Emerging technologies like social networks, mobile devices, and cloud computing are changing how IT views and manages risk. While these technologies provide business benefits, they also create new security threats that are difficult to anticipate and quantify. As data becomes more distributed and mobile, IT departments must shift their focus from hardening network perimeters to securing data across a more open, complex threat landscape. Companies are cautiously adopting cloud computing but remain concerned about security risks like loss of control over sensitive data and potential issues with cloud providers. IT security spending is increasing in response, but protecting against emerging threats poses ongoing challenges for organizations to manage new risks in an environment that is rapidly evolving.
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
Cloud computing, a highly flexible deployment model is emerging because of enhancing interdependence of business and IT. Effective and efficient resource sharing, interconnecting between people, department and companies is possible because of this emerging technology. Cloud computing also provides a stable environment where Telcos can improve business outcomes by leveraging their experience in offering IT centric managed services. Though not without its flaws, cloud computing looks to change the way companies do business in the near future.
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012 Livingstone Advisory
This presentation was delivered at the 2012 BankTech summit in Sydney, Australia by Rob Livingstone (www.rob-livingstone.com ). Topics included:
Exploring the real definition of Cloud
Interpreting the conflicting messages
Systemic vs. Technical risks in the Cloud
Availability
Hybrid Cloud is the reality
Importance of Cloud Computing Reference Architecture
Managing multiple parties in the Cloud ecosystem (Hybrid Cloud)
The challenge for Regulators
Standards? Which standards?
Some risk mitigation approaches
The Cisco 2010 Midyear Security Report includes:
* Results and analysis from two new Cisco studies -- one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
* International trends in cyber-security and their potential impact on business
* Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
* An update on global spam trends since late 2009 and spam volume predictions for 2010
* Guidance from Cisco security experts to help businesses improve their enterprise security by 2011
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
Cloud computing, a highly flexible deployment model is emerging because of enhancing interdependence of business and IT. Effective and efficient resource sharing, interconnecting between people, department and companies is possible because of this emerging technology. Cloud computing also provides a stable environment where Telcos can improve business outcomes by leveraging their experience in offering IT centric managed services. Though not without its flaws, cloud computing looks to change the way companies do business in the near future.
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012 Livingstone Advisory
This presentation was delivered at the 2012 BankTech summit in Sydney, Australia by Rob Livingstone (www.rob-livingstone.com ). Topics included:
Exploring the real definition of Cloud
Interpreting the conflicting messages
Systemic vs. Technical risks in the Cloud
Availability
Hybrid Cloud is the reality
Importance of Cloud Computing Reference Architecture
Managing multiple parties in the Cloud ecosystem (Hybrid Cloud)
The challenge for Regulators
Standards? Which standards?
Some risk mitigation approaches
The Cisco 2010 Midyear Security Report includes:
* Results and analysis from two new Cisco studies -- one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
* International trends in cyber-security and their potential impact on business
* Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
* An update on global spam trends since late 2009 and spam volume predictions for 2010
* Guidance from Cisco security experts to help businesses improve their enterprise security by 2011
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
This study provides insight into information assurance and mission assurance challenges posed by public cloud computing environments (CCE), and how accounting for those risks through acquisition security measures affect public CCE options.
The continued expansion of file-based, business-critical information within extended enterprises is changing the storage dynamic in a wide range of industries and organizations. In a series of interviews with U.S. and European enterprises, IDC found that companies are increasing their file-based storage by 40% to 120% a year and place a high priority on boosting the efficiency and reliability of their management processes for file-based information. IDC research indicates that unstructured, filebased data drove a majority of new storage capacity in all organizations' datacenters in 2008 and projects this growth to accelerate, in spite of current economic conditions. By 2012, over 75% of new storage capacity shipped will be dedicated to the storage, organization, and protection of files.
This Special Report from the Security for Business Innovation Council identifies four technology trends -- cloud computing, social media, big data, and mobile devices -- as game-changers for 2013 and offers concrete guidance on how security teams can meet these requirements.
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
This white paper presents a comprehensive approach to information management programs. It outlines how data growth directly affects the risk posture of critical corporate information assets. In addition, it defines common problems caused by gaps in information management programs as well as consequences associated with immature methodologies.
In the cloud, data is not tied to one server or even one group of servers, and it can be accessed from multiple devices simultaneously. To protect data, therefore, security solutions must shift from defense of a fixed perimeter towards an approach that protects the data as it travels from physical to virtual to cloud environments.
