You realize the overarching benefits of the cloud, but you are a bit wary
regarding the security of any data stored and transacted in these virtualized
environments. But the cost-saving benefits and user preference and resource
delegation of the cloud are such that not integrating some processes,
applications and data is counterproductive to your overall IT strategy. So
you decide that a private cloud is a more secure route that its public
counterpart. But are you really any more secure?
The quick answer is no. But not for the reason you might think. A private
cloud is infrastructure operated solely for a single organization. The only
difference is that your data is segregated from any other organization. And
if that brings you any semblance of peace, then it’s a good investment. It
all depends on your business need. It offers greater control, but means you
While trawling the blogs, feeds and news I came across an analyst’s article
about best security practices in which he kept referring to “the stack.”
And by this, he meant a multitude of various solutions that address certain
security needs and capabilities; everything from email filtering,
firewalling, authenticating, credentialing, logging and intrusion detection,
And, if you read my blogs often enough, you know I am a big proponent of
unified security. However, unified security is not a stack. It is easy to be
confused as both look to utilize best of breed tools to prev... (more)
With all the talk of fiscal cliffs sequestrations, financial binds and
“next year’s budget,” I started thinking about cloud security in more
tangible ways. Specifically returns on investment, economic impact and total
costs of ownership. Just like death and taxes, businesses can add intrusion
and attack to the list of sureties. I can hear CFOs all over the world sigh
in exasperation as they feel pressured to add another expense line item to
minimize the building security threats to their enterprises.
Before you add another decimal place to security budgets, maybe it’s time
you c... (more)
In my experience there are two types of enterprise IT departments: those that
maintain the status quo and those looking to continuously explore and
It is truly unfortunate how many fall into the former category. But the
problem with IT security is that it's an ever-evolving and moving target. So
the decision to not dip your toe in the water and understand all available
options could mean the difference between a panicked 3am call regarding a
breach alert or a good night’s sleep.
I realize this is an over generalization, and oftentimes the decision to
“stay the course”... (more)
Today's is a cautionary tale. One that you've probably heard before, but I
promise a new spin on making sure it won't happen again.
It's a true story. It recently happened to a colleague's friend's business.
But it is not an isolated incident. Because the information is sensitive and
the wounds still raw, I have changed the names to protect the innocent and
It was a dark and stormy night...
Dan is the CEO and CTO of a privately owned business that develops software
tools to manage lease lifecycles and other financial information. His primary
customer is com... (more)