Is security making the grade? What IT and business pros really think

Grading on a curve Image by ThinkstockIf you sense some discontent in how information security is handled in your company, you're not alone. Half of the 287 U.S.-based IT and business professionals who responded to a recent survey from CSO and its sister sites CIO and Computerworld gave their organizations' security practices a grade of C or below.To read this article in full or to leave a comment, please click here

Security challenge: Wearing multiple hats in IT

Are you taking on multiple job responsibilities at your company, including some aspects of information security? If so, you’re not alone. At many organizations, IT professionals are being asked to handle a variety of security tasks and functions. For them, wearing multiple hats can create both opportunities and stress.To read this article in full or to leave a comment, please click here(Insider Story)

Navigating the muddy waters of enterprise infosec

Executives at Booz Allen Hamilton learned the importance of information security the hard way back in 2011 when the hacker group Anonymous claimed that it had penetrated one of Booz Allen’s servers and had deleted 4GB of source code and released a list of more than 90,000 military email addresses and encrypted passwords.The breached server turned out to be a development environment containing test data, “but that didn’t really matter; it was a wakeup call,” says Michael Waters, director of information security at the consulting firm and government contractor. “It was a pretty unpleasant experience, but it did galvanize substantial investment — both capital and HR — in getting things done. The firm looked around and said, ‘We have been working on this, but we need to put more toward it.’”To read this article in full or to leave a comment, please click here

How flexible should your infosec model be?

Security is a top priority at the Bank of Labor, but the financial institution updates its formal information security policy only once a year, maybe twice, regardless of what's happening in the ever-changing threat landscape.That's not to say that the union bank ignores emerging threats such as new malware variants or phishing schemes, says Shaun Miller, the bank's information security officer. On the contrary, the organization, which has seven branches in the Kansas City, Kan., area plus an office in Washington, routinely tweaks its firewalls and intrusion-protection systems in response to new and active threats. To avoid fatiguing its 120 users, however, it refrains from formalizing new policies more frequently.To read this article in full or to leave a comment, please click here

Download our report: IT Security’s Looming Tipping Point

Given the rash of high-profile data breaches that have exposed customers' personal information, created PR nightmares and cost C-level executives their jobs, IT and business leaders should have security at the top of their priority list. But while businesses are saying the right things about giving IT security more attention and budget, is that talk being put into useful action?To read this article in full or to leave a comment, please click here(Insider Story)

Five social engineering scams employees still fall for

You’ve trained them. You’ve deployed simulated phishing tests. You’ve reminded your employees countless times with posters and games and emails about avoiding phishing scams. Still, they keep falling for the same ploys they’ve been warned about for years. It’s enough to drive security teams to madness.According to Verizon’s 2016 Data Breach Investigation Report, 30 percent of phishing messages were opened by their intended target, and about 12 percent of recipients went on to click the malicious attachment or link that enabled the attack to succeed. A year earlier, only 23 percent of users opened the email, which suggests that employees are getting worse at identifying phishing emails -- or the bad guys are finding more creative ways to outsmart users.To read this article in full or to leave a comment, please click here

Why (and when) outsourcing security makes sense

Phenix Energy Group, an oil pipeline operator and construction company, is preparing to take its IT infrastructure from zero to 60 in a matter of months. To get a years-in-the-making pipeline project off the ground, the company is preparing to grow from a relatively small office environment to a data center setting of 75 servers and 250TB of storage. As a result, security, which hasn’t been a top priority, is suddenly a big deal, according to CIO and COO Bruce Perrin.Given the high stakes — a downed system could cost about $1 million an hour — Perrin has spent the past five years researching options. While he’d prefer to run security in-house as part of an on-premises data center, Perrin is leaning toward outsourcing the function, at least initially, because he doesn’t have time to staff up a dedicated information security department in the few scant months before the pipeline goes online.To read this article in full or to leave a comment, please click here

4 tips for tough conversations with your employees

No one likes when difficult situations at work, but when these issues do arise, it's important that your focus remains on establishing a productive conversation where everyone feels heard."When difficult conversations do arise -- such as discussions about low performance, inconsistent results, frustrated clients -- a leader can confidently assess the current situation against previously defined expectations and a focus on identifying and closing the gap," says Anthony Abbatiello, global lead, Deloitte Leadership business.When you approach tough conversations with professionalism and leadership, they can ultimately help guide the employee in their career by helping them figure out what their strengths and weaknesses are. However, it can still be just as difficult to deliver bad news at work as it is to receive it, but there are a few steps you can take to help make those tough moments at work easier on everyone.To read this article in full or to leave a comment, please click here

Apple commits to run off 100% renewable energy

Apple announced that it has committed to running all of its data centers and corporate offices on renewable energy, joining a group of other corporations committed to the same clean energy goal.Apple said it has joined RE100, a global initiative by influential businesses committed to using 100% renewable electricity. To date, RE100 has amassed membership from 77 corporations.Other RE100 members include Hewlett Packard Enterprise, VMware, Rackspace and Wells Fargo.To read this article in full or to leave a comment, please click here

Apple commits to run off 100% renewable energy

Apple announced that it has committed to running all of its data centers and corporate offices on renewable energy, joining a group of other corporations committed to the same clean energy goal.Apple said it has joined RE100, a global initiative by influential businesses committed to using 100% renewable electricity. To date, RE100 has amassed membership from 77 corporations.Other RE100 members include Hewlett Packard Enterprise, VMware, Rackspace and Wells Fargo.To read this article in full or to leave a comment, please click here

