I love sushi. I love big fat burritos. I love tikka masala. So now that my
taste buds are salivating, what do my epicurean preferences have to do with
cloud security? They all come from restaurants I frequent, and nine time out
of 10 I pay for these delights with my credit card. I never thought twice
about it, until I read Tracy Kitten’s article for BankInfoSecurity here: It
details how many restaurants are falling victim to attacks that put their
customer’s credit card information at risk.
After your meal, the bill comes, and most restaurants use some sort of POS
(point of sale system) that tallies your fare. You hand over the credit card
and the waitperson disappears for a bit to process your tab. Now I’m not
going to go into the danger of insider threats and card spoofing by nefarious
servers, but when your card is swiped at the POS machine, it is supposed to
Of all the strategies and tactics available to prevent breaches, deter data
leakage and theft, control access and secure beyond the so-called network
perimeter, the one that is emerging as an achievable and affordable best
practice is that of unified security from the cloud.
But if you look across the web, you will no doubt come across various
versions of what constitutes “unified,” what is “protected,” and,
what is “security from the cloud?” Luckily this means that the concept of
unified security from the cloud is becoming more and more of a best practice.
In general, the pract... (more)
Last month the Federal Financial Institutions Examination Council (FFIEC)
shared an opinion on the viability and security of cloud computing. In the
four-page statement, the interagency body empowered to prescribe uniform
principles, standards, stated that cloud computing is “another form of
outsourcing with the same basic risk characteristics and risk management
requirements as traditional forms of outsourcing.”
What they are offering is a back-handed endorsement of cloud computing with
the caveat that if you perform your due diligence and the solution passes the
security smell... (more)
For all the right reasons, your company has been thinking about deploying
SIEM…to create an alert system when those with less than good intentions
come knocking; to remediate potential network threats; to comply with
federal, state or industry regulations; and identify the risks and
vulnerabilities throughout the enterprise IT infrastructure and architecture.
If you maintain even a modest (SMB -> Fortune 1000) organization that has any
online identity, SIEM should be the cornerstone of your asset protection
First and foremost, SIEM (and to a certain extent log manageme... (more)
Happy holidays to all of you and may the season keep your perimeters
protected, your assets secure and your networks free of nasty little elves!
Twas the night before Christmas
and all through the net
No access was stirring;
No hackers as yet.
Murphy in sales was showing his app
Tweeting and downloading with only a tap
I grumble and moan ‘cause I know it to be.
That his iPhone and iPad was BYOD
Then out on the site there arose such a clatter,
I sprang from the help desk to see what was the matter.
Without my UniSec dashboard, I would not know
If the network alert meant friend or meant fo... (more)