Articles by Ed Moyle

By now, most organizations have adopted cloud. Increased and widespread adoption as well as expansion of existing deployments are reflected in surveys such as the 2013 Future of Cloud Computing Survey from North Bridge Venture Partners and GigaOm. This suggests that if you're a technology pro and your organization is like most, you've already spent considerable time addressing how to field cloud in a secure way. ...

For most technologists in the enterprise nowadays, cloud is a pretty big deal -- and securing it can be an even bigger deal still. Security was the top concern of 46 percent of respondents to a recent survey by North Bridge Venture Partners (The Future of Cloud Computing). While this number is actually down from last year's 55 percent, it does underscore the relative importance of security in these efforts. ...

This past week, a lesson about enterprise information security found its way to me via a somewhat unorthodox channel: specifically, an episode of Gordon Ramsay's Kitchen Nightmares. If you haven't seen it, the premise of the show is that Ramsay shows up at a restaurant -- usually one "in crisis" -- and leverages his experience to put it on track. ...

Did you know Julia Child was 37 before she learned to cook? It was a full decade later that she first set foot in front of a television camera. Before becoming the phenomenon we all know, she'd already had quite a career: She'd worked as a typist, an advertising copywriter, and later as a researcher in the intelligence community (for which she was awarded a civilian medal). ...

Everyone knows that protecting an organization's technology footprint has always been a delicate balancing act. Nowadays, literally everything about a given organization's technology portfolio is in a near-constant state of change; technologies change, usage changes and the threat landscape changes. Changes come at higher frequency -- and at increasing scale.

Sometimes you can do everything right and still run into trouble. To see this in action, pay attention the next time you're driving at dusk -- for example during an evening commute, if you have one If you do this, chances are good that you'll notice at least one person with their headlights turned off. It's not that they're doing anything malicious...

If you're a technology professional in a small or mid-sized business, chances are pretty good that information security is something you've had on your radar for quite a while now. In a smaller shop, this is usually out of necessity. As well all know, SMBs usually don't have the luxury of an expansive technology budget that would allow for extensi...

For folks on the East Coast of the United States, the past few weeks have been pretty intense. Between hurricane Sandy and the associated fallout -- flooding, lack of public transportation, power outages, dark cell towers -- many firms in impacted areas have experienced firsthand the value of their BCP -- business continuity planning -- and DR -- disaster recovery -- planning efforts...

Technology professionals who work in and around SMBs know that sometimes bringing up information security in a smaller IT shop can be a tough sell. In many cases, SMBs feel that they don't present an attractive or large enough target for hackers to be interested in them For example, a small community bank or credit union might believe that only a l...

As almost everyone has probably already noticed by now, there are some radical changes going on in the way that organizations purchase, manage and use technology. Since IT is (by its very nature) adaptive, this is not totally unexpected. However, even though we expect technology to change, there are periods when it changes faster than others. And right now, changes are coming quickly: between virtualization and cloud, mobile and BYOD, VDI, large-volume storage and the slow uphill push to Exascale computing, IT is in a period of transition. ...

Most cars nowadays come with driver and passenger airbags. It's a great safety feature that's helped save numerous lives since installing them routinely has become the norm. But sometimes, though it is rare, airbags fail to deploy even when circumstances arise where they should. Ask yourself: How would you know the difference between an airbag that works compared to one that doesn't? The "airbag" light may be on, everything might appear to be working, but do you actually have any hard evidence that the system works? Short of actually crashing the car to test it, the answer is probably no...

Most security professionals are probably very comfortable with using open source tools to implementtechnical security functionality. From nikto to snort to openssh -- there are literally hundreds of well-known, sophisticated, open source tools that perform useful and critical security functions. There are a number of advantages: Besides the obviou...

If you're in IT and your job involves securing your organizations' infrastructure, you've probably spent a good deal of time thinking through control selection -- in other words, picking the controls that most directly help you accomplish the goal of securing your environment. And you've probably also spent an equally large amount of your and your staff's time evaluating how the controls you've selected perform. ...

Information security has changed a lot over the years. Way back in the dinosaur days, life was simple. Companies set up a firewall at the border and life was good. Bad guys stayed on one side of the fancy flashing box, and our personnel lived in the pristine, attacker-free paradise on the inside. Well, that's how it was supposed to work, at least....

You've probably heard the term "consumerization of IT." Some of the network and security pros reading this probably think this is yet another meaningless industry buzzword with little or no value. However, to dismiss it as such is to potentially miss out on what is both a very powerful concept ... and one that information security practitioners ignore at their peril. ...

As many active users of IaaS (Infrastructure as a Service) can tell you, IaaS, whether implemented by an external service provider or provided by an internal service provider team, arguably grants you much more control of the underlying technology "substrate" than other cloud deployment models. In some cases, this is a good thing; for example, when you have unique legacy constraints or technology requirements that must be satisfied for applications to work properly. ...

Quite a lot has been written about the importance of due-diligence in a cloud environment. Sometimes the importance of security and compliance-related vetting in the cloud is easy to justify, like when you're evaluating an off-premises public cloud hosted at a new service provider. Other times, executives might take some convincing, like when you're talking about an internally maintained private cloud, before they see the value. ...

Virtualization has been one of the most rapidly and widely adopted technologies in recent memory. It's huge, and it's here to stay. And as security professionals know, setting up a virtual environment securely isn't easy. Significant effort goes into tasks like evaluating off-premise service providers, ensuring regulatory compliance, and standi...

It's December again, and it's a challenging time for information security organizations. It's challenging because while attacks become more prevalent during the holiday season in the form of spam and targeted malware, organizational security "readiness" paradoxically wanes at exactly the same time. This happens for a few reasons -- both because i...

Everybody knows that the cloud -- in particular, the security of cloud deployments -- is a huge pain point industry-wide. And as is the case with any new endeavor with such broad-sweeping impact, there's no shortage of well-meaning advice about how to secure it. But I confess to finding much of that advice about cloud security somewhat frustrati...