Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories

Cloud Governance means many things to many people. Heck, just the word cloud means different things depending on who you are talking to. While definitions can vary, controlling access to cloud resources is invariably a central piece of any governance program. Enterprise cloud computing has transformed IT. Cloud computing decreases time-to-market, improves agility by allowing businesses to adapt quickly to changing market demands, and, ultimately, drives down costs. The ease of deploying and scaling cloud services, along with their low cost of acquisition, has resulted in increasingly decentralized IT, or what is referred to as “shadow IT.” This helps organizations become more agile, but it also increases security threats due to absence of governance, uniform information security, and adherence to regulatory compliance requirements. Central IT has since reasserted its... (more)

What GDPR Is and How to Comply with It | @ExpoDX #AI #GDPR #Security

What GDPR Is and How to Comply with It: A Brief Guide As you have probably heard, the EU commission signed the General Data Protection Regulation (GDPR) back in April 2016. The legislation is designed to help companies handle efficiently the data challenges of the 21st century and give strict guidelines as to how to work with massive flows of digital information. It is set to protect web users (data subjects) from malicious use and loss of their personal info and, also, to give people greater control over how their records are processed. GDPR is to take effect on May 25, 2018. Company runners still have time enough to modify organizational processes to comply fully with new security rules, and today we will explain how they should start. What Exactly Is GDPR About? First off, it outlines how companies that work with EU personal data should obtain client’s consent. ... (more)

Maria Horton Joins @ExpoDX Faculty | #IoT #IIoT #SmartCities #ArtificialIntelligence #DigitalTransformation

DXWorldEXPO LLC announced today that Maria Horton joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by FTC, CUI/DFARS, EU-GDPR and the underlying National Cybersecurity Framework suggest the need for a ground-up re-thinking of security strategies and compliance actions. This session offers actionable ... (more)

Cloud Services Brokerage Enablement | @CloudExpo #DX #Cloud #FinTech

Cloud Services Brokerage Enablement The cloud market is growing at a rate of 30% annually and is expected to reach $130 billion. Analysts  predict that service providers are well positioned to be the leading point of distribution for cloud  services in light of the scale of their operations and their capacity to offer end-to-end lifecycle  management for IaaS, SaaS and PaaS over secure managed networks. Delivering cloud services has emerged as one of the most important opportunities of the decade for  service providers. To retain existing customers, grow market share and maintain existing profit margins  on core services; service providers need an edge on their competition and to increase agility in  addressing emerging market opportunities.  In what is often considered their “core” business, service providers are facing new competition from companies that are offe... (more)

The Top 10, Top 10 Predictions for 2018 | @ThingsExpo #DX #AI #ML #IoT

The time of year when crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Copying off since 2012, rather than thinking up my own, I figured I’d regurgitate what many others expect to happen. Top 10 Cyber Security Predictions for 2018 – Infosec Institute kicks off this year’s Top 10, Top 10 list with a look back at their 2017 predictions (AI, IoT, etc.) and dives head first into 2018 noting that Ransomware will be the most dangerous threat to organizations worldwide; cryptocurrency will attract fraudsters looking to mine; cloud security will (again) be a top priority; cyber insurance will explode and cyber-bullying, especially for teenagers, is at the emergency stage. Cyber security predictions for 2018 – Information Age taps Mike McKee, CEO of insider threat management company ObserveIT, to offer his insight. Lack of ... (more)

Compliance in the Cloud | @CloudExpo @DMacVittie #DevOps #Compliance

Our work, both with clients and with tools, has lead us to wonder how it is that organizations are handling compliance issues in the cloud. The big cloud vendors offer compliance for their infrastructure, but the shared responsibility model requires that you take certain steps to meet compliance requirements. Which lead us to start poking around a little more. We wanted to get a picture of what was available, and how it was being used. There is a lot of fluidity in this space, as in all things cloud. The fact that DevOps Security plays into the cloud compliance model – particularly in dynamic cloud environments – makes it even more fluid. We’ve found the following options are the ones most frequently being pursued in cloud deployments for industries that need to meet compliance requirements. Not in the Cloud This is the default, and a lot of companies are followin... (more)

[slides] Security in a Cloud-First World Is Cloudy | @CloudExpo #API #Cloud #Security

Download Slide Deck: ▸ Here Download Slide Deck: ▸ Here Security in a Cloud-First World Is Cloudy Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it's unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. Download Slide Deck: ▸ Here In his session at 21st Cloud Expo, Ben Johnson, Co-Founder and CTO of Obsidian Security, explored how both groups must do more to make cloud more secure, from leveraging AI to improving APIs, to incorporating cloud into current security programs. Download Slide Deck: ▸ Here Speaker Bio Ben Johnson,... (more)

Three Ruling Technology Trends | @DevOpsSummit #DevSecOps #Blockchain

Three Ruling Technology Trends to Watch Out for in 2018 As we head into a new year, IT improvements and management should be top of mind for any business looking to amp up their customer experience, delivery and service in 2018. Recently, at CA World ‘17, I talked about how every business strategy is now an IT strategy. With that in mind, I have a few predictions for 2018 that I encourage companies to have on their to-do list as they look to find greater success in the new year. #1 It's all about DevSecOps Security will remain top of mind for customers, but the software development lifecycle will now need to integrate security from start to finish in a seamless way. The need for speed and velocity with quality in development has created a "shift-left" movement that integrates security from the start, which needs to be easy and accessible for developers as they write c... (more)

Blockchain Decentralization: Securing #IoT | @ExpoDX #FinTech #Blockchain

Blockchain and Decentralization: Securing IoT Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in order to protect your data and privacy, IoT applications need to embrace Blockchain technology for a new level of product security never before seen - or needed. Speaker Bio Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland. DXWorldEXPO LLC, the producer of t... (more)

Technology Predictions | @DevOpsSummit #DevOps #DigitalTransformation

Every year about this time, we gaze into crystal balls to divine the future of our industry - or at least where it's headed over the next 365 days. The result is often a triumph of incrementalism: we predict that we will get more of what we already have. The truth is, technology isn't as revolutionary as we often think - and commenting on incremental changes alone may not help us understand what lies ahead. Along with a few near-term predictions - so hard to resist - I'd also like to make some predictions not just about technology per se, but about related changes to organizations, processes, and the cultures around them. Here's my main prediction: By 2030 what we've come to know as "IT" today will be virtually unrecognizable. No-code software will drive truly distributed technology By 2030, the "de-codification of coding" - meaning the use of no-code or low-code pl... (more)

Privacy and Security on Blockchains | @CloudExpo #FinTech #AI #Blockchain

Privacy and Security on Blockchains: What Protection Measures the Networks Are Adopting to Secure Their Users Decentralization of everything, the great new idea of which the web can’t stop babbling, might still seem a bit utopian if you inspect it closely. Yes, blockchains are likely to reshape our economy, or a huge part of it, and benefit considerably those who are currently unbanked. They might also facilitate the creation of rating/reputation systems that are not controlled by any single entity and thus allow people (say Uber drivers who’d like to work for Lyft) to switch employers without having to establish their credibility anew. They might give users complete control over their assets; protect them, to a degree, from being robbed and provide tools to sustain privacy even when a state-level actor – a bank or a government – is after their identity. But before t... (more)