Lot’s of things come in threes. You can’t get fire unless you have heat, fuel and oxygen and a great swing just needs a tree, a tire and some rope. Turns out that you also can’t get to a least privilege environment unless you’ve dealt with the intersection of policy, technology and people.
Today, enterprises are hopefully well aware of the high price they could pay if they experience a breach in the confidential data of their customers. But now, in addition to applicable remediation expenses and a whole lot of bad publicity, companies may also have to fear the financial wrath of the government, as lawmakers have begun to institute fines for businesses that fail to secure their customers’ personal information.
I wish I could take credit for the title of this blog, but it comes from a sentence recently written by Robert Lemos, Contributing Writer at DarkReading.com. In his article Mr. Lemos waxes poetic on how “Recent Breaches Spur New Thinking on Cloud Security.” This got me thinking about liability and how it seems everyone tries to delegate it away.
Last week I blogged about how to realize the value of the gold mine of information in your compliance logs. I said you need a data analysis strategy and a strategy for how to engage the organization in using that data to uncover the misuse of privilege and potential for out of compliance scenarios. The human factor is important in designing any IT systems, but how does it apply here?
Please use the Leave a Reply function below and send us your questions, comments, and thoughts regarding our research report “In Configuration We Trust.” – One person will be selected at random to win a new Amazon Kindle and $25 gift card. – Deadline to be entered into the contest is Friday 05/13/11 at noon PST….
Oh how I am starting to enjoy the odd numbered months this year. Back in January Microsoft released 2 bulletins. February followed with 12, March with 3, and April with 17. Now May has arrived with only 2 bulletins. If you are looking to avoid piles of patch deployment work this summer, I’d bet on…
This week ISACA released results from its Top Business/Technology Issues Survey, which revealed that issues such as regulatory compliance, governance and information security management continue to top the list of enterprise IT concerns.
In configuration we trust. This statement couldn’t be truer to my research team and me, especially after discovering some of the findings in our latest report, which we publicly released last week. In the report, we describe simple configuration changes and software version upgrades that could mitigate many application vulnerabilities before patches are available. Some…
A solution can never have too many reports or can it ? I have seen products that have hundreds of reports and the titles and descriptions vary in just subtle ways using words like “sort by” or “group by”. Finding the one you need and that meets your business requirements can be a challenge and…
In kindergarten, we all learned an important lesson: how to share. Some people, as they grew up, seem to have taken this concept a little too far, with no real consideration for possible consequences. I’m not trying to undermine the importance of sharing as a general rule, but let’s just take a quick look at how sharing has “helped” in the recent past.