Data-centric protection and security focuses on the organization’s sensitive data (as opposed to its overall computer networks and applications). This is accomplished by locating, identifying, and cataloging sensitive data as well as by applying encryption, data masking, and policy-based data access controls (and end-user monitoring) to protect data residing across multiple enterprise environments. To what extent are organizations adopting, or planning to adopt, data-centric protection and security practices? In a recent Cutter Consortium survey, Senior Consultant Curt Hall asked 50 organizations about their data protection practices to shed some light on this important question. As shown in the figure below, more than a third (37%) of surveyed organizations currently have data-centric protection and security practices in place. Read more
Posts Tagged 'information-security'
The adoption of cloud-based solutions for document sharing and collaboration has been increasing. The myth that there is absolute security inside the firewall and absolute chaos outside is crumbling. And in an age of mobile workforces and fuzzy enterprise boundaries, it makes little sense to continue to believe in the “walled fortress” model of security. This means that the market for content management systems is going to change dramatically. Many organizations will have a harder time justifying the license and support cost of a solution like SharePoint. Google, Dropbox and others are becoming more credible as enterprise solutions in the cloud. The established vendors need to offer cloud solutions, while their sales of on-premise suites Read more
If one listed the top technology concerns for CIOs and CEOs around the world, cybersecurity has to be right at the top. Over the last year, serious data breaches have been increasingly common. Perhaps the most publicized was the one that occurred at Target during the Christmas season last winter. Millions of customers’ credit information was disclosed and Target did not discover/acknowledge the breach for nearly three weeks. The ensuing scandal cost the CSO, CIO and eventually the CEO their jobs and the company hundreds of millions of dollars in lost sales and in falling stock prices. Recently, EBay’s PayPal subsidiary disclosed that it had been broken into in February 2014 and the breach was Read more
If you wear the CIO hat of a very large retail company, what could be worse than to have your site broken into and tens of millions of customers’ information records stolen and … right at the peak of the holiday season? Well, I suppose it could be worse if your organization had recently spent millions to buy the latest in security equipment and software and set up a large, 24×7 monitoring center halfway around the world to monitor the critical alerts from security software … and then when someone 12 time zones away did notice that the organization’s networks had been breached and sent a notice to their overlords in the US, nothing much Read more
Here are my predictions for 2014: 2014 will bring exponential expansion and evolution of the Internet of Things (IoT). This will also bring new opportunities for information security trailblazers unlike any we’ve seen before. The potential benefits of the IoT will be huge, but just as large will be the new and constantly evolving information security and privacy risks. We will see some significant privacy breaches resulting from the use of IoT devices as a result. New IoT risks, and resulting security incidents and privacy breaches, will bring a significant need for technology information security pros to also understand privacy concepts so they can implement privacy protections within all these new devices, and into the Read more
By the end of 2014 or the beginning of 2015, various large cloud providers as well as the Internet Engineering Task Force (IETF) will have developed mechanisms to protect most Internet traffic against the pervasive domestic spying performed by the U.S. National Security Agency. The NSA won’t be unable to decrypt the traffic it really cares a lot about, but it will just take too much computer time to decrypt all traffic, as it can do right now. I predict this because there is a great convergence happening. First, the NSA’s antics have finally made companies aware of the security issues involved in taking client-server traffic that used to be inside the firewall and moving Read more
The latest technology tsunami creates great market opportunities, and simultaneously wreaks havoc on the business world. The Internet of Things (IoT) is all about connecting sensors and other data-generating devices to everyday objects and ultimately to the Internet, generating a wealth of intelligence and real-time data, and merging and blurring the physical and virtual worlds. Already established in the consumer products world, the IoT offers corporations the opportunity to develop new offerings or to reconfigure existing products to collect intelligence. This will drive an increase in big data implementations, cloud, and other emerging technologies as corporations begin to capitalize on this up and coming phenomenon. Every new trend comes with its share of challenges and Read more