In my last blog I talked about the key technologies breaking down our doors in 2013. The four key areas were Cloud Computing, Social Media, Big Data and Mobile Devices. None of these should have come as a surprise to anyone in the industry today. These are all topics that are discussed and debated around tables of security teams in most enterprises. So, what can we do today to ensure we are prepared for these challenges and how do we start reinforcing our doors so that we allow these new technologies but have greater control and visibility and provide transparency for the user?
RSA recently launched its latest SBIC report titled ‘Information Security Shake-up – Disruptive Innovations to test Security’s Mettle in 2013’. It introduces some interesting food for thought on what organizations should have on their ‘to do ‘list for 2013. Four key innovations are highlighted which shouldn’t come as a big surprise to anyone, I think we have all been addressing some of these in the last year but it’s time to hunker down and really start focusing on these four key innovations which will test the true grit of our security systems.
Intel recently announced the Intel Xeon Processor Series that helps enable comprehensive and verifiable security and compliance in cloud environments. With these technologies Intel is providing a foundation to make cloud deployments suitable for increasingly sensitive workloads.
Today’s security standards are based on historical, legacy information technologies and don’t necessarily address Cloud Computing environments in an effective manner. Attempts to update them are an improvement, but will be able to create a single or limited number of standards that will be viable across all borders and jurisdictions. So, it’s no surprise that the Cloud Security Alliance Summit at RSA Conference had a panel discussion on this topic. The panelists were Marc Crandall from Google, Baber Amin from CA, Christ Wysopal form Veracode and Ashvin Kamaraju from Vormetric.
“We listened for a voice crying in the wilderness. And we heard the jubilation of wolves!” -Durwood L. Allen “Gauls! We have nothing to fear; except perhaps that the sky may fall on our heads tomorrow. But as we all know, tomorrow never comes!!” -Asterix the Gaul Last week while I was on the road [...]
There are 3 major disruptions going on in IT, and as a CISO that I spoke with (in manufacturing) the other day put it: “it’s not that any one of these disruptors is too much, it’s that the disruptors are like waves and the magnitude is growing with each one and the period between them is getting shorter.”
IT people have always been the metaphorical sort. Turning technology issues and solutions into real-life oriented allegories allows us to express esoteric or complex ideas in simple, relatable terms. Metaphors help us turn the 1s and 0s, the bits and bytes, into tangible examples that allow us to communicate the complex ideas. Information Security has traditionally taken many of its metaphors from the military world – defense in depth, bastion hosts, DMZs, honey pots… ok, well honey pots are more of a Winnie the Pooh thing but you get the point. The fact remains that Information Security professionals have always looked to this universe of conflict and war to get its metaphors.