Welcome!

The Sky is No Longer the Limit: Thoughts from the Cloud

Kevin Nikkhoo

Subscribe to Kevin Nikkhoo: eMailAlertsEmail Alerts
Get Kevin Nikkhoo via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Kevin Nikkhoo

Today's is a cautionary tale. One that you've probably heard before, but I promise a new spin on making sure it won't happen again. It's a true story. It recently happened to a colleague's friend's business. But it is not an isolated incident. Because the information is sensitive and the wounds still raw, I have changed the names to protect the innocent and the not-so-innocent. It was a dark and stormy night... Dan is the  CEO and CTO of a privately owned business that develops software tools to manage lease lifecycles and other financial information. His primary customer is commercial real estate agencies across the country. For the past 12 years, it has been highly successful despite some of the economic battering the housing market took over the past several years. The company clears somewhere in the neighborhood of 30-50 million per year. He employs about 150 p... (more)

So, Just What Is REACT? And How Does It Change Security Strategies?

Last month, I published an article about a new unified security platform called REACT (Realtime Event & Access Correlation Technology).  All in all, it received some very positive notices, but also raised some questions as to what exactly the platform is, and why it should matter. Simply put, REACT is an approach whereby an organization leverages the capabilities of several security solutions into one central correlated repository of security intelligence. For instance, key information from an Access Management tool (such as SaaS SSO logins or views of/modifications on/additions... (more)

Attacks from Within

So much is written about the events outside your perimeter; those nefarious and shadowy individuals and offshore syndicates who are looking to steal technology or personal data or piggyback on your servers to peddle everything from pirated products to pornography, implant botnets or viruses, or simply to create corporate chaos. With all that weighing on our collective IT asset protection strategies, it is easy to miss what a new Carnegie Mellon report is pointing to as one of the fastest growing threats…insider breaches. Even KPMG says this threat has tripled since 2007. They co... (more)

Risk versus Threat

I was chatting with an IT professional about the benefits of cloud-based security and he kept referring to a recent risk assessment he performed. (And if you haven’t done this lately, you should) But what got the gears in my head turning is how interchangeably he used the terms “risk” and “threat.” Now on the surface they seem like the same component of security management. I tend to disagree. In its simplest of terms, risk the probability or frequency of doing harm while threat is the actual or attempted infliction of that harm. Tomato, tomahto? Splitting hairs? It’s all about ... (more)

If a Tree Falls in Your Network, Does Anybody Hear?

I recently came across an article regarding the difficulty of separating log data from actionable events. The issue at hand is a network is pinged potentially millions of times a day. Most of it innocuous-the legitimate log on and off of employees, genuine transactions of data, etc… But what gets lost amidst all this “white noise,” are the red flags that indicate breaches or worse malicious activities. It can be overwhelming. In fact, the article Struggling to Make Sense of Log Data, points out a study by the SANS Institute that the biggest critical concern for security is the a... (more)