In an effort to reduce costs and improve operational efficiency, organizations of all sizes have begun compressing their firewall and other security services into smaller form factors and fewer physical units. Many small and midsized companies have opted for UTMs to run all of their security on a single box. Unfortunately, UTMs have failed to deliver on their promise to deliver true multi-service security. Most UTMs do one or two things really well, but add all the other services as “checkbox” items just to say they have it. Read More »
The New York Times’ Nicole Perlroth filed an alarming account of government and corporate network vulnerabilities that comes across like a briefing dossier read by James Bond aboard a Heathrow-Beijing flight. But it does the good work of putting a critical technology issue before a broad audience.
“Traveling Light in a Time of Digital Thievery” (NYT, Feb. 10) details extraordinary counter-espionage precautions taken in China by prudent travelers and their organizations. Many now leave their usual notebooks, smartphones and tablets safe at home. Some say a device taken into China is never again permitted to touch their corporate network.
Baking Security into the Culture at Cisco – A Tip of the Hat to the Security Knowledge Empowerment Team
“Security must be built into every aspect of our systems architecture and be seamlessly compatible with our business architecture.”
– Rebecca Jacoby, Cisco Chief Information Officer
When Cisco’s CIO Rebecca Jacoby and I agreed that security would be built into every aspect of our IT systems architecture, we knew this was no small task. To some degree, security requirements were bolted on, not baked in, and what “security” meant was different from person to person in our organizations. We knew that we had to raise awareness and knowledge about security—not just among the security practitioners in our IT organization, but also with the IT generalists and those architecting applications and systems. That way, systems would be designed and embedded with security from day one. Read More »
A Republican task force recently released a limited set of near-term recommendations for cybersecurity legislation that emphasized voluntary standards instead of regulation. Interesting. Several words jump out at me in that sentence. “Voluntary standards”, “near-term”, “not regulated”. I paraphrase.
Seems to me that something as important as a task force that was put together should be working on an overall strategy to address cybersecurity rather than trying to patch holes in the dike. Read More »
I recently read an article about a “good enough” network. I know this has come up in the past, but this time was in a much different context. Some people might believe that a “good enough” network is enough enough when you are moving data and web servers, but what about when it becomes the lifeline for the power grid? Read More »