Great American technologists from academia and industry have always ensured
our national security has the edge it needs, in peace, crisis and war.
Academic Fredrick Terman (pictured) brought us radar and Silicon Valley.
Edwin Land brought us overhead ISR. Gordon Moore ensured integrated circuits
were accelerated into our community first. Scott McNealy drove security into
Operating Systems. Bill Gates and Larry Ellison and a long list of other
great IT leaders have also dedicated significant effort to the national
security community in ways many will never know.
Great technology heroes also serve in government. Thanks to them government
has been pioneering advances in secure cloud computing, biometrics, IT
security, collaboration, geospatial, visualization, remote sensing and
collaboration. Government IT leaders routinely contribute to our nation’s
understanding of... (more)
Enterprise developers and architects beware: OAuth is not the double rainbow
it is made out to be. It can be a foundational technology for your
applications, but only if you’re aware of the risks.
OAuth has been silently growing as the favored mechanism for cross-site
authentication in the Web 2.0 world. The ability to leverage a single set of
credentials across a variety of sites reduces the number of username/password
combinations a user must remember. It also inherently provides for a granular
Google’s announcement that it now offers OAuth support for Go... (more)
The Open Web Application Security Project (OWASP) is focused on improving the
security of software. Their mission is to make software security visible, so
that individuals and organizations worldwide can make informed decisions
about true software security risks and their OWASP Top 10 provides a list of
the 10 Most Critical Security Risks. For each risk it provides a description,
example vulnerabilities, example attacks, guidance on how to avoid and
references to OWASP and other related resources. Many of you are familiar
with their Top 10 Most Critical Web Application Security R... (more)
IBM (NYSE: IBM) introduced the industry's first set of commercial "cloud"
services and integrated products for the enterprise. This will give clients a
reliable way to standardize IT functions that are rapidly becoming too costly
or difficult to use.
Based on nearly two years of research and hundreds of client engagements, the
IBM Smart Business cloud portfolio is meant to help clients turn complex
business processes into simple services. To accomplish this, Smart Business
brings sophisticated automation technology and self-service to specific
digital tasks as diverse as software... (more)
I was talking with Avanade’s Senior Director for Enterprise Security, Ace
Swerling, earlier today. The conversation touched on a wide range of security
and identity management issues that I’ll probably return to, but one of
Ace’s comments brought my attention back to an issue that has been nagging
at me for a while.
As I’m sure we all know, security concerns often figure highly in
discussions about moving Enterprise applications and data to the Cloud.
Indeed, I spoke with other Avanade executives earlier this year to report on
a survey they had commissioned that suggested just h... (more)
It comes as no surprise that the CEO of Target has resigned in the wake of
their massive data breach. The 2nd executive, if I remember correctly, to
resign due to the mishap. Data breaches are costly according to the most
recent Ponemon 2014 Cost of Data Breach Study: United States and the main
reason for the steep increase in costs is ‘the loss of customers following
the data breach due to additional expenses required to preserve the
organization’s brand and reputation.’ The cost of each lost or stolen
record, on average, increased from $188 to $201 per record from 2012 to 2013 ... (more)