Search Results

You've probably heard the term "consumerization of IT." Some of the network and security pros reading this probably think this is yet another meaningless industry buzzword with little or no value. However, to dismiss it as such is to potentially miss out on what is both a very powerful concept ... and one that information security practitioners ignore at their peril. ...

As many active users of IaaS (Infrastructure as a Service) can tell you, IaaS, whether implemented by an external service provider or provided by an internal service provider team, arguably grants you much more control of the underlying technology "substrate" than other cloud deployment models. In some cases, this is a good thing; for example, when you have unique legacy constraints or technology requirements that must be satisfied for applications to work properly. ...

Quite a lot has been written about the importance of due-diligence in a cloud environment. Sometimes the importance of security and compliance-related vetting in the cloud is easy to justify, like when you're evaluating an off-premises public cloud hosted at a new service provider. Other times, executives might take some convincing, like when you're talking about an internally maintained private cloud, before they see the value. ...

Virtualization has been one of the most rapidly and widely adopted technologies in recent memory. It's huge, and it's here to stay. ...

It's December again, and it's a challenging time for information security organizations. It's challenging because while attacks become more prevalent during the holiday season in the form of spam and targeted malware, organizational security "readiness" paradoxically wanes at exactly the same time. ...

Everybody knows that the cloud -- in particular, the security of cloud deployments -- is a huge pain point industry-wide. And as is the case with any new endeavor with such broad-sweeping impact, there's no shortage of well-meaning advice about how to secure it. ...

Organizations love false economies. It may not be an entirely conscious act on their part, but it's certainly the truth: Hang around any organization long enough, and you'll find at least one instance where it tries to save on doing A but winds up spending more on doing B in the process. ...

It's a myth that ostriches bury their heads when they spot danger. It sounds plausible, but in reality, they're just like us: In the face of imminent danger, they either run or attack ("fight or flight"). ...

Over the past few decades, most IT shops have followed a somewhat similar trajectory: Starting from a centralized model (i.e., the mainframe days), computing resources, much like the cosmological Big Bang, have exploded outwards to become ever-more-distributed and decentralized. This makes sense given market dynamics. Computing platforms evolve quickly, so monolithic computing platforms that require heavy up-front investment are less efficient from a depreciation standpoint (i.e., from a MIPS per dollar per year point of view) than numerous, incremental investments in lower-powered devices. ...

Let's face it: Social engineering -- attacking an organization through deception by "tricking" internal users into sharing inappropriate levels of access -- isn't a topic that comes up very much in most IT shops. This isn't because social engineering is ineffective or because organizations aren't susceptible to it. ...

Is it just me, or does it seem like every day there's another breach to worry about? RSA, Epsilon, Sony, now Citibank -- it seems like a day doesn't go by where there isn't another high-profile breach in the news. It seems like everyone's getting hacked, and it seems like it's happening with increasing regularity. ...

Take a moment to visualize a physician traveling home in a cab from a long day. Stuck in traffic, our hypothetical physician sees this as the perfect time to catch up on email and or to do non-care-related administrative tasks. At the end of the cab ride, he or she puts the phone down to pay the driver. Being tired -- in a moment of thoughtlessness -- the doctor accidentally walk away from the cab, leaving the phone on the seat. One more lost device. ...

Information security pros working in the healthcare sector quite often experience a high degree of frustration and anxiety when it comes to the Security Rule's "addressable" implementation specifications. As any healthcare provider will tell you, the addressable requirements of the security rule tend to be among the more difficult to meet and more technically focused of the mandates with the Security Rule. ...

If you ever have a need to burn off some excess optimism, try taking a look through some of the statistics out there about success and failure rates for enterprise IT projects -- it's pretty ugly. Although specifics of statistic and survey data vary, studies have historically suggested failure rates as high as 75 percent for technology projects. That means it's quite a bit more likely for an IT project to fail than succeed -- including projects that don't complete at all, as well as projects that have time, budget or quality "challenges." ...

Teamwork is important. We all know this to be the case whenever we do anything in a group involving other people. But arbitrary -- even directionless -- teamwork doesn't make success by itself, no matter what the motivational poster might tell you. There are different kinds of teamwork. ...

Have you ever found yourself paying the penalty for a rule you didn't even know you were breaking? Like getting a ticket for speeding when you didn't realize the speed limit had changed? Or paying a work-related travel expenses out of our own pocket because you didn't realize your firm's travel policy had a restriction that you didn't know about? ...

Skills develop with practice and repetition. It's true of anything, from playing the piano to driving a car. In any endeavor, the way to get better is to practice. Attempt the activity again and again, learning from mistakes made along the way ...

Well, it's November again. And in addition to gearing up for turkeys, pumpkin pie and football, those of us in IT know it's time to gear up for something else, something probably much less pleasant: our annual budget cycle. ...

As we should probably realize by now, not all tasks are created equal -- especially when it comes to making mistakes. For most of the things we do -- from brushing our teeth to typing an email -- making a mistake is usually relatively innocuous. Sure, we might have to clean a bit of the toothpaste off the sink or retype a word or two, but the world doesn't blow up. It's just a bit of extra hassle to recover. ...

A lot of folks have been making a big deal the past few days about Google employee David Barksdale. If you haven't caught the coverage, the fuss is centered around this one employee -- a mid-twenties "site reliability engineer" -- who (allegedly) inappropriately used his position of authority and corresponding elevated levels of access and privilege to view the private data of a number of individuals. The fact that the data included details of a few individuals who were minors -- well, that wasn't good. Anyway, this thing is turning into quite the brouhaha. ...