Hello and Happy Friday to all!
IT needs more simplicity: "CIOs In Search of IT Simplicity" by Kim Nash. Blame old technology, mergers and acquisitions, vital legacy systems, lack of standards, and costly consolidation and integration projects for the complex, convoluted, and difficult applications many organizations are using today. In order to reduce costs, boost agility, and increase security, CIOs are starting to make the simplification of their IT systems a priority. As companies are starting to realize that complexity causes insecurity, and with the ever increasing importance of cyber security, the importance of simplicity in IT systems is growing. Visit the Veracode solutions page to see how Veracode can simplify application security, or check out the Veracode product demonstration.
VMware boots the corporate phone: "VMware Going 'All In' with BYOD" by Tom Kaneshige. Mark Egan of VMware has made the decision to move towards the BYOD craze, instituting a mandatory order for all employees to trade their corporate issued phones for their own devices and phone plans. While this mandate made some workers very unhappy at first, Egan maintains his decision, citing a 30 percent reduction in costs. What’s next? VMware plans to move to BYOD laptops and tablets as soon as next quarter. Learn ten simple ways to protect your organization from mobile computing threats in our Mobile Security ebook
The White House joins the quest to create internet codes of conduct: "Government slates meetins on mobile privacy standards" by Jaikumar Vijayan. A meeting is scheduled for next week in Washington that will focus mostly on mobile app privacy. Hosted by The National Telecommunications and Information Administration (NTIA), they expect to meet with industry stakeholders, rights groups, and internet marketers and will discuss privacy issues surrounding the use, consumption, and sharing of consumer data stored on mobile devices and shared with mobile applications. Once solidified the codes on conduct will be enforced by the FTC.
There were 198 attacks on US infrastructure in 2011: "U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically" by Brian Prince. A new report from the U.S. Industrial Control System Cyber Emergency Response Team (ICS-CERT), says that in 2011 there were 198 attacks against the nation’s infrastructure, seven of those warranting the deployment of onsite incident response teams. Incidents targeting the water sector accounted for more than half of the total attacks. The report states that "No intrusions were identified directly into control system networks. However, given the flat and interconnected nature of many of these organization’s networks, threat actors, once they have gained a presence, have the potential to move laterally into other portions of the network, including the control system." A new cloud-based solution offers a fast and simple way to find and use content. A smart approach to document management, customers drive more economic value out of existing storage investments.
Insurance for data breaches: "EU security agency eyes 'mandatory cyber insurance'" by Liam Tung. The European Network and Information Security Agency warns that the new data breach rules may prompt European companies to strive to limit reputational damage rather than improve security. Therefore, the agency is pushing for a more fully developed cyber insurance market offering a market based mechanism to reinforce the importance of security. Since the new laws basically ensure the proper notification of the occurrence of a breach, ENISA warns that companies may choose to invest in notification preparations rather than security itself. To learn more, check out our webinar about the software security risks in public companies.