On Monday, May 16 the White House revealed language on new legislation directing private industry to improve computer security voluntarily and have those standards reviewed by the Department of Homeland Security. By increasing and clarifying the penalties for federal and enterprise computer crimes, the administration hopes to temper the perception that the consequences for cyber attacks and data theft are comparatively trivial.
Who could forget the image of Christopher Walken’s Academy Award winning performance in The Deer Hunter? Anyone who has seen that movie can not help but understand the ultimate penalty for losing at Russian Roulette. Even though the penalties aren’t quite as “life threatening” when the compliance auditor comes around, they can be “career threatening” to the IT executive who plays the same game with meeting regulatory requirements.
We expect our smart phones to handle all of our business needs: phone calls, voicemail, email, and calendar functionality, at the very least. Why not expect the same consolidated approach with your security products? Take for example the relationship between vulnerabilities and malware. Most of the malware, trojans, worms, etc., get into a system by exploiting vulnerabilities in applications such as Adobe, IE, Firefox, etc. Vulnerabilities and malware really have a strong correlation and so should the products that manage each one.
According to a Runzheimer survey released last month, 45 percent of today’s workforce is mobile. For companies, having such an extensive number of remote employees can provide a number of great advantages, but it has plenty of downsides too.
On August, 1, 1981 at 12:01am EST in the United States the first video played on MTv was the Buggle’s “Video Killed The Radio Star.” This was heralded as the video age and music has never been the same since. In February of 2005, YouTube launched as the premier video sharing site on the web and communication has not been the same since.
What do retailers worry about the most? Outside of remaining profitable and competitive, theft is always a concern. Theft can occur for a retailer in a variety of ways. Everything from shoplifting, hijacking cargo shipments, to electronic identity theft. Thieves are always trying to find new ways of stealing “something” and making money from it….
The recent report by the Ponemon Institute on the Security of Cloud Computing Providers offered what appears to be some surprising results. According to the study, “the majority of cloud computing providers do not consider security as one of their most important responsibilities.”
Lot’s of things come in threes. You can’t get fire unless you have heat, fuel and oxygen and a great swing just needs a tree, a tire and some rope. Turns out that you also can’t get to a least privilege environment unless you’ve dealt with the intersection of policy, technology and people.
Today, enterprises are hopefully well aware of the high price they could pay if they experience a breach in the confidential data of their customers. But now, in addition to applicable remediation expenses and a whole lot of bad publicity, companies may also have to fear the financial wrath of the government, as lawmakers have begun to institute fines for businesses that fail to secure their customers’ personal information.
I wish I could take credit for the title of this blog, but it comes from a sentence recently written by Robert Lemos, Contributing Writer at DarkReading.com. In his article Mr. Lemos waxes poetic on how “Recent Breaches Spur New Thinking on Cloud Security.” This got me thinking about liability and how it seems everyone tries to delegate it away.