Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
As the second law of thermodynamics tells us, all things trend toward chaos and this is no less true with a virtual environment. Sprawl can have a real security impact, and it takes discipline and planning to control sprawl — discipline and planning that won’t occur without someone from the security team actively monitoring the problem and formulating strategies for how to address the issue.
VVirtualization has been one of the most rapidly and widely adopted technologies in recent memory. It’s huge, and it’s here to stay.
And as security professionals know, setting up a virtual environment securely isn’t easy. Significant effort goes into tasks like evaluating off-premise service providers, ensuring regulatory… Continue reading: Post Virtualization Security
The editors of TechTarget SearchSecurity have a new site – SearchCloudSecurity and Ed’s a regular contributor.
His latest piece looks at legacy apps and what companies can do to secure them when moving to cloud computing.
Scratch the surface in any organization and you’ll find the legacy environment is one of the most challenging issues facing IT in that organization. No matter how well planned the IT strategy, how efficient the operations, or how disciplined IT processes, there will always be technology that can’t be replaced and that doesn’t meet current standards. Because of the way many legacy applications were built, their criticality, and the expense to modify them, many… Continue reading: Moving Legacy Apps to the Cloud Securely
Dark Reading launched a new Cloud Security Tech Center this week and asked me and Ed to help kick it off with a Strategy Session research paper.
Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud. In this Dark Reading Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes and controls. Plus: How to catch up when security is an afterthought to a cloud migration.
To read the full report, please visit Dark Reading. (Free registration may be required.)
Continue reading: Cloud Security: Understand the Risks Before You Make the Move
 Ed’s on a PCI cloud security roll! His latest tip looks at the good, bad, and ugly of log management in the cloud:
Everybody who’s been involved in the Payment Card Industry Data Security Standard (PCI DSS) compliance process realizes how hard getting and staying compliant can be. Organizations transitioning services to the cloud, particularly public cloud, can find themselves in the sticky situation of maintaining “joint custody” of technical controls between themselves and their service providers. This can happen either because organizations intentionally move aspects of the cardholder data environment (CDE) outside their perimeter or — or even more challenging — when companies discover after the… Continue reading: How to Handle PCI DSS Requirements for Log Management in the Cloud
Ed has a new cloud security tip at SearchCloudSecurity:
For those of us chartered with ensuring that our business stays compliant with Payment Card Industry Data Security Standard (PCI DSS) requirements, migration to the cloud can be a scary proposition. After all, depending on what’s moving, where it’s going, and how our business will make use of it, there can be some pretty major impacts to our overall compliance efforts.
It’s not that vendors aren’t trying to reduce the anxiety that end users have. After all, more and more cloud service vendors have started going through the process of becoming PCI compliant and certified. Most notably, Amazon Web… Continue reading: Managing PCI DSS Requirements Compliance when Moving to the Cloud
|
|
