Security: What will be hot in 2008?
There are two ways to predict the future with 100% accuracy. You either have the power to shape the future to your predictions (the God method) or you make your predictions vague enough so that they...
View ArticleNetwork threats develop 'antibiotic' resistance
The scientific field of biology has provided many useful metaphors, such as "virus" and "infection," for the study of malware. Many researchers have used biology and evolution science to create...
View ArticleSecurity in a bubble
People don't notice change when it's gradual. Sometimes, however, small, incremental changes add up in a way that isn't noticed until a change in degree becomes a change in kind.
View ArticleAttackers are thinking outside the box
In the adversarial environment of information security, new types of attacks emerge constantly. Just recently, a very highly targeted phishing attack against CEOs used the pretext of a federal grand...
View ArticleWhich IT security skills are most important?
I often hear from IT executives that it is hard to recruit and retain "good security people." Many lament the shortage of skills in this area and cannot reconcile the skills offered with the positions...
View ArticleThe fantasy and reality of government security
In the movies the government has always got the best toys, the cutting-edge technology and the tightest security standards. Those who have worked on security projects within the government know that in...
View ArticleBuilding a data center security architecture
Data center architecture has been changing quite dramatically over the past few years. In many data centers, organic growth had left them broken up into application silos. The standard three-tier...
View ArticleSecurity will rescue cloud computing
Whenever the topic of security is mentioned in the context of cloud computing, it is usually discussed as the "big barrier" to adoption. The perceived or actual lack of security in the cloud makes it...
View ArticleSecurity fragmentation needs to end
A new week, a new rash of attacks against security vendors, email marketers and banks. It would be easy to point fingers and laugh at the irony, especially in the case of security vendors, but that...
View ArticleHow to be an effective security buyer
In previous columns I have repeatedly emphasized the importance of interoperability and the danger of security fragmentation. Security is so fragmented that it is often hard to discern between hype and...
View ArticleImagine: Massively scalable multi-core security
Desktops and servers are being transformed by virtualization and multi-core CPUs, but that effect is a bit harder to see in security. Multi-core CPUs especially hold the possibility of completely...
View ArticleIT security's scariest acronym: BYOD, bring your own device
The torrent of smartphones and tablets entering companies has created some interesting challenges for security managers. The new devices introduce new operating systems, new development environments...
View ArticleThe changing face of identity and location security
For two decades, the dominant security model has been location-centric. We instinctively trust insiders and distrust outsiders, so we build security to reflect that: a hard perimeter surrounding a soft...
View ArticleCompeting for privacy in a social media world
For years, Facebook users have been clamoring for better privacy controls and clarity, while Facebook engineers oscillate between improvements and major privacy snafus. Every now and then a new wave of...
View ArticleFail a security audit already -- it's good for you
Failing an audit sounds like the last thing any company wants to happen. But that's because audits are seen by many as the goal of a security program. In reality, audits are only the means of testing...
View Article
