Why There Will Be No Year Of The Cloud
By Dwayne Melancon, Tripwire’s VP of Corporate and Business Development
Before vast herds of businesses go running to the cloud, they will want to see that others have done it an not been burned. This is classic bell curve stuff - a few will do it, but it will be a while before the majority of the IT organizations use the cloud in any significant way.
Internal Clouds Are More Than Just VMware
By Dwayne Melancon, Tripwire’s VP of Corporate and Business Development
Many internal clouds will run on the back of VMware, but not all, and VMware alone will not satisfy all of the business’s requirements for running an effective internal cloud. Why not? I can think of several reasons…
Stay Clear of Snakeoil Peddlers in the Cloud
By Dwayne Melancon, Tripwire’s VP of Corporate and Business Development
If you own the business, you own the strategy and execution and you can not outsource accountability. Be careful about falling for the siren song of technology – it is there to support your business, not define it.
PCI Virtualization Will Alter QSA Perspective
By Dwayne Melancon, Tripwire’s VP of Corporate and Business Development
QSA’s (auditors) policing the PCI-DSS (credit card data security standards) need to adjust their mindset when auditing virtualized card processing infrastructure…
Trust is Not Really a Control, Neither is Luck
By Gene Kim, CTO of Tripwire and co-founder of the IT Process Institute
This risk is often hidden in plain sight, poses a genuine clear and present danger to the business and information security objectives, and one that is often overlooked. This issue is change control.
ITIL Certified Products are No Magic Bullet
By Michael Lohr, Sales Engineering Team Manager for Tripwire
Companies buy these so called certified products thinking they have the magic bullet to solve their ITIL project, and they’ll skip the hard part, which is designing the processes for their organization. So instead of a magic bullet they’ll just shoot themselves in the foot with a real bullet.
Who’s to Blame When PCI Security Fails?
By Ed Rarick, PCI Evangelist at Tripwire
Auditors definitely need to be more exacting and tougher when evaluating a company’s adherence to the specification. But an audit is a point-in-time event that says “as of today” your security level and change and control processes are at an acceptable state.
Application Virtualization and IT Security
By Derek Crawford, Director of Sales Engineering at Tripwire
From an IT Operations perspective it would seem there is a pretty powerful argument to virtualize and distribute applications like this rather than have to install and maintain them on every users PC or laptop.
Audits and the Change Management Process
By Gene Kim, CTO of Tripwire and co-founder of the IT Process Institute
If the auditor observes that no one is showing up to the change management meetings, authorizations are rubber stamped without any real evaluation, unauthorized changes and unplanned outages are occurring regularly, then she will likely flag this as a potential high risk area.
Cyber Security Week In Review: June 27th
From The Internet Security Alliance and Information Security Resources
Exploits of unpatched Windows bug will jump, says Symantec; Mozilla tackles XSS vulnerabilities with new technology; New Facebook blog: We can hack into your profile; Red Condor’s Spam Trip Wire detects new virus; Adobe Releases Update for Shockwave Player; Gates Creates Cyber-Defense Command; Google clamps down on ‘malvertising’; Hacked high-profile Twitter accounts still spreading malicious links; Spam, Phishing, and Malicious Code Related to Recent Celebrity Deaths.
