Health Security

I’ve been reading a number of recent studies regarding data breaches in healthcare, such as ‘The 2014 Bitglass Healthcare Breach Report’ by Bitglass and ‘Fourth Annual Benchmark Study on Patient Privacy & Data Security’ by The Ponemon Institute, and there are a number of key facts that jump out at me: – The number of…

It’s Not Who You Know, But What You Don’t Know…

I’ve discussed the issue of IT Security having access to accurate, comprehensive and up-to-date information on the IT infrastructure in previous posts, but after a recent conversation with a customer regarding incident response I wanted to revisit the subject in a somewhat oblique manner. With incident response there are two dimensions of information you need…

IoT from the Trenches

Unless you’ve been living in the tech industry version of a cave, you’re more than likely familiar with the hottest industry trend – ‘the Internet of Things’ (IoT). What it boils down to is a plan to network and sensor enable every single thing you own or interact with so that they can collect information…

Get With the Program

Around the end of the year I typically like to take a look back at the various blog entries on Speaking of Security to review what was discussed and how it applies to what I’m hearing from customers. The wide range of interesting topics reminds me of something I frequently encountered back when I was…

Are you available (securely)?

A bunch of years ago, prior to all of these new-fangled high-availability capabilities, I was working with customers of one of EMC’s storage groups, helping them design and implement disaster recovery solutions. We would meet with a customer and the first question we’d ask was ‘What are your availability requirements?’; their initial response was inevitably…

Failing Recovery

EMC recently posted the results from an extensive survey we did on the current state of data protection (e.g. backup/recovery) capabilities around the world, and the results are eye-opening. Some of the stats for the Americas include: – Only 15% of the organizations either have or are in the process of adopting modern data protection…

Security’s Latest ‘Thing’

If you’ve been around the security industry for even a few years you start to realize that the focus of the industry shifts every few years in order to address the changing realities of the IT infrastructure, the threats landscape, and, to some degree, the new buzzwords that vendors come up with. The shifts in…

The Changing Role of Security

I was recently re-reading the Ponemon Institute’s ‘2012 Global Encryption Trends Study’, where they interviewed 4205 IT professionals worldwide to evaluate how organizations are handling encryption strategy these days, and one statistic really jumped out at me – only 14% of the responders indicated that IT Security was responsible for driving the organization’s encryption strategy…

9 Tips for Achieving Command and Control

One of the more common issues that those of us involved in trust in general and security in particular are guilty of perpetuating is that we tend to be a bit myopic when it comes to what we focus on when trying to ensure appropriate trust levels for critical assets. Our primary concern is almost…

Barbarians Inside the Gates

In our many discussions around Trust we’ve tended to focus on what organizations have been typically most concerned about – the barbarians at the gate, a.k.a. external threats. Sophisticated government-sponsored hacker teams, regional disasters, and critical device failures are the bread and butter of our daily work lives, and they’re what we tend to focus…