Cyber Security Institute

Friday, May 28, 2010

BMC Software Comes Out with Its Own Cloud-Building Tool Kit

BMC Cloud Lifecycle Management is designed to enable enterprises to make the most of their cloud computing hardware and software and find ways to be more efficient, improving the bottom line and finding green IT benefits.  Data center management software provider BMC Software, an original partner of Cisco Systems in the Unified Computing System initiative launched in 2009, has come out with its own cloud computing management package for large enterprises.

MORE... (0) Comments

Private Cloud Computing Takes Off in Companies Not Keen on Sharing See full article from DailyFinan

The most familiar examples of cloud computing are big, publicly available, Web-based applications such as Gmail and Google Docs.  But given concerns about security and reliability, few big companies are ready to entrust their IT operations to publicly shared infrastructure, even if it’s cheaper.  Large companies are creating private clouds by shifting their internal computer power and applications off the PC desktop and onto shared infrastructure, where employees use it only as needed. “These large, enterprise organizations have the economies of scale to deliver the same thing as [public clouds].  Oracle (ORCL) founder Larry Ellison prefers to call it “fashion driven” computing or “complete gibberish.”

MORE... (0) Comments

India to emerge as central hub for cloud computing

According to Microsoft CEO Steve Ballmer, who is currently in India these days stated that India is a hot destination for cloud computing vendors, confirmed sources.  It is the most discussed about technology globally and India seems to be a hot bet for the same.

MORE... (0) Comments

Microsoft Official Calls For Updating Two Key Computer Laws

Microsoft is part of a coalition that is pushing Congress to update the Electronic Communications Privacy Act, which governs government access to electronic communications.  Microsoft Vice President and General Counsel Brad Smith says lawmakers must also update the 1986 Computer Fraud and Abuse Act, the federal law that addresses computer-related crimes such as hacking.

MORE... (0) Comments

The Dangers of Cloud Computing

To this end here are five things you need to be aware of before you move your data to a cloud service.  Cloud services can be a huge money saver for businesses and looks to be the future direction of IT for many.  There are three types of cloud services: Infrastructure as a Service, Platform as a service, and Software as a service.

MORE... (0) Comments

Thursday, May 27, 2010

Symantec to Move Security to Phone, Smart Devices

Symantec announced a significant initiative it is calling “Norton Everywhere”, aimed at busting Symantec’s security know-how out of the yellow box and bringing it to new markets.  Elements of the strategy, to be rolled out over the next few months, specifically include mobile security products for iPhone and Android, a Norton DNS service, and (relying on partner Mocana) security for a variety of non-PC “smart devices”.

MORE... (0) Comments

Secure POS Vendor Alliance Releases End-to-End Encryption Security Requirements

The Secure POS Vendor Alliance (SPVA), a non-profit business organization founded by Hypercom (NYSE: HYC), Ingenico S.A. (EURONEXT: ING) and VeriFone (NYSE: PAY) today announced the release of its End-to-End Encryption Security Requirements related to payment card data in payment card reading devices.  Targeted to vendors of POS devices, this newly released framework marks a critical step toward SPVA’s mission of widespread understanding of payment security issues and the adoption of best practices.  “The SPVA’s end-to-end security requirements guidelines set a baseline for the industry and represent the first step to further strengthen payment security standards globally,” said T.K. Cheung, SPVA chairman and Hypercom vice president global quality & security.

MORE... (0) Comments

Email encryption must be prioritised

Most email not only passes through, but actually resides on at least two servers once it is sent by the originator; in many cases the number is greater.  When you hit the ‘send’ button, you are not sending your message directly to the intended recipient.  In a corporate environment the first stop for your mail is probably your internal mail server (the one where your inbox lives).  Email can be intercepted at any point along this delivery chain by anyone with access to those servers, whether that be server administrators at the sender, ISP or recipient.  In most cases the reason for failure to adopt encryption lies in the management and administrative overhead associated with creating and maintaining a public key server at the corporate level.  At the end user level, the fact that the recipient of the as yet unwritten email has to pre-register somewhere and hand over a copy of their public key to sender before the conversation can even begin, has been enough to make most users rapidly revaluate their need for privacy and just hit the Send button.

