Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
Intel recently announced the Intel Xeon Processor Series that helps enable comprehensive and verifiable security and compliance in cloud environments. With these technologies Intel is providing a foundation to make cloud deployments suitable for increasingly sensitive workloads.
Today’s security standards are based on historical, legacy information technologies and don’t necessarily address Cloud Computing environments in an effective manner. Attempts to update them are an improvement, but will be able to create a single or limited number of standards that will be viable across all borders and jurisdictions. So, it’s no surprise that the Cloud Security Alliance Summit at RSA Conference had a panel discussion on this topic. The panelists were Marc Crandall from Google, Baber Amin from CA, Christ Wysopal form Veracode and Ashvin Kamaraju from Vormetric.
Survey after survey, security and more specifically the lack of control and visibility around what is happening to your information on service provider premises, is listed as the number one barrier to cloud adoption.
For years, the security industry has been complacent, using complex concepts to keep security discussions isolated from mainstream IT infrastructure conversation. We all know that this time is over. The industry consolidation, initiated by EMC’s acquisition of RSA in 2006 and now well on its way with the recent acquisition of McAfee by Intel and Arcsight by HP, is demonstrating that the security and IT infrastructure conversation are one in the same.
“We listened for a voice crying in the wilderness. And we heard the jubilation of wolves!” -Durwood L. Allen “Gauls! We have nothing to fear; except perhaps that the sky may fall on our heads tomorrow. But as we all know, tomorrow never comes!!” -Asterix the Gaul Last week while I was on the road [...]
There are 3 major disruptions going on in IT, and as a CISO that I spoke with (in manufacturing) the other day put it: “it’s not that any one of these disruptors is too much, it’s that the disruptors are like waves and the magnitude is growing with each one and the period between them is getting shorter.”
IT people have always been the metaphorical sort. Turning technology issues and solutions into real-life oriented allegories allows us to express esoteric or complex ideas in simple, relatable terms. Metaphors help us turn the 1s and 0s, the bits and bytes, into tangible examples that allow us to communicate the complex ideas. Information Security has traditionally taken many of its metaphors from the military world – defense in depth, bastion hosts, DMZs, honey pots… ok, well honey pots are more of a Winnie the Pooh thing but you get the point. The fact remains that Information Security professionals have always looked to this universe of conflict and war to get its metaphors.
It doesn’t take a keen observer to notice that the term cloud doesn’t even exist in PCI DSS 2.0. In fact, the “Find” feature will do that for you. Sure, strides were made to include Virtualization into the fold (even in spite of many individuals arguing you don’t need to include it, just apply the [...]
