Video Screencast Help
Symantec Analyst Relations
Showing posts tagged with risks
Showing posts in English
GregDay-SecurityCTO | 10 Dec 2012 | 0 comments

IT Security is, at its core, just another kind of risk management. The principles are straightforward to explain – identify the risks, their probability and impact, then work out suitable mitigation strategies to reduce one or the other. 

So, how hard can it be to 'deliver' IT security - that is, to make an organisation's IT environment secure? Very hard, is the answer, when we consider just how far technology has come since such principles were first documented. The main challenge can be to identify the risks in the first place, against a background of constant evolution and sudden change.

And it's not going to get any easier given that threats come from an increasing variety of places. Let's summarise - mobile devices and networks; cloud-based applications, services and infrastructure; social networks and online collaboration tools; email and documents; virtualised...

D Thomson | 31 May 2012 | 0 comments

Some of the reticence around using “the Cloud” seems to have come from the question of whether it can be trusted – particularly when it comes to managing corporate data. Cloud has its risks, just like any architecture or approach, which need to be weighed up against the risks of running things in-house. 

I think there is a bigger question however, which goes beyond mere risk. Cloud computing came into existence as part of a natural progression in how we use technology resources. But this goes far wider than merely cloud. Two additional factors illustrate the broader landscape, namely how we are becoming more mobile, and how people are increasingly making their own technology decisions. 

This is not the moment to delve into these parallel trends, respectively nicknamed mobility and consumerisation. The point is that they are inextricably linked, and internet-based technology service delivery – aka cloud computing – is another...

GregDay-SecurityCTO | 24 Apr 2012 | 0 comments

A conversation I sometimes get involved in with customers is, "How should we secure vSphere?" The environment doesn't have to be VMware-based of course, it could be Xen, Microsoft, Red Hat or any other, but the question remains. 

From a technical perspective, the set of risks is reasonably well understood and by and large appropriate mitigations exist. For example each virtual machine, and the network connections between VMs need to be as secure as their physical equivalents. Meanwhile security holes could exist in the hypervisor layer, as with any other software package. Protections such as defence in depth, intrusion detection and prevention, patch management and so on remain much the same as in the traditional, physical world.

However, the net-new of a virtualised environment lies in how VMs are provisioned and managed. It is clearly much easier to deploy a virtual machine...