Worse than Heartbleed?
Blog Published: 09/24/2014
Jim Reavis, Cloud Security AllianceToday at 10am EST a vulnerability in the command shell Bash was announced (http://seclists.org/oss-sec/2014/q3/649 and http://seclists.org/oss-sec/2014/q3/650). Bash is a local shell, it doesn't handle data supplied from remote users, so no big deal right? Wr...
Enabling Secure Collaboration and Compliance by Mitigating Increasing Information Risks (Part 2 of 2)
Blog Published: 09/25/2014
By Robert F. Brammer, Ph.D., Chief Strategy Officer at Brainloop, Inc.In my previous post, I addressed three major trends that play an immense role in cybersecurity initiatives. These trends include the growth of digital business, information risks, and regulatory requirements. In this post, I...
SSL Vulnerabilities in Your Mobile Apps: What Could Possibly Go Wrong?
Blog Published: 09/29/2014
By Patriz Regalado, Product Marketing Manager, VenafiThe majority of people and consumers don’t usually think about security and data privacy when they log into their mobile banking app, take a photo of the check, and make a mobile deposit directly into their account. Nor do they think about s...
Why Dyre Is Different and What It Means for Enterprises
Blog Published: 09/30/2014
By Bob West, Chief Trust Officer, CipherCloudThe Dyre Trojan, which salesforce.com warned its customers about earlier this month, shows that cyber criminals have found a brand new way to target cloud applications.It is the first known malware tool to deliberately target an enterprise cloud pro...
The Shared Burden of Cloud Data Security & Compliance
Blog Published: 10/01/2014
By Gerry Grealish, Chief Marketing Officer, PerspecsysData security remains a top concern for enterprises deploying popular cloud applications. While most will instinctively think of cloud data security and compliance as being handled only by IT departments, many enterprises are realizing that...
CSA Congress Recap Roundup
Blog Published: 10/01/2014
Last week the CSA Congress and IAPP Privacy Academy in San Jose, California. It was the Cloud Security Alliance's first time to partner with IAPP for their respective events. It was a successful event where cloud security and privacy professionals were able to rub elbows and learn best practic...
2015 PCI SIG Presentations—Rallying the Vote for Securing Keys and Certificates
Blog Published: 10/03/2014
By Christine Drake, Senior Product Marketing Manager, VenafiAt the 2014 PCI Community Meetings in Orlando, the 2014 PCI Special Interest Groups (SIGs) provided updates on their progress and presentations were given on the 2015 PCI SIG proposals in hopes of getting votes to become 2015 PCI SIG ...
Was the Cloud ShellShocked?
Blog Published: 10/06/2014
By Pathik Patel, Senior Security Engineer, Skyhigh NetworksInternet security has reached the highest defcon level. Another day, another hack – the new bug on the scene known as “Shellshock” blew up headlines and Twitter feeds.Shellshock exposes a vulnerability in Bourne Again Shell (Bash), the...
4 Lessons Learned From High Profile Credit Card Breaches
Blog Published: 10/07/2014
By Eric Sampson, Manager and QSA Lead, BrightLineThe media has been filled with stories of high profile credit card breaches, including those from Target, Neiman Marcus, P.F. Chang’s and most recently Home Depot. Details on the Home Depot breach are still emerging, but the details around the T...
The Ability to Inspect What You Didn’t See
Blog Published: 10/07/2014
By Scott Hogrefe, Senior Director, NetskopeContent inspection has come a long way in the past several years. Whether it is our knowledge and understanding of different file types (from video to even the most obscure) or the reduction of false positives through proximity matching, the industry ...
PCI Business-as-Usual Security—Best Practice or Requirement?
Blog Published: 10/08/2014
By Christine Drake, Senior Product Marketing Manager, VenafiWhen attending the 2014 PCI Community Meetings in Orlando in early September, the PCI SSC kicked off the conference with a presentation by Jake Marcinko, Standards Manager, on Business-as-Usual (BAU) compliance practices. The PCI DSS ...
The 7 Deadly Sins of Cloud Data Loss Prevention
Blog Published: 10/10/2014
By Chau Mai, Senior Product Marketing Manager, Skyhigh NetworksIt’s good to learn from your mistakes. It’s even better to learn from the mistakes of others. Skyhigh has some of the security world’s most seasoned data loss prevention (DLP) experts who’ve spent the last decade building DLP solut...
Trust Is a Necessity, Not a Luxury
Blog Published: 10/13/2014
By Tammy Moskites, Chief Information Security Officer, VenafiMapping Certificate and Key Security to Critical Security ControlsI travel all over the world to meet with CIOs and CISOs and discuss their top-of-mind concerns. Our discussions inevitably return to the unrelenting barrage of trust-b...
Malicious Security—Can You Trust Your Security Technology?
Blog Published: 10/16/2014
By Gavin Hill, Director, Product Marketing And Threat Intelligence, VenafiEncryption and cryptography have long been thought of as the exemplars of Internet security. Unfortunately, this is not the case anymore. Encryption keys and digital certificates have become the weakest link in most orga...
Poodle – How Bad Is Its Bite? (Here’s the Data)
Blog Published: 10/17/2014
By Sekhar Sarukkai, VP of Engineering, Skyhigh NetworksA major vulnerability affecting the security of cloud services dubbed POODLE (Padding Oracle on Downgraded Legacy Encryption) was reported on October 14th by three Google security researchers—Bodo Moller, Thai Duong, and Krzysztof Kotowicz...
In Plain Sight: How Hackers Exfiltrate Corporate Data Using Video
Blog Published: 10/29/2014
By Kaushik Narayan, Chief Technology Officer, Skyhigh NetworksConsumers and companies are embracing cloud services because they offer capabilities simply not available with traditional software. Cyber criminals are also beginning to use the cloud because it offers scalability and speed for del...
Mobile and Cloud: BFFs 4Ever
Blog Published: 10/29/2014
By Krishna Narayanaswamy, Chief Scientist, NetskopeWe released the Netskope Cloud Report for October today. In it, we analyze the aggregated, anonymized data collected from tens of billions of events across millions of users in the Netskope Active Platform, and highlight key findings about clo...
The Data Factory: 12 Essential Facts on Enterprise Cloud Usage & Risk
Blog Published: 11/04/2014
By Kamal Shah, VP of Products and MarketingBetween headlines from the latest stories on data breaches and the hottest new apps on the block, it’s easy to be captivated with what people are saying, blogging, and tweeting about the state of cloud adoption and security. But let’s face it: It’s ha...
REST IN PEACE SOC 3 SEAL
Blog Published: 11/05/2014
By Avani Desai, Executive Vice President, BrightLineOn October 2, 2014, the AICPA and CPA Canada announced their joint decision to discontinue the seal programs for Systrust and SOC 3 Systrust for Service Organizations.In their announcement, the AICPA and CPA Canada stated that both of these o...
From BYOD to WYOD: Get Ahead of Wearable Device Security
Blog Published: 11/11/2014
By Paula Skokowski, Chief Marketing Officer, AccellionWearable technology is the new “it” thing. From FitBit, to Google Glass, to Samsung Galaxy Gear, and now the Apple iWatch, users are literally arming themselves with the latest gadgets. This is particularly true among early adopters who are...