Month: May 2010

Broad cloud security services had to wait on the maturation of security technologies and for demand in the marketplace to grow, observers say. Meanwhile, more focused security services are springing up to help small and midsize businesses cope with complexity.

“Security has gotten much more complicated,” says John Pescatore, vice president of business intelligence firm Gartner. Another sign of maturity: In the past, the fuzzy status of managed and cloud security services’ compliance to various regulations kept some companies away. “A lot of people are attracted to these security-as-a-service offerings because, as part of it, they get the reporting needed by regulations,” he observes.

Starting in June, the company will offer antivirus, anti-spam, anti-malware, and URL filtering services for no charge to existing Secure Gateway customers.

Where Verizon aims to sell services to enterprises, the goal of Symantec’s HEP is to ease management of the company’s endpoint security products for small and midsize businesses.

Large enterprises are not as interested in SaaS offerings because they lose some control and flexibility, says George Tomic, distinguished engineer for Symantec Hosted Services.

http://www.darkreading.com/securityservices/security/perimeter/showArticle.jhtml?articleID=224701664

The framework consists of five steps that begin with data ownership and classification and end with a clear and effective data protection program that enables incidents and breaches to be properly handled.

“The first step of Accuvant’s Data-Centric Security Framework is to understand and inventory our clients’ sensitive data handling and critical system ownership.

From this, we can determine the effectiveness of the current security program and system controls, and recommend the services and technologies that should be implemented to close the gap to get them where they need to be,” said Doug Landoll, director for Accuvant’s Risk and Compliance Management team.

“Defining what sensitive information exists, where it resides and how it must be protected is the underlying principle of Accuvant’s Data-Centric Security Framework, and ensures that our clients can make the most efficient use of their security dollars.”

Accuvant’s Data-Centric Security Framework is a departure from traditional DLP projects in that most are centered on the technology and assume that the organization has already defined its data, developed policies and put critical controls in place. Accuvant’s Data-Centric Security Framework turns this concept on its head and instead focuses on the sensitive data first, with a review of the existing controls and pragmatic use of available DLP tools and technology thereafter.

Step 2 – Locate: This step is for organizations that want to discover the location of all in-scope sensitive data assets, such as credit card data.

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=224900104