Mobile threats will soon be used to gain access to personal and business devices, says Sean Martin.From the Last Word in SC Magazine (available online and in print): Unfortunately, for most app builders, the security requirements fall to the bottom of the requirements bucket as a priority of being quick to market trumps all else. Quickly building a secure app designed to run on one or more platforms/devices can be extremely challenging if the wrong environment and tools are selected. The real challenge is balancing the right level of security with the right multidevice/platform strategy with the right time-to-market delivery.

Read the full article at SC Magazine.

imsmartin consulting worked with client Shavlik Technologies to develop the pitch and materials that drove this article to be published with online magazine Network World. Most large organizations have patch management and antivirus scanning nailed. They use enterprise systems management tools to automate the entire process and don’t worry about vulnerabilities. Many small companies aren’t quite at that “set it and forget it” stage. Now SMBs have a simple, flexible tool designed for them that coincidentally happens to be the same update engine embedded into sophisticated enterprise tools.

Read the full article at Network World.

Trusting one's cloud provider remains a major deterrent to adoption, but there are ways to confirm that a provider is operating in good faith. The cloud is similar to the physical data center in that the same perimeter, system, and data protection mechanisms we've come to rely upon. But, even with traditional protection mechanisms in place, the most significant challenge that remains with cloud computing is answering the question: How can I trust the cloud provider with my environment and my data?

In the article, I take a brief look at: - Log Integrity - Storage Integrity - Operating Integrity

Read the full article at SC Magazine.

Article by: Sean Martin, CISSP

imsmartin consulting worked with client GuardTime and their strategic partner Joyent to develop the pitch and materials that drove this article to be published with online magazine Network World. The question of the day: Can you trust the integrity of applications and data in the public cloud?

Certainly trust is a crucial factor for the successful use of cloud computing by any organization. If you are going to allow another entity to process and/or store your data, you need to know whether or not someone has intentionally or accidentally compromised that data in any way.

Read the full article at Network World.

Article by: Sean Martin, CISSP

imsmartin consulting worked with clients SkyRecon Systems and Matrix Global Partners to develop the pitch and materials that drove this 2-part article to be published with online magazine Network World. An excerpt from Part 1: Together Daira and Foley have many years of experience in helping their customers tackle the tough job of keeping millions of endpoints protected, and they now share with you their tips on antivirus, device control, host-IPS and behavioral protections.

Read the full article (part 1) online.

An excerpt from Part 2: This week, we dig a little deeper and see how you can apply location awareness, network access control, and application control to keep your endpoints -- and ultimately your network -- safe.

Read the full article (part 2) online.

When asked what the greatest risks his company expects to face in 2010, the CEO of a major U.S. airline began to list items such as energy pricing, labor challenges and terrorism. IT security, let alone the application security subcategory, did not make the list. Is this a common theme across today's businesses? Or, is it that organizations just don't speak of IT and security risk using IT and security lingo? In this Network World article, "Healthcare powerhouse McKesson comments on AppSec in GRC," we gain some real-world commentary from the OWASP AppSec 2010 conference on incorporating Application Security into an organizations GRC program.

Read the full article at Network World.

Article by: Sean Martin, CISSP

The annual Black Hat Technical Security Conference is known for its colorful audience, many of which are self-described hackers. Here are the 10 hottest security topics from the event. The annual Black Hat Technical Security Conference is known for its colorful audience, many of which are self-described hackers. Some have even been known to hack the hotel TV billing systems and ATM machines in the hotel lobby. The training sessions and security briefings held throughout this year's event, July 24-27 in Las Vegas, NV, offered deeply technical information of interest to security pros and hackers alike. These sessions likewise offer crucial insights for the security-minded CIO.

In this article, we highlight the 10 hottest security topics, and provide actions every CIO can take to minimize enterprise risks.

Read the full article at CIO Insight.

Article by: Sean Martin, CISSP