How secure are your applications? Public-Key encryption may be the solution
when security really matters.
If you have developed an application that requires user authentication, you
have undoubtedly wrestled with varying levels of security. At a basic level,
most security models revolve around membership, authentication, and
authorization functions. Secure socket layers (SSL) is a popular method for
securing the transmission of data between Web server and client. ColdFusion
MX and ColdFusion 6.1 have very good integration with Java's Secure Socket
Extensions Library, which is capable of 2048-bit encryption. While the
transmission of the data over the Internet via SSL helps secure against
electronic eavesdropping, the data stored in your applications may still be
The storage of passwords is a prime example of this security risk. If your
database is comprom... (more)
PALO ALTO, Calif., March 9 /PRNewswire/ -- PGP Corporation, a global leader
in enterprise data security and encryption solutions, today announced that
the latest Information Security Study conducted by TheInfoPro (TIP), an
independent research network and leading supplier of market intelligence for
the information technology industry, rated PGP Corporation once again as the
lead vendor in use for both email and data encryption software. PGP
Corporation was also ranked as a Tier 1 vendor in the Network Security &
Security Infrastructure categories along with Cisco Systems, IBM, Symantec,
and other industry leaders.
TheInfoPro surveyed information security professionals from North American
Fortune(R) 1000 and mid-sized enterprises, major government agencies, and
leading academic institutions about implementation and spending plans,
vendors, and products in 40 informa... (more)
This article focuses on the value of Web services security. It is important
to understand what Web services are and their challenges, particularly
related to security. Traditionally, companies have relied on conventional,
transport-level security but this approach has its limitations. The market
now offers complementary XML-based solutions designed to secure documents
used in Web services requests and responses. We will explore these solutions
and outline "typical case scenarios" to provide a comprehensive landscape on
the current offering of Web services security solutions.
Web Services Summary
Web services are loosely coupled distributed architectures that allow
companies to expose business functions over the Internet. Web services are
described and accessed using industry standards: Extensible Markup Language
(XML): Data format Simple Object Access Protocol (SOAP)... (more)
JMS-based enterprise messaging has emerged as the ideal backbone for
mission-critical and business-sensitive data across the extended enterprise.
As the need for more robust security measures arises, SSL is frequently used
to secure messaging communications. But is this using a sledgehammer to crack
a nut? System architects have choices when considering techniques that strike
the right balance between performance and security. One of the main concerns
of any middleware security solution is encryption. This article discusses
different encryption technologies that are used to secure JMS and how to find
the best compromise between your security and performance demands.
The Java Message Service (JMS) has been enormously successful as a messaging
technology - well beyond the expectations of its original devisors. Today, if
you make a telephone call, conduct a ... (more)
Jersey City, NJ, September 10, 2009 - At no extra charge, enterprise IT
managers can now deploy Comodo Disk Encryption with Comodo's Endpoint
Security Manager, a centralized administration console for business networks.
12,000 laptops are lost or stolen in US airports every week, according to a
study by the Ponemon Institute. Many of them belong to corporate travelers,
whose IT professionals are left to worry that the lost information they
contained might be misused. If the organization had deployed disk encryption,
they might have spared themselves hours of agony and financial penalties.
Root encryption, and whole- or partial-disk encryption settings allow IT
managers to protect stored information. With Comodo Endpoint Security
Manager, every computer in the company can now be encrypted and protected.
Encryption uses a mathematical algorithm to change computer files i... (more)
dataguise (http://www.dataguise.com), an innovator of security solutions for
protecting sensitive data across the enterprise, today announced the next
generation of the company's popular dataguise security solution -
dgdiscoverTM 3.0 and dgmaskerTM 3.0. Version 3.0 is the industry's first
integrated solution for comprehensive sensitive data discovery and masking.
It is designed to find structured database repositories across the network,
search and discover sensitive data in structured databases, and then mask or
de-identify to protect sensitive data.
With dataguise, organizations now have access to a single product that finds,
searches and masks sensitive data across all databases throughout the
enterprise. This allows organizations to create corporate masking policies
for faster adherence to compliance regulations, lower risk of a data breach,
and reduced relianc... (more)
Through a great deal of research on enterprise cloud adoption and security,
I've learned something telling. As you would expect, CISOs' opinions about
cloud strategy are quite varied. While many folks recognize their company's
use of SaaS for HR, sales, communication, and other applications, they are
fairly divided about the use of Infrastructure as a Service (IaaS) and how
secure these environments are in keeping company data safeguarded. After many
talks with these technology leaders, I've determined that each fall into
three distinct categories.
The "Server Huggers"
The first group is the server huggers and they make up a very small
percentage of the respondents. They simply have no reason to leverage IaaS.
Their applications are very resource intensive and expensive, and their
businesses are highly predictable, so the need for scalable capacity just
doesn't ex... (more)
Novell announced the availability of ZENworks Endpoint Security Management
with expanded encryption functionality and local language support. This
policy-based security solution offers improved encryption for personal data
management, removable storage and white-listed devices, as well as increased
security for fixed disks. With ZENworks Endpoint Security Management,
enterprise customers have granular control over their endpoint ports and
devices allowing them to confidently protect and secure their corporate data.
“Encryption is becoming a critical necessity for business,” said
Chris Christiansen, Program Vice President, Security Products & Services at
IDC. “Companies in all industries are facing an onslaught of compliance
regulations, as well as security threats, that demand they protect their data
from unauthorized access. Integrated encryption f... (more)
Security Journal on Ulitzer
Harvard University's Berkman Center for Internet & Society has spun off its
four-year-old StopBadware anti-malware effort as a standalone non-profit.
Google, PayPal and Mozilla are kicking in the initial funding.
StopBadware says its goal is still to work with its network of organizations
and individual volunteers to collect and analyze data and build community
momentum for fighting what it calls badware.
Executive director Maxim Weinstein says, "If we want to put an end to badware
- or even put a dent in it - we have to change the attitudes and behaviors of
individuals, organizations and governments."
The organization's badware alerts, which identify applications that violate
its badware guidelines, have seen corporations such as AOL, Real Networks and
Sears make changes to their software.
And it says its collaboration with Google in warni... (more)
Aha! Can’t believe I managed to avoid the unbelievable hype flood that
swept across the interwebs in the last month. And to think that the last post
(long overdue, I know… had REALLY good reasons for not being able to post
anything) was somewhat oracleish in predicting that this would be the focus
of this year.
Just to set the stage right – we are at a point where I just saw a USA
Today “Money” section front page article on how Google’s engagement
with the NSA post the breach will affect the security vendor market, and a
few VCs were also quoted to the fact that we will be seeing IPOs this year
that will ride this trend.
Overhyped – definitely. Real – just as it’s overhyped. You must be
asking then what to do? If the hype is too much, then there must not be so
much behind these scary global cyberwar threats! Not exactly – the threat
exists, and countries do deal ... (more)
This is going to be painful, so hold on.
Instead of mumbling short tweets about things I think that suck, I decided to
keep everything in and just formulate a post on it.
This post is a rant. It’s a complicated rant by an “old” guy (my excuse
for cynicism) in the industry who’s had a chance to see a lot going.
Disclaimer: I’m going to give some examples here, real life examples from
my own experience in the security industry. Some are from my consulting days,
some from the vendor days, some from freelance and other gig days. If you
think you are someone who I’m describing here – you probably aren’t. On
the other hand, if you can recall some snotty smart-ass dude come into your
company wearing orange bermuda pants (swear to god) sandals and (hold it)
silver toenail polish (I was going through something back then), telling you
how badly your security sucks and leave... (more)