Sailing the 7 C’s of security monitoring

7 seas cloudOne of the established best practices in InfoSec is monitoring. People, products and companies get paid a great deal of money and expend a great deal of resources to watch pots. Monitoring simply is the central component to any security initiative. But with all best practices, there are variables. How much to monitor? What priorities matter? Where are my greatest vulnerabilities? To this end, I have boiled down monitoring to 7 best practices…The 7 C’s of security monitoring:

READ THE ENTIRE ARTICLE ART THE NEW CLOUD ACCESS BLOG SITE: HERE

Advertisements

Adaptive Risk: Making sure you are who you say you are

mirrorImplement the predictive analytic process that is designed to assess/score risk attributes during authentication so that Access Management can determine whether to require the user to complete further authentication steps. Adaptive risk is the key engine in the unified Identity Management/Access Management (IAM) deployment.  It provides the smarts (or the means to collect the “fingerprints”) of possible identity breaches while closely controlling who gets to access what portions of your network.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

 

How cloud security balances risk versus reward

riskrewardSecuring your IT environment is not free, but there are new (cloud) options designed to mitigate costs while still providing a strong, manageable and proactive defense. While many companies still would rather spend capital on commodity assets, many CIOs recognize that information security is an important business driver…but the ultimate question is where is the balance between how much exposure can a company afford against the dollars needed protect it. The answer is different for every company, but there are best practices and alternate deployment technologies that can readjust the scales of risk versus reward.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

So, just what is REACT? And why does it matter?

react2_smHaving all the security solutions–even if they’re cloud-based–doesn’t necessarily ensure holistic protection. In the modern enterprise, there are simply too many parallel silos of data. The key is to get the solutions not only to talk to each other, but to leverage one another’s capabilities…in real time. It’s about a unified approach: Think of it like an apple pie. You might have apples, dough crust, butter and spices. Each can be used on their own. However, when using each of the ingredients together, you create a tasty result that is more than the sum of its parts.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

 

Deploying cloud security for shifting and evolving defenses

Most attacks, like the recent DDoS attacks on banks, show most hackers do not use brute force to gain entry to sensitive data. And as organizations expand the perimeter of their networks,, there are so many more opportunities for data leakage and theft. To control it, a more nimble, flexible and agile strategy of defense is necessary…and that can come from the cloud. The cloud offers agile and scalable defenses that consider situational context and real time management.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

The Cloud Guide to PCI Compliance for Retailers

PCI (Payment Card Industry) enforces Data Security Standards that looks to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. This can be a burdensome task unless retailer can leverage the cloud. This article takes a look at some of the requirements and how they translate into compliance best practices when managed from the cloud.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

 

Shooting from the HIPAA… compliance from the cloud

As an IT professional, what visuals are conjured when you hear the phrase “HIPAA compliance;” Is it Sisyphus having to push a heavy boulder up a mountain only to have it roll back down? Is it some hapless character from a Kafka novel caught in some endless bureaucratic labyrinth of requirements? Or is it just a giant hippopotamus sitting on your lap? Compliance is the necessary evil of any IT strategy. But the issue of whether or not to comply is moot. The issue is how to best comply.

READ THE ENTIRE ARTICLE AT CLOUD ACCESS’ NEW  BLOG SITE: HERE