There’s something I need to admit.
I’m not proud of it, but it’s time to get it off my chest and stop hiding, no matter how embarrassing it is.
I started writing up a post on IaaS encryption options and quickly realized I should probably precede it with a post outlining the IaaS storage options first. One slightly confusing bit is that IaaS storage really falls into two categories: storage as a service where the storage itself is the product, and storage for IaaS compute instances, where the storage is tied to running virtual machines.
It used to be that we didn’t care too much if someone stole a pile of email addresses. At worst we’d end up on yet another spam list, and these days most folks have pretty decent spam filters. Sure, it’s annoying, but it was pretty low on the scale of security risks.
Continuing our series on tokenization for compliance, it’s time to look at how tokens are used to secure payment data. I will focus on how tokenization is employed for credit card security and helps with compliance because this model is driving adoption today.
With the news that Dropbox managed to leave every single user account wide open for four hours, it’s time to review encryption options.
Where would you invest? The Reuters article about Silicon Valley VCs betting on new technologies to protect computer networks got me thinking about where I would invest in computer security. This is a very tough question, because where I would invest in security technologies as a CIO is different than where I would invest as a venture capitalist. I can see security bets to address most CIOs’ need to spend money, or and quite different technologies address noisy threats, which could make…
Ever since I wrote the Pragmatic CSO a lifetime ago (okay, 4 years, but it feels like a lifetime), I have been evangelizing about better quantification of security programs. Even without context, quantification is valuable, but they are much more useful together. So I have been pushing hard for finding a set of similar companies to compare your metrics against, to provide that needed context. Alas, with the number of fires we have to fight every day, most security folks just don’t make the time…
Rich, Adrian, and I are pretty lucky. We are bombarded by data coming at us from every direction. What’s working, what’s not, who’s attacking who, what new widgets are out there – and that’s just the tip of the iceberg. For an information junkie like me, it’s a sort of nirvana.
I’m not a big basketball fan. I like the NCAA tournament. I may watch a game or two of the NBA playoffs/finals, but I don’t follow them. It seems nothing can get our nation to rise up like a common enemy. That enemy was the Miami Heat. My Tweeter exploded last night with all sorts of venom against the Heat, as they were losing to the Mavs. I could only laugh. Because it was a great example of the hypocrisy of so many sports fans.
I recently had a conversation with a vendor about a particular feature in their product:
Me: “So you just added XZY to the product?”
Them: “Yep.”
Me: “You know that no one uses it.”
Them: “Yep.”
Me: “But it’s on all the RFPs, isn’t it?”
Them: “Yep.”