This Week's Gurus

Identity and Access Management - Use Technology to Reduce Security Risks and to Meet Compliances Do you think that heavily guarded castles with invaluable treasures in them exist only in fairy-tales and history books? Maybe but there are analogies in today’s world—modern day organizations keep their critical technological resources in somewhat similar way—within heavily guarded IT infrastructure with strict access controls.  One will not be get access to such resources unless the organization wants him...

Reviewing your cyber security strategy By Richard Cassidy, Technical Director, UK & EMEA at Alert Logic Cyberattacks are daily news, and yet advanced security and compliance are often not considered as a fundamental requirement when moving critical applications to cloud and hosted environments. Many companies deploy point technologies, such as firewalls, but stop there. This lack of security planning and strategy would halt any bricks and mortar business (e.g. a retail store wouldn’t open without...

How Can Email Security Aid Compliance? By Mike Spykerman, VP of product management, OPSWAT Several industry regulations exist that impose data security requirements on companies, such as HIPAA, Sarbanes-Oxley, as well as EU data protection regulations. These regulations require organizations to restrict employee access to sensitive customer and patient information and keep records private and secure. The Payment Card Industry Data Security Standard (PCI DSS), for instance, requires companies that process credit cards to ensure that credit card data is protected...

3 Critical yet Unaddressed Information Security Challenges in a New Enterprise  Defending a newly established enterprise from high-profile security breaches and potential loopholes is one of the major IT challenges that most of the businesses face today. Probably, the reason behind this is the massive amount of financial losses that incur due to increasing number of security breach incidents detected in the past 12 months, estimated to be about as much as 98% - a...

Time to educate the digital na(t)ives. Each and every day we learn from the news about more or less sophisticated technical hacks that enable minor or major data breaches. In the best cases responsible disclosure models are applied to avoid these hacks to be in the wild at all. Most of the known issues are fixed within a more (e.g. Firefox) or less (e.g. Apple) reasonable timeframe and patched throughout many of the relevant installations....

Breaking Down IT Security Awareness By: Peter Lindley, security researcher, InfoSec Institute It’s an accepted fundamental of IT Security: the weakest point is almost always the user. Most surveys and annual security reports will show that incidents caused by the user will represent the highest percentage by far of those reported or detected. And by the same token, the best “bang for your buck” for security incident prevention is invariably the security awareness program. But...

  Encryption is a Red Herring – Segmentation is the key to Effective Security A new month, a new data breach. This time the Office of Personnel Management (OPM), a major U.S. government agency, had to reveal that on top of an initial breach of 4.2 million personal records, an additional 15 million records may have been compromised, holding detailed background investigations information.  The implications for both compromised employees and the wider government infrastructure are...

 Surrounded by clouds Although cloud computing is still in its first flush of youth, it’s continually evolving at a fast pace and has made a large impact on the modern business – as has its cousin, cloud-based software as a service (SaaS). Many organisations are actively considering adopting the cloud, with Gartner predicting cloud computing as one of the ten strategic technology trends for 2015. Global cloud services spending reached $56.6 billion last year and...

Where to from here? By Graham Williamson, Senior Analyst, KuppingerCole. A recent post by John Dunn about what’s hot, and how long is it going to be hot, got me thinking – how does a security guru decide where to place his/her interest and how do you decide in which area to develop expertise? I’ve met many highly experienced security consultants who are stuck at level 3 in the OSI stack and don’t seem to...

With today’s security risks constantly changing, current web solutions may not be as effective as companies think. Not only do businesses have to compete with other vendors, they also face threats from cyber criminals looking to take advantage of security vulnerabilities they have failed to detect and patch. One answer to cyber threats is continuous monitoring, which is becoming a very popular term, both among security vendors and CISOs. In a constantly changing and hostile...