There was some great food for thought (and action) that came out of the Gartner Security Summit (#GartnerSEC) I attended in DC last week. The most pervasive message from attendees is that they feel the need to do a security reset given the recent changes to the threat landscape with targeted attacks (Advanced Persistent Threats) as well as pervasive and persistent malware. The folks I spoke with were definitely open to making changes that would help their organizations respond to, or better yet,  get

The entire nation is coming to grips with the PRISM program and grappling with the tradeoffs between national security and privacy. Ever since press conference where President Obama addressed the PRISM project, the world has been abuzz about data mining; that said, nowhere (except perhaps Washington DC) has the topic been more hotly debated than in Silicon Valley (probably because many of the companies that host vast repositories of U.S. citizens’ data are headquartered here) As I read through the

Last week, I attended the New York State Cyber Security Conference in Albany, NY. Themed “Helping Navigate Stormy Seas,” the event offered great, practical advice on a wide range of interesting security topics. Three of my personal favorites were Gerry Grealish’s talk on how to secure the cloud without compromise, Kurt Hagerman’s discussion of changes in PCI compliance and the implications in the cloud, and John Petrequin’s presentation on the seven traits possessed by companies that have survived APT attacks and

Let’s face it: perimeter security is failing, and failing fast. Every week it seems, we’re reading about yet another major corporation, defense contractor or government agency that has become the latest victim of an Advanced Persistent Threat (APT). Today’s APTs are both sophisticated and patient, getting inside the target’s network and sitting there for weeks, months or even years, accessing and ultimately stealing valuable data.  Now, it’s clear that servers are the primary targets and the best way to get

As far as buzzwords go, in the world of government IT, there is nothing more popular than Big Data. We have seen many examples of how Big Data initiatives are being rolled out in both in public and private sectors. In 2012, the Big Data Research and Development Initiative was created to help understand how Big Data can be used to solve important problems facing government agencies; incidentally, Big Data analysis played a large role in BarackObama’s successful 2012 re-election campaign! Yet,

I recently stumbled across this story about a council employee who, after learning he was being made redundant, stole sensitive customer details in order to help him set up his own company.  Typically, the Data Protection Act holds the “data controller” accountable for data protection. In this case, however, it turned out that the council took adequate precautions to protect the data, included restricting access to employees with a “need to know.” The offending employee had a need to access data in order to do

This week the 4th annual Vormetric Customer Council convened in beautiful San Francisco to do some sustained thinking, indeed.  Customers from Europe, Asia, and North America came together to discuss the data security issues they face today and must prepare to face in the future.  Our customers run the gamut from small health care organizations to large financial institutions and government agencies. And one of the great benefits of putting this diverse group of business leaders together in a room

Earlier this month, I blogged about what our global online survey respondents said were the primary security drivers in their organizations and IT’s new business imperative of protecting brand reputation through better security practices. In my third and final post on our survey findings, I thought I’d borrow a page from Cuba Gooding Jr.’s book in Jerry Maguire and “Show (you) the money!” The 450+ IT professionals responding to our Protect What Matters — Data Security survey shared where they plan to allocate their budgets in the coming 12 months as

Hadoop clusters are popping up everywhere. Almost every large enterprise customer I speak with has already deployed or is in the process of deploying Hadoop clusters for generating data-driven business intelligence. Unfortunately, Hadoop was not designed with security in mind and that can pose a serious problem in this age of intensifying cyber threats. The simple fact is, data is ingested into Hadoop clusters from many sources and it typically includes sensitive data such as Personally Identifiable Information (PII), Personal

 I recently shared two key takeaways from the spate of industry research and surveys released in April: 1) that no organization is immune from cyber attacks; and 2) data-centric security measures are crucial to thwart increasingly sophisticated cyber attacks. In this post, I’ll offer a few insights from the 450+ responses we got to our Protect What Matters — Data Security  global online survey. I found several of the results eye-opening and thought it would be good to share them with