The emotional content of security
I think in the security space, we spend too much time on the business justification and functional part of security (reducing risk, detection data breach violations, complying with HIPAA, writing secure Web 2.0 applications, securing cloud services, security information management etc…). I think we’re ignoring the emotional content of security and I don’t necessarily mean […]
Why Microsoft shops have to worry about security
I am putting together a semester-long, hands-on security training course for a local college. The college asking me for the program showed me a proposal they got from a professional IT training company for a 120 hour information security course. They are trying to figure how to decide, so they send me the competing […]
How to convert a web application to a multi-tenant SaaS solution
Of course, putting an application into a cloud data center is not enough. You have to think about application security, data security and compliance such as PCI DSS 2.0 or HIPAA if you are in the life science space. But – in addition to cloud security, you need to make sure that your Web application […]
Customer security with software security
If you are an IT person, this article may be a waste of your time. But – if you are in the business of making and delivering products with software inside – read on. What threats really count for your business? No question is more important for implementing an effective security and compliance program for your […]
Giving ISO 27001 business context
ISO 27001 is arguably the most comprehensive information security framework available today. Moreover, it is a vendor neutral standard. However – ISO 27001 doesn’t relate to assets or asset value and doesn’t address business context which requires prioritizing security controls and their costs. This article discusses the benefits of performing an ISO 27001 based risk […]
Securing Web services in the cloud
Almost every SaaS (software as a service) is based on REST or XML Web services. In this post, I’d like to provide a brief introduction to some typical threats and security countermeasures to protect Web services; Malicious Attack on the message The beauty of HTTP Web Services is that traffic flows through port 80 and […]
Using DLP to protect your source code
Dec 10, 2010. Sergey Aleynikov, a 40-year-old former Goldman Sachs programmer, was found guilty on Friday by a federal jury in Manhattan of stealing proprietary source code from the bank’s high-frequency trading platform. He was convicted on two counts — theft of trade secrets and transportation of stolen property — and faces up to 10 […]
Credit card security in the cloud
While the latest version of Payment Card Industry (PCI) Data Security Standard (DSS) 2.00 is an improvement, the scope of system component connectivity is not well-defined: A “system component” is part of the cardholder data environment (CDE) if one of two conditions is met: The system component stores, processes, or transmits cardholder data, or The […]
Android 2.2 supports mobile cloud security
Courtesy of Cloud Computing Topics – Olafur Ingthorsson Android 2.2 is now fulfilling the minimum enterprise security requirements, i.e. device locking and remote wiping – amidst a long list of other enterprise cloud computing must-haves. It seems that with the latest Android release, v. 2.2, Google is stepping into the enterprise mobile cloud computing realm with […]
DimDim acquired by salesforce.com
Got back from my Friday morning bike ride and popped open my Inbox. Lo and behold – exciting M&A news first thing in the day. Dear Enterprise Customer:: As you may have already heard, Dimdim has been acquired by salesforce.com. We realize you may be wondering what this means for you. While your Dimdim Enterprise service […]
