2012 has been a year of great achievement for Virtela. One case in point: we are closing the year with 40 industry awards recognizing our continuous innovation in the cloud, our unique approach towards managed services, our partnership-based model and our exceptional customer support. These achievements instill a sense of great pride in our company, but more importantly, they motivate and drive us to continue to innovate and achieve the highest standards possible to help our customers and partners succeed.
Thanks to the Panama Canal linking the Pacific and the Atlantic Oceans, Central America is the focal point of global trade and commerce. Years of trade ships rolling in and out of the region have delivered global interests and tremendous economic growth and opportunities. And with trade comes the demand for regional inter connectivity between Central American countries, as well as connectivity with the rest of the world. The region is not only a crossing point of ships, it also hosts convenient proximity to major subsea cable systems traversing between North America and the business capitals of the Andean Region and Southern Cone economies.
Today’s companies are constantly reminded that if they aren’t thinking on a international scale, they aren’t dreaming big enough. The Internet Age has brought customers and partners from all over the map into the fray, and the maturation and integration of global markets has inspired more firms to set up foreign outposts. But as these organizations attempt to extend their reach into new regions, many are watching their legacy infrastructure strain under the pressure.
Controlling costs, delivering strong performance and ensuring uptime for primary and backup networks was never an easy job description for enterprise IT teams, but the task has grown taller as operations expand and fragment. Instead of serving one location, they are monitoring traffic between multiple satellite offices (and potentially multiple continents). Instead of dealing exclusively with hardwired desktops, they are balancing VPNs and all kinds of associated arrangements to support remote and mobile workers.
When IT security professionals are asked to describe a “typical” day at the office, there’s usually a wry smile followed by a few moments of hesitation. Considering the wide variety of threats they may face or fires they might fight, it can be hard to come up with a simple summary that an outsider would understand.
Nevertheless, some days are stranger than others. And when things start getting “weird” on the company network, administrators are all but assured of a long night ahead. To mitigate potential damage and increase their odds of an early evening, smart IT pros know it’s all about effective security information and event management (SIEM).
Security and compliance are the primary pillars of risk management in the IT world, yet companies are still having trouble resolving how the two interact. Some assume that the terms are essentially synonymous, just subtle variations on a theme. But others insist that the two are decidedly different, and often end up prioritizing one over the other as a result.
As is often the case, the answer lies somewhere in the middle of this spectrum. While compliance and security are two distinct principles, effectively satisfying each objective depends on keeping them in close alignment with one another.
Last month, Wired.com published an article about the various and seemingly unusual ways to kill a company’s data center. By this point, we’ve all read about the unfortunate consequences that hurricanes and wildfires can have on a business’ network. Silly employee mistakes are equally notable and just as widely highlighted.
One data center issue that we may not think about, though, that Wired was actually wise to point out is squirrels. That’s right, squirrels. Wired was so bold to call squirrels the “data center’s enemy No. 1.” That might be a little extreme, but they can certainly be a nuisance.
IT nonprofit CompTIA recently released the results of its Third Annual Trends in Cloud Computing study, which – as one might expect at this point – shows the use of cloud computing among enterprises is still on the up and up.
According to the study, more than 80 percent of businesses are currently using the cloud in some capacity, marking the third straight year this figure has grown. Even more impressive, the study also found that 85 percent of businesses surveyed have positive feelings about the cloud, up from 72 percent in 2011.
It’s not a bad time to be on the business side of the cloud. In fact, if you keep up with the latest analyst reports and projections, it’s actually a good time to be in the cloud. Gartner’s most recent IT spending report, released earlier this month, predicts cloud spending to nearly double within the next five years, jumping from $109 billion in 2012 to a cool $207 billion in 2016.
Not too shabby.
Of course, it’s not a bad time to be on the customer side of the cloud either. Massive spending growth for the cloud indicates someone must be doing something right.
However, there is still confusion surrounding the cloud. For all its benefits, there are plenty of myths, misconceptions and general misunderstandings about the technology that may hinder businesses from using the cloud to its utmost potential – or in some cases, may lead businesses to develop too high of expectations.
Ask yourself: Do you need a Security Information and Event Management (SIEM) to maintain PCI compliance?
According to section 10.6 of the latest Payment Card Industry Data Security Standard requirements (PCI DSS v2.0), any entity involved in payment processing is required to perform log analysis at least once daily.
At a recent security conference that I attended, SIEM was the keynote topic. The speaker covered the areas of log retention and reporting in great detail, but fell short in analysis. I asked the speaker to explain the process around creating log analysis, knowing this was a loaded question as we at Virtela have been working on this for years. My intent was not to challenge the speaker; I simply wanted to compare our thoughts about good processes for log analysis . The speaker danced around the subject, answering in abstracts like “try to understand what you are looking for” (not bad, but pretty vague), “understand the threat landscape” (OK, sure that is important, but still pretty vague), and went on about some other lofty ideas, but no concrete “first you do this, followed by this, and then proceed with this…” As I have attended many conferences this year, it is becoming apparent to me that there seems to be a lack of clarity on the subject of operationally defining security events that can be generated (via correlation) from a SIEM. So, I decided to share my thoughts on the subject in hopes of helping those that are trying to deploy a SIEM solution, as well as maybe sparking a healthy debate.
There was a time not too long ago when every conversation about the benefits of the cloud was accompanied by a “but,” followed by something to the tune “what about security?” Businesses were worried that storing their data and running their applications in the cloud presented a security problem, as they would be required to sacrifice control to the hands of some third-party vendor they barely knew.
And their worries were not without merit. It’s true; trusting your data to some other company can – and in some cases should – be a daunting move. After all, in this era of multi-million-dollar data breaches, cybercriminal attacks and the rise of so-called hacktivists, it seems wise to keep your cards close to the vest. You didn’t build the cloud provider’s data center. You don’t know who has access to it on a daily basis. Why on earth would you store your company’s most valuable assets there?