Security Web

Deciding Whom to Trust

2013-05-20T13:10:00Z

Investing in the right security technology ought to be a no-brainer, yet still not every organization does. There are plenty of stories out there that illustrate what happens when you don’t invest in the right security technology for the particular circumstances. Identity management is one of the cornerstones of a well-organised corporate security system. Among the first issues is deciding how to determine identity – and it’s been a long time since you’ve been able to do that...(read more)

How Does Cloud Affect the Relationship Between IT and the Business?

2013-05-16T16:22:00Z

When cloud computing first emerged, fears started to grow among IT staff that it would affect their jobs as a result of the business outsourcing functions that currently lay within their remit. That worry undoubtedly still exists but the picture isn’t as simple as ‘cloud computing equals job losses’. Organisations are not going to throw out years of investment in software and hardware until they have fully exploited those assets, until the move shows a positive ROI. They’re...(read more)

True Cloud Security Requires Balance

2013-05-15T15:34:00Z

Whether it’s lifestyle or investing, taking the balanced approach often provides the best results. The same can said for cloud security. Cloud is popular because it offers flexibility of resources (including people), allows new ways to conduct business (especially collaboration) and a way to sidestep capital costs when it gets in the way of innovation. So it was of interest to observe Sophie Vanhegan take such a hard stand on how to manage risk in the cloud in HR Magazine. Somehow, Sophie seems...(read more)

Can Compliance Provide Good Enough Security?

2013-05-06T14:10:00Z

Compliance with legislation is mandatory for a company planning to operate in a particular territory – this includes supra-national organisations such as the EU . However, compliance with security legislation is often complex and usually expensive, involving as it does an investment in a range of technologies and processes. Further, this check-box approach to meet the specifics of legislation such as PCI-DSS, SOX or HIPAA is rarely enough. For example, PCI-DSS mandates that logs be retained...(read more)

Is BYOD Now a Done Deal?

2013-05-01T14:22:00Z

We like to think of Bring Your Own Device (BYOD) as a new phenomenon but nothing could be further from the truth. In the 1980s when the PC was introduced, employees started buying them on departmental budgets and running spreadsheets because of the difficulty of getting time on the corporate mainframe. Those were the days when IT had complete control over both workplace technology purchasing and access to it. Results from submitted jobs could take weeks to arrive – and if there was a mistake...(read more)

Who Needs Identity Infrastructure Anymore?

2013-04-22T16:52:00Z

In some ways—the identity and access management world is more abstract than art nowadays. Identity and access management are mostly services, not hardware devices. Sure - all those services are still running on hardware somewhere - no matter how "virtualized" or "cloud-based" they become. There is no ghost without the machine . But really - when's the last time you actually physically touched a server to manage an identity? Exactly where is your directory in your data...(read more)

Consumer Cloud Services Have Gained a Poor Reputation for Security. Is it Justified?

2013-04-17T19:02:00Z

For most consumers, Dropbox has established itself as the go-to name for online storage. It’s fast to set up, easy to use, and is cross-platform. What’s not to like? For IT admins, cloud services aimed at consumers fall short in many areas, despite some services including features such as collaboration, activity monitoring and control of file permissions. NetIQ’s recent global survey shows that 69% of IT folk believe that consumer cloud services pose a risk to data in their organisations...(read more)

Security Via End-User Education: Does it Work?

2013-04-10T16:01:00Z

It’s long been a tenet of IT security that while technology is a critical element of the battle to keep the bad guys out, education of end users is just as important. Looked at holistically, it is clear that, the more people working for and with an organisation are aware that their behaviour can increase security risks, the better security will be. In other words, the greater the awareness, the more effective security becomes. As an example, phishing is a typical hacker tactic based around...(read more)

Sometimes SIEM Needs A Helping Hand

2013-04-09T13:22:00Z

According to a recent survey , if you are a security professional counting on a Security Information and Event Management (SIEM) solution to protect your critical assets from nefarious hackers, state-sponsored exploits or the inadvertent missteps of an eager new employee, you may not be as enthusiastic as you once were about your SIEM. Just look at a few of the key statistics from the survey: 31 percent of the 191 IT pros interviewed for the survey said they'd ditch their SIEMs if they could...(read more)

How Will the Cloud Affect Mobile Data Security?

2013-04-08T13:42:00Z

Employee-owned devices – also known as BYOD – are quickly becoming the norm in most businesses. Not only does BYOD lead to greater employee satisfaction, it can reduce the hardware, support and maintenance bills and improve recruitment, as people increasingly expect to be able to use the latest technology – in other words, their own – which IT departments are often not in a position to provide. Locating the data that these devices use for employees to do their jobs in the...(read more)

Building a Cloud-Ready Security Program

2013-03-23T01:54:00Z

on Wednesday, I had the pleasure of presenting at ISACA's Enterprise Risk Management: Provide Security from CyberThreats virtual conference on Building a Cloud-Ready Security Program. I talked about the Cloud, about the ways that cloud makes your world complex and some things you can control. Here, I'll go over a few points that will help you build a cloud-ready security program and you can grab my deck from Slideshare . We are at a cross-road. There are new threats from hacktivism, from...(read more)

Do you Dare Identify your Customers the Social Way?

2013-03-20T15:18:00Z

Every business knows that bringing in new customers is expensive. I recall reading Donna Fenn's article in Inc. , that stated that obtaining new customers can be 5 to 10 times more expensive than money spent keeping your current ones. So it’s no surprise to that businesses are getting creative in finding ways to increase their level of brand loyalty with their customers, as well as enable deeper interactions (purchases or otherwise) with them. There’s no reason why loyalty programs...(read more)

Controlling the Keys to the IT Kingdom: How to Give Proper Administrative Access

2013-03-08T20:32:00Z

Security in the past was so much simpler. You built a big wall around your city, put in a few heavily fortified gates and then controlled who went in and out of those gates. It all smacks of knights in shining armor and damsels in distress. It's romantic, fantastical, and ultimately a fairy-tale. However, in many ways, the old-fashioned paradigm for security still holds in the IT world. Firewalls and intrusion detection/prevention software are all very nice. They do a great job of keeping many...(read more)

Is your B2C Web experience inviting, or presumptive and intrusive?

2012-12-20T19:09:00Z

Are you one of those organizations who still expect your visitors to manually fill out a form so they can learn more about you or what you offer? Just so you can populate your customer/prospect database? Or do you leverage their social identity? While social ID doesn’t cut it for high trust transactions, they’re the right level of identification experience for early introductions. In fact, you could argue that gathering identity information about a contact is quite like a face to face...(read more)

Dynamic Access Control: Is It “The Thing” or Your Friend?

2012-12-11T17:26:00Z

I'll admit it. I'm a sci-fi geek. If a story or movie has flying saucers, aliens, or space battles-I've probably read it or seen it. I remember being particularly spooked by the classic 1951 film The Thing from Another World based on a 1938 short story "Who Goes There?" What I didn't guess was that a classic sci-fi story nearly eighty years old could apply to Microsoft access control today. For those of you who don't know the tale - it's about an alien spaceship...(read more)