Corporate Information Security News

CSO Information Security Journal

Subscribe to CSO Information Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CSO Information Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories

How secure are your applications? Public-Key encryption may be the solution when security really matters. If you have developed an application that requires user authentication, you have undoubtedly wrestled with varying levels of security. At a basic level, most security models revolve around membership, authentication, and authorization functions. Secure socket layers (SSL) is a popular method for securing the transmission of data between Web server and client. ColdFusion MX and ColdFusion 6.1 have very good integration with Java's Secure Socket Extensions Library, which is capable of 2048-bit encryption. While the transmission of the data over the Internet via SSL helps secure against electronic eavesdropping, the data stored in your applications may still be at risk. The storage of passwords is a prime example of this security risk. If your database is comprom... (more)

The Security Challenge

This article focuses on the value of Web services security. It is important to understand what Web services are and their challenges, particularly related to security. Traditionally, companies have relied on conventional, transport-level security but this approach has its limitations. The market now offers complementary XML-based solutions designed to secure documents used in Web services requests and responses. We will explore these solutions and outline "typical case scenarios" to provide a comprehensive landscape on the current offering of Web services security solutions. Web Services Summary Web services are loosely coupled distributed architectures that allow companies to expose business functions over the Internet. Web services are described and accessed using industry standards: Extensible Markup Language (XML): Data format Simple Object Access Protocol (SOAP)... (more)

Enterprise Messaging Security

JMS-based enterprise messaging has emerged as the ideal backbone for mission-critical and business-sensitive data across the extended enterprise. As the need for more robust security measures arises, SSL is frequently used to secure messaging communications. But is this using a sledgehammer to crack a nut? System architects have choices when considering techniques that strike the right balance between performance and security. One of the main concerns of any middleware security solution is encryption. This article discusses different encryption technologies that are used to secure JMS and how to find the best compromise between your security and performance demands. Introduction The Java Message Service (JMS) has been enormously successful as a messaging technology - well beyond the expectations of its original devisors. Today, if you make a telephone call, conduct a ... (more)

CSOs: Are You a Groundhog or a Giraffe?

Through a great deal of research on enterprise cloud adoption and security, I've learned something telling. As you would expect, CISOs' opinions about cloud strategy are quite varied. While many folks recognize their company's use of SaaS for HR, sales, communication, and other applications, they are fairly divided about the use of Infrastructure as a Service (IaaS) and how secure these environments are in keeping company data safeguarded. After many talks with these technology leaders, I've determined that each fall into three distinct categories. The "Server Huggers" The first group is the server huggers and they make up a very small percentage of the respondents. They simply have no reason to leverage IaaS. Their applications are very resource intensive and expensive, and their businesses are highly predictable, so the need for scalable capacity just doesn't ex... (more)

dataguise Expands Sensitive Data Discovery and Masking for Enterprises

dataguise (, an innovator of security solutions for protecting sensitive data across the enterprise, today announced the next generation of the company's popular dataguise security solution - dgdiscoverTM 3.0 and dgmaskerTM 3.0. Version 3.0 is the industry's first integrated solution for comprehensive sensitive data discovery and masking. It is designed to find structured database repositories across the network, search and discover sensitive data in structured databases, and then mask or de-identify to protect sensitive data. With dataguise, organizations now have access to a single product that finds, searches and masks sensitive data across all databases throughout the enterprise. This allows organizations to create corporate masking policies for faster adherence to compliance regulations, lower risk of a data breach, and reduced relianc... (more)

Disk Encryption Protects Data with Comodo Endpoint Security Manager

Jersey City, NJ, September 10, 2009 - At no extra charge, enterprise IT managers can now deploy Comodo Disk Encryption with Comodo's Endpoint Security Manager, a centralized administration console for business networks. 12,000 laptops are lost or stolen in US airports every week, according to a study by the Ponemon Institute. Many of them belong to corporate travelers, whose IT professionals are left to worry that the lost information they contained might be misused. If the organization had deployed disk encryption, they might have spared themselves hours of agony and financial penalties. Root encryption, and whole- or partial-disk encryption settings allow IT managers to protect stored information. With Comodo Endpoint Security Manager, every computer in the company can now be encrypted and protected. Encryption uses a mathematical algorithm to change computer files i... (more)

