The i-Technology Media!
Register | Log in
   
 
.NET  ·  AJAX  ·  CLOUD  ·  ECLIPSE  ·  FLEX  ·  OPEN WEB  ·  iPHONE  ·  JAVA  ·  LINUX  ·  OPEN SOURCE  ·  ORACLE  ·  PBDJ  ·  SEARCH  ·  SILVERLIGHT  ·  SOA  ·  VIRTUALIZATION  ·  WEB 2.0  ·  WIRELESS  ·  XML
Comments
Drool, Britannia? Is the UK Failing the Cloud?
By Roger Strukhoff
Richard Davies wrote: The UK has a good crop of technology pioneers in cloud computing - for example ElasticHosts, FlexiScale, Flexiant, OnApp - and also some strong government initiatives such as G-Cloud. We will have to see whether this kind of technical leadership converts into swift mass-market adoption or not.
Jan. 8, 2012 11:38 AM EST
read more & respond »
Cloud Expo on Google News
Did you read today's front page stories & breaking news?

Cloud Expo & Virtualization 2011 West
Keynotes
Oracle
Opening Keynote | An Enterprise Cloud for Business-Critical Applications
Abiquo
Day 2 Keynote | The Enterprise Cloud Tightrope - Balancing for Success
Akamai
Day 3 Keynote | The DNA of an Enterprise Cloud
DIAMOND SPONSOR:
Oracle
Many Clouds, Many Choices'Cloud
PLATINUM PLUS SPONSORS:
Abiquo
Enterprise Cloud Best Practices - Town Hall - Join the discussion…
PLATINUM SPONSORS:
Intel
Progressing Toward the Federated, Automated and Client-Aware Cloud
New Relic
How to build an app with Twitter-like throughput
Rackspace
Computing in the Cloud Era
GOLD SPONSORS:
Gale Technologies
Practical Cloud Migration
IBM
Re-think IT. Re-inventing Business.
Intel/McAfee
Identity Driven Security in the Cloud
PerspecSys
Hackers Hackers Everywhere, Is My Public Cloud That Safe?
Red Hat
Unlock the Value of the Cloud
SHI
Mission Critical Applications and the Cloud - Myth or Reality?
SoftLayer
Not Your Grandpa's Cloud
Terremark
Integrating Enterprise Clouds
VMware
Upgrade to a vCloud
POWER PANELS:
Cloud Expo Silicon Valley: CTO Power Panel
Cloud Expo Silicon Valley: CEO Power Panel
Cloud Expo Silicon Valley: Cloud SuperStars Panel
Cloud Expo Silicon Valley: CloudNOW Panel
Click For 2010 West
Event Webcasts
Cloud Expo & Virtualization 2011 East
DIAMOND SPONSOR:
Dell
Dell & VMware Deliver the Enterprise Hybrid Cloud
PLATINUM PLUS SPONSORS:
Abiquo
Are Financial Services Organizations Risking Security by Avoiding Cloud Computing?
Oracle
From Consolidation to Enterprise Private PaaS
PLATINUM SPONSORS:
Intel
Driving the Transformation to Next Generation Cloud Data Centers
Rackspace
The Inevitability of an Open Cloud
GOLD SPONSORS:
CA Technologies
Follow YOUR path to Cloud Computing
Interxion
Who Keeps the Cloud in the Air?
Microsoft
Patterns for Cloud Computing
PerspecSys
War in the Clouds: Are you ready?
ServiceMesh
The Big Win: Stop Playing Small-Ball with Your Cloud Strategy
Terremark
Evaluating Enterprise Clouds
Xiotech
Cloud Storage: Myths and Realities
POWER PANELS:
Cloud Expo New York: CTO Power Panel
Cloud Expo New York: CEO Power Panel
Cloud Expo New York: CMO Power Panel
Cloud Expo New York: Wrap-Up Power Panel
Click For 2010 West
Event Webcasts
Live Google News by SYS-CON!
Top Three Links You Must Click On


From the Blogosphere
The Encryption Dance
Sung to the tune ‘Safety Dance‘ by Men Without Hats

By: Peter Silva
Sep. 9, 2009 05:30 AM

S-s-s-s  A-a-a-a  F-f-f-f  E-e-e-e  T-t-t-t  Y-y-y-y

You can make the Big S while you sing along.*

Data goes where it want to, It can leave your trace behind.

Cause the web don’t care and if it don’t care, Well it’s exposing time.

I say, data can go where it wants to, A place where they will never find.

And we can act like we come from NSA, Leave the eavesdroppers far behind.

And we encrypt.  Those things.

We can surf where we want to, Data’s masked and so am I

And we can hide real neat from our hats to our feet,

And surprise ‘em with a ‘Ha Ha’ cry.

Say, they can crack if they want to, if they don’t somebody will.

And if they do break in, the data is encrypted

And they’ll look like an imbecile.

I say, we got data, we got data, Everything’s in our control

We got data, we got data, encrypting it wall to wall

We got data, we got data, everyone check their systems.

We got data, we got data, everyone’s taking a chance

Encryption Dance.

