Security

Mon, January 10, 2011 - As I've mentioned, my new company likes to use SaaS for many of its corporate applications. This tends to keep me up at night. The software-as-a-service market is still in its infancy when it comes to security and interoperability with other vendors' security implementations and technologies.

Tue, January 04, 2011 - As 2010 drew to a close, I received a note from a colleague reflecting on the year part and thanking me for my mentorship and counsel. Reading his note reminded me that often the best path forward starts by looking back. As we welcome a new year full of ambition and opportunity, this is the perfect time to reflect on the previous year(s) to set the stage for a productive and successful 2011.

Tue, January 04, 2011 - With so many Web sites demanding passwords, no one, but no one, can really be expected to remember all the ones they need.

Wed, December 22, 2010 - Sometimes, the security manager doesn't have to be the bad guy.

Mon, December 20, 2010 - In early 2000 -- ages ago in Internet time -- some of the biggest names in e-commerce were brought to their knees by a brief but massive assault from a set of powerful computers hijacked by a glory-seeking young hacker. The assailant in that case, known online as Mafiaboy, was a high school student from a middle-class suburban area of Canada who was quickly arrested after bragging about his role in the attacks.

Mon, December 20, 2010 - We were wrong -- so far -- that Carol Bartz would be ousted as Yahoo CEO by the end of this year, but we were right that Apple's tablet, whose name wasn't known at the end of last year, would be huge. OK, so that second one was probably a given, but not all of our 2010 predictions were so easy. We think the same is true with our 2011 predictions.

Mon, December 06, 2010 - You've probably heard the phrase, "Failure is the key to success." But are security professionals really learning from their mistakes? As identity theft and online risks keep growing, is our industry rising to the challenge or repeating the miscues of the past? While security technology is improving, the bad guys also have access to better tools. So are the good guys working smarter?

Mon, November 29, 2010 - Going into my second year as my company's security manager, I've been spending some time planning my next steps. When I started this job, I defined a three-year road map for the fledgling security program, to give it focus and to make sure the approach to solving my company's security problems covers the right areas. I've made it through the first year of the plan pretty much on track, despite changing business conditions and unexpected emergencies. The next year will be spent shoring up other areas of the network. Year 3 will be all about optimizing and filling in gaps, if all goes as planned.

Fri, November 26, 2010 - This week was a busy one in IT news, with the European Parliament giving the OK to the controversial Anti-Counterfeiting Trade Agreement, SAP being slapped with a US$1.3 billion penalty because employees of its now-defunct TomorrowNow subsidiary stole corporate materials from Oracle, and Attachmate's plan to buy Novell for a whopping $2.2 billion. And those were just the biggest of the headlines -- there was plenty more as well.

Tue, November 23, 2010 - I'm a CIO or CSO of a corporation that has yearly revenues of $1 billion or more. What are the security concerns that I have before I'm willing to deploy my IT infrastructure into a cloud? Let's flesh out the following security issues: What belongs in the cloud? How should sensitive data be protected? How are encryption upgrades addressed? How do I limit access to sensitive data? And how will critical systems metadata (data describing data) be tracked?