Weekly Industry Round-up: Week of 1/18
Posted by hyperguard on January 22, 2010
The Forrester Blog for Security & Risk Professionals…
Why Google and Microsoft, Not Cloud Computing, Were at Fault for the Google Hack
In this post, Chenxi Wang discusses last week’s attack on Google, Yahoo, and more than 30 other companies and explores why this is not an attack on cloud computing. It’s known that a Microsoft browser vulnerability was exploited, some employee desktops were compromised and the attacker used these desktops via Google’s VPN to get to some of the servers. Google then issued an emergency refresh of the entire corporate VPN infrastructure. Chenxi says that exploiting browser vulnerabilities is a familiar attack method, one that has nothing to do with cloud computing. Compromising desktops and using VPN to further compromise servers is also nothing new. She says that what is at the root of the problem here is a vulnerability from everybody’s “favorite” software company, not the fact that the target of the attack is a major cloud computing company. Despite this, Google is at fault for not managing its risks adequately.
Why You Need a SaaS Strategy
Michael Biddick, President and CTO of the consulting and IT services firm, Fusion PPT, says that few companies have noticed just how powerful and grounded a force software as a service has become. The impact that SaaS will have on IT organizations is profound and business technology leaders will need to make sure their companies are ready for it. He offers 9 keys to SaaS strategy: select the right provider, sign the right contract, have a detailed exit strategy, manage the relationship, create a contingency plan, dig deep on interoperability and integration, agree on IT’s role in supporting the product, get senior executive support and involvement and align to the company objective.
The Great PCI Security Debate of 2010: Part 2
Check out this debate with CSO’s Senior Editor Bill Brenner and Martin McKeay of the Network Security Podcast. They share their thoughts on whether PCI security is an industry savior or failure. If you haven’t heard part one yet, you can listen here.
Tactical Web Application Security…
2010 Web Application Security Predictions
Ryan Barnett looks at a few types of incidents that will likely happen over the next year. His predictions include: Web-based worms will migrate off social networking sites, planting of malware will become a top concern, attacks against Web-based critical infrastructure components and HTTP Denial of Service Attacks will take down important sites.