[SecurityRatty] tag: computerworld

More Security News...

Mon, 25 Aug 2008 16:33:15 +0000

View more Security news and analysis from Computerworld.com.

Fog of the Future: Cloud Computings on the Horizon

Thu, 14 Aug 2008 08:56:26 +0000

If you trust the media and are looking to the future, you might be thinking a good deal about Cloud Computing — according to ComputerWorld, this could be the next big movement.

I’ve heard the buzzwords but wasn’t exactly sure what they meant–luckily, when there’s media hype, there are definitions, too. According to this article, cloud computing is exemplified by Software as a Service — outsourced, hosted platforms and software that perform services for companies.

Another article puts it slightly differently:

OK, let us look at what form of computing in being provided via the cloud. In this model, all IT applications and facilities (i.e. compute, storage and network) are provided as a service rather than dedicated infrastructure. This is intended to allow any user, independent of client platform, to access IT services without knowledge or concern of their location or form. Sound familiar — it’s a service-oriented architecture (SOA)!

In addition, cloud computing incorporates almost every computing manifestation within the IT world: distributed, grid, utility, on-demand, open-source, Web services, P2P, Web 2.0 and, last but not least, software as a service.

It also accommodates thin, thick and mobile clients and allows integration of corporate, commercial and service provider cloud-accessed resources. As an example, in this model, storage is a service resource that is accessed via the cloud, not a dedicated user resource.

Honestly I read that last one first and found the definition a bit dense. It sounds like a summation of everything that makes up our Internet infrastructure already, so how is that different than the Internet itself? Well, cloud computing isn’t about what service or devices are being supported — it’s more about how it’s being provided– it is a location-independent style of computing. The first article calls it “platform as a service.”

Have you heard better definitions of what cloud computing is and does? Share them in the comments below. Thanks!

Wee-Fi: Research on Digital Divide; NYC May Opt for Fiber for Housing Projects

Tue, 29 Jul 2008 10:40:02 +0000

Participate in a research survey on the role of wireless to shrink the digital divide: Gwen Shaffer, a Temple University (Phila.) doctoral student, is looking for responses from many kinds of stakeholders in building networks that have a purpose, at least in part, to extend Wi-Fi access. She notes that this could include community networks, non-profits, and for-profit firms like Fon. Personal information will not be collected, and she's looking to conduct in-depth interviews with some participants.

New York City considers plan to bring fiber to public housing residents: Wireless networks are definitely out in the recommendations of a private consultant to the city's Broadband Advisory Committee, ComputerWorld reports. They may opt to use $4m in a fund from Verizon and a potential $8m from the two incumbent cable operators.

Computerworld Executive Briefing: Software as a Service is Growing Up

Fri, 25 Jul 2008 09:00:00 +0000

(Source: Computerworld) SaaS is here to stay as an application delivery channel. You will be using it, but will you do so wisely? This Learn-Fast Guide will prepare you for software delivered over the Web. From security issues to contract negotiations, there's a lot to consider ... and a lot to gain.

Online Security Issues in Regulated Industries

Fri, 25 Jul 2008 09:00:00 +0000

(Source: Webroot) In June 2008, Computerworld invited IT and business leaders to participate in a survey on online security initiatives at their organizations. The goal of the survey was to better understand Web and e-mail security issues faced today within the regulated education, financial services, government and health care industries. The following report represents top-line results of that survey.

Do we need a farm system in the security industry?

Mon, 21 Jul 2008 12:17:30 +0000

Just read a good article by Lisa Vaas on Computerworld titles "When security staffers fail up". The article talks about some of the challenges that are faced by companies trying to provide proper security. While one of the issues is "bundled badness" which I will talk about later, the bigger problem that Lisa writes about is the profile of our security administrators. It is a familiar story I am afraid. Security people don't do a good job of "humanizing" themselves. Their peers don't understand what they are trying to accomplish and too often we speak in geek terms and try to dictate how people conduct business. As a result we are the "people in the way".

