Welcome!


From the Blogosphere

Mobile testing is getting harder: more devices, multiple operating systems, higher quality expectations and shorter development cycles. In his session at DevOps Summit, Tom Chavez, Senior Evangelist at SOASTA, will discuss the seven steps to improving your mobile testing process. To...
Disaster Recovery isn’t a new concept for IT folks. We’ve been backing up data for years to offsite locations, and used in-house data duplication in order to prevent the risks of losing data stores. But now that cloud adoption has increased, there have been some shifts in how tradition...
Cloud security is at the top of every CIO’s list. It is also the first subject that comes up when you engage in a discussion about the cloud. For those of us who followed the recent Ashley Madison story (from a tech perspective), you would agree that while the breach happened for so ma...
In 2011, then United States CIO Vivek Kundra released the US Federal Cloud Computing Strategy [1]. In the executive summary he pointed to cloud computing as a key component of the US Federal Government’s information technology modernization efforts: “Cloud computing has the potential ...
One of the great challenges of cloud computing is the seemingly endless possibilities it provides. Yes, you read that right. The perceived infiniteness of the cloud is both an asset and a challenge, especially when it comes to the healthcare industry. With its strict regulations rega...
In 2011 the US Federal Government issued a Cloud First policy mandating that agencies take full advantage of cloud computing benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost. Cloud computing is a design style that allows for effici...
As a class of business, IT providers may be hip to risk as a matter of course, but they aren’t exempt from the rules of the game and, given their special position in the information security ecosystem, attacks directed their way can be enormously consequential. Hacking doesn't happe...
After the deluge of data breaches in 2014 and more emerging every day, security is without a doubt a top strategic initiative for just about every enterprise in 2015. Along with top-notch security, it is imperative for organizations – particularly cloud-driven ones – to also have leadi...
Ski helmets, seat belts, and encryption. What comes to your mind when you read these words? You may immediately think “safety,” and you’d be right, but how about “speed enablers”? At first blush, that may not be the first concept that comes to mind, but there’s a pretty compelling c...
Many organizations’ virtualization strategies begin and end with deploying VMware vSphere or Microsoft Hyper-V to virtualize as many servers as possible. But there’s so much more that an enterprise can do to extend the benefits of virtualization. In addition to virtualizing, a workflow...
One of the first considerations that IT managers struggle with is how to handle security and compliance. Both security and compliance are aspects of a larger, more strategic concern: governance. Governance essentially represents a set of processes for creating, communicating, and enfor...
‘FDA tells hospitals to stop using a pump that is vulnerable to hackers.’.This headline was all over the internet and news this weekend, with the pump in question being a medical infusion pump that automatically administers dosages of medication to patients in a hospital. A vulnerabili...
It seems like every time I write a blog, a new breach has occurred (for an up-to-date look at local, state and federal breaches I suggest you periodically review the Identity Theft Resource Center’s running list). Since I last penned a post, we’ve seen breaches of the Mayo Clinic, Citi...
Most home security systems have a panic button - if you hear something go bump in the night you can push a panic button to starts the sirens wailing, call the cops and hopefully sends the bad guys scurrying. As useful as this is for home owners, enterprises need a security panic button...
The majority of an organization’s revenues are dependent on suppliers, distributors and other third parties. But as Benjamin M. Lawsky, New York State’s Superintendent of Financial Services, points out: “Unfortunately, those third-party firms can provide a back-door entrance to hackers...
Picking up a newspaper and turning on the TV, one is instantly confronted with news of yet another cyber hack. With cyber attacks headlining the news, millions of people are concerned with whether their personal information has been breached. These attacks are becoming more and more so...
Recent unauthorized access to a U.S. government database led to thecompromise of information on at least 21.5 million individuals. This massive background investigation data breach also compromised usernames, passwords, mental health records and financial information. Although a securi...
Do the ‘darker’ channels and means that exist for searching the web in anonymity ultimately spell doom for the wider march towards open data? So-called ‘open data’ is supposed to be an instrument for breaking down information gaps across industries and letting companies share benchmar...
SYS-CON Events announced today that Logz.io has been named a “Bronze Sponsor” of SYS-CON's @DevOpsSummit Silicon Valley, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Logz.io provides open-source software ELK turned into a log analy...