In the post-PC era, Trend Micro envisions a smart, data-centric security framework that advances the capabilities of our cloud-based Smart Protection Network™, adds smarter threat protection that correlates local threat intelligence; smarter data protection that follows and protects your data; and unified security management that increases visibility into data access and potential attacks.
This presentation was given at the Information Security Executive Summit on 28th / 29th February 2012
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
This paper examines the primary data threats that currently concern chief security officers (CSOs) and IT security management within enterprises, and recommends best-practice techniques to minimize and overcome risks to data security. These best practices have been successfully implemented and deployed in organizations worldwide as components of a holistic data security strategy.
The Essential Ingredient for Today's EnterpriseReadWrite
The innovation that comes with the mobile enterprise are immense but problems come with this new world of devices. Namely the huge security concerns that arise. Devices can carry so much important information. How do you control it?
This paper from CIO Custom Solutions Group examines the mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy.
Print - Overlooked piece of the security puzzle whitepaper - DRAFTGerry Skipwith
Information security is an important part of corporate governance. Print is often overlooked as a critical piece of the security puzzle. This whitepaper serves to help educate companies on the risks inherent to their print infrastructure.
Info360 Keynote by AIIM President John ManciniJohn Mancini
What is happening to Enterprise IT? What are the implications for your organization? What should you do about it? For more detail, see http://www.aiim.org/roadmap.
CSC Director of Global Security Solutions Ron Knode presents the challenges and proposed solutions to securing the value inherent in cloud computing for enterprises that must maintain audits and control of data in this 40-page research paper.
Is your data at risk? Why physical security is insufficient for laptop computersFindWhitePapers
Evaluating the various data security options to protect your PCs can be challenging. This paper examines the options, discusses why passwords alone are not sufficient and makes the case for strong data encryption.
The SolarWinds hack, first detected in December 2020 and referred to as “the largest and most sophisticated attack the world has ever seen” by the president of Microsoft, was a watershed moment in cybersecurity. Hundreds of organizations, including Fortune 500 companies and government agencies, were affected, with sensitive data compromised. A year on, a major study conducted by Splunk has found that 78% of companies expect the same thing to happen again.
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
This study provides insight into information assurance and mission assurance challenges posed by public cloud computing environments (CCE), and how accounting for those risks through acquisition security measures affect public CCE options.
The continued expansion of file-based, business-critical information within extended enterprises is changing the storage dynamic in a wide range of industries and organizations. In a series of interviews with U.S. and European enterprises, IDC found that companies are increasing their file-based storage by 40% to 120% a year and place a high priority on boosting the efficiency and reliability of their management processes for file-based information. IDC research indicates that unstructured, filebased data drove a majority of new storage capacity in all organizations' datacenters in 2008 and projects this growth to accelerate, in spite of current economic conditions. By 2012, over 75% of new storage capacity shipped will be dedicated to the storage, organization, and protection of files.
This Special Report from the Security for Business Innovation Council identifies four technology trends -- cloud computing, social media, big data, and mobile devices -- as game-changers for 2013 and offers concrete guidance on how security teams can meet these requirements.
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
This white paper presents a comprehensive approach to information management programs. It outlines how data growth directly affects the risk posture of critical corporate information assets. In addition, it defines common problems caused by gaps in information management programs as well as consequences associated with immature methodologies.
In the cloud, data is not tied to one server or even one group of servers, and it can be accessed from multiple devices simultaneously. To protect data, therefore, security solutions must shift from defense of a fixed perimeter towards an approach that protects the data as it travels from physical to virtual to cloud environments.
In the post-PC era, Trend Micro envisions a smart, data-centric security framework that advances the capabilities of our cloud-based Smart Protection Network™, adds smarter threat protection that correlates local threat intelligence; smarter data protection that follows and protects your data; and unified security management that increases visibility into data access and potential attacks.
This presentation was given at the Information Security Executive Summit on 28th / 29th February 2012
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
This paper examines the primary data threats that currently concern chief security officers (CSOs) and IT security management within enterprises, and recommends best-practice techniques to minimize and overcome risks to data security. These best practices have been successfully implemented and deployed in organizations worldwide as components of a holistic data security strategy.
The Essential Ingredient for Today's EnterpriseReadWrite
The innovation that comes with the mobile enterprise are immense but problems come with this new world of devices. Namely the huge security concerns that arise. Devices can carry so much important information. How do you control it?
