David Cass Speaks with Mike Schurict of Bitglass
Enterprises are increasingly adopting cloud strategies. Despite this, adoption has been impacted in some cases due to cybersecurity concerns.
In this podcast, David Cass, the Global Partner, Cloud Security and FSS CISO at IBM reviews the state of cloud adoption and security with Mike Schuricht, Senior Director of Product Management at Bitglass.
The experts discuss how cloud is taking off and that despite security being a key concern, with the right protections and solutions in place, cloud can be highly secure.
In this Bitglass sponsored podcast, the two touch on critical control areas and what CISOs should take into account when adopting and maintaining a cloud strategy.
With Joey Johnson, CISO Premise Health
Healthcare security requirements become even more complicated with the move to the cloud. Competing internal priorities, along with numerous cloud apps to control, increase strain on already under-resourced teams. Visibility and control over data can seem almost impossible when it is being stored in locations you do not own or manage.
In this Bitglass-sponsored webinar led by Premise Health CISO Joey Johnson you will learn about how to avoid console overload by consolidating controls with a cloud access security broker platform.
Key topics include:
CISO Matt Hollcraft Interviews Dan Schiappa of Sophos
In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.
In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous.
By Joel Rosenblatt
Columbia University Director of Computer and Network Security
Last month will be remembered as the time that AWS (Amazon Web Services) failed. The actual failure was in the Amazon Simple Storage Service (S3), but to the world in general, if your stuff was running in the Amazon cloud, it was not working.
Amazon provided a very complete write up of what happened, which basically boiled down to someone made a mistake, which caused a cascading failure that required several systems to be restarted in order to get the S3 system back up and running. Amazon is making some changes (read sanity checks) in their systems to prevent this type of problem in the future.
Within 24 hours, I started receiving advertising emails from companies asking if we suffered from the Amazon outage and would we like to look at them to prevent this from ever happening again. In Yiddish, we would call this chutzpa (audacity).
By Devon Bryan
"We drive into the future looking into our rear view mirrors" Marshall McLuhan
Notably absent from the dearth of ongoing blockchain conversations, is the cyber defenders perspective. Perhaps the reasoning could simply be that thought-leaders feeding the blockchain hype cycle are opposed to having security types pouring cold water on their "1000 blockchain flowers blooming" conversations.
Or, perhaps the "paid paranoids" across the security community are still wrestling with the decision of which existing security risk management framework applies to this peer-to-peer distributed ledger technology, if any at all.
The very definition and basic characteristics of blockchains challenge many leading security models and in particular leading security risk management frameworks (NIST Risk Management Framework, International Organization for Standardization (ISO)) built on the underlying premise that information systems supporting core business functions and organization missions need to be confined to a virtual "boundary" and with a singularly identified "system owner" to achieve "certification"/"authorization."
With the widely accepted definition that blockchain is a distributed database with an open ledger implying that data isn't stored on a single computer but rather on many different computers, known as nodes in a peer-to-peer network, renders the legacy consideration of a 'boundary' for an organization's blockchain quite challenging.
It gets even more complicated when we dive deeper into other key characteristics of blockchain summarized as follows:
Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.
Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.
A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower
Jason Witty, US Bancorp EVP and CISO
Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.
He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.
By Daniel Conroy
Synchrony Financial Chief Information Security Officer
Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.
There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.