Encryption is a key element in security – both for data in transit and data at rest.  It doesn’t necessarily need to be highly sensitive data either.  Just something you want to keep secret.  I’ve written about encryption a few times, especially in context surrounding high profile image breaches like TJX and Heartland since both those might have been avoided if the data was encrypted.  It’s not as simple as the lyrics depict as Lori points out in this blog.  Sure, there is SSL, HTTPS, IPSec and encrypted drives but it’s difficult to encrypt every piece of data, especially for the enterprise.  In fact, there’s probably some data that doesn’t need to be encrypted.  Which is where a Access Control Policy can come into play.  Depending on the context of the user/device, remote and mobile workers should be connecting via an encrypted tunnel using your VPN – that’s a no brainer.  Depending on the host inspection check, your policy might only allow access to certain resources depending on the device’s posture and hopefully all that traffic is encrypted.  Internal LAN’s are no longer the ‘safe haven’ that they used to be.  Partner’s, contractor’s and even unauthorized employees might have visibility to certain restricted information.  Here again, a policy could be enforced to first, restrict access to certain areas of your network (which many do already) and second, if an authorized employee is grabbing sensitive data, why not encrypt that specific file transmission even on the internal network to thwart any prying eyes or sniffing agents.

As for PCI, there’s already plenty of articles and opinions about it’s current state and effectiveness so I won’t dive in here.  What I will point out is an upcoming deadline that many might be unaware of: The unattended, PIN entry, Point-of-Sale devices.  While the deadline for PCI-DSS has passed, the deadline for PA-DSS entry terminals is next year – July 2010.  That means that most gas station pumps that you use your debit with, are unencrypted today.  There will be a mad rush next year for Fuel Retailers to either deploy an encrypted PCI-compliant PIN entry device inside or an encrypted keypad outside.

Finally, we continue to see data exposures due to stolen or lost laptops.  Here again, depending on your policy, the type of user/device and information accessed (plus other criteria) encrypting the drive to protect against inadvertent exposure is certainly a good idea – along with strict and potential severe consequences if someone does not comply.

ps

*Sung to the tune ‘Safety Dance‘ by Men Without Hats.

#5 out of 26 Short Topics about Security

Read the original blog entry...

Published Sep. 9, 2009— Reads 1,854
Copyright © 2009 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
About Peter Silva
Peter Silva covers security for F5’s Technical Marketing Team. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Bringing the slightly theatrical and fairly technical together, he covers training, writing, speaking, along with overall product direction and evangelism for F5’s security line. Prior to joining F5, he was the Business Development Manager with Pacific Wireless Communications. He’s also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others. He earned his B.S. from Marquette University, and is a certified instructor in the Wisconsin System of Vocational, Technical & Adult Education.

Add Your Feedback

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON Featured Whitepapers

ADS BY GOOGLE

Breaking Java News
AFG Flameguard Issues Private Placement Shares, Makes Change on Board and Reports on Deployments
Replay of TigerLogic's Earnings Call for the Third Quarter of Fiscal 2012 Held on Monday, February 13, 2012
Hanfeng Evergreen Announces Second Quarter 2012 Financial Results
Pratt & Whitney Receives Silver Boeing Performance Excellence Award
F119 Achieves Significant Milestone Powering the F-22; 200,000 Flight Hours Logged During Safest Engine Introduction in USAF History
Pratt & Whitney's F135 Engine Exceeds 20,000 Hours Powering the F-35
Pratt & Whitney Global Service Partners' TOS Facility Celebrates 30th Anniversary
Asiana Airlines Selects Pratt & Whitney Fleet Management Program
Pratt & Whitney Receives Maintenance Contract to Support F100 Engines for Royal Jordanian Air Force
ADVERTISE   |   MAGAZINE SUBSCRIPTIONS   |   FREE BREAKING-NEWSLETTERS!   |   SYS-CON.TV   |   BLOG-N-PLAY!   |   WEBCAST   |   EDUCATION   |   RESEARCH
.NET Developer's Journal - .NETDJ   |   ColdFusion Developer's Journal - CFDJ   |   Eclipse Developer's Journal - EDJ   |   Enterprise Open Source Magazine - EOS
Open Web Developer's Journal - OPENWEB   |   iPhone Developer's Journal - iPHONE   |   Virtualization - Virtualization   |   Java Developer's Journal - JDJ   |   Linux.SYS-CON.com
PowerBuilder Developer's Journal - PBDJ   |   SEO / SEM Journal - SJ   |   SOAWorld Magazine - SOAWM   |   IT Solutions Guide - ITSG   |   Symbian Developer's Journal - SDJ
WebLogic Developer's Journal - WLDJ   |   WebSphere Journal - WJ   |   Wireless Business & Technology - WBT   |   XML-Journal - XMLJ   |   Internet Video - iTV
Flex Developer's Journal - Flex   |   AJAXWorld Magazine - AWM   |   Silverlight Developer's Journal - SLDJ   |   PHP.SYS-CON.com   |   Web 2.0 Journal - WEB2
Apache   |   CMS   |   CRM   |   HP   |   Oracle Journal   |   Perl   |   Python   |   Red Hat   |   Ruby on Rails   |   SAP   |   SaaS
SYS-CON MEDIA:   ABOUT US   |   CONTACT US   |   COMPANY NEWS   |   CAREERS   |   SITE MAP
SYS-CON EVENTS:   |  AJAXWorld Conference & Expo  |  iPhone Developer Summit  |  Cloud Computing Conference & Expo  |  SOA World Conference & Expo  |  Virtualization Conference & Expo
INTERNATIONAL SITES:   India  |  U.K.  |  Canada  |  Germany  |  France  |  Australia  |  Italy  |  Spain  |  Netherlands  |  Brazil  |  Belgium
 Terms of Use & Our Privacy Statement     About Newsfeeds / Video Feeds
Copyright ©1994-2008 SYS-CON Publications, Inc. All Rights Reserved. All marks are trademarks of SYS-CON Media.
Reproduction in whole or in part in any form or medium without express written permission of SYS-CON Publications, Inc. is prohibited.
 
close this window