Welcome!


From the Blogosphere

Networks have become large, complex entities that are increasingly difficult to manage and control. Security, audit, risk and compliance professionals know that their organizations rely on them for effective risk management, control and governance processes that are essential to the sa...
We’re seeing an emerging trend in the cloud computing world. I’ve been referring to it as cloud fatigue, but it’s more commonly known as repatriation, or moving workloads from the cloud back to on-prem locations. According to a recent 451 Research report, over 21 percent of organizatio...
Our work, both with clients and with tools, has lead us to wonder how it is that organizations are handling compliance issues in the cloud. The big cloud vendors offer compliance for their infrastructure, but the shared responsibility model requires that you take certain steps to meet ...
Cloud Governance means many things to many people. Heck, just the word cloud means different things depending on who you are talking to. While definitions can vary, controlling access to cloud resources is invariably a central piece of any governance program. Enterprise cloud comput...
In 2011, Marc Andreessen wrote a thought provoking article in the Wall Street Journal that software is eating the world. Today, in 2017, we can say that cloud transformation is happening all around us and cloud is now indeed eating the world. While Cloud services consumption is becomin...
The cloud provides two major advantages to load and performance procedures that help testing teams better model realistic behavior: instant infrastructure and geographic location. Cloud-based load testing also lowers the total cost of ownership, increases flexibility and allows testers...
Enron changed how U.S. public companies audit and report their financial data. There is also an opportunity to use the Equifax data breach to create a framework for better protection of our data in future. The credit reporting agency reported one of the largest data breaches in the h...
Every time there’s a notable cybersecurity breach, someone (even me) writes a comprehensive primer on the proper way to create “secure” passwords. Lather, rinse, repeat. Until a few years ago, everyone (including me) based their password advice on a 2003 paper from the National Institu...
Imagine a world where product owners, Development, QA, IT Operations, and Infosec work together, not only to help each other, but also to ensure that the overall organization succeeds. By working toward a common goal, they enable the fast flow of planned work into production (e.g., per...
Not very long ago, in my IT consulting career, I used to be responsible for the launch of mission-critical applications that help enterprises leap into the cutting edge of the digital business revolution. There were a lot of hard skills required for leading such a mission that involved...
Keeping your enterprise data safe and secure is more important now than it ever has been. IT has always been an ever-changing industry, but in recent years, it has been changing more and more quickly. Now, thanks to the cloud, big data, and mobile devices all expanding at once, it may ...
Because security is an increasing concern for developers, a new movement is emerging, known as DevSecOps, which encourages developers to bring security and standards to the forefront while building applications. That means there's good reason to stay on top of security information and ...
Every Security Operations Center (SOC) manager and security analyst is struggling to some degree to stay one step ahead of the dramatic growth in cybercrime and the ransomware epidemic. In fact, according to the Cybersecurity Market Report published by Cybersecurity Ventures, a cyber s...
Cloud migration of modern enterprise infrastructure has been a defining trait of recent times. The cloud brings increased efficiency, streamlined operations, an increased shared knowledge base, and scale that was simply not possible earlier. Enterprise IT executives expect that 60 perc...
Gartner says by 2020, a corporate "No-Cloud" Policy will be as rare as a "No-Internet" policy is today and specifically the Infrastructure as a Service (IaaS) market is projected to continue to grow more than 25 percent per year through 2019. This surge in cloud adoption also represent...
Snowflakes are beautiful, unique creations. But, let’s keep them in nature. They don’t belong in our server infrastructure. Snowflake servers, where every configuration is just a little different, can introduce unnecessary security vulnerabilities and complications. While common in IT ...
With 2017 crossing the half way point, let’s look at some technology trends thus far. Breaches: Many personal records are half empty due to the continued rash of intrusions while the crooks are half full of our personal information along with some ransom payments. According to the Iden...
For health organizations, breaches are a constant threat, due to the high value of healthcare data – Social Security Numbers, treatment records, credit information, and other sensitive personally identifiable information (PII). And the cost of a breach to a health system or hospital ca...
API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API...
API Security is complex! Vendors like Forum Systems, IBM, CA and Axway have invested almost 2 decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is a building block for rapidly locking down ...
We get it. If your company isn’t up on blockchain, your future is doomed. At least, that’s the general vibe industry leaders are putting out – scrambling to understand and utilize a framework that is more frequently associated with cryptocurrencies like bitcoin. In other words, block c...
