BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for June, 2011

sox

The Cost Of SOX Is Declining?

No, I’m not talking about socks that protect your feet, I’m talking about the government regulation that most of you are worried about. Protiviti just released a new study on the effectiveness and costs of Sarbanes-Oxley compliance with a number of interesting insights for IT managers who are concerned about the effectiveness and costs of their IT controls. The overall results are encouraging.

Post by Peter McCalister June 30, 2011
BeyondTrust is the expert source of VMware Security LEARN MORE
priceless

When Misuse Of Privilege Is Priceless

Sometimes the abuse of IT admin power doesn’t involve a price tag. Take for instance, Walter Powell, a disgruntled IT manager who hacked his former employer’s computer and replaced the CEO’s digital presentation to instead display a lewd pornographic image on the 64-inch screen that the CEO was presenting to his board of directors. While we have documented extensively the costs that this kind of calculated attack can cost an organization, in this case, the cost could almost seem priceless.

Post by Peter McCalister June 29, 2011
sweep-under-rug

Transgression Tuesday: Ways to Avoid a Data Breach

We’ve talked a lot about change, and how it’s one of the only things in the IT world that remains the same. Another constant is human nature- specifically our reactions when we do something we shouldn’t. People have this funny tendency to hide their wrong-doings: sweep them under a proverbial rug. The problem is that those rugs can turn into uncontrollable problems, and in the IT world mean the dreaded “D” word: Data Breach. Hiding bad habits and improper actions never cloak the issue, but allows the problem to compound until one day it becomes a raging war.

Post by Peter McCalister June 28, 2011
Accidental Harm

Top 10 Reasons To Implement Least Privilege For Your Clouds

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege for Public, Private and Hybrid Clouds are:

Post by Peter McCalister June 27, 2011
guy laptop

Reasons Why You Should Give a DAM: Part 2

Continuing the thread started in a previous blog titled Reasons Why You Should Give a DAM: Part 1, today’s blog will focus on what can be done and the value you should achieve.

Post by Peter McCalister June 24, 2011
cloud

The Special Case of Privileged Users in the Cloud

As we have been discussing the last few weeks, if you want to use the cloud and need to do it in a secure and compliant way, it’s a matter of shared responsibility. If you want your cloud vendors to be secure enough to protect your corporation’s most sensitive data, then you have to insist on it, communicate your requirements and oversee the controls. That leaves the final piece of the cloud security puzzle – the special case of the privileged users in the cloud.

Post by Peter McCalister June 23, 2011
cloud-security-img

Unified Vulnerability Management – From The Cloud to Agents

I have written a few articles regarding comments from analysts and found a recent one that needs more visibility. In a recent paper, the analyst stated that any enterprise vulnerability assessment deployment should have at least 2 of 3 following technologies deployed for full coverage while performing a vulnerability assessment: Network Based Vulnerability Assessment Scanner…

Post by Morey Haber June 23, 2011
ID Keys

PowerBroker Servers Protects Root Password

An IT outsourcing company (responsible for integrating the IT systems for one of the world’s largest manufacturing companies) was tasked with managing its clients’ critical SAP/Oracle-based environment. The company committed to creating and maintaining a controlled and secure environment for the client, however this endeavor was wrought with challenges. In order for the goal to…

Post by Peter McCalister June 22, 2011
bigdata-98x98

Plugging Into Your Remediation Process

My team and I have spoken with a number of analysts and have confirmed that the plethora of vulnerability assessment solutions on the market share a common trait and a common flaw, the shear volume of reports that can be created based on a vulnerability assessment. Every scan can lead to a myriad of hosts…

Post by Morey Haber June 21, 2011
Intentional Harm

Reasons Why You Should Give a DAM: Part 1

The lack of control of privileged database credentials continues to expose corporations to significant risk associated with insecurity and inaccuracy of the key data assets that drive business activities, decisions, and value. I’ve previously covered the six questions you should ask yourself if you should give a DAM, so now it’s time to look a little deeper at the implications.

Post by Peter McCalister June 21, 2011