Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Our work, both with clients and with tools, has lead us to wonder how it is that organizations are handling compliance issues in the cloud. The big cloud vendors offer compliance for their infrastructure, but the shared responsibility model requires that you take certain steps to meet compliance requirements. Which lead us to start poking around a little more. We wanted to get a picture of what was available, and how it was being used. There is a lot of fluidity in this space, as in all things cloud. The fact that DevOps Security plays into the cloud compliance model – particularly in dynamic cloud environments – makes it even more fluid. We’ve found the following options are the ones most frequently being pursued in cloud deployments for industries that need to meet compliance requirements. Not in the Cloud This is the default, and a lot of companies are followin... (more)

Vivint to Exhibit at @ThingsExpo | @VivintHome #IoT #IIoT #Vivint #SmartHome #SmartCities

SYS-CON Events announced today that Vivint to exhibit at SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California. As a leading smart home technology provider, Vivint offers home security, energy management, home automation, local cloud storage, and high-speed Internet solutions to more than one million customers throughout the United States and Canada. The end result is a smart home solution that saves you time and money and ultimately simplifies your life. CloudExpo | DXWorldEXPO have announced the conference tracks for Cloud Expo 2018, introducing DXWorldEXPO. DXWordEXPO, colocated with Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (... (more)

Avoiding Compliance Risk with Better Access Management | @CloudExpo #Cloud #Security #Compliance

Avoiding Compliance Risk with Better Access Management Networks have become large, complex entities that are increasingly difficult to manage and control. Security, audit, risk and compliance professionals know that their organizations rely on them for effective risk management, control and governance processes that are essential to the safety of their network environment. Yet compliance and security are more challenging than ever before as additional layers are added to this environment. One of the challenges lies in the fact that there is an ongoing, huge access gap in network security and compliance - and it has been residing within the environment for more than 20 years. This tool, known as the Secure Shell (SSH) protocol, grants privileged access to all types of production environments. A Problem Gaining Attention The problem is propagated by a lack of awareness... (more)

Calligo Named “Bronze Sponsor” of @CloudExpo | @CalligoCloud #Security #DevOps #AI #DX

SYS-CON Events announced today that Calligo has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo is an innovative cloud service provider offering mid-sized companies the highest levels of data privacy. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalized support service from its globally located cloud platforms. Through its four pillars of focus, Calligo delivers a platform that businesses can trust to deliver the high level of service and protection they expect and is lacking in many cloud offerings. For more information, please visit https://calligo.cloud/. 21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Cl... (more)

API Security - Four Quick Steps to Lockdown | @CloudExpo #API #IoT #DX

API Security is complex. Vendors like Forum Systems, IBM, CA and Axway have invested almost two decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is a building block for rapidly locking down APIs. The four fundamental pillars of API Security - SSL, Identity, Content Validation and deployment architecture - are discussed in detail below. Here are four fundamental steps that an enterprise can take to ensure that their APIs attack surface area is significantly reduced. To implement API Security: Enable SSL: One can rapidly protect API traffic by enabling SSL and changing http to https. This is a good first step in protecting the traffic from an API consumer to an API producer, however, the following items should be considered in tightening secure API communication: Check X... (more)

Layered Defense in the Connected World | @ThingsExpo #IoT #M2M #Security

Layered Defense in the Connected World The National Cyber Security Awareness Month is transitory, but many of the decisions we have made around the adoption of technology within our personal and business have brought with them risks that will stay with us for a while. A good example of this is the deployment and proliferation of ‘smart' or ‘connected' devices - IoT. The Internet of Things (IoT) has promised us more personalized and automated services, optimized resource utilization, and added convenience, but we haven't always stopped to consider the risks that come with the benefits? The number of connected devices has grown at an unprecedented rate with current estimates at between 6-12 billion devices. This number seems enormous but if you doubt it, I suggest you login into your home router and look at how many devices are registered - you may be surprised when yo... (more)

[session] Risk Tree API | @CloudExpo @TwistlockTeam #DevOps #AI #DX #API

Risk Tree API: Expose Your Vulnerabilities Vulnerability management is vital for large companies that need to secure containers across thousands of hosts, but many struggle to understand how exposed they are when they discover a new high security vulnerability. In his session at 21st Cloud Expo, John Morello, CTO of Twistlock, will address this pressing concern by introducing the concept of the "Vulnerability Risk Tree API," which brings all the data together in a simple REST endpoint, allowing companies to easily grasp the severity of the vulnerability. He will provide attendees with actionable advice related to understanding and acting on exposure due to new high severity vulnerabilities. Speaker Bio John Morello is the CTO of Twistlock, leading the work with strategic customers and partners and driving the product roadmap. Prior to Twistlock, John was the CISO ... (more)

When “IoC” Meets “SoC” | @DevOpsSummit @Cavirin #DevOps #DevSecOps

DevSecOps - When "Infrastructure as Code" Meets "Security as Code" Not very long ago, in my IT consulting career, I used to be responsible for the launch of mission-critical applications that help enterprises leap into the cutting edge of the digital business revolution. There were a lot of hard skills required for leading such a mission that involved getting the system architecture and software design right early, mentoring and managing the engineering resources, and tracking the progress to the satisfaction of the business analysts who put together the requirements and the stakeholders who funded the projects. Those skills, while hard, were largely deterministic and manageable vs another set of skills required to ensure that the built applications come alive in production environments, and run reliably and securely thereafter. This other set of skills often pit the... (more)

Lightboard Lessons: What is DDoS?

Over the last quarter, there were approximately 500 DDoS attacks daily around the world with some lasting as long as 300 hours. In this Lightboard Lesson I light up some #basics about DoS and DDoS attacks.   ps Related: DDoS attacks in Q2 2017 DDoS attack – Distributed Denial of Service DDoS Attacks 101: Types, targets, and motivations ... (more)

[video] #Monitoring with @AISolutions_Inc | @CloudExpo #CloudNative #DevOps #AI #ML #DX

"We are an IT services solution provider and we sell software to support those solutions. Our focus and key areas are around security, enterprise monitoring, and continuous delivery optimization," noted John Balsavage, President of A&I Solutions, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY. 21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Download Show Prospectus ▸ Here Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid c... (more)

[session] Cloud Security | @CloudExpo @SecureChannels #AI #DX #Security

Exceeding the Conventional Modes of Protecting Data: An Innovative Approach to Cloud Security In the fast-paced advances and popularity in cloud technology, one of the most critical factors revolves around concerns for security of your critical data. How to assure both your company and your customers they can confidently trust and utilize your cloud environment is most often top on the list. There is a method to evaluating and providing security that exceeds conventional modes of protecting data both within the cloud as well externally on mobile and other devices. With the public failure of barrier type security, protecting data can now include encryption methods that protect it in storage as well as when exchanging it outside the confines of a secure cloud. In his session at 21st Cloud Expo, Thomas Fryer, CTO of Secure Channels Inc., will explain how and why data ... (more)