This paper from CIO Custom Solutions Group examines the mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy.
Print - Overlooked piece of the security puzzle whitepaper - DRAFTGerry Skipwith
Information security is an important part of corporate governance. Print is often overlooked as a critical piece of the security puzzle. This whitepaper serves to help educate companies on the risks inherent to their print infrastructure.
Info360 Keynote by AIIM President John ManciniJohn Mancini
What is happening to Enterprise IT? What are the implications for your organization? What should you do about it? For more detail, see http://www.aiim.org/roadmap.
CSC Director of Global Security Solutions Ron Knode presents the challenges and proposed solutions to securing the value inherent in cloud computing for enterprises that must maintain audits and control of data in this 40-page research paper.
Is your data at risk? Why physical security is insufficient for laptop computersFindWhitePapers
Evaluating the various data security options to protect your PCs can be challenging. This paper examines the options, discusses why passwords alone are not sufficient and makes the case for strong data encryption.
The SolarWinds hack, first detected in December 2020 and referred to as “the largest and most sophisticated attack the world has ever seen” by the president of Microsoft, was a watershed moment in cybersecurity. Hundreds of organizations, including Fortune 500 companies and government agencies, were affected, with sensitive data compromised. A year on, a major study conducted by Splunk has found that 78% of companies expect the same thing to happen again.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
We live in a digital world in which our happiness, health, and even our lives can depend on the performance of technology. From medical equipment to cars, and home security systems to smartphones, computerized equipment plays a greater role in the human experience with each passing year.
In 2020, people will interact each day with more than 70 devices connected to
Internet. Nowadays we interact with less than 10 devices connected. The
M2M phenomenom will boots Cloud and Internet users and bandwidth use.
From 1 billion users today to 3 billion devices connected in 5 years
Juan Miguel Velasco López Urda, Seguridad Informática. CLOUD COMPUTING,
Autenticación y Gestión de Identidades, Protección del Dato, Protección de Endpoint, Threat Protection, Auditoría, Consultoría, Asesoramiento Personalizado, Formación
In 2020, people will interact each day with more than 70 devices connected to
Internet. Nowadays we interact with less than 10 devices connected. The
M2M phenomenom will boots Cloud and Internet users and bandwidth use.
From 1 billion users today to 3 billion devices connected in 5 years
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
Nava Levy, cVidya's VP SaaS/Cloud Solutions, chaired and spoke at TM Forum's Management World America's 2011 on Racing Ahead of the Competition by Capitalizing on Your Potential to be the Safe and Secure Choice for Cloud at The Race to Cloud Services Summit
The 5 most trusted cyber security companies to watch.Merry D'souza
Through this latest edition of Insights Success, we wish to feature organizations that are quite adept in utilizing and adopting these tech-trends in their operations. ‘The 5 Most Trusted Cyber Security Companies to Watch,’ is an edition which will take you on a journey towards the digital security space. So, give it a read and enjoy articles curated by our in-house editorial team.
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...DivvyCloud
Cloud computing has proven revolutionary for organizations hoping to leverage technology, innovation and digital strategies to stay ahead of the competition. Business units can quickly provision up compute, storage and network resources as they need without IT bottlenecks. But easy access to cloud resources has a dark side—one that’s become a growing problem: Shadow IT. Engineers, developers and even business stakeholders are launching resources that IT is unaware of. And what IT doesn’t know can come back to haunt organizations, preventing the IT department from performing critical functions such as controlling security, compliance and costs.
Similar to Wall street journal 22 sept 10 - perspectives on risk it (20)
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Wall street journal 22 sept 10 - perspectives on risk it
1. B6 Wednesday, September 22, 2010 THE WALL STREET JOURNAL.
Special Advertising Section
Special Advertising Section
PersPectives on risk it
Emerging
The technologies,
some in their
Virtual infancy,
make risk
Unknown harder
to gauge
By Joe Mullich
I
n some ways, emerging technologies — like social networks, mobile devices and cloud computing — are reshaping how IT views
risk. In the past, from an IT standpoint, managing risk was about digging technology moats and putting up cyber drawbridges.
Firewalls, anti-virus programs and the like created a strong perimeter defense to protect data from infiltrators.
