As virtualization adoption grows, organizations are becoming more attuned to the need to properly configure and lock down virtualization. Virtualization is a complex technology with many facets, and there are numerous types of controls that can be implemented to secure these assets. Most security teams are still developing internal policies and processes to define how virtual infrastructure should be enabled and maintained.
As frustrating as it can be for IT leaders and CISOs to struggle with a lack of respect from a CEO and the rest of the C-suite, in many ways they need to look in the mirror to place blame for that situation. As we've discussed in the past here at Business Insights, a lot of the respect issue comes down to ineffective communication.
When it comes to security vulnerabilities and threats, you might not think about the media and entertainment industry in the same way you’d consider, say, financial services, healthcare and retail. Companies in these latter industries handle a lot of personally identifiable customer information or present potentially attractive financial targets for hackers.
Back to work, people! It's time for CISOs to dust the holiday cookie crumbs from their lips and stop rubbernecking the proverbial car crash that was the Sony incident. As 2015 kicks off, it’s the perfect time to reevaluate plans and priorities, and maybe even engage in a bit of wishful thinking. As security and risk management professionals start the year, the following items are most likely to hit their wish list for the coming 12 months.
In my last post, I explored the idea of improving information security with virtualization technology, namely in the areas of inventory and configuration management. These are likely the most visible and applicable places for “crossover” improvement, affecting both security and IT operations.
Last year's non-stop parade of breaches showed CEOs and boards how detrimental a lack in security investment can really be to an enterprise's health, let alone their own job security. After all, last year saw the dismissal of Target's CEO following that company's disastrous breach—one of the first very big public firings of a chief executive in the wake of a security incident. And just last month Sony Picture's disastrous hack and subsequent release of sensitive emails to and from executives showed the personal consequences to executives when enterprises don't invest in security—for example, the incident greatly tarnished the personal reputation of studio co-chair Amy Pascal.
When you hear about the types of organizations that make it a high priority to build a strong information security strategy, healthcare institutions often come up. And why shouldn’t they?
Keeping patients’ data secure and private is vital to maintaining their trust, and it’s also mandated by regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act.
It is no secret virtualization technology is changing the datacenter landscape. The agility, flexibility, and overall operational benefits are myriad, and conversations about the return on investment in virtualization have, for the most part, long-since been concluded. However, as with many wide changes in computing, conversations about security implications tend to lag behind. For security professionals, increasing agility can also mean introducing new areas of concern; agility can create fragility.
