If you can remember the dim and distant past of late 2014, I wrote about Marriott’s blocking of personal MiFis, positing that its reasons for doing so did not really hold water. Now, fast-forward to January 14, and it seems my rant was more powerful than I thought: Continue reading And the Walls of Marriott Crumble Like Jericho
Right now, the three major public clouds (Amazon, Microsoft, and Google) seem all shiny and new, like many technologies seemed at some point in the past. Let’s see if we can learn from history and assess the risk of the public cloud’s becoming just another legacy platform.
Java is currently the leading exploit vector for Windows machines, and Java vulnerabilities are packaged into many of the “exploit kits” available in the darker corners of the Internet (see http://krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/). Internet Explorer, Flash Player, and even the Windows operating system itself have done a good job of either improving the security of their products or improving their patching processes. Java, however, still lags noticeably behind in both user/media awareness and quality of code. According to some statistics, Java vulnerabilities account for up to 70% of successful exploits, making it a veritable nightmare from a security perspective.
On the December 18 Virtualization Security Podcast, we were joined by Rafal Los (@Wh1t3Rabbit) to discuss whether it is time for CISOs to move on. Should CISOs start to look beyond simply the problems at hand? Should they drive security into all decisions made at the business and architecture levels? The discussion was mixed, to say the least. Continue reading In the New Year, Can CISOs Move On?
The premise of security is confidentiality, integrity, and availability. The premise of data protection is integrity and availability. The two go hand in hand. However, it is often the case that certain groups within organizations handle data protection (disaster recovery, business continuity, and backup) while other groups handle security. As security moves closer and closer to the data, could it perhaps be time for these two disciplines to become one? The security of data protection is becoming just as important as the security of the data within use. The management of the security of in-use data and protected data, regardless of location, is paramount. This means data stored on-premises, in the cloud, and remotely. Continue reading Cloud Dependency: Data Protection and Security
We have looked at the hidden dependencies around upgrades (Cloud Dependency: Automated Upgrades) as well as the hidden dependencies around networking (Cloud Dependency: Ubiquitous Networking). Now, we will look at the hidden dependencies on visibility. Or more to the point, the lack of visibility within the cloud. With regard to visibility, the question most often asked is, “Do we know what is happening behind the scenes within our tenancy?” Continue reading Cloud Dependency: Visibility