As we previously discussed, a recent report by the Ponemon Institute on the Security of Cloud Computing Providers showed “the majority of cloud computing providers do not consider security as one of their most important responsibilities”. So what are you to do if you want to use the cloud and need to do it in a secure and compliant way? To me it’s a matter of shared responsibility – yours, mine and ours.
Quintiles Transnational is a company that helps improve healthcare worldwide by providing a broad range of professional services, information, and partnering solutions to the pharmaceutical, biotechnology, and healthcare industries. Headquartered near Research Triangle Park, North Carolina, and with offices in more than 40 countries, Quintiles is a leading global pharmaceutical services organization and a member of the Fortune 1000.
Recently I had the pleasure of exhibiting at the Secure World conference in both the Atlanta and Philadelphia venues and had many interesting conversations with various CISO, CIO’s, Security Managers, Information Assurance Engineers and Auditors. We talked about various subjects from some of the latest threats (i.e. the Playstation Network debacle) to vulnerability assessment. One…
Yes this is a play on Database Activity Monitoring and yes I am writing this blog late at night so a few puns are intended but the seriousness of the message should not be glossed over.
As we have discussed before much of the way we define and implement security is driven by compliance. But despite a wide number of frameworks from COBIT to PCI those compliance standards aren’t very clear, leaving ample room for every auditor to interpret them differently.
The Assessment Results Format (ARF) language is a general Security Content Automation Protocol (SCAP) results reporting language developed by the US Department of Defense (DoD) in conjunction with NIST and members of the SCAP vendor community. If you are unfamiliar with it, it provides a structured language for exchanging and exporting detailed, per-device assessment data…
Yes, you read my lead correctly. I am going to talk about how HR and IT can team up to improve Network Security in the Cloud. So bear with me…
According to Gartner, worldwide media tablet spending is projected to reach $29.4 billion in 2011, up from $9.6 billion in 2010. Gartner also predicts that by 2013, 80 percent of the workforce will be using tablet devices. Whether workers are being issued tablets by their employers, or bringing in their personal devices, embracing tablet computers is very attractive for many enterprises looking to keep their employees connected, while reducing costs.
Ah, sudo! What better way for administrators to eliminate the proliferation of the root password throughout IT and development organizations? What better alternative to using root accounts to perform routine maintenance on Unix and Linux systems? Just grant users the proper permissions in the local sudoers files and you’re in business. Oh, and the utility is free. What’s not to love?
The most sensitive information assets for any size company larger or small tends to be buried inside a database sitting on a server. It doesn’t matter if that server is physical, virtual or cloud based. Some organizations choose to protect the database and some the server. The best solution would be to protect both according to their intrinsically different requirements.