Select the directory option from the above "Directory" header!

Security: Opinions

Opinions

  • Can you trust Amazon's WorkMail?

    When Amazon unveiled its cloud-based corporate <a href="http://www.computerworld.com/article/2877217/aws-launches-workmail-for-the-enterprise.html">WorkMail email offering</a> last week (Jan. 28), it stressed the high-level of encryption it would use and the fact that corporate users would control their own decryption keys. But Amazon neglected to mention that it will retain full access to those messages -- along with the ability to both analyze data for e-commerce marketing and to give data to law enforcement should subpoenas show up. 

  • Endpoint security trends for 2015: What can we expect?

    Endpoint security is definitely an approach that I favour. Keeping a network secure is an immense challenge that requires constant work and vigilance. Why introduce a client or server to your network before making sure that the device is as security hardened as possible?

  • Be prepared for the breach that's headed your way

    January 2015 is already winding down, but it's not too late to think about the lessons of 2014. For anyone in information security, 2014 was a year marked by spectacular breaches. It ended with Sony Pictures Entertainment getting its clock cleaned by hackers, <a href="http://www.computerworld.com/article/2865330/fbi-director-again-points-to-north-korea-for-sony-attack.html">quite possibly from North Korea</a>. Wouldn't it be great if 2015 doesn't include the same sort of clock cleaning at your company?

  • Facebook, take note!

    In the last few weeks it's possible some of your Facebook chums posted messages on their walls in which they tried to revoke permission for the social network to use and distribute content they post.

  • Why cybersecurity will suffer the same fate in 2015 as it did in 2014

    2015 is nearly three weeks young and I am afraid we are going to see more of the same exposures as we did in 2014. Not much has changed in organizations. They are fundamentally following the same tactics and techniques to 'defend' against adversaries as they have for the past several years. There are 12 areas that continue to cause problems for the CISO and information security as a whole. Here they are:

  • 2015: The year the Internet crashes. Hard.

    An Internet joke that goes back at least to the early 1980s consists entirely of the phrase: "<a href="http://catb.org/jargon/html/I/Imminent-Death-Of-The-Net-Predicted-.html">Imminent Death of the Net Predicted</a>!" Every year, even more often than you'd hear "This will be the year of the Linux desktop!" someone would predict that the Internet was going to go to hell in a handbasket -- and nothing happened. This year it's my turn, but I fear I'm going to be proved right.

  • Sony and Chase: Don't blame the CISO

    Over the last couple of weeks, I have read numerous news stories about the widely publicized security breaches at <a href="http://www.computerworld.com/article/2860745/it-security-in-2015-were-now-at-war.html">Sony</a> and <a href="http://www.computerworld.com/article/2691246/jpmorgan-chase-says-breach-affected-83m-customers.html">JPMorgan Chase</a>. It seems as if everybody is a Monday-morning quarterback, with every other reporter voicing an opinion on how these breaches should have been prevented. In particular, I read two articles that specifically blamed the information security organizations at those companies for failing to properly stop the attackers. That's not fair.

  • We can learn from the Sony hack

    Well that stinks, doesn't it? <a href="http://www.computerworld.com/article/2857134/hackers-demand-sony-pull-the-plug-on-the-interview.html">Sony Pictures goes and scrubs the launch of a $44 million movie</a> after being hacked, potentially by North Korea. Almost reads more like a James Bond plot than a news story, but there it is. And this time, it doesn't seem likely that Bond, James Bond, is going to show up at the eleventh hour to save the day.

  • Why <i>The Interview</i> won't play in Peoria -- for now

    Maybe I should be outraged by Sony's decision not to distribute the movie <em>The Interview</em>, but I am merely saddened by it. I am saddened that a hacking incident with all the hallmarks of a simple case of extortion has been distorted so it looks like a terrorist threat.

  • Intelligence community must get its own house in order

    Earlier this month, Robert Hannigan, the director of <a href="http://www.gchq.gov.uk/Pages/homepage.aspx">GCHQ</a>, a British intelligence agency, wrote <a href="http://www.ft.com/intl/cms/s/2/c89b6c58-6342-11e4-8a63-00144feabdc0.html#axzz3I6mVHFpK">an opinion piece</a> in the <em>Financial Times</em> castigating tech companies for being "in denial" about abuses of their platforms by criminals and terrorists and calling on them to develop better arrangements for facilitating lawful government investigations. While there is certainly much room for improved cooperation between government and the private sector, the first step for reform should be for intelligence agencies like GCHQ to take a hard look in the mirror.

  • Top 10 tech industry megatrends of 2015

    "Futurology has always bounced around between common sense, nonsense and a healthy dose of wishful thinking." That's how a 2012 Scientific American article summed up the history of prediction. Our compelling annual urge to predict the future traces back to the ancient Greeks and their Delphic Oracle--so who am I to argue with such venerable tradition? Here's my top 10 countdown for the shape of our industry in 2015:

  • Getting your board's buy-in on cybersecurity

    High-profile data breaches continue to make news, and you can bet that your board of directors has noticed. Breaches can result in huge remediation costs, litigation and lost revenues resulting from a damaged reputation. Board members pay attention to those things.