No one - not even a security vendor - is immune to cyber attacks. "It's not a question of if or when companies will face an attack, but how they're going to defend against it," says Symantec's Francis deSouza.
Mobile security is a new discussion track at RSA Conference, but it's long been a hot topic for CISOs. Entrust's Dave Rockvam discusses BYOD and how organizations are securing personally-owned devices.
Cloud computing gives the jitters to those charged with protecting their organization's IT assets. To gauge the concerns of security professionals about cloud computing, we're fielding a global survey covering all industries. We want to know your views.
"Accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill," NIST Computer Scientist Tim Grance says.
Heavily regulated industries like banking and healthcare have been reluctant to make the virtualized leap to the cloud, fearing a loss of control could open them to unforeseen risk. Are their concerns unfounded?
The Department of Homeland Security is undertaking nine private and three public cloud computing initiatives, establishing private cloud services to manage sensitive but unclassified information while using the public cloud for non-sensitive data.
"It should provide fuel for anyone calling for data breach legislation to include criminal sanctions ...," says Neal O'Farrell of the Identity Theft Council. "This was nothing short of a clumsy cover-up."
Ineffective or noncompliant security practices of service providers, the inability of customers to examine controls, the prospect of data leakage and the loss of data if a cloud service is terminated present challenges.