While organizations spend the next few days and weeks patching OpenSSL
vulnerabilities, the realization is setting in that we may never know the
full extent of the damage caused by Heartbleed.
Although Heartbleed was only announced in early April, it has actually been
present in OpenSSL versions dating back to March 2012. This means hackers
have had ample time to steal certificates and other sensitive information.
Making matters worse, it's nearly impossible for companies to know whether
their web communications have indeed been compromised.
What exactly is being exposed?
When exploited by a hack, Heartbeat (the name of the transport layer security
extension where the bug was found) dumps whatever data might reside in the
memory of client/server communications in small 64k chunks. Normally this
traffic is encrypted, but the bug actually compromises the secret keys, ... (more)
One of the dirty little secrets about security: there is simply no way to
make your company impervious to a data breach. It's almost a statistical
certainty that you will, at some point or another, be hit with a security
scenario that you're not prepared for. That's why security today is as much
about damage control as it is about breach avoidance.
Consider the following:
Most breaches aren't that hard to execute
Attacks on corporate networks and data occur at alarming frequency. You might
think that's because attackers have become more sophisticated, but that's not
necessarily t... (more)
Wrapping up a year of impressive growth and product innovation, Gazzang, the
Linux data security company, today made its 2013 predictions covering
emerging trends in big data, the cloud and open source technology adoption.
“Buoyed by increasing adoption of and trust in cloud technologies, big data
will move out of the shadows and start to creep into the boardroom,” said
Larry Warnock, CEO of Gazzang. “While big data is already a conversation
topic at most enterprises, it’s traditionally been relegated to IT and
development projects. Next year, these organizations will start to see... (more)
InfoWorld's been doing a bang-up job covering the NSA spying scandal from the
get go, and this blog from David Linthicum titled, “Let the NSA spy on us -
We’re still moving to the cloud,” continues the trend.
The Cliff's notes: In an IDG News survey, high-ranking IT executives in North
America and Europe were asked about the effect the NSA snooping practices
have had on their cloud computing strategy. Despite the furor over the NSA,
these leaders are still committed to the cloud.
Linthicum talks about the dollars and cents, that efficiency and agility
benefits that the cloud pro... (more)
Amid the slew of articles offering advice on Big Data, Joab
Jackson's, Five Things CIOs Should Know About Big Data. stood out because of
how absolutely spot on it was.
The five points he makes nearly always come up in our conversations with
customers and prospects:
You will need to think about big data. What we're seeing now is that the
price of entry to big data, at least from a CapEx standpoint, is pretty low.
Open source tools like Hadoop, Cassandra, MongoDB, MapReduce and others,
combined with the relatively low price of cloud computing, means
organizations that may not ha... (more)