HIPAA hiccups

Posted by Jonathan Gershater in Cloud, Deep Security, Malware, Privacy, Compliance and Identity, public cloud, Securing the Cloud, Security, Threats Apr 2nd, 2012 | No Comments Not a month goes by when there isn’t an announcement of a breach of electronic health records thereby disclosing personal and financial data; and that excludes breaches that are not publicly acknowledged.  In a recent report  from the American National Standards Institute (ANSI), 18 million Americans have had their personal health information stolen over the past two years. So one has to ask: considering the financial and legal implications of a breach of health records, why don’t organizations deploy security solutions to protect electronic health records? Answers often offered by CIOs...

Where to store cloud encryption keys? Adhere to compliance guidance.

Posted by Jonathan Gershater in Cloud, Cloud-based Security, Privacy, Compliance and Identity, public cloud, Securing the Cloud, Security Mar 28th, 2012 | No Comments I recently read a blog post outlining how a customer should evaluate where they should store their encryption keys when encrypting data in the cloud. The post outlines the various options for storing keys and concludes, “Enterprises must assess their risk tolerance and audit requirements before they can select a solution that best meets their encryption key management needs.“ I completely agree with the post.  Risk tolerance assessments and adherence to audit standards  are essential elements of any quality data security program. I would argue though, that if the customer is following...

Do You Encrypt Your Data? A Plea to Businesses from an Identity Theft Victim

Posted by Christine Drake in Cloud, Cyber crime, Privacy, Compliance and Identity, Securing the Cloud, Security, Threats Feb 2nd, 2012 | 1 Comment Recently I became a victim of identity theft.  Criminals gained access to my name, address, date of birth, driver’s license number, social security number, and bank account number.  I’ve spent the last 10 years marketing Internet security solutions, but now I know firsthand how painful it can be to individuals when a data breach occurs. How did they get my personal information?  Working in the security industry, I’m pretty careful.  I’m good at recognizing phishing scams; emails that use various ploys to get you to reveal your personal information (see this paper I co-authored on the...

Government Data Seizures is Only One Type of Data Loss

Posted by Christine Drake in Cloud, Privacy, Compliance and Identity, public cloud, Securing the Cloud Jan 18th, 2012 | 1 Comment Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”).  The U.S. might seize your data or other governments might gain access for a multitude of reasons.  Even if your government doesn’t have laws that allow data access, they may work with a government that does, and may hand over your data—perhaps without your knowledge. But governmental seizure of data is only a small component of potential data loss. It doesn’t really...

How do you know you won’t get bubonic plague at hotels?

Posted by Jonathan Gershater in Cloud, Cloud-based Security, public cloud, Securing the Cloud, Security Nov 10th, 2011 | 1 Comment Perhaps bubonic plague is uncommon, but  influenza or cold germs are easily transmitted in the public domain. What degree of assurance do you have that when you check into your hotel room, that it is safe and sanitized? The hotel employs a cleaning staff and adheres to standards of cleanliness and hygiene to ensure your room is clean. However, door knobs, elevator buttons etc handled by the other guests all day, are an avenue of transport for infection. These are some of the risks we take in daily public life – our own immune systems and personal hygiene help to ward off illness and infection. When...

Beyond Perimeter Defense to Data-Centric Security

Posted by Christine Drake in Cloud, Cloud-based Security, Consumerization of IT, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, VMware Oct 7th, 2011 | 1 Comment Traditionally businesses have focused their IT security on perimeter defense—blocking threats before they enter the network. This protection is still important.  But with today’s cloud computing, mobile devices, and advanced persistent threats (APTs), businesses need security that protects their data wherever it travels and in whatever type of device it resides, requiring new data-centric security.  Earlier this week, Trend Micro held its annual insight event for the analyst community and announced our new vision on data-centric security (see video clips of the event here and here).  Back...

Join the Journey to the Cloud on Oct/5

Posted by Aaron Lewis in Cloud, Cloud-based Security, Secure Data Centers, Securing the Cloud, VMware Sep 23rd, 2011 | No Comments Live in 10 Cities + Broadcast live Online. Trend Micro and VMware invite you—along with other selected enterprise leaders—to join leading cloud and virtualization security experts for this exclusive live event that will provide a clear picture of what it takes to truly secure your cloud environments. The Most Important Cloud Event of 2011: 10 Cities. 90 Minutes. One Purpose Whether you’re simply virtualizing your data center or using virtualization as the foundation for your private or public clouds, Join the Journey brings together some of the world’s leading virtualization and cloud...

What Are the True Dangers of the Cloud?

Posted by Christine Drake in Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization Sep 8th, 2011 | 7 Comments We often hear that security and privacy concerns are the main inhibitors to cloud adoption.  But what are the true threats?  Is the cloud really more dangerous than your on-site data center?  I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation.  There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical...

Encryption is Not Enough for Cloud Security

Posted by Christine Drake in Cloud, Deep Security, hybrid-cloud, IaaS, Privacy, Compliance and Identity, private cloud, public cloud, Securing the Cloud Sep 1st, 2011 | 4 Comments By saying that encryption is not enough for cloud security, I don’t mean that you also need other types of protection like server security, identity management, etc.  I think most people deploying cloud computing plan to implement more than encryption for security.  What I mean is that encryption alone is not enough in an encryption solution when it comes to cloud environments.  Of course, industry-standard encryption is essential, but it’s table stakes.  When dealing the multi-tenant nature of the public cloud, or even the inter-departmental shared resources of a private cloud, how encryption...

Why is VMware Downplaying their PacketMotion Acquisition?

Posted by Dave Asprey in Cloud, Cloud-based Security, Securing the Cloud, VMware Aug 31st, 2011 | 1 Comment This week, on a Friday before the start of VMworld, VMware announced that they acquired PacketMotion. It was announced in a blog post Friday by Dean Coza, director of security product management at VMware. Is it just me, or do most companies choose to announce things they want no one to discuss on Friday afternoons – via blogs? My corporate masters tend to save the good stuff for Monday mornings at the start of massive trade shows, and they use old-fashioned press releases, backed by armies of outsourced PR people to create buzz. VMware should be really happy with the acquisition and put a spotlight...