As regulators demand stricter security and privacy controls and increase penalties for noncompliance, entities are desperately seeking new ways to secure data.
The challenges to compliance will only grow as nationalities around the world enact their own data-protection laws and industries impose more stringent standards. Following is a summary of expectations from the most common regulatory and industry frameworks.
General Data Protection Regulation (GDPR)
The GDPR imposes strict requirements for the privacy protections of EU citizen data, including pseudonymizing, or removing identifiers, and encrypting that data. …
In the cloud, cloud service providers (CSPs) manage the infrastructure they control — where organizational data and applications are stored — and perform the patching and updates so that the applications they use remain current.
These advantages are not inconsiderable, and executives are taking note. Among respondents to a recent Oracle/KPMG survey, 40 percent said they feel more secure having their data, applications, and operations on the public cloud than on premises.
That’s good news to chief financial officers, who covet the shift from a capital expenses spending model (“CapEx”) to one focused on operational expenses (“OpEx”).
CFOs tend to…
When you store your valuable items in a safe deposit box, do you leave your key to that box with the bank? Of course not. Although you might trust your banker, you keep control of that key. Otherwise, if it fell into the wrong hands, you might lose your valuables.
The same principle applies to your encrypted data, files, and applications. Storing your encrypted data and encryption keys in the same location is not a good idea. What if a cybercriminal or a dishonest employee breached the server where your data and key were stored?
In spite of this very…
Designing and implementing an IDS is not a trivial task, considering the numerous choices one faces during the process. Such systems require specialists who have a good overview over the entire application domain, and know how to configure each piece properly.
Not all business systems are created equal. Each is unique, and has different security needs. Maybe that’s why there are so many types of intrusion detection system (IDS), including
• Host based
• Application/stack based
• Cloud based
• Rule based
• Signature based
• Perimeter based
• Anomaly based
• Virtual machine based
• Hybrid IDS — a combination of two or more of these…
Where to place an intrusion detection system (IDS) is an important first question, but it’s far from the last decision you’ll make as you work to protect your enterprise from zero-day attacks like SolarWinds.
Once you’ve selected a location — on the network, on your devices, or, at a more granular level, on your applications, — you must next choose which kind of detection your IDS will use. What kinds of information should your IDS monitor?
One popular type of IDS is rule-based, which means the system identifies intruders based on rules that someone has written. Blacklisting is an example…
The recent zero-day attacks on SolarWinds and more than 100 other businesses and nine government agencies spell it out as never before: every enterprise needs an intelligent, application-based intrusion detection system (IDS).
This valuable cybersecurity tool can prevent intruders from lurking in your system for days, weeks, or even months to collect valuable data and infiltrate your networks.
IDS can often identify rogue outbound traffic such as a malware-infected endpoint communicating with a command-and-control botnet server. Using an IDS can make it easier to find the compromised device and block the suspicious signals.
So — why isn’t everyone already using…
A doll that understands what children say and responds to them seemed, in 2015, like a great idea — unless you were a security analyst.
Unfortunately for Mattel, security analysts seem to have been left out of the conversation until the toymaker’s “Hello Barbie” had debuted on the market; security and privacy advocates had protested in the media; and the company’s reputation had taken a major hit.
There’s an app for everything, and hackers and thieves are taking advantage. What are enterprises doing about it? Not enough.
Web and mobile application use has exploded in recent years as businesses have digitized and moved more of their operations to the cloud, and as the number of mobile devices has proliferated. Application breaches have increased commensurately, and show no signs of slowing — unless developers change the way they build and secure these apps.
Everyone, it seems, has at least one smartphone, but we don’t spend much time talking on them. The 3+ billion smartphone users worldwide downloaded more…
The cloud computing paradigm has gained increasing attention from both industries and academia due to the almost-unlimited scaling potential through a lean and dynamic utilization of resources (ISC² Cloud Security Report, 2020). As identified by the National Institute of Standards and Technology (NIST), cloud computing possesses the following essential characteristics:
1. Broad network access
2. Rapid elasticity
3. Measured service
4. On-demand self-service
5. Resource pooling.
NIST also specifies three service models,  Software as a Service (SaaS),  Platform as a Service (PaaS) and  Infrastructure as a Service (IaaS), and four general deployment models, [a] public cloud, [b]…