The next thing Lisa hits on is the obsession with certifications. Too many people think having a CISSP is the be all and end all of security. First of all, you can't hire enough of them and many of them don't have the practical business experience to take it to the next level. Than there is the security "prima donna". They just think they are smarter than everyone else and too many tasks are below them as to elementary. We have all met these types before as well.

Quickly on the "bundled badness" thing. Lisa rightfully points out that in spite of Mike Rothman's feelings to the contrary, though CIO and CFO types like to buy the bundle and get the jack of all trades suite cheaper than buying best of breeds individually, at the end of the day it is hurting our security. If you are really serious about securing the environment there is a world of difference between buying the bundle of goodness versus best in class tools.

Ultimately though, what are we to do about getting better security pros in the workplace? Do we need to change the certification process? Should companies have a different profile of who they hire for security positions. Do we need to develop some sort of farm system where security pros can cut their teeth and learn their craft, like the guilds and apprentices of yesteryear? The construction industry used to work like that. Maybe we should consider it too?

Wee-Fi: Exhaustive Looks at In-Flight-Fi, Every-Fi

Thu, 17 Jul 2008 05:57:49 +0000

Airline in-flight broadband overview: Computerworld surveys what's about to happen with in-flight broadband in the U.S. and worldwide. It's an exhaustive look (especially the run-down at the end) about what we'll be able to get on each airline or from each service. American's launch of GoGo from Aircell should be days away.

Wi-Fi wherever blowout: Eric Griffith of PC Magazine--and, notably, previously at Wi-Fi Planet--writes many thousands of words here in this thorough look at every place you might get Wi-Fi, how much it could cost, and what the limitations are. Print as a PDF and carry with you.

Steven J. Vaughan-Nichols is no Nobel economic laureate

Wed, 16 Jul 2008 12:09:15 +0000

You have to both admire and laugh at zealots and extremists no matter what guise they come in. Whether it be religion, politics or technology they find God's hand guiding you towards their position in every event, good or bad. A perfect example was brought to my attention by Michael Farnum. Steven J. Vaughan-Nichols, the resident Cyber Cynic and Linux zealot at ComputerWorld, has taken the current state of our economy as a message from God that Linux is on a messianic mission to save us from high gas prices, high food prices, the mortgage and credit crisis and those satan's in Redmond. Vaughan-Nichols says that by switching to Linux and other open source products you could save your company, your job and be more secure to boot!

Michael who is no Microsoft fan boy points out some obvious pitfalls with Vaughn-Nichols strategy. I am far from a Microsoft shill myself (now my friend Mitchell might be another story). I personally think it is ludicrous. One thing obvious is the cost of the switch. Economic cycles being what they are, by the time you actually planned and implemented this switch the economy would probably be back on the upswing and the economic reasons for undertaking this drastic a move would be gone. Than you would have the expense of moving over including training and downtime. I think by the time you are done with doing all this, if the economy hasn't killed your company, the cost of switching will!

I guess that is why Vaughan-Nichols is just a fanatic on ComputerWorld and noone has nominated him for any Noble prizes or confused him with John Kenneth Galbraith.

On Logs and Breach Disclosure Laws

Thu, 03 Jul 2008 09:40:00 +0000

Check out my fun paper called "Where the truth is: Logs and breach-disclosure laws" at ComputerWorld. I personally find the premise that logs help with breach notification mandates to be a perfect no-brainer, but it looks like some people consider it to be deep insight.

And, let's leave it at that: deep insight it is :-)

Key point for the impatient bunch: "... logs are essential for compliance with breach-notification laws because you know who exactly to notify. Proper log-keeping will save massive amounts of money while complying with both the letter and the spirit of this law."

Avoiding the Latest Phishing Attacks

Tue, 01 Jul 2008 09:00:00 +0000

(Source: Computerworld) hat started as an inbox-clogging, bandwidth-hogging, mass email marketing nuisance has evolved into a sophisticated, highly structured underground economy that can have catestrophic results on individuals and organizations. In this latest webcast from Computerworld, learn how to identify phishing emails, and ways in which email users can protect themselves. You'll also have access to four additional resources on this topic from our partner MessageLabs.