How to tackle business disruption

Southwest Airlines CIO Randy Sloan remained in the airline's Dallas headquarters for nearly 40 hours last in July, as he and his team scrambled to find the technical problems that grounded 2,300 flights. Hunkering down, checking IT systems and strategizing in office war rooms for hours isn't ideal for any employee, let alone the IT chief. Southwest Airlines CIO Randy Sloan.To read this article in full or to leave a comment, please click here

Security through Community: Introducing the Vendor Security Alliance

Today Docker is proud to announce that we are founding member of the Vendor Security Alliance (VSA), a coalition formed to help organizations streamline their vendor evaluation processes by establishing a standardized questionnaire for appraising a vendor’s security and compliance practices.The VSA was established to solve a fundamental problem: how can IT teams conform to its existing security practices when procuring and deploying third-party components and platforms?

The VSA solves this problem by developing a required set of security questions that will allow vendors to demonstrate to their prospective customers that they are doing a good job with security and data handling. Good security is built on great technology paired with processes and policies. Until today, there was no consistent way to discern if all these things were in place. Doing a proper security evaluation today tends to be a hard, manual process. A large number of key questions come to mind when gauging how well a third-party company manages security.

As an example, these are the types of things that IT teams must be aware of when assessing a vendor’s security posture:

  • Do they securely handle sensitive customer data?
  • Do they have the ability to detect when attacks occur on their Continue reading

Federal CISO’s define greatest challenges to authority

If you are a federal Chief Information Security Officers – or even if you are not, you face some serious trials just to do your difficult job.Federal agencies in particular lack clarity on how to ensure that their CISOs have adequate authority to effectively carry out their duties in the face of numerous challenges, a report out this week form the watchdogs at the Government Accountability Office stated.+More on Network World: The 7 most common challenges to cloud computing+The GAO said that 13 of the 24 agencies it reviewed – including the Departments of Defense, Commerce Energy, Justice and State-- for its report “had not fully defined the role of their CISO in accordance with these requirements. For example, these agencies did not always identify a role for the CISO in ensuring that security controls are periodically tested; procedures are in place for detecting, reporting, and responding to security incidents; or contingency plans and procedures for agency information systems are in place. Thus, CISOs' ability to effectively oversee these agencies' information security activities can be limited,” the GAO stated.To read this article in full or to leave a comment, please click here

Federal CISO’s define greatest challenges to authority

If you are a federal Chief Information Security Officers – or even if you are not, you face some serious trials just to do your difficult job.Federal agencies in particular lack clarity on how to ensure that their CISOs have adequate authority to effectively carry out their duties in the face of numerous challenges, a report out this week form the watchdogs at the Government Accountability Office stated.+More on Network World: The 7 most common challenges to cloud computing+The GAO said that 13 of the 24 agencies it reviewed – including the Departments of Defense, Commerce Energy, Justice and State-- for its report “had not fully defined the role of their CISO in accordance with these requirements. For example, these agencies did not always identify a role for the CISO in ensuring that security controls are periodically tested; procedures are in place for detecting, reporting, and responding to security incidents; or contingency plans and procedures for agency information systems are in place. Thus, CISOs' ability to effectively oversee these agencies' information security activities can be limited,” the GAO stated.To read this article in full or to leave a comment, please click here

Federal CISO’s define greatest challenges to authority

If you are a federal Chief Information Security Officers – or even if you are not, you face some serious trials just to do your difficult job.Federal agencies in particular lack clarity on how to ensure that their CISOs have adequate authority to effectively carry out their duties in the face of numerous challenges, a report out this week form the watchdogs at the Government Accountability Office stated.+More on Network World: The 7 most common challenges to cloud computing+The GAO said that 13 of the 24 agencies it reviewed – including the Departments of Defense, Commerce Energy, Justice and State-- for its report “had not fully defined the role of their CISO in accordance with these requirements. For example, these agencies did not always identify a role for the CISO in ensuring that security controls are periodically tested; procedures are in place for detecting, reporting, and responding to security incidents; or contingency plans and procedures for agency information systems are in place. Thus, CISOs' ability to effectively oversee these agencies' information security activities can be limited,” the GAO stated.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Got milk? IoT and LoRaWAN modernize livestock monitoring

With each head of cattle costing more than $2,000, care for the herd is important.  Tracking individual cows moving over large areas is challenging, though, especially when they all look alike. Harsh farming conditions and limited budgets add to the technical hurdles.Cattle Traxx, which recently exhibited its system at TechCrunch Disrupt, has an answer. Livestock monitoring that includes an IoT solution of ruggedized sensors, LoRaWAN mesh networking, geofencing and cloud-based analytics.Solution design SensorsTo read this article in full or to leave a comment, please click here

Chrome OS gets cryptographically verified enterprise device management

Companies will now be able to cryptographically validate the identity of Chrome OS devices connecting to their networks and verify that those devices conform to their security policies.On Thursday, Google announced a new feature and administration API called Verified Access. The API relies on digital certificates stored in the hardware-based Trusted Platform Modules (TPMs) present in every Chrome OS device to certify that the security state of those devices has not been altered.Many organizations have access controls in place to ensure that only authorized users are allowed to access sensitive resources and they do so from enterprise-managed devices conforming to their security policies.To read this article in full or to leave a comment, please click here

