Opinions & Analysis

A few months ago we marked three years since the European Union Data Protection Directive was announced and in this writer’s opinion, it’s time for “A little less conversation a little more action”.   This week I attended a roundtable hosted by Fujitsu, whose information assurance consultant John Alcock said that despite it still being two years away, it was time to consider it and it is something that he sees that security people want...

A tweet from a good friend of mine really summed up the situation in the US Goverment relating to the email of former First Lady and Secretary of State Hillary Clinton. Conference speaker and all round good security guy Jerry Gamblin said: “Hillary Clinton was just working around what she saw as inefficient IT policies. Shadow IT is a huge security risk for every company.” The world has apparently been shocked by the news that...

It was a case of another month, another flaw revelation this week. Although we have seen zero-days in 2015 primarily affecting Adobe's Flash software, this week a story picked up from the great threats of 2014 with 2015's FREAK. The “Factoring attack on RSA-EXPORT Keys” flaw uses an encryption protocol from the early 1990s to intercept vulnerable clients and servers, and force them to use ‘export-grade’ cryptography, which can then be decrypted. Matthew Green, cryptographer and...

In our recent article about endpoint security “getting its sexy back”, one point that Neil Campbell, general manager for security at Dimension Data made, which I decided not to include, was about the future of SIEM. He said: “At the moment, security incident and event management (SIEM) technology is about reporting and not control, and it needs to expand to control and remediation or the point players will disappear as they are looking for security...

In the second and final day here at the Trust in the Digital World conference in Madrid, I have attended a panel debate on the subject of E-Health. With speakers from SAP, ATOS and hospitals in Spain, the concept was mostly on sharing anonymised data for the benefit of research and action, whilst keeping the patient data private. Chair Volkmar Lutz, head of applied research at SAP, said that the view of the sector is that...

For the first of this series of blogs, I want to focus on the timely concept of trust. Timely for the timing of my travelling from the conference Trust in the Digital World, timely as last week saw the announcement of research that CEOs see cyber security as a third priority, whilst news breaks that some laptop models contained suspicious software that some said was spying on users, and whilst NSA whistle blower Edward Snowden...

It’s no secret that the data centre industry is evolving rapidly. Large scale, inflexible and expensive physical hosting solutions are no longer common thanks to virtualisation and we’ve all bought into cloud – so today’s forward thinkers are now looking to the Software Defined Data Centre (SDDC) to further transform the way they utilise data resources. This change presents its own interesting challenges for security and SDDC, users need to be aware of the virtues,...

Following their discussion yesterday on managing a security team and infrastructure on a shoestring, the second part of the discussion focused more on the spending by Sony Pictures.   Inspired by the story that Sony Pictures plans to spend $15 million on better cyber security after major attacks hit it in both 2011 and 2014, where attackers made off with personal details in both attacks, I tasked two security professionals to discuss this.   After...

Following the publication of a recent article regarding Sony spending $15 million on cyber security defences, I got into a conversation with two professionals on securing a business on a much smaller budget.   That conversation initially took place on Twitter, and I tasked the two men involved, Coalfire European managing director Andrew Barratt and Gary Smith, a senior security professional within financial services, to discuss this.   I began by asking them if it...

It’s been just a few weeks since Anthem held its hands up and confirmed it had fallen victim to a cyber attack. According to reports, the incident is the largest data breach ever to hit the US health care sector, with as many as 80 million current and former Anthem customer records affected. As reported by IT Security Guru earlier this week, investigators now believe the hackers somehow compromised the credentials of five different tech...