In my last InFocus blog post, I discussed OWASP’s approach to mobile computing risks.  I went over some of the unique risks to the mobile platform as well as reminding folks that general application security rules still apply.  With that being the case, a logical conclusion would be that introducing mobile platforms to enterprise computing

Tempus Fugit. Or in other in other words ‘Time Flies‘ And how! After a very busy Q4 to end 2011, I barely had enough time to crank out a guest post on Branden William’s blog around the end of the year. It’s about the ability of virtualization to do what it does – automate things

Last week, Christine Burns at Network World published an article on Public Cloud entitled, “Public cloud security remains MISSION IMPOSSIBLE.” The article goes on to say that moving sensitive data and mission critical apps to the public cloud is not “safe.” However, the article then quotes a number of folks, like myself, that go on to

In talking to customers today that have implemented private clouds, or moved core production assets into a virtualized data center, trust zones are a continual thorn in the side of both virtualization and security teams. Organizations are spending significant portions of their cloud budget on physical network devices – physical firewalls and physical switches.  However,

On June 14th, the PCI Standards Council released some of the materials that myself and others on the PCI Virtualization SIG have spent years in developing, refining, and arguing about.  The Special Interest Group brought together a wide range of PCI-related entities to have as holistic a view as possible.  Originally, I represented a Qualified

At the same conference from my last post – the same panel, as a matter of fact – I was professing my profound belief that we security folks need to change our language and speak in business terms because the business wouldn’t be changing their language any time soon.  We need to speak in terms

I recently attended a conference – the 14th annual Cybersecurity conference in New York.  One of my fellow panelists was from Xerox, and he mentioned that they looked at security as a quality function from their product lifecycle process.  It was a very interesting idea.  From a consumer perspective – within IT – we keep

In my last post, I discussed the prototype security management models for virtualization and cloud.  Most organizations today have some degree of virtualization within their data center.  Given my role at EMC, most organizations I work with are between 20% and 80% virtualized.  The conversations with those clients from a security perspective tilt more towards

Being responsible for both cloud security and virtualization security for EMC Consulting, one of the common challenges I see organizations grappling with is differentiating between the two.  One topic frequently dominates the conversation, but clients are looking to address the entire spectrum. The most common models for cloud are Public (e.g. Amazon EC2, Salesforce.com), Private,

Hello, and welcome to the first of what I anticipate to be many, many blog posts.  Some will actually be worth reading, and hopefully a large number of them will make readers out there want to argue with me as I attempt to convince you with logic when possible and with sheer volume when logic