Monday, March 30, 2009

Press quote for Code Green Networks

Code Green is one of the up and coming DLP companies. I was impressed with their depth of understanding the data protection problems that the healthcare industry is facing. The following quote in their March 9, 2009 press release reflects their unique position.

"Given the nationwide push to digitize health care records, health care IT professionals should adopt appropriate tools to identify and secure sensitive data moving over their networks, especially via non-secure channels such as web mail and public health networks," said Eric Ogren, principal analyst at the Ogren Group." Content inspection solutions like Code Green’s are an essential tool for identifying and securing data vulnerabilities."

Microsoft IE 8 security only benefits educated users

Posted on TechTarget's SearchSecurity.com on March 25, 2009:

Microsoft Internet Explorer 8 (IE 8) has a slew of productivity and security features that IT needs to understand. But knowledge of IE 8 security features needs to trickle down to end users quickly in order for organizations to benefit from some of the most meaningful improvements.

Monday, March 23, 2009

Latest Apple iPhone features prompt security concerns

Apple has a knack for producing consumer friendly technology, and they have done it again with its Applie iPhone OS 3.0 software, which is available later this summer. But in the process they've exposed the smartphone to new areas for hackers to target. The new iPhone software has many exciting new features for consumers. Features such as landscape editting, viewing of email and text files and access to corporate applications through browsers, means this handheld device will be a significant issue for security teams.

Read the entire article at SearchSecurity.com, posted 19 Mar 2009.

Wednesday, March 18, 2009

See my Ziff-Davis presentation on virtualization security


I was one of three speakers at today's Ziff-Davis virtual tradeshow on virtualization security. The session went well with several lively questions at the end. You can check it out at the Ziff-Davis virtual trade show.

Microsoft Threat Management Gateway has some drawbacks

Posted to Tech Target's SearchSecurity on 17 March 2009:

Microsoft Threat Management Gateway has some drawbacks

Microsoft is now a few weeks into the second beta release of its Threat Management Gateway , the successor product to Internet Security and Acceleration Server. But the software giant's conservative approach to security results in some drawbacks for IT.

Thursday, March 12, 2009

Smartphone security lacking at many businesses

Posting on TechTarget SearchSecurity on 19 Feb 2009 -

Smartphone security lacking at many businesses

Smartphones are ubiquitous in corporate life, supplying email and browser access to data whenever and wherever information junkies need a fix. But so far IT has been slow to address the security arising as a result of the smartphone phenomenon.

HIPAA changes force healthcare to improve data flow

Article posted on Information Security/SearchSecurity.com on 2 Mar 2009 -

HIPAA changes force healthcare to improve data flow

The recent U.S. stimulus bill includes $18 billion to catapult the health industry toward the world of electronic records. This is sure to light a fire under every hungry security vendor to position itself as the essential product or service necessary to achieve HIPAA compliance. It should also motivate healthcare IT professionals to learn where their sensitive data is located and how it flows.

eWeek recommendation for insider abuse


I was recently asked to contribute commentary to eWeek for prevention of insider abuse. Check out the entire slide show -

http://www.eweek.com/c/a/Security/Security-Experts-Weigh-In/




Wednesday, March 11, 2009

Heartland breach highlights PCI limitations

Article posted on Information Security/SearchSecurity.com on 5 Feb 2009 -

Heartland breach highlights PCI limitations

Heartland invested in the security products and audit processes necessary to comply with the Payment Card Industry Data Security Standard (PCI DSS) and yet still suffered a serious exposure of consumer credit card data.

Four ways to prioritize security programs in a bad economy

Article posted on Information Security/SearchSecurity.com on 16 Feb 2009 -

Four ways to prioritize security programs in a bad economy

The economic doldrums are causing IT departments worldwide to re-evaluate security projects. This forces many critical decisions on where to reduce security investments while maintaining a healthy security profile. There are four main categories that can be used by IT and security vendors to help prioritize security programs and refine their value to sales prospects. In these lean times, it is important to make these hard decisions.

Virtualization challenges traditional security concepts

Article posted on Information Security/SearchSecurity.com on 17 Feb 2009.

Virtualization challenges traditional security concepts

There’s no doubt you’ve heard from those who question how traditional security controls will work in virtual environments. Despite the uncertainties inherent in any new technology, there are a number of ways virtual systems actually improve security and make it more difficult for an attacker to steal sensitive information.