Chrome OS gets cryptographically verified enterprise device management

Companies will now be able to cryptographically validate the identity of Chrome OS devices connecting to their networks and verify that those devices conform to their security policies.On Thursday, Google announced a new feature and administration API called Verified Access. The API relies on digital certificates stored in the hardware-based Trusted Platform Modules (TPMs) present in every Chrome OS device to certify that the security state of those devices has not been altered.Many organizations have access controls in place to ensure that only authorized users are allowed to access sensitive resources and they do so from enterprise-managed devices conforming to their security policies.To read this article in full or to leave a comment, please click here

Extreme becomes major WLAN player with Zebra buy

There are many factors to consider when a technology vendor decides to pull the trigger on an acquisition. Things such as impact to channel, customer reaction, product rationalization and other issues must be thought out.However, sometimes an acquisition seems to be a great fit and the decision is “black and white,” meaning it’s crystal clear with no shades of grey. This appears to have been the case for Extreme Networks, which earlier this week scooped up the wireless LAN (WLAN) business from Zebra Technologies for $55 million.To read this article in full or to leave a comment, please click here

Extreme becomes major WLAN player with Zebra buy

There are many factors to consider when a technology vendor decides to pull the trigger on an acquisition. Things such as impact to channel, customer reaction, product rationalization and other issues must be thought out.However, sometimes an acquisition seems to be a great fit and the decision is “black and white,” meaning it’s crystal clear with no shades of grey. This appears to have been the case for Extreme Networks, which earlier this week scooped up the wireless LAN (WLAN) business from Zebra Technologies for $55 million.To read this article in full or to leave a comment, please click here

IDG Contributor Network: In an attempt to disrupt Splunk, Elastic makes another acquisition

Elastic is the commercial vendor that sits behind the Elasticsearch, Kibana, Logstash and Beats open source projects. Elasticsearch was created back in 2010 by Shay Banon, co-founder and CTO of the Elastic company, and is built upon the Apache Lucene information retrieval project. All of the different projects focus on taking structured and unstructured data and delivering search, logging and analytics on top of it.Since that time, its commercial products—Elastic Stack, X-Pack and Elastic Cloud—have seen over 70 million cumulative downloads.Elastic has been smart about making strategic acquisitions. It acquired visualization vendor Kibana, and a year or so ago it acquired Norwegian company Found, which was commercializing Elasticsearch and offering it as a service on top of Amazon Web Services. This strategy appears to have worked, and it is interesting to look at the graph below that tracks the relative exposure of Elasticsearch and one of the competitive offerings, Splunk.To read this article in full or to leave a comment, please click here

Worth Reading: Big buffers and reality

This whole big buffer nonsense has gotten out of hand (kinda like Trump and his H-yuge Border Wall or Clinton and her lack of ethics) and it’s time for this issue to be put to rest. For the last few years, the main messaging from Arista has been that you need big buffers for everything, especially for big data applications. I’m not saying it doesn’t make for a good marketing soundbite… —Packet Pushers

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Big buffers and reality appeared first on 'net work.

The era of identity-based applications

Identity and access management (IAM) has always been a heavy burden for large organizations. Why? Multiple folks across companies—business people, software developers, IT operations, human resources, security, compliance auditors, etc.— play some role across the IAM spectrum.As a result of this IAM group hug, technology decisions tend to be made tactically without any central oversight or integrated strategy. But this behavior may be changing. According to ESG research, 49 percent of large organizations claim they now have a formal enterprise-wide strategy in which IAM technology decisions are managed by central IT. In other words, someone in IT is now responsible and accountable for all IAM technology.To read this article in full or to leave a comment, please click here

The Era of Identity-based Applications

Identity and access management (IAM) has always been a heavy burden for large organizations.  Why?  Multiple folks across companies – business people, software developers, IT operations, human resources, security, compliance auditors, etc. – play some role across the IAM spectrum.As a result of this IAM group hug, technology decisions tend to be made tactically without any central oversight or integrated strategy but this behavior may be changing.  According to ESG research, 49% of large organizations claim they now have a formal enterprise-wide strategy in which IAM technology decisions are managed by central IT (note: I am an ESG employee).  In other words, someone in IT is now responsible and accountable for all IAM technology.To read this article in full or to leave a comment, please click here

Asana’s new feature lets users ‘track anything’

Asana is making it easier for users to adapt its work-tracking software to more than just task management.The company announced Thursday that it's launching support for creating custom fields inside the product, so that it's possible for people to use the same service they rely on for tracking work tasks to also manage other things. So, a recruiting team could use custom fields to track a candidate's name, status, interview times and more.The custom fields feature was first announced last year at an Asana press event. It's an important part of how the company plans to expand its product to reach not only its current user base, but also businesses with more complicated and customized workflows.To read this article in full or to leave a comment, please click here

IDG Contributor Network: SIM cards on the way out in cellular IoT

The miniscule slivers of plastic known as the SIM card are on their way out, at least in the machine-to-machine (M2M) space. The adoption of an embedded specification by the wireless industry is behind the change, explains Juniper Research in a press release about its recent report (subscription) on M2M for the Mobile Network Operator (MNO) vertical.To read this article in full or to leave a comment, please click here

1 2,621 2,622 2,623 2,624 2,625 3,794