Every company wants to see their company getting press and media attention. Unless it is due to a hacker and a security breach. Every few weeks you see in the media stories of companies who were hacked. Getting a new credit card every few months because the data was hacked has been rou...
"Suddenly a lot of companies started focusing on producing services in the cloud. I like to call it Cloud Native - everything is built for the cloud. The main concept there is to enable developers to work fast," explained Ben Bernstein, CEO & Co-Founder of Twistlock, in this SYS-CON.tv...
There's no escaping how essential IT has become to modern business; gone are the days where corporate life can continue without its IT systems. These days, across all industry sectors, critical business processes rely upon IT, and yet we're still being met by what feels like an age-old...
Who is accountable for SSH-related, key-based access in your organization? In many enterprises, this is not clear, leading to assumptions that leave you vulnerable to attack and compliance violations as well. This article will address the challenge of SSH user key-based access from the...
Patents are a good step towards shielding your IP data, but they’re not a seamless solution. Legal protection regarding intellectual property isn’t definite and has some holes in it. The constant stream of big data has made this problem even worse, obscuring the specifics about origina...
As we have seen over and over again, a new wave of ransomware attacks has been plaguing large parts of Europe over the last couple of weeks. While the affected individuals and organizations are struggling with the very tangible business impact of the loss of revenue and operations, it’...
Remember the Y2K bug, the computer coding flaw that was predicted to cause global havoc when the two-digit dates embedded in software rolled over from 1999 to 2000? After organizations around the world spent a year checking and upgrading their systems to deal with the issue, few major ...
Did you know that the reservations systems of the biggest carriers mostly run on a specialized IBM operating system known as Transaction Processing Facility (TPF). Designed by IBM in the 1960’s it was designed to process a large numbers of transactions quickly. Although IBM is still up...
Without a doubt, we’re at a tipping point when it comes to security and the Internet of Things (IoT). Recently, security flaws have been exposed in consumer products, including children’s toys, baby monitors, cars, and pacemakers. In late October 2016, Dyn®, an internet infrastructure ...
In its 2017 State of Malware Report, Malwarebytes Labs recorded a 267 percent increase in ransomware between January 2016 and November 2016, with over 400 different variants in total. The report noted that while malware authors mostly relied on ransomware to make the bulk of their reve...
The margins of cloud products like virtual machines are still in the 50% range. In essence, price drops are going to be a regular feature for the foreseeable future. This begets the question - are hosted solutions becoming irrelevant today? Boston-based market research firm, 451 Resear...
Join us at Cloud Expo June 6-8 to find out how to securely connect your cloud app to any cloud or on-premises data source – without complex firewall changes. More users are demanding access to on-premises data from their cloud applications. It’s no longer a “nice-to-have” but an import...
Cloud computing is more than servers and storage. In a crisis situation it can actually be a lifesaver. BlackBerry, in fact, has just become the first cloud-based crisis communication service to receive a Federal Risk and Authorization Management Program (FedRAMP) authorization from th...
In the age of global cyberattacks, corporate enterprises and government agencies that have some type of cloud-based network solutions should be looking at a strategic design focus that guarantees a very secure intelligent infrastructure unsusceptible to cyberattacks or natural disaster...
Cloud is a lot more pervasive than one may have imagined and in this article, we will focus on the various ways in which cloud technology is making home security systems robust and impenetrable. The term ‘Internet of Things’ gets thrown around quite a lot when we talk about cloud techn...
According to a recent Gartner study, by 2020, it will be unlikelythat any enterprise will have a “no cloud” policy, and hybrid will be the most common use of the cloud. While the benefits of leveraging public cloud infrastructures are well understood, the desire to keep critical worklo...
A key challenge that retailers face today is the difficulty of accurately judging where they are on the digital maturity curve relative to their competitors. There appears to be little expertise in making this assessment; for example, 79% of digital leaders don’t know they are ranked a...
Talk of IT disasters can spark equal amounts of fear of them happening to us, and gratitude that the big one hasn't happened to us yet. Network World offers some tips on what not to do when migrating to the cloud to avoid disasters-or, at the very least, grumbling users. They recommend...
Put yourself in the shoes of Captain Edward Smith of the RMS Titanic, seconds after the iceberg was reported to him and seconds (there were 37 of them, reportedly) before he reacted. In this critical timeframe – this brief space of time when the inevitability of disaster became clear –...