You spend the next year toughening up cloud security, allocating four times what you spent in the previous year. As we say: “You can’t have too much security.”. But what if you can have too much security? It’s a matter of where you exist on the cloud security spectrum. It’s 5:00 a.m. sometime in 2018. The phone rings. It’s the cloudops team reporting a potential breach where gigabytes of customer data may have been compromised. MORE

I have recently released a new report looking at the second phase of the Payment Services Directive (PSD2) and its security requirements along with my colleagues Jacob Morgan and Andras Cser. age of the customer banking financial services security & risk MORE

In 2020, the cloud computing market will sees interesting new alliances and face new security concerns. age of the customer cloud computing cloud security prediction private cloud public cloud promoted MORE

Do you have good cloud security? The group quickly picked and installed a cloud security solution that worked well for those applications and data stores, or that they considered best of breed. Now add other sprints, other workloads and data stores, along with best-of-breed security solutions, all seemingly effective. We’re building security silos without realizing it. MORE

Cloud security breaches consistently make news headlines. The ambiguity that surrounds cloud computing can make securing the enterprise seem daunting. Concerns about security have led some CIOs to limit their organizational use of public cloud services. However, the challenge exists not in the security of the cloud itself, but in the policies and technologies for security and control of the technology. to “Am I using the cloud securely?” MORE

security & risk cybersecurity healthcare Security & RiskHindsight is 20/20; it’s easy to look back on past mistakes and identify ways to prevent them from reoccurring, especially when it comes to breaches reported on the Office of Civil Rights (OCR) “Wall of Shame”. MORE

age of the customer security & risk IAM identity and access Security & Risk Zero TrustIt’s the summertime, and my daughters are home from school. MORE

Besides the security concerns of social media sites potentially mining […]. security & riskAt the start of the new year, a meme called the 10-Year Challenge went viral. MORE

When Amy, the CISO of a healthcare provider, looked at cloud security across the enterprise, she realized the default access control models were creating a variety of access issues. BeWell’s infrastructure as a service (IaaS) providers defaulted to a secure state, allowing only the owner access. We’re now being asked how we’re helping the enterprise realize more value while assessing and managing risk, security and even safety. Security MORE

I published my first Forrester Wave™ today, covering the managed security services provider (MSSP) market in Europe. MORE

Are you the cloud security person, or cloudsec/cloudops, as it’s often called? The person who controls the cloud deployment, including all security such as IAM (identity and access management), encryption services, and application and user authentication? I have some observations about cloud security to share. First, enterprises typically don’t have a good-fitting security solution. MORE

David Holmes formerly worked for both F5 Networks and Shape Security. age of the customer security & risk security architecture MORE

I found some interesting statistics in this RedLock article that illustrate the severity of the cloud security problem: Only 7 percent of businesses have good visibility of all critical data, and 58 percent say they only have slight visibility. MORE

This week, I attended IBM’s fifth annual Security Summit in New York City, an exclusive event for a who’s who of IBM’s security customers. age of the customer security & risk collaboration innovation open source Security & Risk MORE

Venture capital and private equity spending on security technology reached an all-time high in 2018. While that total may pale in comparison to other fast-growing markets such as fintech ($124B) or transportation tech ($150B), consider that 65% of that $31B in security has […]. MORE

I’m often taken aback by the lack of granularity when it comes to security identity management. For those of you who don’t deal with security operations, or secops, we can create groups using any number of dimensions or domains. MORE

age of the customer cloud security content security cybersecurity data security endpoint security information security IoT security mobile security network security physical security privacy security & risk MORE

This week, we’re discussing secure configurations, and why they matter. Our friends at the Center for Internet Security (CIS) listed “Secure Configurations” as the No. 5 most important security control on this year’s Top 20 hit list. MORE

Composed of the internet of things, “smart cities,” aimed to optimize operations, present new security and privacy […]. government IoT security physical security security & risk digital transformation IoT Security & Risk MORE

Security and risk pros have the opportunity to shape the future of technology and business in ways we might have only dreamed of two years ago. cybersecurity security & risk zero trust promoted MORE

Today we released our 2019 Security & Risk Recommendations report. We collected contributions from our colleagues across the Forrester Security & Risk team to identify the most important actions security leaders should take in 2019. MORE

Microsoft has announced support for macOS in its rebranded Microsoft Defender ATP product, taking this product from being an offering that could be considered an add-on for hardening its own operating system to a multiplatform security solution. MORE

Meltdown and Spectre, dossier drama, and more of the week's top security news. Security MORE

The incident stirred new conversations around cybersecurity and how chief information security officers (CISOs) can combat cyberattacks. . Ahead of Gartner Security and Risk Management Summit in Dubai , Smarter With Gartner reached out to analysts presenting at the event to ask how security and its position in the business has evolved in light of the vehemence of malicious attacks. . Read more: 5 Security Questions Your Board Will Inevitably Ask. Security MORE

Fugue automates enterprise cloud security and compliance enforcement to prevent data breaches, policy violations, and system downtime. Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies. MORE

cybersecurity information security retention management security & risk staff development & succession management Security & RiskAs an industry, we gripe about hiring and struggle with retention. MORE

Cloud security is one of those things that everyone knows they need, but few people understand how to deal with. I The good news is that it’s actually pretty simple, and somewhat similar to security for your enterprise systems. Note that you need to deal with security at the directory level as well, so the directory itself does not become a vulnerability. Security ops. Often overlooked, this is the operational aspect of all of security. MORE

What does this mean for cloud security? · This rapid shift to the cloud raises new issues and challenges for security and risk professionals. Traditional perimeter-based security tools do little to protect cloud workloads. Securing data and applications that reside in the cloud is increasingly critical as more mission-critical apps and high-value data and intellectual property move to the cloud. Cloud Security. cloud access security brokers. MORE

Yet while drones introduce a range of use cases, the growth of drones also represents a new physical threat that demands the attention of security […]. age of the customer security & risk Drones emerging technology Physical Security Security & Risk MORE

When George took over as the CISO of a retail company, IT security was relatively simple. But as the organization has grown — adding online ordering, more employees and a host of cloud-based platforms and technology to support digital business across the organization — so have the security vulnerabilities. Plus, increased attacks and phishing attempts make it difficult to know what security projects to focus on and where to get the most ROI. Project 9: Container security. MORE

The Information Security Profession – Where do I Start? I am often asked by individuals to provide advice or guidance on how to get started in the field of information security. Cyber InfoSec education infosec security awareness tools training MORE

age of the customer security & risk #cyberinfluence #ciso CEO cybersecurity digital business digital strategy Security & Risk small business Zero TrustThis week is BlackHat. The annual Hacker Summer Camp as many folks call it. MORE

I was recently in a very high-cost (around $6K), one-week security course in San Francisco. You can infer the institution. The instructor was dynamic, and the topic was focused on technical hacking. A how-to for breaking into computers, detecting the break-in, etc. At the end of the week there was a little ‘capture the flag’ […]. InfoSec compliance framework NIST PCI MORE

Cyber security is a business necessity, according to the T-Mobile security chief in Poland MORE

Sneak peak of Microsoft Endpoint Manager security topics discussed in the section hosted by Paul Mayfield, Terrell Cox, and Micro-Scott. More details about the session and Intune Endpoint Security are given below. Subscribe YouTube Channel [link]. MORE

age of the customer application security cloud security cybersecurity data security endpoint security IoT security network security security & risk security architecture zero trust security framework (ZTX) Security & Risk MORE