John M. Stengel

WatchGuard recently unveiled their top security predictions for 2012.  This list has been pretty accurate over the years.  One of them that jumped off the page to me was this: A major cloud provider will suffer a significant security breach – Cloud Computing brings chance of malware-storms

This echo’s one of the items I teach on in our Security Practice class.  There is an increased “blindness” when companies move data and servers to the cloud.  Companies have little or no control over these servers so your security is 100% dependent on someone else’s security practice.

Don’t confuse cloud companies with being technical companies.  They are sale sbased organizations.  While a lot of the services are now and will continue to be secure.  There is a rapid adoption of new businesses popping up and without proper testing.

If you are looking to move your data to the cloud make sure you do your due diligence and properly vet these service providers.  And never give up the keys to your company without having complete access to control who has access.  Doing so blindly is playing with fire.

I watched this video a couple weeks ago and immediately shared it with my team.  I think this is a fantastic explanation for why people do or do not do something.  I think this fits in perfectly with what I have been talking about lately, why IT people don’t get security projects approved.  Take a look and I would love to hear your feedback.

http://www.ted.com/talks/lang/eng/simon_sinek_how_great_leaders_inspire_action.html

Pakistan will begin enforcing a ban on VPN traffic. The Pakistan Telecommunications Authority delivered a memo in Internet providers asking them to block encrypted VPN traffic, unless permission is obtained.

The concern is that terrorists will try and hide communications. The reality is, in my opinion, they want to snoop on all traffic. I believe this is the same country that was mad at the USA for killing Bin Laden. Are we to believe that now they are interested in only stopping terrorists?

I believe that companies that operate in the middle east and Asia Pacific regions will have these obstacles continuously added. Proper planning for a dynamically changing remote access solution will be necessary to continue to compete. Products, policies, and procedures will need to be continuously reevaluated in this climate.

How do you know the smoke detectors in your house work?  Do you assume they work or have you tested them?

How do you know the brakes on your car work?

I believe that if companies spent a small portion of their current IT budget simply testing their security they would have a better handle on their position and what they need to do next year.  Without testing the security, or lack of security, I really don’t understand how they can plan for 2012.

Basing budgets and projects off of instinct and not hard facts is never a good plan.