Infosecurity Opinions
Comment: HIPAA vs The Cloud
Cloud computing provides a cost effective service option for the IT needs of healthcare organizations; however, loss of assured end-to-end control of data can create HIPPA compliance issues. Chris Witt, CEO of WAKE Technology Services, serves up his perspective on the tradeoffs
Comment: Mastering Mobile Security
Paul Lothian, principal adviser at KPMG, believes increasingly functional mobile devices are now firmly in the sights of cybercriminals.
Comment: Public vs Private – Things that Really Matter In the Cloud
Aydin Kurt-Elli, COO at Lumison, reflects on the Amazon EC2 outage, exploring what a private cloud infrastructure can offer organizations amid public cloud fears.
Comment: Accidental Data Deletion Still Considered Spoliation
Bill Tolson of Autonomy examines the perils of eDiscovery requirements and what organizations should do to prepare for all-but-inevitable lawsuits
Comment: Passwords Are No Longer Enough
Strong authentication is key to adequately protecting critical data in a mobile age. Stephen Howes, CTO of GrIDsure, looks at the options
Comment: RSA SecurID Breach – Where Do We Go From Here?
Philip Lieberman, CEO and president of Lieberman Software, gives us his opinion on the origins of the recent RSA Security data breach, laying much of the blame on lack of investment and lax management. He outlines some of the lessons we should learn from this disaster and a way forward for the wary.
Comment: Financial Institutions Must Plug Insider Leaks
With whistleblowing website WikiLeaks stepping up its attack on governments and corporates, financial institutions are increasingly facing the threat of insider collusion with outsiders. Simon Romp, principal consultant at Rule Financial, explains how banks can strengthen their walls and minimise the risk of sensitive data being leaked from the inside.
Comment: Breaches Underscore Need for Device ID
The recent compromise of RSA’s SecurID tokens and the subsequent breach of Lockheed Martin’s network doesn’t signify a complete failure, argues Wave Systems’ Steven K. Sprague, but rather an incomplete defense.
Comment: Key Management Strategies in the Cloud
Jon Geater, director of technical strategy at Thales e-Security, discusses the need for an information-centric approach to key management in the cloud and a range of strategies that could be deployed.
Comment: Data Breaches a Symptom of a Bigger Problem
The recent rash of high-profile data breaches can have a happy ending if IT and security leaders can convince the C-suite to break the cycle. In this op-ed, Johnathan Norman of Alert Logic explains that the first step is getting the C-suite to consider the value of their data and how much a breach would cost, so they can understand the enormous risk they are taking.
Comment: Cracking the Counterfeit Fraud Challenge
While banking fraud might be at its lowest level ever in the UK, now is not the time for complacency. Emil Büchler, head of cards at SIX Card Solutions, explains that while advances are being made to stop the card counterfeiters, work remains to be done.
Comment: Visionaries Recognize the Changing Nature of Crime as an Opportunity
Infosecurity is proud to welcome W. Hord Tipton, executive director of (ISC)², as the newest member of its editorial board. As part of his welcome, Tipton shares why, whether large or small, organizations’ security technology is only as good as the people being tasked to operate and maintain it
Comment: Staying Secure With a Limited Budget
Ray Bryant, CEO of Idappcom, looks at how IT departments can maintain the same level of service and security with less money. He advises where cuts can be made and how these will help a business run more cost-effectively without affecting service levels and, more importantly, ensure that an organization does not become more vulnerable to attacks.
Comment: Security Research Goes Proactive – The Hacker Intelligence Initiative
Sun Tzu’s “The Art of War” taught us to know your enemy in order to prevail over it. Imperva’s Amichai Shulman demonstrates why applying such methods to the hacker community can help the security industry come out on top
Comment: Web Vulnerabilities – Vector of Choice
Aziz Maakaroun, business development director for Outpost24, discusses why organizations need to step up their online defenses by scanning for web application vulnerabilities.
Comment: Virtualization Minus the Migraine
Shavlik Technologies’ Rob Juncker examines the possible pitfalls of virtualization and offers a strategy for safe and effective technological advancement: cohesive policies and even tighter IT architectures
Comment: 2011– The Year Tokens Died
Andrew Kemshall, CTO and co-founder of SecurEnvoy, presents a compelling argument for fading out physical tokens for two-factor authentication and replacing them with tokenless solutions using SMS technology, which is both cheaper and faster. Read on as he weighs the pros and cons
Comment: Combating Weaponized Malware
Ironically, organizations that deploy digital certificates and encryption keys to address security and compliance concerns can end up putting themselves at risk. Improved management can reverse the trend, says Venafi CEO Jeff Hudson.
Comment: Assured government – Where next for government data security?
The government has announced its direction of travel for data security but now needs industry to tell it what the destination will actually look like. Piecing together the operational and policy Whitehall jigsaw is a challenge to which the industry must rise says William Wallace, former IT security adviser to the Conservative Party.
Comment: Cyber war – is it defensible?
Frank Coggrave of Guidance Software provides insight into the concept of cyber warfare and talks in detail about the different forms in which it manifests itself. While many are talking about developing some rules of engagement, Coggrave contemplates those who do not play by the rules.
