The modern data center has become the home of next-generation technologies. The proliferation of cloud computing and the data-on-demand generation has created new types of challenges for today’s IT environment. Not only do administrators have to focus on creating robust, multi-tenant, cloud platforms – they must always take end-user performance, resource utilization, and (of course) security into consideration. The challenge always becomes deploying an intelligent security model without hindering user productivity.
Today we published our third annual State of Network Security survey findings, which explore key risks in organizations’ security management practices and access to critical applications in the data center. Highlights include:
Over the past couple months we’ve seen a major shift in the way assessors are dealing with PCI-DSS and security. In speaking with some retail customers, one of the overarching themes I've heard is to make sure you use an assessor who understands the importance of first having a solid security program before worrying about compliance. In my conversations I've been told that QSA’s, and assessors in general, have started to shift their approach in how they review PCI-DSS since many QSA’s now have more skin in the game. Below are excerpts from a Q&A I did with a security engineer at an AlgoSec customer in the retail space:
This week's network security tip focuses on reducing complexity when it comes to firewall policy management. Our latest tip comes from our own James Dowell, a security engineer here at AlgoSec who suggests the following:
Following up on my last post on ensuring network security when working with third party vendors, to wrap up the discussion, we must examine data access levels, your incident response plan and the concept of cyber-insurance. Having an understanding and a plan around all of these can help you mitigate weak links in your security chain.
This week's network security tip focuses on simplifying your firewall rulebase. It's commonly discussed that complexity is a security killer. So going with that premise, before adding more policies, tools and layers into your security infrastructure, perhaps its worth taking a step back, examining what you have, what you think you need and then look for ways to simplify your overall security management. This exercise can help you improve your operations as well as security.