Not a month goes by when there isn’t an announcement of a breach of electronic health records thereby disclosing personal and financial data; and that excludes breaches that are not publicly acknowledged. In a recent report from the American National Standards Institute (ANSI), 18 million Americans have had their personal health information stolen over the past…Read More
Recently I became a victim of identity theft. Criminals gained access to my name, address, date of birth, driver’s license number, social security number, and bank account number. I’ve spent the last 10 years marketing Internet security solutions, but now I know firsthand how painful it can be to individuals when a data breach occurs….Read More
Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”). The U.S. might seize your data or other governments might gain access for a multitude of…Read More
For all its hype iCloud does not represent a fundamentally new problem. Employees are already bringing personal devices to work and wanting to use them in their jobs, and these unmanaged devices are mixing personal and corporate data on a system that is outside the control of the security and IT teams. There are already…Read More
The Cloud Security Alliance kicked off its first major event November 16-17, 2010 in Orlando, Florida. The CSA Congress 2010 successfully hosted 370 people with talks covering all aspects of cloud security over two days.
For those who were not in attendance at Congress, this four-part series will summarize some of the most popular sessions at the event.
Securing the journey to virtualization is complicated by two factors – (1) risks that are present in the physical datacenter, and (2) those that are unique to virtualized environments. As enterprises rush to embrace the benefits of virtualization, they have also rushed to implement traditionally architected security solutions in virtualized environments. Unfortunately, while this approach is familiar to enterprises, it results in undesirable consequences.
Plenty of regulatory regimes mandate that enterprises have a segregation of duties or separation of duties as a required internal control mechanism. Separation of duties divides the responsibility of a critical task among different people and provides “checks and balances” against fraud or error.
As I read different blogs, IT industry analysts and media, I see contradictions galore. Some articles position cloud computing as more secure (like this one) while other journalists highlight new security challenges (here, here, here and here). The concept of the cloud is still emerging and fallacies around cloud computing abound. Below are the five…Read More
This interview is the second in my series of talking with our partners to discuss the challenges posed by physical, virtual and cloud environments. In early March Trend Micro entered into a partnership with Qualys to sell the QualysGuard IT Security and Compliance Suite along with Trend Micro Enterprise Security compliance offerings with the goal…Read More
OSSEC is an Open Source Host-based Intrusion Detection System project that has been around since 2003. It was acquired by Third Brigade in 2008, and then Third Brigade was acquired by Trend Micro in 2009. Trend Micro recently completed a global survey of the OSSEC installed base that yielded some interesting results. OSSEC performs log…Read More