MORE... (0) Comments

Cloud, Mobile Computing and Social Media Hailed as New Drivers of Business Transformation at CIO Exe

If your business isn’t serious about leveraging the potential of cloud computing, mobile computing and social media, the competition just might leave you in the dust.

MORE... (0) Comments

Wednesday, May 26, 2010

IBM’s Rapidly Evolving Cloud Computing Strategy

IBM announced that it has signed a pact with Ariba, under which that company’s software for tracking spending will become available in the cloud via IBM’s Lotus subsidiary.  Earlier this month, IBM acquired Cast Iron Software to gain access to middleware for integrating cloud computing services.  And prior to that, IBM’s Cognos, Websphere, DB2 and Rational software offerings have all been made available via the cloud.  According to Beverly Dewitt, program director for IBM’s LotusLive partner program, there’s nothing random about the IBM cloud computing strategy.  Under the auspices of the LotusLive cloud computing platform, IBM is inviting application vendors that address specific business processes, such as spend management in the case of Ariba, to become full-fledged LotusLive partners alongside vendors such as Skype and Salesforce.com.

MORE... (0) Comments

8 Ways to Measure Cloud ROI

An initiative from The Open Group has developed a set of key considerations for how to build and measure return on investment (ROI) for cloud computing initiatives from a business perspective.  By examining the benefits cloud computing offers organizations and showing the potential return it can provide from the beginning, companies may find it easier to gain buy-in for cloud initiatives from the executive team, as well as the IT department.  Cloud computing has been described as a technological change brought about by the convergence of a number of new and existing technologies.

MORE... (0) Comments

Cloud Performance: A Bigger Stumbling Block than Security?

If you are like dozens of CIOs and IT leaders we interviewed in our recently concluded cloud research, your top concerns in adopting the public cloud would revolve around data privacy, security, availability, lock-in, and performance.  Your cloud provider may have built the newest, shiniest, greenest and the most secure and highly available data center.  All that would come to naught if your Internet access goes down or if your Internet connection slows down to a crawl!  Certainly your cloud provider is not going to guarantee the performance or availability of the public Internet.  Perhaps you can work with your Internet Service Provider to obtain higher-SLA Internet connectivity or perhaps you could procure a redundant Internet connection (which could increase the complexity of your network infrastructure).

MORE... (0) Comments

C-29: The Anti-Privacy Privacy Bill

CanadiannIndustry Minister Tony Clement introduced two bills yesterday - the Fighting Internet and Wireless Spam Act (C-28) and the Safeguarding Canadians’ Personal Information Act (C-29).  The author has spoken positively about C-28, which is long overdue and should receive swift passage.  By contrast, C-29 is a huge disappointment.  The bill is also long overdue as it features the amendments to Canadian private sector privacy law from a review that began in 2006 and concluded with a report in 2007.  Just over three years later, the government has introduced a bill that does little for Canadians’ privacy, while providing new exceptions for businesses and new powers for law enforcement (David Fraser has helpfully created a redline version of PIPEDA with the proposed changes).  The centrepiece of the bill is a new security breach disclosure provision, but the requirements are very weak when compared with similar laws found elsewhere.

MORE... (0) Comments

Want Better Security? Reward Your Provider

Managed security contracts that reward providers for notifying their clients of breaches provide better security, according to a mathematical analysis conducted by three researchers at the University of Texas at Dallas and the Middle East Technical University.  The research, which will be presented at the Workshop on the Economics of Information Security (WEIS) 2010 next month, analyzed a common type of contract used today in which a provider assesses a fee for its managed security service, but refunds part of the fee—as a penalty—if there is a breach.  Using game-theory analysis, the researchers established that this commonly used contract model provides no incentive for the provider to notify its client of a breach.  Two other contract models, however, are more likely to provide incentives for better security, the researchers say.