Latest Study by TheInfoPro Confirms More Customers Considering Deploying PGP Solutions Than Any Other Data Encryption Solution

PALO ALTO, Calif., March 9 /PRNewswire/ -- PGP Corporation, a global leader in enterprise data security and encryption solutions, today announced that the latest Information Security Study conducted by TheInfoPro (TIP), an independent research network and leading supplier of market intelligence for the information technology industry, rated PGP Corporation once again as the lead vendor in use for both email and data encryption software. PGP Corporation was also ranked as a Tier 1 vendor in the Network Security & Security Infrastructure categories along with Cisco Systems, IBM, Symantec, and other industry leaders. TheInfoPro surveyed information security professionals from North American Fortune(R) 1000 and mid-sized enterprises, major government agencies, and leading academic institutions about implementation and spending plans, vendors, and products in 40 informa... (more)

StopBadware Spins Out

Security Journal on Ulitzer Harvard University's Berkman Center for Internet & Society has spun off its four-year-old StopBadware anti-malware effort as a standalone non-profit. Google, PayPal and Mozilla are kicking in the initial funding. StopBadware says its goal is still to work with its network of organizations and individual volunteers to collect and analyze data and build community momentum for fighting what it calls badware. Executive director Maxim Weinstein says, "If we want to put an end to badware - or even put a dent in it - we have to change the attitudes and behaviors of individuals, organizations and governments." The organization's badware alerts, which identify applications that violate its badware guidelines, have seen corporations such as AOL, Real Networks and Sears make changes to their software. And it says its collaboration with Google in warni... (more)

Novell Virtualization Expands Encryption Capabilities with ZENworks Endpoint Security Management

Novell announced the availability of ZENworks Endpoint Security Management with expanded encryption functionality and local language support. This policy-based security solution offers improved encryption for personal data management, removable storage and white-listed devices, as well as increased security for fixed disks. With ZENworks Endpoint Security Management, enterprise customers have granular control over their endpoint ports and devices allowing them to confidently protect and secure their corporate data. “Encryption is becoming a critical necessity for business,” said Chris Christiansen, Program Vice President, Security Products & Services at IDC. “Companies in all industries are facing an onslaught of compliance regulations, as well as security threats, that demand they protect their data from unauthorized access. Integrated encryption f... (more)

The China/Google thing, accountants and other miscreants

Aha! Can’t believe I managed to avoid the unbelievable hype flood that swept across the interwebs in the last month. And to think that the last post (long overdue, I know… had REALLY good reasons for not being able to post anything) was somewhat oracleish in predicting that this would be the focus of this year. Just to set the stage right – we are at a point where I just saw a USA Today “Money” section front page article on how Google’s engagement with the NSA post the breach will affect the security vendor market, and a few VCs were also quoted to the fact that we will be seeing IPOs this year that will ride this trend. Overhyped – definitely. Real – just as it’s overhyped. You must be asking then what to do? If the hype is too much, then there must not be so much behind these scary global cyberwar threats! Not exactly – the threat exists, and countries do deal ... (more)

Being in the middle (or: things we didn’t manage to learn in a decade)

&l This is going to be painful, so hold on. Instead of mumbling short tweets about things I think that suck, I decided to keep everything in and just formulate a post on it. This post is a rant. It’s a complicated rant by an “old” guy (my excuse for cynicism) in the industry who’s had a chance to see a lot going. Disclaimer: I’m going to give some examples here, real life examples from my own experience in the security industry. Some are from my consulting days, some from the vendor days, some from freelance and other gig days. If you think you are someone who I’m describing here – you probably aren’t. On the other hand, if you can recall some snotty smart-ass dude come into your company wearing orange bermuda pants (swear to god) sandals and (hold it) silver toenail polish (I was going through something back then), telling you how badly your security sucks and leave... (more)