This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
@Brian.Dean--I think you definitely want a SIEM (Security Information and Event Management) system. The tricky parts are (a) are you logging everything, (b) are you algorithmically detecting issues across your logs effectively, and (c) are you able to detect improper transmission of your information?
A vendor can help you with most of (a) (but you still have to think through and make sure you really are logging everything), and probably all of (b), and only part of (c). And you can pay wildly different amounts of money to different vendors for (a)-(c). That said, I don't have strong enough knowledge of every service that each provider you listed has, so I don't know the answer.
Probably the best CIO I'm aware of today is Mike Kail, formerly of Netflix, and now of Yahoo!. He's a great guy to follow on Twitter (@mdkail), and it's well worth reading interviews with him and speeches he gives. He completely gets the risk/risk tradeoff of security vs. productivity, and I view him as "one of the good guys" who is doing absolutely everything he can in favor of productivity (and happy employees).
Should security monitoring be outsourced to a company like Norton or would newer security firms like CatBird, Splunk and BrickHouse Security, etc., that use SDN technologies to monitor network activities be a better option?
@Brian.Dean--identity-as-a-perimeter should work anywhere, but the more services you're running, the harder it is to implement. (However, the more services you're running *without* identity-as-a-perimeter, the more likely you're going to have some significant problems). One annoyance of mine is that many SaaS providers only put support for your identity service in their most expensive tier, so you end up having to pay a lot for good security. The webmeeting software we use is around $10/month for the features we need, but is more than 5X that if we want those same features and to hook up to our Active Directory.
@Lorna, @Brian.Dean--there are some good services out there that offer intrusion detection/intrusion prevention/log storage and scanning (including human daily reviews), etc. It's possible to outsource the human-workload-intensive aspects of InfoSec, but you really need to keep control over the policies and implementation.
@Lorna--Auditors definitely ask (and may check, depending upon the audit) about how employees are informed about the infosec policies, how often you do refreshers, and whether you talk about the full range of issues that employees can expose businesses to (e.g., malware, etc)
@Brian.Dean--STAR asks a ridiculous number of questions about basically everything. I actually think that having good answers to all of the questions is the most important aspect for a provider. Like so much in security, it's really more about showing that you've thought about everything and are making intelligent decisions about all of the various things that can happen in InfoSec. Here's the link: https://cloudsecurityalliance.org/star/
Hi all -Audio is live! If you don't see the audio bar at the top of the screen, please refresh your browser. It may take a couple tries. When you see the audio bar, if it doesn't start automatically, hit the play button. If you experience audio interruptions and are using IE, try using FF or Chrome as your browser. Many people experience issues with IE. Also, make sure your flash player is updated with the current version. Some companies block live audio streams, so if that is the case for your company, the class will be archived on this page immediately following the class and you can listen then. People don't experience any issues with the audio for the archived version.
We'd love to have your voice in the class discussion here. To take part, just type your comment or question into the "Your Post" box and then click on the "Post" button below the box. Feel free to introduce yourself before the show starts -- I think you'll find that we're a very friendly learning community here!
Hey, everyone, we're glad you could join us! When the class is scheduled to start, at 2:00 p.m. EDT, an audio player should appear above the "Your Post" window. If it doesn't appear, you might need to refresh your browser until it does. If it appears but doesn't start playing, then you may need to click on the "play" button on the far left of the player.
2020 State of DevOps ReportDownload this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Enterprise Automation: Do More with LessIn this IT Trend Report, we highlight the benefits of automation and the various tools as enterprises navigate turbulent times, try to do more with less, keep their operations running, and stay on track with digital modernizations.