April 11, 2014

FTC Can Sue Companies Hit with Data Breaches, Court Says
Security and legal experts saw the case as a landmark test of the agency's authority to enforce data security standards on U.S. companies under a section of the FTC Act that prohibits "unfair" and "deceptive" trade practices. Over the past several years, the FTC has used this clause to force numerous settlements, or "consent decrees," from companies that suffered data breaches. In her 46-page ruling Judge Salas rejected all of the Wyndham's claims and held that the FTC does have the authority to hold companies accountable for breaches resulting from their failure to apply proper security controls.


Bank on Cloud
A Microsoft Asia survey gives some interesting insights on how consumers in Asia use cloud storage services today ... Cloud storage services such as OneDrive, is like a bank. There was time when many people wondered if Banks were safest place for their cash; but most of us safe keep money in our preferred banks. Drawing parallels from history, the perception of cloud storage is changing and consumers are increasingly using it to save, share and access their valuable files and precious moments safely and with ease.


Why Should You Build Your Business Processes in the Cloud?
BPM on Cloud is IBM’s Business Process Management platform available as a fully managed cloud service. The cloud service went live in 2013 as a subscription-based service with the same world-class BPM capabilities available in the licensed product. It includes a BPM development, test and a highly available “Run” environment that is securely hosted in IBM’s SoftLayer data centers around the world. Each company gets their own dedicated BPM environment that is completely isolated from other companies’ data and secured with encrypted access to the service


Privacy authorities across Europe approve Microsoft’s cloud commitments
This is an important week for the protection of our customers’ privacy. The European Union’s data protection authorities have found that Microsoft’s enterprise cloud contracts meet the high standards of EU privacy law. This ensures that our customers can use Microsoft services to move data freely through our cloud from Europe to the rest of the world. Building on this approval, we will now take proactive steps to expand these legal protections to benefit all of our enterprise customers. The EU’s 28 data protection authorities acted through their “Article 29 Working Party” to provide this approval via a joint letter.


Heartbleed Bug hits at heart of many Cisco, Juniper products
So far, Cisco has carved out a list of about a dozen products listed as confirmed “vulnerable” to exploits based on the Heartbleed Bug, plus another list of over 60 products considered “affected” because of OpenSSL but still being investigated. About two dozen products have been confirmed to be “not vulnerable,” as well as the hosted Cisco service called Cisco Meraki Dashboard. Cisco also says its Webex service was vulnerable to the Heartbleed Bug but has been fixed. This long list made by Cisco is subject to change and updates and at any moment, no specific software security updates have been made available, though could change at any time.


Nearly 100% Are Open To Outside Help From Trustworthy Sources
"Given how vitally important it is for the CEO to be getting the best possible counsel, independent of their board, in order to maintain the health of the corporation, it's concerning that so many of them are 'going it alone,'" says Stephen Miles, CEO of The Miles Group. There are many fee-based CEO peer groups (also known as 'executive roundtables' or 'mastermind groups') across the country offering opportunities for owners, presidents, and CEOs to gather with their peers and have dialogue in a confidential open table format. Some are regionally specific and others are industry specific.


Website admins will be busy dealing with Heartbleed
The first thing website owners should do is determine who is responsible for maintaining the OpenSSL software on the servers that host their sites. "If it is a dedicated server, it is your responsibility," researchers from Web security firm Sucuri said in a blog post. "If you are on a shared hosting platform, contact your hosting provider to remind them to update their servers." Once the OpenSSL installation is patched on the server and attacks are no longer possible, it's time to obtain a new SSL certificate and revoke the old one to ensure that any private key information attackers might have obtained though the flaw won't allow them to decrypt traffic in the future.


Challenge: Keeping the Internet of Things grounded in reality
IoT is one big, complex scenario, and really needs to be toned down to specific functions and applications where it really makes sense, and is straightforward to implement. There are some great feet-on-the-ground examples of where it is creating new business opportunities. In insurance, for example, auto insurers are installing telematics sensors into policyholders' cars (with their consent, so far) to track driving patterns — and offer discounts to good drivers.


Pros and cons of using secure containers for mobile device security
Secure containers are an important part of mobile application management (MAM), along with security policies such as requiring PIN locks and whitelisting specific applications. Containerization provides a balance of security and enhanced productivity to employees, so it’s important that the secure container experience is good enough for employees to keep using it. ... One of the biggest benefits from a management perspective is that this technology allows IT to take a unified security approach and apply policies or actions across multiple devices.


Developers Oriented Project Management
Many agencies have fear of letting the programmers, especially junior programmers talk with the customer. They are not confident in their own programmers communication skills. However there is no other way for them to learn it, but to actively and constantly talk to the client. Engage in the communication to understand the domain of the problem and real business cases that are the reason for the software to be built. After all, that's what Domain Driven Development encourage us to do. To talk to the customer and get to know their domain very well.



Quote for the day:

"A life spent making mistakes is not only more honourable, but more useful than a life spent doing nothing" -- GB Shaw