Latest Knowledgebase News

The must-have requirements of Cloud-based network security
posted on 20/10/2010

While some of the technical underpinnings that make up the Cloud’s ‘secret sauce’, are relatively recent innovations, the business case for managing critical IT functions as services – inside or outside the firewall - is not a new concept. At the end of the day, the Cloud is just another way to outsource IT functions, and the same fundamental concerns that exist with more mature outsourcing offerings need to be addressed – such as, how does an organization manage its security and compliance posture when critical systems and data are hosted or managed by a third party? When Sarbanes-Oxley first hit in 2002, almost overnight every security company became a compliance company. Fast-forward to 2010, and every security company is now a Cloud company, or has a “Cloud Strategy.” Whether or not it makes sense for an organization to move IT assets to the Cloud depends on a host of factors, with security and compliance being two of the most important. One way IT managers can assess the risk ... [more]

How to cut data security costs and still remain secure
posted on 12/10/2010

It has been a testing time for economies around the globe and, although many countries seem to be recovering, there are many voices warning of a double-dip recession. It is therefore unsurprising that financial directors are employing caution and continuing to grip the corporate purse strings tightly, limiting spending to the ‘bare minimum’. Unfortunately this scenario leaves many CISOs with the unenviable task of securing data whilst under the pressure of constrained budgets. Result : a timebomb waiting to go off and, if you listen carefully, you can hear it ticking. How Have We Got To Where We Are? Whilst reduced spending may be good for the company’s balance sheet, often data security has been the trade off. Let’s look at the evidence: 1. Companies now have tighter budgets and yet are working with far less staff. 2. More hours less pay – is now the mantra! 3. Mobile and remote working has gained in popularity. 4. Companies are faced with the unenviable dilemna : to get the... [more]

Data management challenges are not just related to volume but also to the nature of the information
posted on 07/10/2010

Recent years have seen an explosion in the volume of data produced and relied on by business and it continues to grow. Data management challenges facing businesses are not just related to volume, but also to the nature of the information and its importance to both the company itself and the regulatory attention it receives. The conflicting goals of data availability and security are also a consistent issue, particularly when applied to sensitive and high value information. To complicate matters further compliance is increasingly high on the list of compelling drivers. Modern standards, like ISO 27001, require a Security Management System to be implemented that is based on an assessment of risk and for technology and process to be applied to mitigate these risks. However, not all data is the same. Information that is of high value to companies, but is not subject to regulatory pressures like the Data Protection Act, is often overlooked. This information can be of such high strategic... [more]

The security issues associated with cloud computing in the public sector
posted on 09/07/2010

The adoption of cloud computing is causing significant concerns around privacy and security in the public sector. The benefits for cloud computing are very compelling, especially as the Government looks to the private sector for proven techniques to drive down back office costs, make the most of new technology and use new management practices to encourage efficiency. With plans to cut public sector expenditure by up to £60 billion a year the benefits of cloud computing are ever more persuasive. Cloud computing has many advantages for the public sector, such as the potential to reduce information and communications technology (ICT) costs, scalable data storage capacity and flexibility for users to access information wherever they are. Government departments can also focus on delivering high quality performance to taxpayers rather than worry about server and software updates. Some international public sector departments have already made the move into cloud computing such as The Ministr... [more]

Protection against browser attacks
posted on 23/06/2010

Operation “Aurora", the sophisticated Chinese cyber attack that hit several dozen companies in December 2009, not only compromised the intellectual property of the companies, but also raised the critical issue of Internet browser security. The primary enabler of this specific exploit was an unpatched vulnerability in Microsoft Internet Explorer (IE). By taking advantage of this unfixed security hole in the popular Web browser, cyber attackers compromised user’s systems. It happened when a victim was lured into navigating to a malicious web page from a vulnerable Microsoft Windows system, where JavaScript code then exploited the vulnerability. The infected system then contacted remote servers controlled by the attackers, allowing them to view, create, and modify information on the compromised system. Browser vulnerabilities affect all Web browsers and vendors, and are far from being an exclusive issue for Microsoft. However, since it’s the most commonly used browser, with hundred... [more]

Other Security news and resources