Welcome!


Latest Blogs from Web Security Journal
Over the last several weeks, we’ve examined the risks of using the public cloud in the enterprise workplace. From unauthorized file access to regulatory noncompliance, the potential scenarios vary from dire to more dire – and it’s up to decision makers to take control of their organiza...
Where were you on February 3, 2015 at 3:40 p.m. PST? Snowed in? Desperately trying to refresh Netflix? If so, you weren’t alone. It turns out even best and biggest companies experience failure from time to time. Despite the success of their Chaos Monkey approach to operations, the Inte...
FedRAMP defines the requirements for cloud service providers’ security controls, including vulnerability scanning, incident monitoring, logging, and reporting. CSPs in use at federal agencies or in acquisition must meet the cloud computing requirements defined by FedRAMP. Whether o...
CommVault has announced that top industry technology visionaries have joined its leadership team. The addition of leaders from companies such as Oracle, SAP, Microsoft, Cisco, PwC and EMC signals the continuation of CommVault Next, the company's business transformation for sales, go-to...
We continue to see an increasing trend in cyber-attacks in line with the growth of new technologies, and enterprises have to protect themselves. It is critical for enterprises to devise their own measures to protect against cyber-attacks because any tolerance on this front is more than...
Without question, the rise in cyberleaks, nation-state cyber terrorism and the beach of consumer data across multiple industry domains has led to a heightened awareness of the enterprise and personal responsibilities associated with cybersecurity. The consumerization of IT and the adop...
As we kick off 2015, I predict that this will go down in history as the year of the Threat Intelligence Platform (TIP). We say goodbye to the year of the advanced persistent threat (APT) in 2014, just as this time last year we waved adieu to mobile device management (MDM). We’ve seen ...
​I had the chance to sit down with Lee Slaughter, Skytap's Manager of Information Security, to discuss security in the cloud, the efforts that make up a thorough due diligence when choosing a cloud provider, and how to keep up with external and internal threats to your business. Noel:...
Many businesses are realizing the advantages of moving essential business services to cloud-based models, including communications, voice, and CRM. The associated advantages of the cloud have allowed businesses to be more flexible, scalable and enjoy higher cost savings. However, these...
The benefits of cloud billing can be irresistible. Always-on availability, flexibility, elastic scalability, low cost, global reach. But with high-profile security breaches from the likes of Target, Sony and health insurer Anthem, it’s understandable that thinking about turning your bi...
At the end of the year, WhiteHat Security posted an interesting blog titled, "The Parabola of Reported WebAppSec Vulnerabilities" in which a downward trend in web application vulnerabilities (as collected by the folks at Risk Based Security's VulnDB) was noted beginning in 2008 after h...
Cloud computing offerings are almost overwhelming at this point. There are so many different services and service providers competing for your business that it can be hard to know what’s really best for you. Understanding what kinds of solutions work for your business means getting a h...
When it comes to data security, identifying what you consider your crown jewels is the first step in the data security recovery program. Legacy products can be expensive and negatively impact performance. Organizations need to realize that the complexity and fear of access control is a...
2015 is being billed by many in the industry as the “Year of the Hybrid Cloud.” In fact, more than 65 percent of enterprise IT organizations will commit to hybrid cloud technologies before 2016, vastly driving the rate and pace of change in IT organizations, according to IDC FutureScap...
You can’t have a conversation about technology today without the topic of security breaches ending up front and center as a key concern. This is understandable with all the high profile breaches that have been occurring on what seems a regularly scheduled event. Anthem, the nation’s se...
Business users can conjure new applications, send messages and share information around the world at the speed of light from their mobile devices. But just because they can, doesn’t mean they should – all this sharing and collaboration can have consequences on businesses’ security. Sen...
Those watching federal cloud security in the defense space were pleased to learn the Defense DOD Cloud Computing Security Requirements Guide (v1) (SRG) last month. This 152-page document outlines the security requirements that Department of Defense (DOD) mission owners must adhere to w...
The security landscape is evolving more than ever before – not only must chief information security officers (CISOs) deal with constant increasing cyber-attack threats and security breaches but they must keep up with mobility trends and concerns about access to data and protecting iden...
It is widely known that the National Security Agency houses an impressive cyber force with the capacity to bypass the digital defenses of private individuals, enterprises, and even foreign governments – a force powerful enough to draw criticism from the American public and American all...
I’m writing this blog on Monday, February 9th, late afternoon with a very full stomach. Last week we launched Vormetric Tokenization with Dynamic Data Masking and today we took the engineers out for a big lunch to celebrate. Now feeling full and contemplative, I thought I’d join the cl...
