The longer the more I see articles and posts that claim that security could actually improve if you migrate to the Cloud. And the longer the more I am a firm believer of these statements. It is not about forgetting best practices and just handing over everything to the Cloud provider. It is about adapting your practices to the new reality. . . . → Read More: Quit Worrying About Cloud Security?
|
||||||
Consumerization of IT–How to address thisBring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that they have a hard time figuring out, how to secure such an environment; very, very ... 
10 Years of Trustworthy Computing at MicrosoftBefore joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ... 
10 Reasons to migrate off Windows XPI would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ... 
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and SecurityA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ... 
You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of Second Tuesdays: Challenges in Software . . . → Read More: Behind the Curtain of Second Tuesdays: Challenges in Software Security Response A quick one: An interesting download location: With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles – business decision maker, architect, developer, and tester/QA. These papers will help you address a critical . . . → Read More: Security Development Lifecycle: Quick References Since quite a while I am not satisfied with the way we (in the industry) are doing risk management. In my early days, before I was actually entering the security space, I was doing project management and as part of it risk management. The way we did it was fairly simple (as probably most of . . . → Read More: Fixing Risk Management I read an article called that way but then had to realize that it did not really address, what I expected. Why? Well, because it does not cover the key challenge in my opinion but… . . . → Read More: How to Detect a Hacker Attack I was reading an interesting article: Forrester Pushes ‘Zero Trust’ Model For Security, where they mainly claim that you should not trust your internal network – something I am asking for since a long time. However, the conclusions Forrester and me are drawing are slightly different. John Kindervag – the person quoted in the article . . . → Read More: Is a “Zero-Trust” Model the Silver Bullet? Sometimes I wonder whether I am too paranoid. I just got a call, which went like that: Caller: “Hello, we are doing a health insurance survey and have just three questions for you, would you mind to join in? Just 20 seconds. We do it for Health Insurance statistics.” Me: Was in a very good . . . → Read More: Am I Too Paranoid? I blogged often about it: Blocking certain websites today can fire back in different ways. The CIO published an article called Workarounds: 5 Ways Employees Try to Access Restricted Sites – and they say: “Some workarounds can be dangerous because they might create a channel that data can flow out through that is not managed . . . → Read More: Blocking Social Media Sites–a False Sense of Security? This is always a fairly emotional theme. What is better to protect the ecosystem? Public or private disclosure? Should somebody paying for vulnerabilities or not? Is a vulnerability auction ethical or not? I know that there are numerous views on that and I do not want to debate them here and now. What I just . . . → Read More: How to Deal With Vulnerabilities I just wanted to remind you: The support for Windows XP SP2 ends today. I hope that this does not catch you by surprise. If you need all the information about which kind of support ends when for which product, please consult out Lifecycle page. If you have a Premier Support contract with us, your . . . → Read More: Support for Windows XP SP2 ends today! |
|
|||||
|
Copyright © 2012 Roger Halbheer on Security - All Rights Reserved Powered by WordPress & Atahualpa |
||||||
