Moving your data to the cloud – sense and sensibility
Data governance is a sine qua non to protect your data in the cloud. Data governance is of particular importance for the cloud service delivery model which is philosophically different from the traditional IT product delivery model. In a product delivery model, it is difficult for a corporate IT group to quantify asset value and data […]
Configuring email notifications to be friendly but secure
I have commented in the past on the generally low security level of Microsoft ASP.Net web applications which stems from the closed Microsoft monoculture and a product strategy that prioritizes ease of use over security and privacy by hiding features and functionality from the user. In the course of a security audit/penetration test of a […]
Mobile device security challenges
It has been said that there is nothing new under the sun and that every generation forgets or never learned the hard-earned lessons from the spilled blood of the previous generation. Reviewing the security and compliance issues of a new mobile medical device recently, I was struck by how familiar many of the themes are. […]
How to convert a web application to a multi-tenant SaaS solution
Of course, putting an application into a cloud data center is not enough. You have to think about application security, data security and compliance such as PCI DSS 2.0 or HIPAA if you are in the life science space. But – in addition to cloud security, you need to make sure that your Web application […]
Giving ISO 27001 business context
ISO 27001 is arguably the most comprehensive information security framework available today. Moreover, it is a vendor neutral standard. However – ISO 27001 doesn’t relate to assets or asset value and doesn’t address business context which requires prioritizing security controls and their costs. This article discusses the benefits of performing an ISO 27001 based risk […]
Securing Web services in the cloud
Almost every SaaS (software as a service) is based on REST or XML Web services. In this post, I’d like to provide a brief introduction to some typical threats and security countermeasures to protect Web services; Malicious Attack on the message The beauty of HTTP Web Services is that traffic flows through port 80 and […]
Using DLP to protect your source code
Dec 10, 2010. Sergey Aleynikov, a 40-year-old former Goldman Sachs programmer, was found guilty on Friday by a federal jury in Manhattan of stealing proprietary source code from the bank’s high-frequency trading platform. He was convicted on two counts — theft of trade secrets and transportation of stolen property — and faces up to 10 […]
Credit card security in the cloud
While the latest version of Payment Card Industry (PCI) Data Security Standard (DSS) 2.00 is an improvement, the scope of system component connectivity is not well-defined: A “system component” is part of the cardholder data environment (CDE) if one of two conditions is met: The system component stores, processes, or transmits cardholder data, or The […]
Android 2.2 supports mobile cloud security
Courtesy of Cloud Computing Topics – Olafur Ingthorsson Android 2.2 is now fulfilling the minimum enterprise security requirements, i.e. device locking and remote wiping – amidst a long list of other enterprise cloud computing must-haves. It seems that with the latest Android release, v. 2.2, Google is stepping into the enterprise mobile cloud computing realm with […]
Credit card shims
Using shims that fit into the ATM machine and read your mag stripe data has been around for a while. It’s a good way to get the track 2 data but it won’t get your PIN (which if you are in Europe and the Middle East is part of the VISA chip and pin security […]
