Corporate Information Security News

CSO Information Security Journal

Subscribe to CSO Information Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CSO Information Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

How secure are your applications? Public-Key encryption may be the solution when security really matters. If you have developed an application that requires user authentication, you have undoubtedly wrestled with varying levels of security. At a basic level, most security models revolve around membership, authentication, and authorization functions. Secure socket layers (SSL) is a popular method for securing the transmission of data between Web server and client. ColdFusion MX and ColdFusion 6.1 have very good integration with Java's Secure Socket Extensions Library, which is capable of 2048-bit encryption. While the transmission of the data over the Internet via SSL helps secure against electronic eavesdropping, the data stored in your applications may still be at risk. The storage of passwords is a prime example of this security risk. If your database is comprom... (more)

The Security Challenge

This article focuses on the value of Web services security. It is important to understand what Web services are and their challenges, particularly related to security. Traditionally, companies have relied on conventional, transport-level security but this approach has its limitations. The market now offers complementary XML-based solutions designed to secure documents used in Web services requests and responses. We will explore these solutions and outline "typical case scenarios" to provide a comprehensive landscape on the current offering of Web services security solutions. Web... (more)

Enterprise Messaging Security

JMS-based enterprise messaging has emerged as the ideal backbone for mission-critical and business-sensitive data across the extended enterprise. As the need for more robust security measures arises, SSL is frequently used to secure messaging communications. But is this using a sledgehammer to crack a nut? System architects have choices when considering techniques that strike the right balance between performance and security. One of the main concerns of any middleware security solution is encryption. This article discusses different encryption technologies that are used to secure... (more)

Disk Encryption Protects Data with Comodo Endpoint Security Manager

Jersey City, NJ, September 10, 2009 - At no extra charge, enterprise IT managers can now deploy Comodo Disk Encryption with Comodo's Endpoint Security Manager, a centralized administration console for business networks. 12,000 laptops are lost or stolen in US airports every week, according to a study by the Ponemon Institute. Many of them belong to corporate travelers, whose IT professionals are left to worry that the lost information they contained might be misused. If the organization had deployed disk encryption, they might have spared themselves hours of agony and financial pe... (more)

dataguise Expands Sensitive Data Discovery and Masking for Enterprises

dataguise (http://www.dataguise.com), an innovator of security solutions for protecting sensitive data across the enterprise, today announced the next generation of the company's popular dataguise security solution - dgdiscoverTM 3.0 and dgmaskerTM 3.0. Version 3.0 is the industry's first integrated solution for comprehensive sensitive data discovery and masking. It is designed to find structured database repositories across the network, search and discover sensitive data in structured databases, and then mask or de-identify to protect sensitive data. With dataguise, organizatio... (more)

CSOs: Are You a Groundhog or a Giraffe?

Through a great deal of research on enterprise cloud adoption and security, I've learned something telling. As you would expect, CISOs' opinions about cloud strategy are quite varied. While many folks recognize their company's use of SaaS for HR, sales, communication, and other applications, they are fairly divided about the use of Infrastructure as a Service (IaaS) and how secure these environments are in keeping company data safeguarded. After many talks with these technology leaders, I've determined that each fall into three distinct categories. The "Server Huggers" The firs... (more)