However, moats and drawbridges are only of val- Then there’s “cloud computing,” the tech buzz- are challenged in coming up with a compelling
ue if what you want to protect is behind the castle word du jour, referring to the housing of corpo- argument against cloud computing because this
walls. Emerging technology provides much of its rate information in a data center controlled by a stuff is developing so fast and they don’t have data
payback because it loosens control on data and, in vendor, which your employees access over the that defines the risk yet.”
some cases, places it in someone else’s castle. Internet. The approach is a no-brainer in terms of They may lack firm data, but they have at least
“In general, there is a move to more mobility and cost savings and efficiencies. The problem is that a vague sense of the potential pitfalls. The Cloud
a less rigidly defined security perimeter, connect- cloud computing can put the company’s crown Security Alliance, an industry organization, recent-
ing to devices, like employees’ personal communi- jewels — its data — at a greater but hard-to-gauge ly produced a report that identified the top threats
cations devices, that you don’t trust,” says James risk, since it inherently requires companies to give of cloud computing.
Slaby, managing director for the Security & up some control of their information. Cybercriminals are now targeting cloud comput-
Networking Practice at TheInfoPro, an independent As Kark notes, the threat landscape is becom- ing because increasingly that’s where the most
research firm. “People understand the business ben- ing increasingly complex, populated less by valuable data is — or will be. One surprising finding
efits of the new environment, but they can’t quite individual hackers who brag about their latest of the TheInfoPro survey is, while companies are
get their arms around the new threat environment.” exploits than by organized, well-funded crime worried about cloud security, the first business
Ironically, he sees this as a positive development syndicates and even state-sponsored agents. Instead function they plan to transition to the cloud is
for IT security. “Before, the tendency in an organi- of “big bang,” headline-making attacks, criminals Human Resources data — which is extremely sen-
zation was to look at threats to the infrastructure now spend months probing a corporate network sitive to identity theft.
and harden the perimeter security,” Slaby says. for weaknesses and then modify The Cloud Security Alliance
“People would lock down the operating systems, that network to provide them with pointed out other reasons for
but they wouldn’t think if a contractor was walking an ongoing stream of information. “Security has to be a portion concern. The software interfac-
out of the company with data on a thumb drive. “The sophistication of the attacks es that customers use to man-
Now the focus is on the security of the data.” is significantly more mature than of the capital budget. age and interact with the cloud
This is a welcomed perspective — if only there it was even a year ago, and so the may be weak and easier for
weren’t so many security concerns to focus on. business impact over time can be It can’t be an afterthought.” criminals to break. Services or
“There is a new universe of threats and attack vec- huge,” Kark says. accounts housed in the clouds
tors that people couldn’t imagine a few years ago — Tom Peach can be hijacked, letting miscre-
that have arrived at a speed that’s shocking,” says Clouded Discussions ants redirect customers to their
Khalid Kark, an analyst with Forrester Research. Cloud computing offers enticing illegitimate web sites. Malicious
Consider workers using social media and personal economies of scale, promising to let insiders at the cloud providers
mobile devices, giving cybercriminals new operating companies dramatically reduce spending on tech- represent a new source of potential data leakage.
systems to attack that IT has not provided safeguards nology infrastructure. It has also forced IT people “Cloud computing is getting a lot of play, but
for. Many companies are finding they must embrace to ponder the unknown risks. In a recent survey from our perspective it’s a little immature in its
these technologies because workers and custom- of 259 large and mid-size organizations by life cycle,” says Tom Peach, CIO of Zurich in North
ers demand them, yet they also offer more “attack TheInfoPro, 72 percent said they were “very” con- America. “Our customers and business brokers
points” for increasingly sophisticated data thieves. cerned or “extremely” concerned about security in demand a rock-solid environment, and we are
The speed of threats is shown in the “Bring a cloud environment. looking at it and testing it out.”
Your Own Equipment” (BYOE) trend — work- They are proceeding, albeit cautiously, because At the same time, Peach, like many IT profession-
ers using personal devices for business reasons. “Businesspeople don’t see this as simply moving als, feels the rising pressure to implement emerg-
It wasn’t even mentioned as a concern in money out of IT infrastructure — they view this ing technology. “I know there are areas within our
TheInfoPro’s last survey of organizations just six as money that can be invested in areas outside company that want to run with this technology,”
months ago, but is emerging as a top security pain IT, such as improving manufacturing processes to
Continued on next page
point in the year ahead. boost margins,” says Slaby. “Security departments
Illustration by Alex Williamson
2. THE WALL STREET JOURNAL. Wednesday, September 22, 2010 B7
Special Advertising Section
Special Advertising Section
he says. There is a lot of heat to move on things like the apply to content on social networks,” he adds, “which
iPhone and the iPad. Our business partners want to be “There is a new universe of threats makes the need for a solid social media policy even
on the cutting edge and there’s increasing demand to more important.”
use these technologies.” and attack vectors that people couldn’t In the current technology arena, “The problem with risk
is that it’s not easy to quantify the business impact,” says
Drawing the Line imagine a few years ago.” Kark. “Traditionally, businesses have accepted risks with
Morgan O’Rourke, director of publications for the a low probability of happening, but now the impact is so
Risk and Insurance Management Society (RIMS), notes, — Khalid Kark large from data loss, including government sanctions, em-
“there is so much risk out there that you have to know barrassing headlines and furious shareholders, that they
where to draw the line.” He points out an emerging risk cannot ignore even the smallest possibilities anymore.”
in the social network arena called niche social book- breach exposes information that a stakeholder might
marking, where people can “tag” or associate compa- consider private and, therefore, worth taking legal Joe Mullich writes about business technology and
nies to specific content — say, Exxon to environmental action over,” O’Rourke says. “This would also other topics.
articles.
“The question is…is that
a risk you want to man-
age?” he says. “You have
to have a thorough un-
derstanding of your risk
appetite, especially as
the definition of risk gets
”We had to move this 700 ton
stretched to include nebu-
lous things that are hard
to quantify, like reputa-
component more than 400 miles.
tion.” He goes on to say,
“Some companies have Scores of risks, but Zurich
their heads in the sand,
but that’s not an option
anymore.”
made us feel confident we
This new world of
security is bringing fun-
damental changes to “the
were well covered.”
professional paranoids” Herbert Peters, Managing Director,
who are charged with Sasol-Huntsman, Moers, Germany
safeguarding data. Secu-
rity departments, which
have traditionally been
organized in silos to
look at discrete network
elements like desktops,
are now reorganizing to
reflect a more overarch-
Integrated insurance solutions for even the most specialized projects.
ing approach.
Over the past year, Zurich We provided Sasol-Huntsman, one of the largest producers of
in North America’s spend-
ing on IT security has risen Maleic Anhydride in Europe, with an integrated insurance and
20 percent while the rest risk engineering solution to address the risks associated with
of the IT budget remained
flat. “Security has to be a moving a 700 ton factory component across Germany. By helping
portion of the capital bud- our customer ensure the necessary precautions were taken, and
get,” Peach says. “It can’t
be an afterthought. “ providing coverage for the entire trip, everyone was breathing
Playing It Safe easy. It’s an example of how Zurich HelpPoint delivers the help
Without question, the businesses need when it matters most. To learn more about this
rush is on to try to se-
cure the cloud. The Cloud case, visit www.zurichna.com/risks
Security Alliance is advanc-
ing best security practices
and recently implemented
the industry’s first certifica-
tion program to ensure IT
professionals demonstrate
awareness of cloud security
threats and best practices.
In Slaby’s view, many
organizations are seeking
to build their “cloud secu-
rity calluses” in lower-risk
scenarios, first by gaining
experience with “private
clouds” within the safety
of their own networks
before venturing out to
true cloud services. As
companies migrate to
the cloud, they are look-
ing to protect themselves
with carefully negotiated
service level agreements
(SLAs) and tools to ac-
tively monitor and verify
the performance of cloud
providers.
Exploring safeguards
now is important, Slaby
notes, because “it will be
hard for business manag-
ers to resist for long. The
compelling cost-arbitrage
benefits of the cloud — its
ability to deliver big sav-
ings in hardware, power
and IT support costs —
will likely force IT security
professionals to figure out
these challenges sooner
rather than later.”
Emerging technology
is prompting companies
to seek other safeguards,
demonstrated by the grow-
ing interest in business
interruption insurance in
case data is compromised
or becomes unavailable
and prevents them from
conducting business as
usual. “Businesses should
also be looking at er-
rors and omissions cov-
erage, which can offer In the United States, coverages are underwritten by member companies of Zurich in North America, including Zurich American Insurance Company. Certain coverages not available in all states. Some coverages may be
written on a non-admitted basis through licensed surplus lines brokers. Risk engineering services are provided by Zurich Services Corporation. Zurich Services Corporation does not guarantee any particular outcome and
protection if, say, a data
there may be conditions on your premises or within your organization, which may not be apparent to us.