Life in the SOC has grown a lot more complicated in the last few years as the major forces of cloud and software-defined networking (SDN) adoption have started to converge on enterprise IT in a very big way.
After several years of peeking through the programming as a very niche topic at RSA Conference, DevOps has broken through to the limelight this week. The show has featured a number of talks and panels that discussed the security implications of DevOps and the corresponding increased dependence on cloud platforms and containerization in delivering IT services.
Another year came and went and the breach statistics were once again smashed by a raft of data compromises and thefts across the private and public sectors. According to the Identity Theft Resource Center, the number of compromised records more than doubled from 2014 to 2015. And Ponemon Institute estimates that the cost of those breaches just keeps rising--6 percent over the past year.
Shadow IT. Just the name runs little shivers up the spines of IT executives—they like to turn it up a notch sometimes and call it rogue IT. Many IT executives look at shadow IT as a disease. It’s scary and risky for end users to go out and get their own SaaS solutions without IT approval or knowledge. It’s even scarier and riskier when the DEV team goes out and spins up a bunch of Amazon instances to essentially stand up an entire shadow data center for some project or other.
The consumer protection pros at the Federal Trade Commission (FTC) have been on high alert over the last decade for breach events that threaten consumer privacy due to the negligence of businesses.
Revelations by security researchers this week are showing just how prevalent malicious advertising, better known as malvertising, has grown on the biggest publishing sites on the web. According to reports out from Black Hat, this year has seen nearly a three-fold
Cloud security concerns are starting to dissolve away as security technology and risk management practices mature in cloud and virtualized environments.
As cloud initiatives shift from cost savings efforts to strategic transformations of IT and the business, CISOs are finding that in many ways they need to completely reimagine their security controls to keep up.
Perhaps the poor users have been maligned for all these years after all. Security pundits have long decried enterprise and consumer users' tendency to clickety-click their way right through important security warning screens without ever paying heed to the content of the warning. It's a propensity that leaves their machines vulnerable to misconfigurations, makes them easy targets for dangerous attacks that still require user input to download malicious content and otherwise clears the path for all nature of endpoint-oriented social engineering.
As we head into RSA next month, chances are high that software defined perimeter (SDP) will jockey for position there in the infosec alphabet-soup lexicon. A new piece out this week in the Wall Street Journal shows that a lot of very large enterprises have high hopes for this NIST-backed protocol as security teams struggle in the cloud era to balance management of risk with maintenance of their relevance to the business.
Even the U.S. Department of Defense admits that cloud security worries shouldn't come in the way of cloud business benefits. In a talk given to industry cloud players last week, DoD CIO Terry Halverson detailed some of the agency's cloud initiatives and explained how the agency is trying to drive more data to the cloud under the simple philosophy that different data carries different levels of risk.
As frustrating as it can be for IT leaders and CISOs to struggle with a lack of respect from a CEO and the rest of the C-suite, in many ways they need to look in the mirror to place blame for that situation. As we've discussed in the past here at Business Insights, a lot of the respect issue comes down to ineffective communication.
