Security

Thu, September 08, 2011 - There's a very large push within the last few years for organizations, of all types, industries and sizes, to spend the majority of their data protection efforts on the "Insider Threat". That's to say, focusing in on the employee or temp with the access already in hand, who then could decide to misuse or abuse those given privileges. It is true, the insider threat needs to be addressed and given attention. But is it possible that some of us are focusing on that too much and losing sight of what may be happening on the outside?

Thu, September 08, 2011 - As things stand now, the best thing you can do to make your phone more secure is to swear off downloading apps. But who wants a smartphone with no apps on it?

Tue, August 30, 2011 - I thought we could examine a recent theme in a little more detail this month: the challenges of dealing with the consumerization of IT devices in the workplace. We recently completed a study, in partnership with Symantec, that looked at the security and compliance risks of a mobile workforce. It affirmed what I've believed for a long time, namely, that there is a consensus that mobile workers pose a great risk and that, for the most part, businesses are not prepared to mitigate that risk.

Mon, August 29, 2011 - I recently read an intriguing Harvard Business Review blog post, The Three Ps of Online Indulgence, by Alexandra Samuel. This guidance begins with the topic of well-known adults displaying split personalities online. While their public activities follow socially accepted norms, their darker "shadow selves" behave very differently. Samuel's witty analysis artfully exposes the online hypocrisy of certain family-values politicians and the now-famous tweets of Congressman Anthony Weiner.

Mon, August 22, 2011 - Security threats have changed in recent years, with one fundamental difference being that the motives for breaches have multiplied.

Mon, August 15, 2011 - Another Amazon cloud-services outage occurred on Sunday, August 7th in a Dublin, Ireland data center. This one occurred due to a lightning strike that hit a transformer near the Dublin data center. It led to an explosion and fire that knocked out all utility services thereby leading to a total data center outage. Amazon had its only European data center located there.

Thu, August 11, 2011 - Security vendors seem more focused on fighting each other than protecting their customers.

Wed, July 13, 2011 - Managing consumer or citizen identities comes with two key problems--scale and cost--prompting organizations that require onboarding, authentication, and password management to look for ways to outsource this effort. Entertainment websites, online retailers, and even US federal government-to-citizen websites are experimenting with a federated model for more of their identity management life cycle. By using single sign-on (SSO) and attribute-sharing between "social" identity providers (IdPs) (i.e. Google and Facebook) and relying parties (RPs), this model effectively reduces cost and improves the customer experience.

Wed, June 22, 2011 - In June of 2003, we ran a long article about organizational structures. We titled it "All Over the Map," which pretty much tells you what we concluded about how security was handled at the time: a bit like a ship with no home port, passing from executive to executive. The article had examples of security variously reporting to Human Resources, Facilities, Operations, Legal, and IT. Responsibility without authority was a theme.

Tue, June 14, 2011 - When it comes to cloud-computing contracts, knowledge is key, and reading is fundamental.