Welcome!

The Sky is No Longer the Limit: Thoughts from the Cloud

Kevin Nikkhoo

Subscribe to Kevin Nikkhoo: eMailAlertsEmail Alerts
Get Kevin Nikkhoo via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Kevin Nikkhoo

There was a time the only security issues retailers needed to be concerned with was theft. Put a guard in the store and a couple of video cameras and prevent as much loss as possible. Those days are long gone. The overall security of a retail organization has grown increasingly complex. The smash and grab has been supplanted by the hack and breach.   A retailer’s IT environment is at as much risk as the product on the retail shelf. Every year hundreds of retailers fall victim to electronic intrusion. Ask Raley’s, Zaxby’s, Mapco, Michaels’s and dozens of retailers about how their POS and other exposed systems were not only breached, but cost them untold millions of dollars in stolen customer credit cards, abused sensitive data, and reparations and fines. But if you ask, most of the named companies and the hundreds and hundreds of others attest that they apply a vari... (more)

FFIEC's Recognition of Cloud Security Advantages

Last month the Federal Financial Institutions Examination Council (FFIEC) shared an opinion on the viability and security of cloud computing. In the four-page statement, the interagency body empowered to prescribe uniform principles, standards, stated that cloud computing is “another form of outsourcing with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing.” What they are offering is a back-handed endorsement of cloud computing with the caveat that if you perform your due diligence and the solution passes the security smell... (more)

PCI Compliance for Retailers from the Cloud Perspective

One of the key drivers to IT security investment is compliance. Several industries are bound by various mandates that require certain transparencies and security features. They are designed to mitigate aspects of risk including maintaining the sacrosanctity of customer information, financial data and other proprietary information. One such affected vertical is retail. No matter if you’re Wal-Mart or Nana’s Knitted Kittens, if you store customer information; if you process payments using customer’s credit cards, you are required by law to comply with a variety of security standar... (more)

Beyond Intrusion Detection: Eight Best Practices for Cloud SIEM Deployment

For all the right reasons, your company has been thinking about deploying SIEM…to create an alert system when those with less than good intentions come knocking; to remediate potential network threats; to comply with federal, state or industry regulations; and identify the risks and vulnerabilities throughout the enterprise IT infrastructure and architecture. If you maintain even a modest (SMB -> Fortune 1000) organization that has any online identity, SIEM should be the cornerstone of your asset protection strategy. First and foremost, SIEM (and to a certain extent log manageme... (more)

Governance Must Drive All Security Initiatives... Even Cloud

“The ‘how’ may change, but the ‘what’ is fundamental to risk management.” I heard these sage words at a recent ISSA (Information Systems Security Association) meeting from a CIO speaking about security from the cloud. He continued, “Risk is not unique to the cloud. It experiences the same issues that affect any outsourcing or third party deliverable. It is bounded by the same concerns regarding governance—does it meet the requirements of my industry? Is my data free from co-mingling? Are the proper notification protocols in place?” Do a Google search on “cloud security” and the ... (more)