What happens when the gadgets you wear also control the things around you? No doubt you’ve heard of various internet-connected things like light bulbs, coffee makers and thermostats making their way into our homes. And no doubt, you’ve probably heard of such devices that you wear (or ...
If your business has any investment in public cloud SaaS applications, then it’s time to invest in a Cloud Access Service Broker (CASB). That’s our takeaway from the recently released Gartner security report, “Emerging Technology Analysis: Cloud Access Security Brokers.” More and more...
They say that you are only as secure as your weakest firewall. But then is it just firewalls that protect our network and the information therein, or is it the framework the policies and the processes that have cracks that let the vulnerabilities seep through? Hackers will be hackers ...
There is no universal global guideline when it comes to how data is managed, secured, and accessed. Privacy laws vary from country to country and are still being defined in the digital age. In the face of trends like consumerization, mobility, and the distributed workplace, data reside...
The process of bringing firms back from the point of massive systems failure in some form has become known as Disaster Recovery A surprisingly high ‘one in every three’ companies is said to have experienced and declared a disaster in the past five years, according to a November 2013 s...
Recent security breaches have heightened our awareness of cybersecurity issues. The hack and other security breaches have resulted in unprecedented damages. However, the majority of mobile device users have yet to be sensitized to their personal and corporate security risks. For examp...
Log data provides the most granular view into what is happening across your systems, applications, and end users. Logs can show you where the issues are in real-time, and provide a historical trending view over time. Logs give you the whole picture. So you've started to build applica...
Cybersecurity breaches are seemingly making headline news every day. Recent cases have highlighted identity theft, the loss of personal financial data, and the disclosure of sensitive national security information. The executive in the hot seat for preventing these failures is the Chi...
Recently, Forrester analyst Rick Holland brought up the point of quality vs. quantity when it comes to threat indicators. We agree, the focus should never be on the quantity of data, it should be on the quality of data. So the question becomes, where and how can you gather or make sens...
While news about the malicious hacking trade and the actions of elusive cyber-criminals continue to grab headlines, the third of our annual Insider Threat reports confirm that the risk posed by those legitimately ‘inside the fence’ continues to top business data security concerns. Of c...
As we continue to work with global companies focused on everything mobile, one thing is clear – the mobile space is changing rapidly and with that comes opportunity for security attacks and identity theft. We are committed to delivering the best-of-breed mobile identity and mobile loca...
A breakthrough approach for Change, Config, and Release Today, we were thrilled to find out the ITinvolve has been awarded the best-in-class designation for Change, Configuration, and Release Management by the independent ITSM Review. This award acknowledges what our customers alread...
Recent data breaches involved an unclassified computer network used by President Obama’s senior staff, prompting countermeasures by the administration and resulting in temporary system outages. Officials said the attack did not appear to be aimed at destruction of either data or hardwa...
The steadily increasing frequency of data breach occurrences in 2014 has been both astounding and worrisome. From Target and Neiman Marcus to Michaels, Chick-fil-A and Home Depot, fraudsters are leaving no stone unturned, and the millions of customers unlucky enough to use infected poi...
Risk management has been around for a long time. Financial managers run risk assessments for nearly all business models, and the idea of risk carries nearly as many definitions as the Internet. However, for IT managers and IT professionals, risk management still frequently takes a fa...
Everyone has done it, used some kind of wild way to remember user names and passwords. Let’s face it, the rules for managing passwords is overwhelming. People are required to remember numerous sets of credentials for all of the systems and applications they need to access their job and...
Cyber threats are becoming more advanced, persistent, and focused. The threat landscape is rapidly changing, and evolving faster than ever. Today it is difficult to determine who is winning: either those behind the cyber threats, or those fighting to prevent and remediate the threats. ...
When properly implemented and managed, secure enterprise file sync-and-share (EFSS) applications can improve project management and empower your workforce. Unfortunately, making the business case for secure EFSS isn’t always easy – especially when users and management aren’t aware of t...
With every New Year it is time to look back at the industry events of the past 12 months, and use our expertise to predict what lies ahead, in order to be more prepared. With regards to DDoS attacks, here is a short list of what to expect in 2015. We expect to see an increase in DDoS...
Cloud security is a top concern for chief security officers. In almost any enterprise, cloud migration is a given fact and recent attacks have proven, yet again, that data security is a critical component in any cloud migration strategy. Below are four tips, specific to Infrastructur...