In this final installment in our series on security issues and vulnerabilities in a variety of industries, we look at cloud service providers. While this might not be an “industry” in the same sense as financial services, healthcare, transportation and retail, it is an increasingly important area of commerce as more enterprises move applications and data into the cloud.
Many insurance companies are offering coverage for data breaches, and indeed a growing number of organizations are purchasing this type of insurance as hacker attacks become more common.
Data breach or cyber insurance policies are becoming a more vital component of organizations’ preparedness plans, according to a 2014 report by the Ponemon Institute.
In the first post of this two-part series, I described security guidance regimes and tools while focusing on VMware. In this part, I extend the conversation to include Citrix and Microsoft, and provide some advice that is applicable across platforms.
Citrix distributes a “User Security Guide” that has valuable security information for configuring the platform, but is not a benchmark suitable for audit purposes.
Telecommunications is one of those industries that many people take for granted—until service is interrupted for one reason or another. We’re accustomed to being connected, whether it’s through our mobile devices or landline phones at home or in the office.
Businesses as well as consumers are highly dependent on telecom companies and the communications infrastructure they provide, and if their operations are down for any length of time, it wreaks havoc. That’s why the cost of a security breach at telecom’s are high.
Not long ago, I presented a webinar on BrightTalk about cloud and BYOD (Bring Your Own Device). In it I discuss how users have myriad options that are outside the control of IT groups – shadow IT. That end-users are using applications powered by public cloud computing isn’t surprising. Most of us, at one point or another, have used web mail to move a file, Evernote to jot-down thoughts, or DropBox to share files.
Even the U.S. Department of Defense admits that cloud security worries shouldn't come in the way of cloud business benefits. In a talk given to industry cloud players last week, DoD CIO Terry Halverson detailed some of the agency's cloud initiatives and explained how the agency is trying to drive more data to the cloud under the simple philosophy that different data carries different levels of risk.
Anthem, one of the largest health insurers in The United States, has announced they have been breached. The company has created the web site http://www.anthemfacts.com/ giving a brief outline of events. While short on details, the Anthem notes, “Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised."