MORE... (0) Comments

Xerox’s ACS Rolls Out Public, Private Cloud Service

Xerox-owned Affiliated Computer Services this week became the latest IT services company to debut an enterprise service that blends both private and public cloud services though an on-demand delivery model.  ACS Enterprise Cloud is designed to support the Vblock infrastructure package, a pre-integrated and pre-tested virtualized data center offering developed by Cisco (NASDAQ: CSCO), EMC (NYSE: EMC) and VMware (NYSE: VMW).

MORE... (0) Comments

Tuesday, May 25, 2010

Default Database Passwords Still In Use

The rampant use of default passwords within live database environments continues to plague the security of enterprise data, researchers say.  “It’s a problem that has been around for a long, long time,” says Alex Rothacker, manager of Team SHATTER, Application Security Inc.‘s research arm.

MORE... (0) Comments

McAfee, Symantec add mobile security to lineup

Two well-known anti-virus software companies are expanding their reach into the security marketplace.  McAfee said Tuesday that it’s buying mobile security company Trust Digital. The announcement comes about a week after competitor Symantec’s decision to pay $1.28 billion to buy a division of VeriSign that sells security technology to websites.

MORE... (0) Comments

IBM to acquire Cast Iron Systems for cloud boost

Cast Iron provides integration software that enables applications running in a cloud to access applications in the data center.  IBM predicts the global cloud-computing market will grow to US$126 billion in 2012, up from $47 billion in 2008.

MORE... (0) Comments

German watchdog tells firms to do own US privacy checks

German privacy watchdogs have told companies to conduct their own checks of US companies’ conduct before passing personal data to them, even if they are signed up to the EU-US ‘Safe Harbor’ data protection scheme.  It has said that companies must not simply take US companies’ word on their compliance with EU privacy principles if they plan to send personal data to them.  European Union laws on privacy are amongst the world’s strictest, and companies are not allowed to send personal data to countries outside the European Economic Area unless there is a guarantee that it will be protected as well there as it is in the EU.

MORE... (0) Comments

Monday, May 24, 2010

Another Study Sees Value in Cloud Computing

Cloud computing is one of those topics that often elicits a mixed reaction in the tech world.  Despite any concerns among IT pros, cloud computing is here to stay and is likely to hook itself even deeper into the business world, according to the results of a March survey by Sand Hill Group.  As an advisor to market leading companies, Sand Hill interviewed more than 500 IT executives to gauge their opinions and deployment plans on cloud computing.  Though certain challenges were found, the survey “Leaders in the Cloud” painted an overall rosy picture of the ability of cloud computing to help cut costs, boost return on equity, improve reliability, and even enhance the image of IT within a company.

MORE... (0) Comments

Sourcefire Expands Real-Time Application Awareness, Extending Leadership of Intelligent Cybersecurit

Sourcefire, Inc. (Nasdaq:FIRE), the creators of SnortĀ® and a leader in intelligent cybersecurity: solutions, today announced enhancements that provide the Sourcefire IPS, the industry’s leading intrusion prevention system (IPS), with real-time visibility into the specific applications running on an organization’s network.  Sourcefire is expanding its existing library of more than 200 application detectors by adding support for popular applications and services such as Gmail, HTTP and RSS, making it easier than ever to tailor IPS protection, assess the impact of threats, and enforce IT policy compliance.

MORE... (0) Comments

Check Point enhances free firewall with malware analysis

Check Point has enhanced its ZoneAlarm firewall with a feature that analyses malware reported by its community.  The company said that the free firewall includes both an inbound and outbound firewall, with the inbound firewall preventing hackers from entering a PC and outbound protection automatically blocking data from being transmitted back out to the hacker.

MORE... (0) Comments

Guardian Analytics raises $9 million as cybercrime rates soar

As cases of cybercrime against US business bankers reach epidemic proportions, California-based banking security firm Guardian Analytics has raised $9 million in funding, led by Sutter Hill Ventures with participation by existing investor Foundation Capital.

