May 2010 Archives

Call for participants for cloud security survey

| No Comments | No TrackBacks
| More

Is your organisation involved in a cloud or SaaS project? Bloor Research is current;y undertaking a survey that aims to discover how organisations see the security issues of cloud-based or SaaS computing and how they are handling them. If you have any such project in this area, Bloor would like to invite you to participate in this project by filling in a short survey.

To start the survey, simply click here:
https://www.surveymonkey.com/s/CKKLK55
It should take around ten minutes. If you'd like to leave the survey at any time, just click 'Exit survey'. Your answers will be saved.

As a thank you for taking the survey you'll be entered into a free draw to win €100 worth of Amazon vouchers, the runner up will receive Amazon vouchers worth €50. Bloor Research will also make a donation to Musclehelp, the charity that helps young people with muscle disease. The deadline to complete the survey is 31st May 2010.

Fran Howarth
Senior analyst, security
Bloor Research

Building Security In Maturity Model gets an Update

| No Comments | No TrackBacks
| More

Today we saw an updated release of the "Building Security In Maturity Model" (BSIMM) study, which significantly expands the data defining benchmarks for successfully developing and growing an enterprise-wide software security initiative.

Launched in March 2009, BSIMM is the industry's first and only structured set of best practices for software security based on real-world data rather than philosophy and theory. The latest release, BSIMM2, triples the size of the original study from nine organisations to 30, across a range of seven overlapping verticals including: financial services (12), independent software vendors (7), technology firms (7), healthcare (2), insurance (2), energy (2) and media (2). BSIMM2 now reports the collective expertise of 635 people in firms with 130 years of collective experience.

This is really cool work and moves the game forward in terms of software security. Check out this link for more information

Nigel Stanley
Practice Leader - Security
Bloor Research

Not protecting your website is irresponsible

| No Comments | No TrackBacks
| More

You wouldn't leave the house without locking the door, right? The police may not be lauded for their willingness to investigate burglaries these days, but they certainly won't be interested if the door was left open, because that is irresponsible. For many organisations, their websites are valuable pieces of property, but too few organisations are doing enough to protect themselves. The most recent version of the CSI Computer Security and Crime Survey from 2009 found that malware attacks, which had previously been on the wane, are increasing rapidly and are the most common threat faced by organisations, cited by nearly two-thirds of respondents. Many big organisations have made their way into the headlines as the result of such attacks recently: "Hacked US Treasury websites serve visitors malware" and "SQL injection hits sensitive US army servers" are just two recent headlines. But, with attacks increasingly targeted at specific organisations or individuals, even the smallest of firms cannot afford to be complacent. 


Yet many organisations are leaving web security to chance. And this is at the same time as organisations are expanding their use of the internet, seeing the value of communicating with employees and customers via social networking and other Web 2.0 sites, which are becoming prime targets for hackers. A recent survey by Breach Security shows that 19% of hacking incidents in 2009 were targeted at such sites and the problem is growing. 


For many organisations, especially small ones that lack resources for handling additional tasks and that have limited budgets, the problem is one they would like to solve, but they are unable or unwilling to deploy and manage yet more software and hardware for solving a security issue. For them in particular, the use of an outsourced service operated and managed by experts is a viable alternative to consider. There is no upfront investment required, no ongoing management and upgrades are pushed out automatically to all users simultaneously so that the latest protection is always available. 


This paper, Why web security is best served in the cloud, provides an introduction to the use of web security services based in the cloud, describes the essential components to look for in such as service and outlines the benefits organisations will see from outsourcing such requirements. With website attacks and defacements a growing area of concern, even the smallest organisation can make sure that they are secure. 


Fran Howarth
Senior analyst
Bloor Research

Financial sector reform

| No Comments | No TrackBacks
| More

The global financial crisis has highlighted the need for reform of the financial services sector. In the UK, the Financial Services Authority, which regulates financial sector, including banking services, general insurance and mortgages, has already taken a number of steps to reform the sector following publication of a regulatory review of financial services in March 2009. 


Central to the reforms being made is an acknowledgement that its previous policy of lighter touch regulation had failed and a more heavy-handed approach was needed. In the future, it intends to take a more active role and will engage in more intensive supervision of financial firms, including taking tougher action against transgressors. 


A new article published in Tabaq Software's Spring 2010 newsletter discusses the changes being made, the reforms that are likely to be imposed and what financial services institutions should do to prepare themselves. The article can be accessed in full here: Financial regulations--from reactive to proactive.

Fran Howarth
Senior analyst--security
Bloor Research

Find recent content on the main index or look in the archives to find all content.

-- Advertisement --