BlackBerry Unveils its Good Technology Integration Strategy: Hurry Up and Wait

Summary Bullets:

• BlackBerry is deliberately choosing a measured pace for its Good integration, eschewing aggressive competitors and patient investors.

• As the future platform combines BES and Good Dynamics, Good for Enterprise customers may find themselves on the outside looking in.

On a call for customers this week, BlackBerry offered a strategic update on its Good Technology acquisition, specifically focusing on the technological synergies between the two product portfolios, and the current and future value proposition for current and new customers. While the event was long on hype and short on technical detail, there were several notable takeaways. Read more of this post

Black Hat Roundup: Keeping Tabs on the Ones That Got Away

B. Ostergaard

B. Ostergaard

Summary Bullets:

  • With the annual Black Hat event in Las Vegas, the global Internet community celebrates its felons.
  • Like physical combat, Internet security requires a good understanding of enemy black hat strategies.

Last week saw Las Vegas hosting the 15th annual Black Hat event.  From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas (still the main event with the highest stakes) to a global conference series with annual events in Abu Dhabi, Barcelona, Las Vegas and Washington, DC.  From its nefarious roots, it spouts uncomfortable truths about the insecurities we face every day as global net workers.  It’s difficult to find any other industry where crime and passion are so closely aligned and where ‘respect’ and ‘respectable’ are terms so far apart.  Cyber-warfare for profit and power lacks any basic ‘Geneva Convention’ that could specify global rules of conduct and the means to prosecute felons. Read more of this post

Hunting for Big Data in Cloud Services: Customers Need a Better Security Standards Map

B. Ostergaard

B. Ostergaard

Summary Bullets:       

  • The lack of cloud security standards and the expanding range of cloud providers complicate RFPs.
  • The Current Analysis Cloud Security Study shows IT SPs ahead of carriers and the U.S. ahead of Europe.

The decision to migrate to the cloud is complicated by the expanding number and variety of cloud service providers (typically carriers, IT SPs, vendors, or dedicated cloud SPs), each with its own legacy of strengths and weaknesses, coupled with a dearth of specific cloud security standards to put into a request for proposal (RFP).  Apart from PCI DSS in the retail sector and FedRAMP for the delivery of cloud services to the U.S. government, security standards pertaining to cloud services are related to general business process quality (ISO9000), data center management processes (ISO27001-5), auditing (SSAE 16), and a slew of more vertical industry-specific requirements around handling of sensitive personal data.  Corporate customers are still relying on best-practice guidelines from standards bodies such as NIST in the U.S. and ENISA in Europe, as well as the user/industry forums such as the Cloud Security Alliance with its Cloud Matrix tool.  Still, what does the cloud security playing field look like from the service provider side?  How can they assess their service offerings to amorphous customer requirements, as well as the other providers in the market? Read more of this post

Disaster Recovery and the Cloud: A Match Made in Heaven?

A. DeCarlo

A. DeCarlo

Summary Bullets:

  • High-profile outages, apprehension about data security, and compliance questions make many enterprises wary about moving mission-critical workloads to the cloud.
  • Yet, the flexibility, efficiency, and geographically dispersed nature of the cloud may make it a cost-effective disaster recovery/business continuity option for organizations, large and small.

There is more than a little push/pull element to the cloud.  Businesses are drawn to the flexibility, lower cost, and simplicity which the on-demand model promises.  However, there is enough mystery in the cloud to raise questions about security, as well as enough headline-making outages to put up red flags about stability.  Incidents such as Amazon Web Services’ twin outages this past summer, which impacted both small customers and marquee businesses such as Netflix, make customers of all sizes wary about the cloud.

Read more of this post

Social Engineering – Industrialized Exploitation of Human Helpfulness

B. Ostergaard

B. Ostergaard

Summary Bullets:

  • Helpful people are the first targets
  • Provide simple security commandments to follow under pain of dismissal

The most compelling briefings at this year’s RSA Security Conference in London were focused on how companies can make the journey from their governance, risk and compliance process and the resulting security policy to actually making it work throughout their enterprise, where getting people aligned with security is a real sticking point. It’s not that employees actually want to spill company secrets – mostly, they just want to be helpful to ‘perceived’ colleagues. How many times do we actually read error messages or listen to security warnings? How often do we reflect on the veracity of a caller who seems really nice and obviously knows a lot about the company? Read more of this post

With Poison in the Well, Is It Time to Head for the Cloud?

B. Ostergaard

B. Ostergaard

Summary Bullets:

  • Poison in the Well: APTs threaten basic Internet trustworthiness
  • Head for the cloud (services), but look for open standards to avoid vendor lock-in

Network-centric cloud services are emerging as the new computing paradigm for performance-hungry, cost-conscious business customers.  Recent surveys show that businesses are looking at the full span of private, hybrid and public cloud services in their adoption plans.  Yet, most IT security professionals express serious and legitimate concerns about the security of cloud services, as well as how cloud adoption can adhere to corporate governance, risk and compliance (GRC) policies.  IT security professionals are also increasingly alarmed by advanced persistent threats (APTs) that are undermining the very structure of the public Internet.

Read more of this post