Michele Chubirka


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

6 Information Security New Year's Resolutions

It’s that time of the year again: When almost every tech writer and technologist with a blog shares their “end of the year” lists. We get opinions ranging from the best tech tools to the biggest industry failures and predictions for the next year. But I thought this might be a good opportunity to do something more constructive. I’d like to propose my 2014 New Year’s resolutions for information security.

2013 was a rough year for security pros, leaving reputations bloody and beaten. Between the awkward disclosures of Edward Snowden’s purloined NSA documents, to high-profile data breaches such as the compromised point-of-sale system at Target or user accounts from Adobe, holiday cheer is in short supply in information security.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

As usual, passwords and user data seemed to be the biggest mark for bad guys, mostly because they’re still so easy to obtain. Seems like we’ve seen this all before. Why does every year in security feel like we’re watching a bad remake of a classic TV show, leaving us with that vague feeling of déjà vu? Maybe it’s because we complain about the same problems without committing to making changes necessary for improvement. Here are six resolutions for improving information security in 2014:

1. Ramp Up Encryption

Let’s collectively resolve to encrypt more data, at rest and in transit, while advocating for more usable and effective methods of managing the process. Whether the goal is protecting data from the NSA or members of some criminal underground, there doesn’t seem to be any question that encryption is one of the best ways to maintain confidentiality of information. The biggest barrier to the implementation of encryption still seems to balancing real privacy with ease of use, especially in email. Even with the difficulties, encrypting data seems to be a no-brainer, but I’m still horrified by stories of unencrypted data that’s been compromised. And if you can’t encrypt it, then remove or tokenize it. Can we pledge to treat all data as if it were our own?

2. End Check-Box Compliance

As for compliance initiatives, can we collectively admit that we’ve been tyrannized by the checkbox? It’s time to take back our architectures and start driving the process to build secure infrastructures. It means taking the initiative in a proactive process, instead of reacting to an auditor who doesn’t always understand the subtleties of various technologies. It also means finally admitting we can no longer afford to cut corners on critical documentation such as incident response plans, network diagrams or business and service technical catalogs.

3. Improve Communication

Can we agree that we need to start talking “to” instead of “at” our users? It’s time to retire our knee-jerk reaction to say “no” or any antiquated communication styles utilizing aggression and hostility towards our co-workers. It’s insulting and doesn’t accomplish anything. Let’s cultivate respectful methods of collaboration, which will encourage our user community to work with us as partners in security initiatives.

4. Cut The Buzzwords

How about those buzzwords? Can we agree to stop overusing terms such as "next-gen" and APT until we’ve reached a consensus on what they actually mean? If you’re just using the term to get some attention, but can’t demonstrate an evolution of the product, then it’s a fail.

[Read Michele Chubirka's analysis of the biggest threats to an organization in "The Banality of IT Failure: Overlooking Mundane Insider Threats."]

5. Just Say No To Vendor Pseudoscience

As professionals in a discipline which is supposed to be grounded in science, we need to question surveys or reports that have a sample size of less than 20, but with results preached by vendor marketing staff like gospel. If performance results for products are presented without providing testing parameters for the purpose of reproducibility, then it’s pseudoscience. Can we all agree to demand a greater rigor from the industry in the data it puts forth?

6. Forget The FUD

And what of the classic FUD (fear, uncertainty, doubt)? Those frightening campfire stories of foreign espionage, insider threats, and supply chain vulnerabilities have provided enough paranoia to feed an existential crisis well into my next life. Maybe we should start focusing on the known dangers to our organizations instead of leaving business continuity and disaster recovery plans languishing in a file drawer. Most organizations will have to deal with a lost backup tape before a foreign spy trying to exfiltrate data.

I’m proposing these resolutions as a challenge for us all. These are recommendations you can use to become more strategic in your practice of information security, which could result in actual improvements, not just the reactive drudgery of constant firefighting. Wouldn’t it be great to look back next year without the same angst over failures and lost opportunities?


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers