
Technology and Business Speed has Changed–So Must Identity and Access Management
Compelled by competitive pressures and user demand, companies have embraced mobility and cloud. And even if companies haven’t embraced cloud, their employees have. Bring Your Own Device (BYOD) is now commonplace, and the average mobile worker carries an average of3.5 mobile devices, each accessing multiple applications that connect to protected corporate information, or that serve […]

A cyberwar barely in the making
We are asking China to stop poking at our networks; maybe we should take a look at what everyone else is doing along the way. An international framework is probably in order at this point. Many news systems are broadcasting that America is asking/telling China to stop hacking American Companies. While in testimony Army Gen. […]

Understanding Shodan HQ for hacking and cyber warfare
Understanding Shodan HQ for hacking and cyber warfare Shodan HQ is probably one of the more interesting web sites that few people know about. Shodan scans the internet looking for devices that people have left unsecured or with default if any login information. Sometimes a web site just makes you happy, and Shodan has shown […]

The Anonymous Press Release and Corporate Responsibility for Data
I am not a member of Anonymous, but anyone in the information security field has followed them over the last 18 months as they grew from a general idea to launching DDoS attacks against corporations that did something they did not like, or like in the case of HBGary, did things that were ill advised. […]

Should instructors weed students out of programs based on ethics?
While the subject of teaching ethics is all the rage in business education, with many good ideas coming out of that realm, it might also be time to take a look at other professions that can stand to learn from what is happening in business schools. While my focus has been on information security, maybe […]

Seven Deadly Sins in Cloud Computing Security
A few days back the Cloud Security Alliance released their paper on the Seven Deadly Sins for Cloud Computing Security. This is a very good guide for security engineers to at least read. The more traditionally minded will ignore it, but those who are working in the cloud space, this gives us something to talk […]

Lessons Learned from Cloud Camp Seattle 2010
Last night I got to attend cloud camp, which is an “unevent” that people can attend to meet up with people who are looking into a particular technology for business. Cloud Camp Seattle was held at the Grand Hyatt Seattle, which provided an awesome environment to discuss cloud computing with 200 of like-minded people. For […]
How HP could give IBM a run for its money in Cloud Computing Security
HP starts offering a unified Cloud and in local data center security package that aims to take on IBM directly. With the deals that HP has been making with Microsoft and using the skills and talents that came along with HP’s acquisition of EDS, this just might end up being an interesting race to the […]
Malware starts using Amazon EC2 as a Command and Control structure
This is one of those things you wait for, like the other shoe to drop, but with the movement away from the data center to the cloud, it is an expectation that malware would follow the migration. There is no reason to think that your cloud applications are any more secure than any of the […]