Businesses concerned about the security of cloud-computing systems should appoint a 'cloud purchasing czar' whose sole responsibility is to evaluate cloud service providers (CSPs) and manage their interactions between business and IT executives, a leading security consultant has advised.
Well-established cloud customers may have a reasonably good understanding of the risks and procedures necessary to make the most of the model, but new entrants will face a steep learning curve that requires ongoing involvement with the business organisation to resolve, the University of Melbourne's IT security and risk management head has warned.
The escalating need for integrated network and endpoint protection means CSOs need to make sure they don't overcommit to any specific vendor's security vision, the CEO of security firm Sophos has warned.
Built-in encryption makes removable USB-based desktop images intrinsically more secure against loss or compromise than conventional desktops, but a virtual-desktop expert warns that companies must still look to two-factor authentication and innovations such as biometrics to ensure security is easy enough that employees won’t circumvent it.
Hosting provider OzHosting has sought to carve out a niche in the increasingly crowded cloud file-storage market by using virtualisation technology to give each customer their own hosted, encrypted virtual file locker.
Trend Micro's SafeSync is an Internet-based storage solution that allows you to upload files and access them from any computer or smartphone (iPhone or Android). It's a very similar service to DropBox, but it offers better value for money.
Canberra's EVOLVE.Cloud hit the streets with topline speakers
Evolve.Cloud event hosted by Trend Micro including thought leaders from , VMware, Cloud Security Alliance, Government Leaders and Cloud Independent Rob Livingstone at The Sheraton on the Park.
Symantec Vision 2011 Sydney in pictures
Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.
To use Cloud computing securely requires companies to know where their data is stored and who has access to it. Ironically, the reason Cloud is so popular is because organisations don't want to worry about these details.
So can the issue be solved by adhering to standards? Increasing legislation? Maybe we need a global technical disaster to ‘sober up’ an industry drunk on the power of Moore's Law.
The attractiveness of adopting cloud services continues to grow. Who can argue against access to the latest technologies, a pay as you go model, rapid provisioning/de-provisioning and on demand scaling? All of these benefits lead to improved agility, faster time to market and a business focus on the business (not managing IT). Many of the risks of cloud computing have become less frightening as organisations have become more comfortable with data sovereignty and availability issues.
In the age of cloud, internal IT departments are being continuously challenged to demonstrate value and alignment to business requirements and business needs.
How does your organisation cope when your data has left the building — or the country? Data sovereignty can be a vital legal issue, because data becomes subject to the laws of the country it's stored in — and that changes the risk profile.
In 1973 Peter Drucker in his book “Management Tasks and Responsibilities” defined strategic planning as: “The continuous process of making present entrepreneurial (risk-taking) decisions systematically and with the greatest knowledge of their futurity..."
Information Security, IT Security, Technology Security, IT Risk and Security and IT Risk Services are all names that organisations use to define a functional unit within their enterprise that is responsible for the security, integrity and operational assurance of their information assets and operating environment.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.