Last month the Federal Financial Institutions Examination Council (FFIEC)
shared an opinion on the viability and security of cloud computing. In the
four-page statement, the interagency body empowered to prescribe uniform
principles, standards, stated that cloud computing is “another form of
outsourcing with the same basic risk characteristics and risk management
requirements as traditional forms of outsourcing.”
What they are offering is a back-handed endorsement of cloud computing with
the caveat that if you perform your due diligence and the solution passes the
security smell test, there is no reason why a financial institution cannot
enjoy the full scope of cloud based benefits.
Like most other industries on the planet, banks, credit unions, investment
brokerages, hedge funds, title and mortgage companies, credit card
enterprises outsource certain parts of thei... (more)
In my experience there are two types of enterprise IT departments: those that
maintain the status quo and those looking to continuously explore and
It is truly unfortunate how many fall into the former category. But the
problem with IT security is that it's an ever-evolving and moving target. So
the decision to not dip your toe in the water and understand all available
options could mean the difference between a panicked 3am call regarding a
breach alert or a good night’s sleep.
I realize this is an over generalization, and oftentimes the decision to
“stay the course”... (more)
Today's is a cautionary tale. One that you've probably heard before, but I
promise a new spin on making sure it won't happen again.
It's a true story. It recently happened to a colleague's friend's business.
But it is not an isolated incident. Because the information is sensitive and
the wounds still raw, I have changed the names to protect the innocent and
It was a dark and stormy night...
Dan is the CEO and CTO of a privately owned business that develops software
tools to manage lease lifecycles and other financial information. His primary
customer is com... (more)
The biggest eye-opener in Gartner's recently-published study on the current
agenda regarding the digital landscape for Chief Information Officers is that
CIO’s recognize that cloud computing will not only be a significant part of
the future, but that their own roles and behavior need to be updated to
survive in the modern enterprise.
“CIOs will have to develop new IT strategies and plans that go beyond the
usual day-to-day maintenance of an enterprise IT infrastructure….
technologies provide a platform to achieve results, but only if CIOs adopt
new roles and behaviors to find di... (more)
One byte at a time.
Now before you roll your eyes at my stupid pun, consider the deeper wisdom to
this IT twist on an very old adage.
Security is big. It encompasses a great many definitions, confronts a great
many issues and is addressed through a great many solutions using a great
many formats. For many organizations, it can be an overwhelming proposition.
Beyond the issues of data defense, regulatory compliance, traffic management,
identity regulation, archiving, reporting, access control, intrusion
detection, encryption, app administration, help desk assistance, there is the ... (more)