4 key application development service provider capabilities Posted on July 5, 2012 by Tim Burke When it comes to developing applications, finding an application development service provider who has mastered the development lifecycle is, of course, critical. But it’s not the whole story. You also need a provider who has these four capabilities: Continue reading →
What Cloud Computing can deliver — Part 2, on better security and compliance Posted on May 17, 2012 by Tim Burke The centralization of apps, data, and management that’s an essential part of well-conceived and well-managed Cloud environments also helps make them more secure. Why? Because security policy is easier to enforce, threats to apps and data are easier to detect and address. Since Cloud data and apps are centralized in a data center, it’s actually easier (as compared to traditional siloed IT infrastructures) to establish effective security policy, monitor compliance, and intervene quickly and often preventatively when there are issues Continue reading →
What DLP can do: Policing your sensitive data Posted on April 23, 2012 by Tim Burke The data discovery and identification aspect of data loss prevention (DLP) capability is just the beginning. Once you know what data you have and where it lives, you’re finally in a position to accomplish two crucial things: Continue reading →
How to Create a Strategy to Deploy an Effective DLP Service Posted on April 19, 2012 by Tim Burke Data loss prevention (DLP) is a powerful security tool. So powerful that it’s tempting to try a broad, pervasive implementation. But this can backfire into a flood of false alerts — unless you first think through your DLP strategy: Continue reading →
When threats come from the inside Posted on April 10, 2012 by Tim Burke Don’t underestimate the threat to your business posed by insider data theft. The risk is real and you are not being paranoid if you worry about it. Consider, for instance, these disturbing factoids from a Symantec-sponsored 2011 study ominously entitled Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall, which closely examined 50 insider thefts: Continue reading →
Beware of FUD Posted on April 5, 2012 by Tim Burke Combine Fear, Uncertainty, and Doubt — and you get FUD, which has been on my mind lately because it so often involves attempts to thwart adoption of newly-emerging, better solutions. Consider these two tales of FUD: The first tale, from the late 1880s, is often referred to as the War of Currents. It’s about a powerful group of direct current (DC) supporters who fought fiercely against the new, more cost-effective alternating current (AC) with a range of FUD stunts, from electrocuting animals to building the first electric chair. DC’s supporters eventually lost — because FUD can slow, but not stop, real progress. Continue reading →
Corporate data loss: How bad is it? (Part 2 of 2) Posted on April 3, 2012 by Tim Burke “We have spent over 12 years building our reputation and trust; it is painful to see us take so many steps back due to a single incident.” —Tony Hsieh, CEO, Zappos, after the company suffered a data breach in which 24 million customer records were stolen Continue reading →
Corporate data loss: How bad is it? (Part 1 of 2) Posted on March 29, 2012 by Tim Burke In the wrong hands, the sensitive data your business depends on becomes a weapon wielded against it. And it’s happening more often every day. Reports of intellectual property theft and hacktivism abound, and 2011 has been widely described as “the year of the data breach.” It’s not hard to see why. In 2011 alone, according to the nonprofit Online Trust Alliance, 126 million data records were compromised in the United States. Continue reading →
Security holes that’ll keep you up at night: Sensitive data in the cloud Posted on March 22, 2012 by Tim Burke Cloud computing that involves processing sensitive or regulated data in shared environments needs extra scrutiny in terms of security (as well as codifying requirements, defining a cloud services contract, managing the transition from in-house to cloud, and overseeing the resulting mixed IT environment). Cloud security is at risk when… You don’t have an adequate cloud-oriented governance/risk/compliance framework, The hypervisors in your virtualized infrastructure harbor vulnerabilities that can be exploited, It’s possible to infer information about one virtual machine by observing the state of the shared system from another aspect of the underlying system — which might enable malicious code execution, or When vulnerabilities are introduced by incorrect configuration of a hypervisor and/or its related tools. Continue reading →
Security holes that’ll keep you up at night: Insecure virtual machine deployment Posted on March 20, 2012 by Tim Burke Rare is the information technology professional these days who doesn’t understand the prodigious efficiencies and savings that can be derived from virtualization. Yet, too often virtual machines are deployed insecurely. One Gartner analyst has estimated that 60% of virtualized servers will be less secure than the physical servers they replace. That’s because too often virtualization projects tend to be developed and deployed without considering security. This can result in vulnerabilities that enable bad guys to compromise the hypervisor/ virtualization layer (e.g., DoS attacks), which can spread to all hosted workloads. Continue reading →
