane via APIs. The control plane and hardware also communicate with emerging protocols and APIs like OpenFlow. A related concept is Network Functions Virtualization (NFV), where network capabilities like NATing, firewalling and access controls, and intrusion detection are all decoupled from the hardware, as well, usually in a virtual machine or software-based implementation.

If this all sounds confusing, it can be, so here’s the short version - hardware is a commodity, and all network controls and functions are now software somewhere else. That “somewhere else” is where things get interesting, and make for some compelling pros and cons related to security.

Read More
Check Out the Latest Resources!
  • White Paper Evolve or Die
  • Security Business Review
  • Executive Brief

Subscribe to our newsletter