Of all the strategies and tactics available to prevent breaches, deter data
leakage and theft, control access and secure beyond the so-called network
perimeter, the one that is emerging as an achievable and affordable best
practice is that of unified security from the cloud.
But if you look across the web, you will no doubt come across various
versions of what constitutes “unified,” what is “protected,” and,
what is “security from the cloud?” Luckily this means that the concept of
unified security from the cloud is becoming more and more of a best practice.
In general, the practice of unified security is the centralization of all
security functions under one umbrella across the enterprise. This means more
than ensuring data encryption. It means more than access policies. It means
more than intrusion detection, malware blocking, data review. It’s more
than ensuring ... (more)
The modern enterprise is a fluid entity. As an IT construct it expands and
contracts (sometimes simultaneously), and many of the moving parts (like
users and applications) are themselves evolving and changing. This creates
unique challenges in operational efficiencies, core competency support,
compliance observance and risk management. The central theme to all these
challenges is establishing and maintaining control of applications which
serve as gateways to all the valuable data (personal, trade secrets and other
IP) on which an enterprise exists. Many companies have turned to ... (more)
For all the right reasons, your company has been thinking about deploying
SIEM…to create an alert system when those with less than good intentions
come knocking; to remediate potential network threats; to comply with
federal, state or industry regulations; and identify the risks and
vulnerabilities throughout the enterprise IT infrastructure and architecture.
If you maintain even a modest (SMB -> Fortune 1000) organization that has any
online identity, SIEM should be the cornerstone of your asset protection
First and foremost, SIEM (and to a certain extent log manageme... (more)
Today's is a cautionary tale. One that you've probably heard before, but I
promise a new spin on making sure it won't happen again.
It's a true story. It recently happened to a colleague's friend's business.
But it is not an isolated incident. Because the information is sensitive and
the wounds still raw, I have changed the names to protect the innocent and
It was a dark and stormy night...
Dan is the CEO and CTO of a privately owned business that develops software
tools to manage lease lifecycles and other financial information. His primary
customer is com... (more)
“The ‘how’ may change, but the ‘what’ is fundamental to risk
I heard these sage words at a recent ISSA (Information Systems Security
Association) meeting from a CIO speaking about security from the cloud.
He continued, “Risk is not unique to the cloud. It experiences the same
issues that affect any outsourcing or third party deliverable. It is bounded
by the same concerns regarding governance—does it meet the requirements of
my industry? Is my data free from co-mingling? Are the proper notification
protocols in place?”
Do a Google search on “cloud security” and the ... (more)