MORE... (0) Comments

Saturday, May 22, 2010

Google Rolls Out Encrypted Search

Google kept this one until after the Google I/O 2010 conference, but it’s certainly a big announcement.  Google has now enabled SSL (Secure Sockets Layer) encryption of its search engine ensuring that any web search user’s conduct stays private.  The service includes a modified logo to help indicate that you’re searching using SSL and that you may encounter a somewhat different Google search experience,” he explained.  Google has started adopting https:// secure connections for some of its services, most notably for Gmail, for which SSL connections are enabled by default for all traffic.

MORE... (0) Comments

Friday, May 21, 2010

Practical Analysis: The Slog Toward Private Clouds

Results from our private cloud poll.  We asked about plans for the internal IT infrastructure and how it will mesh with external cloud resources, so opinions about software as a service are largely factored out of the responses to the latest survey.  I don’t mean that in a pejorative way: SaaS is simply better understood than the other forms of cloud computing, including internal private clouds, and that comes through in our survey.  Whereas 18% of survey respondents report using SaaS apps and another 31% say they’re extremely likely to use SaaS, no other form of cloud computing shows even 10% using it or more than 20% extremely likely to use it in the near future.

MORE... (0) Comments

Cloud: Does ROI Matter?

Nobody asked about return on investment during the American Revolution.  Specific cloud implementations may fail or succeed.  In my research on cloud ROI for our upcoming InformationWeek Analytics report, I haven’t yet found an end user that has put together a stringent return-on-investment analysis using discounted cash flow techniques.  I also spoke to a bunch of cloud providers during my research.  Moorman said that the enterprise users that he speaks to are chiefly focused on how organizations look at adding cloud computing to the mix of what they’re doing today in a safe way, rather than “having a big TCO debate.”  He rightly points out that IT budgets and ROI studies can be maneuvered in much the same way that statistics can be—you can tell just about any story you want to if you frame it right.  Crenshaw told me, “We don’t really recommend that customers do a pie-in-the-sky model that shows that IT costs are going to drop 50-60%” because, he says, “maybe it’s credible, maybe it’s not.”

MORE... (0) Comments

Verizon to offer network security via the cloud

The service will enable organizations to add security services with “just the click of a mouse” through a simple and robust platform, the firm claimed, while removing the need to have any equipment installed on-site.  David Howorth, regional vice president for global services at Verizon Business, explained that the move could help enterprises of all sizes ensure that they have the necessary foundations to protect against a range of threats.

MORE... (0) Comments

ID Theft Victims Spending Less In Cleanup Aftermath

Nearly one-third of all identity theft victims say they are unable to completely clear up damaged credit or criminal records in the aftermath of their identities being abused.  But the good news is they’re spending much less time and money cleaning up the fraud perpetrated against them in their names, according to a newly released report.  Most ID thieves (55 percent) used the stolen identities to open new lines of credit, followed by making purchases on stolen credit and debit cards, 34 percent.

MORE... (0) Comments

Google halts deletion of Street View Wi-Fi data

Google has stopped deleting the personal data its Street View cars collected from open Wi-Fi networks, following what the company called “some uncertainty” over the deletion process.  For three years, Street View cars collected Wi-Fi payload data across 30 different countries.  Some countries have asked Google to delete the data - and in some cases, it has complied - while others have requested that the data be kept for the time being.  “On the instructions of the Irish data protection commissioner, Google destroyed all Wi-Fi data relating to collection in Ireland,” read an open letter from Privacy International to the European privacy commissioners earlier this week.  The action could be seen as collusion to destroy evidence.”

MORE... (0) Comments

Oracle Buys Database Firewall Firm Secerno

Oracle said it will buy Secerno, a provider of database firewall software, to help customers protect their sensitive business data and comply with regulatory compliance standards.

MORE... (0) Comments