Google’s Pixel phones: 7 essential technical upgrades we want to see

Google will, if the persistent rumors are true, forego releasing “Nexus” phones this year in favor of a pair of phones under the “Pixel” banner. Is this just a re-branding, or are there material differences between the two product lineages?Well, the Nexus heritage is based on affordable hardware that runs stock Android—phones that have always been aimed at developers and enthusiasts. The Pixel brand, whether it’s the Chromebook Pixel or the Pixel C Android tablet, is more aspirational. The Pixel hardware is higher-priced and higher-quality, and brings unique features to bear. Beyond that, the Pixel devices not only compete with high-end hardware from other manufacturers, but also point the way forward for those companies. They show “what can be done” if you pull out all the stops.To read this article in full or to leave a comment, please click here

How blind skills challenges can close the skills gap

Jessica Janiuk didn't set out to have a career in IT. After earning a degree in communications with a minor in web development, Janiuk started working as a video producer, but quickly found that wasn't the right fit. When offered the opportunity to work on software, Janiuk jumped at the chance, found a professional calling and has thrived in the IT industry for the last few years. But as a trans-woman, Janiuk has experienced more than the usual biases women in tech are subjected to on the journey to her current position as a front-end software engineer for global data protection firm Datto.Though Silicon Valley firms and more progressive, organizations globally are employing a number of methods to increase diversity in their talent pipelines and remove biases in their recruiting and hiring processes, it's still an uphill battle for women, the LGBTQ community and other underrepresented minorities trying to break into the IT field. One way to ensure bias isn't impacting the hiring process is through blind coding challenges to screen and qualify technical talent.To read this article in full or to leave a comment, please click here

Cisco moves on from Intercloud, will focus on cloud management instead

Cisco this week released new software and services for helping organizations migrate to cloud-based infrastructure, whether it be infrastructure they run themselves or resources from public cloud providers.+More on Network World: Cisco CEO: Spin-in technologies aren’t dead at Cisco+But as part of this effort Cisco is not pointing customers to one of its own public cloud platforms as it has wound down and pivoted away from its multi-year effort to develop its once-heralded Intercloud.To read this article in full or to leave a comment, please click here

This Is Why I’m Not Doing SD-WAN Webinars

One of my long-time regular readers sent me this question:

I was wondering if you have had any interest in putting together an SD-WAN overview/update similar to what you do with data center fabrics where you cover the different product offerings, differentiators, solution scorecard…

That would be a good idea. Unfortunately the SD-WAN vendors aren’t exactly helping.

Read more ...

Cisco CEO Robbins: Wait til you see what’s in our innovation pipeline

It’s been a little over a year since Chuck Robbins took the reins at Cisco from the venerated John Chambers. In that time, the face and pace of the IT realm has transformed -- from Dell buying EMC and HP splitting up to the swift rise of IoT and harsh impact of security challenges. Robbins has embraced this rapid change and, he says in this wide-ranging interview, moved the company forward with relentless speed to address everything from hyperconvergence to application-centric infrastructures. To read this article in full or to leave a comment, please click here(Insider Story)

Cisco CEO Robbins: Wait til you see what’s in our innovation pipeline

It’s been a little over a year since Chuck Robbins took the reins at Cisco from the venerated John Chambers. In that time, the face and pace of the IT realm has transformed -- from Dell buying EMC and HP splitting up to the swift rise of IoT and harsh impact of security challenges. Robbins has embraced this rapid change and, he says in this wide-ranging interview, moved the company forward with relentless speed to address everything from hyperconvergence to application-centric infrastructures. To read this article in full or to leave a comment, please click here(Insider Story)

Industry First Micro-segmentation Cybersecurity Benchmark Released

microsegmentationThe VMware NSX Micro-segmentation Cybersecurity Benchmark report has been released! As previewed in part six of the Micro-segmentation Defined – NSX Securing Anywhere blog series , independent cyber risk management advisor and assessor Coalfire was sponsored by VMware to create an industry first Micro-segmentation Cybersecurity Benchmark report. Coalfire conducted an audit of the VMware NSX micro-segmentation capabilities to develop this benchmark report detailing the efficacy of NSX as a security platform through a detailed “micro-audit” process, testing NSX against simulated zero-day threats.

Testing included five different network design patterns, and demonstrated how NSX micro-segmentation can provide stateful, distributed,  policy-based protection in environments regardless of network topology. Topologies included –

  • Flat L2 network segments
  • L2 and L3 networks with centralized virtual or physical routers, representative of typical data center rack implementations built on hybrid physical and network virtualization platform / distributed virtual switch (dVS)
  • Networks with connection to other physical servers
  • Overlay-based networks using the Distributed Firewalls (DFW) and Distributed Logical Routers (DLR)
  • Physical VLAN and overlay-based networks using service insertion technologies running on dedicated VMs (in our case, Palo Alto Networks NextGen FW with Panorama)

five-micro-seg-design-patterns

Coalfire’s examination and testing of VMware NSX technology utilized simulated exploits that depict likely malware and Continue reading

1 2,624 2,625 2,626 2,627 2,628 3,809