Securosis Blog

I feel fortunate that I’m not haunted by the images of what I have witnessed. If I don’t sleep well at night it’s due to stress at work or at home, not dark images from the years I spent working in emergency services.

Our world domination tour continues. At least if you consider training for the Certificate of Cloud Security Knowledge (CCSK) part of your plan to know all things Cloud Security. As authors of the training curriculum, we are the only folks who can train and certify instructors to deliver the training, so a couple times a year we deliver the courses, live and in person.

Oh yeah. I’m back in the ATL after a week at the RSA Conference. Aside from severe sleep deprivation, major liver damage, and some con flu… I’m feeling great. It seems everyone else is as well. Something appeared at RSA that we haven’t seen for at least 3 years: smiles. Which I guess is to be expected, since in 2009 and 2010 everyone walked around with hard hats, expecting the sky to fall. In 2011 there were some positive signs but still a lot of skepticism, which was gone this year. Almost…

I owe a tremendous amount to social media. I wasn’t early to either blogging or Twitter (as my friends remind me), but once I got there a whole new world of opportunities opened. I created a boutique business (Security Incite) on the back of a blog and email newsletter. I met so many great people – many of whom became close friends – and even found a business partner or two.

Managing DLP tends to not be overly time consuming unless you are running off badly defined policies. Most of your time in the system is spent on incident handling, followed by policy management.

We’ve renamed this section from “Virtualization and Cloud Security” to simply “Cloud Security” since if you listen to any of the marketing messages, you can’t tell the difference, even though it’s a big one. And virtualization is a hassle to type, so buh bye! Overall, as we mentioned in the key themes post, cloud security will be one of the biggest trends to watch during the conference and it also happens to be one area where you should focus since there is some real innovation, and you…

It’s here.

No, not the new iPad. Not those test results. And most definitely not that other thing you were thinking about.

Managing DLP tends to not be overly time consuming unless you are running off badly defined policies. Most of your time in the system is spent on incident handling, followed by policy management.

Up until this point we’ve focused on all the preparatory work before you finally turn on the switch and start using your DLP tool in production. While it seems like a lot, in practice (assuming you know your priorities) you can usually be up and running with basic monitoring in a few days. With the pieces in place, now it’s time to configure and deploy policies to start your real monitoring and enforcement.

It’s a presidential election year here in the US, and that means the master spin meisters, manipulators, and liars politicians are out in full force. Normally I just tune out, wait for the primary season to end, and then figure out who I want to vote for. But I know better than to discuss either religion or politics with people I like. And that means you. So I’m not going to go there. But this election cycle is different for me, and it will be strange.