By now, just about everybody who works in any area of IT knows that moving multiple workloads into one physical server optimizes server usage, minimizes procurement and operational costs, and increases overall efficiency of the network. As a result, virtualization technology remains one of the hottest topics in IT today, due to its overwhelming benefits to organizations of all sizes. Read More »
Cloud services. You may or may not think about them, but they are no longer a talk of the future. Some of you probably listen to Rhapsody and Rdio, which are cloud-based streaming music services. Others perhaps use a cloud-based compression service Onavo to shrink your smartphone data and your monthly bill. Storage (Dropbox), email, social media, banking, location-based services (GPS), just to name some, all at your fingertips. For small and mid-size businesses, there’s a wide range of cloud services including productivity, finance, and accounting. For many companies and organizations, cloud adoption is on top of their priority list.
Before we continue to ride the cloud at lightning speed, shall we pause a moment to reflect on the risks? After all, there are many things that can threaten our data and services. To learn more about the current threat landscape, watch a rich and compelling on-demand webcast by Patrick Gray, principal security strategist at Cisco. Here are some specific concerns and action to take.
Do you remember not too long ago hopping into your car, driving, across town (when gas was $1- something) to your local retail store and searching the computer department to purchase a cereal box that contained between 2- 8 3.5” (or are you “wise” enough to remember 5.25” floppy) disks? The disk contained software that would entertain us, make us more productive and educate. If you don’t remember that, how about going to the record store and perusing the aisles for hours reading the CD boxes that were twice as big as the CD.
Well those days seem long past; and inserting a disk in anything these days….well, seems a bit ancient.
We’re now spoiled with the conveniences of iTunes, Salesforce.com, Facebook, Youtube, Yahoo Mail, etc.. In addition, we’re all too familiar with the seemingly millions of applications that run on a myriad of mobile appliances. None of these programs run on our PC’s hard drive. They’re browser based applications that are essentially utility services which we share with thousands of users.
So, I began to ponder the question, “What’s the big deal about the Cloud in Manufacturing and Enterprise?” Read More »
Tags: Borderless Networks, Cisco, cloud, cloud security, cloud_computing, collaboration, ERP, Factory, IaaS, innovation, Manufacturing, MES, mobility, paas, R&D, Research and Development, SaaS, SCADA, security, trust, unified communications, video, wireless, XaaS
Tell me if this sounds familiar… you are asked to perform a penetration test on customer’s network to determine the security posture of their assets and the first thing they do is give you a list of assets that you are NOT allowed to test, because they are critical systems to the business. Ironic isn’t it? This is exactly the difficulty you can expect when performing penetration testing in the cloud, but multiplied by ten.
There is a lot to think about and plan for when you want to perform a penetration test in a cloud service provider’s (CSP) network. Before we get into the technical details, we need to start with the basics.
Yes, the question is “Are you really secure?” Now that I’ve asked a loaded question, let me get to the point.
The term “secure” sure has a lot of different meanings depending on the context in which it is used. If we take it from a corporate security perspective, your options are somewhat limited to physical security, as in video surveillance or physical access, or logical security, as in your laptop or data access. But, when you ask a security professional if they are secure, they will most certainly take that in the context of what they can control, and will most likely answer “yes”.
Well, what about the things you cannot control? You can control which products you buy to provide security, you control how they are installed and configured, and you control the processes and procedures that identify how they are managed and updated. But, can you control how they are manufactured?