It's been three years since I compared medieval security to web security, and a few things have happened. Mobile and wireless have evolved as the dominant platforms, while the life between personal computing and business computing has continued to fray. And, of course, thanks to web se...
Brand owners are caught in a digital crossfire. From one direction comes intense competitive pressure to innovate or to at least follow very, very quickly. From the precisely opposite direction comes the potentially existential threat of an app very publicly flopping or – even worse –...
The cyber security, resiliency and accountability of IT systems at financial services organizations is rarely out of national headlines. Firms that operate in the financial space hold extremely sensitive data, so therefore attackers usually consider the effort and risk of attacking th...
The Federal Government’s “Cloud First” policy mandates that agencies take full advantage of cloud computing benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost. The Federal Risk and Authorization Management Program (FedRAMP) is a mand...
I spent a few days in New York City last week attending a couple of meetups, including speaking at a New York City Web Performance Meetup on Thursday night. I had several great conversations around real user monitoring, data science and analytics, and, of course, testing in production ...
A recent purchase of mine was a 2015 Jeep. Until now, I thought it was a safe and reliable car, but that is not the case anymore. As technology advances and cars become smarter and more technologically savvy, they become another target for hackers. Imagine speeding down the highway,...
Access is everything. It is the fundamental pillar that determines whether critical enterprise assets are safe or exposed. Knowing the answers to the questions of who is accessing what, where they are accessing that information from, why they are accessing that information and, finally...
Here at the XebiaLabs we care a lot about quality. That means we have to do a lot of testing for our products. Since we have a relatively small development team, and a code base that grows rapidly, that means we have to automate our tests. To get an impression, for XL Deploy, we have a...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. ...
Today’s case of Ashley Madison getting hacked and literally being kept at ransom is a classic case of something not very new, but something we need to take a look at with a fresh set of eyes. It’s not all the trouble all their customers will get into that I’m talking about, but the mer...
It’s easy to invent additional C-suite job title designations. We might conjure up Chief Data Analytics-Insight Officer (CDAIO - pronounced “see-day-oh”) for example. Equally, we can see that the role of the CIO quickly gained additional layers some time ago – and we now see the CSO (...
Software-Defined Networking (SDN) is one of the most interesting developments in networking to emerge in the last decade. The potential to establish a simplified infrastructure and leverage software to dynamically modify existing flow characteristics has the potential to address many c...
Cyber warfare is not a futuristic theory being discussed on one of the military channels by some obscure software architect anymore. It is a common occurrence in today’s global economy and it appears some are trying to test the electronic defenses we have set up on the Internet. The q...
The concept of "shifting left" for appropriate IT concerns is growing. The notion is basically to shift more into the app dev delivery pipeline functions that, when applied earlier, can result in greater stability and security of the resulting code. Security is one of those functions t...
The cloud isn’t a fad. Businesses that don’t make the move are falling behind the competition. According to a recent ComputerWorld study, more than 40% of IT executives said that their organizations will spend more on Software as a Service (SaaS) and a mix of public, private hybrid and...
Carl Bradley, U.S. Navy (Ret.), is a Cyber Security Consultant, Information Assurance & IT Security Consulting & Intelligence Strategy, HP Enterprise Services, U.S. Public Sector. SecuritySolutionsWatch.com: Thank you for joining us today, Carl. Before discussing HP Enterprise Securit...
SQL injections are unique compared to other cyberattacks. These threats are very common and have been around for a while. One would think that this would mean businesses should have an idea of how to stop these incidents from happening, right? Unfortunately, SQL security remains a thor...
When business disruption, occurs, it is more likely to sneak in through your defenses than it is to overwhelm you by fire, flood, earthquake or hurricane. Instead of breaking in through your walls and ceilings, it sneaks in through your defenses to steal data, install malware or freeze...
A panel of experts examines how The Open Group Trusted Technology Forum standards and accreditation activities enhance the security of global supply chains and improve the integrity of openly available IT products and components.
SiteLock business website security solutions, is the only web security solution to offer complete, cloud-based website protection. Its 360-degree monitoring finds and fixes threats, prevents future attacks, accelerates website performance and meets PCI compliance standards for business...
Data security breaches and hacker attacks on private businesses, health organizations and government agencies in the U.S. have grabbed headlines with increasing frequency, it seems. There is zero doubt about the damage these events cause. Cybercriminals and hackers walk away with custo...