Cloud security concerns are starting to dissolve away as security technology and risk management practices mature in cloud and virtualized environments.
All about Virtualization and Cloud Security | Recent Articles:
As cloud initiatives shift from cost savings efforts to strategic transformations of IT and the business, CISOs are finding that in many ways they need to completely reimagine their security controls to keep up.
Perhaps the poor users have been maligned for all these years after all. Security pundits have long decried enterprise and consumer users' tendency to clickety-click their way right through important security warning screens without ever paying heed to the content of the warning. It's a propensity that leaves their machines vulnerable to misconfigurations, makes them easy targets for dangerous attacks that still require user input to download malicious content and otherwise clears the path for all nature of endpoint-oriented social engineering.
As we head into RSA next month, chances are high that software defined perimeter (SDP) will jockey for position there in the infosec alphabet-soup lexicon. A new piece out this week in the Wall Street Journal shows that a lot of very large enterprises have high hopes for this NIST-backed protocol as security teams struggle in the cloud era to balance management of risk with maintenance of their relevance to the business.
Even the U.S. Department of Defense admits that cloud security worries shouldn't come in the way of cloud business benefits. In a talk given to industry cloud players last week, DoD CIO Terry Halverson detailed some of the agency's cloud initiatives and explained how the agency is trying to drive more data to the cloud under the simple philosophy that different data carries different levels of risk.
As frustrating as it can be for IT leaders and CISOs to struggle with a lack of respect from a CEO and the rest of the C-suite, in many ways they need to look in the mirror to place blame for that situation. As we've discussed in the past here at Business Insights, a lot of the respect issue comes down to ineffective communication.
Back to work, people! It's time for CISOs to dust the holiday cookie crumbs from their lips and stop rubbernecking the proverbial car crash that was the Sony incident. As 2015 kicks off, it’s the perfect time to reevaluate plans and priorities, and maybe even engage in a bit of wishful thinking. As security and risk management professionals start the year, the following items are most likely to hit their wish list for the coming 12 months.
Last year's non-stop parade of breaches showed CEOs and boards how detrimental a lack in security investment can really be to an enterprise's health, let alone their own job security. After all, last year saw the dismissal of Target's CEO following that company's disastrous breach—one of the first very big public firings of a chief executive in the wake of a security incident. And just last month Sony Picture's disastrous hack and subsequent release of sensitive emails to and from executives showed the personal consequences to executives when enterprises don't invest in security—for example, the incident greatly tarnished the personal reputation of studio co-chair Amy Pascal.