Cloud-computing service provider contracts, for most businesses and government customers, are take-it-or-leave it propositions, so organizations must approach a services agreement cautiously, IT security lawyer FranÃ§oise Gilbert says.
Apple's introduction of its third iteration of the iPad e-tablet, coupled with the growing popularity of cloud computing, could lead to new methods of enterprise computing and IT security, Delaware Chief Security Officer Elayne Starkey says.
"The changes we propose in revision 4 are directly linked to the current state of the threat space - the capabilities, intentions and targeting activities of adversaries - and analysis of attack data over time," says NIST's Ron Ross.
No one - not even a security vendor - is immune to cyber attacks. "It's not a question of if or when companies will face an attack, but how they're going to defend against it," says Symantec's Francis deSouza.
Mobile security is a new discussion track at RSA Conference, but it's long been a hot topic for CISOs. Entrust's Dave Rockvam discusses BYOD and how organizations are securing personally-owned devices.
Cloud computing gives the jitters to those charged with protecting their organization's IT assets. To gauge the concerns of security professionals about cloud computing, we're fielding a global survey covering all industries. We want to know your views.
"Accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill," NIST Computer Scientist Tim Grance says.
The draft publication defines high-priority requirements for standards, official guidance and technology developments that need to be met in order for agencies to accelerate their migration of existing IT systems to the cloud computing model.
Heavily regulated industries like banking and healthcare have been reluctant to make the virtualized leap to the cloud, fearing a loss of control could open them to unforeseen risk. Are their concerns unfounded?