Archive for January, 2012


2012’s IT focus

January 8, 2012

More than anything, 2012 will be a realization that virtual machines are simply a stepping stone to a world in which we write code. The best IT teams will be those that embrace private and public platforms as a service and worry about real issues such as security, efficiency and effectiveness.

  • IT needs to make data secure. That’s accomplished by easy to use software that encrypts and obfuscates for the user.
  • IT needs to make infrastructure efficient. That’s accomplished by standardization, virtualization, and automation.
  • IT needs to make organizations effective. That’s accomplished, by converting resources into value for greater than it costs to do so.

Security Will Top IT Concerns for 2012

January 7, 2012

“In 2012, we will see progressive organizations applying a risk-based, continuous approach to security,” said Torsten George, vice president of worldwide marketing at Agiliance.

The company’s top five predictions for the coming year are:

  • Mobile Devices and Social Media: New products and services will emerge that deal with issues regarding employer-owned versus employee-owned data on mobile devices. These products will go beyond anti-virus and malware software. For social media threats, the capabilities of security tools will be extended to tackle increased social media cyberwarfare.
  • Cloud Computing Security: There will be an acceleration of efforts to create standards around cloud security, and independent, continuous monitoring of cloud-service providers’ security controls will become a standard part of service-level agreements.
  • Legislative Initiatives: In the second half of 2012, a government mandate will be passed that will circulate the implementation of a proactive Information Security Risk Management system and related best practices to tackle cybersecurity threats.
  • Anti-Cybercrime Collaboration: Sharing of sensitive threat information will become vital to prevent widespread cyberattacks across different verticals and industries. The increase in cybersecurity attacks and data breaches will lead to the introduction of a formal information-sharing database.
  • Risk is Security’s New Compliance: There will be a further increase in demand for software tools that provide both advanced reporting capabilities and interconnectivity to ensure that remediation actions can be triggered and followed through easily. To better describe the capabilities of these tools, analysts will create a new software category called Security Risk Management.

Source Security Will Top IT Concerns for 2012


A Handful of 2012 Privacy & Security Predictions

January 3, 2012

A handful of thoughts on what 2012 may hold by Attorney Richard L. Santalesa:

  • The EU’s on deck Data Protection Regulation promises – or threatens depending on your viewpoint – to significantly revamp the EU’s data protection regimes, adding additional potential uncertainty to the EU arena.  The leaked DPR indicated a new broad extraterritorial reach, stronger protections for children under 18, embracing privacy by design and the right to be forgotten, a requirement to designate a privacy officer, and increased enforcement powers and penalties.  We’ll see what happens when the rubber meets the road.
  • Will the final version of the HIPAA breach notification rule make a long-awaited appearance in 2012, along with guidelines per Stage 2 of the electronic record incentive program within the HITECH Act ?  The smart money says yes, especially since Congress recently admonished DHS to hurry up already given that the “interim” rule has been around since 2009.
  • The FTC plans to issue in early 2012 its finalized Privacy Report, formally titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” which I believe will have a significant impact on the 2012 privacy/infosec landscape.  The draft version, issued a year ago in December 2010, immediately sparked wide-ranging conversations on Do-Not-Track, Privacy by Design, Fair Information Practice Principles, Geolocation and other privacy-related issues, many of which quickly found their way into 2011’s proposed bills.  I expect the finalized report to be heavily influential on 2012’s infosec and privacy debates.
  • Information security and data protection issues surrounding contracting for cloud services will begin the road to maturity in 2012 as the federal government continues its push of fed agency IT needs into the cloud.  The result will help provide guidance on cloud contracting issues addressing audit assurances, cloud security and accreditation, e-discovery issues, security controls and allocation of liability and responsibility for data security, to name but a few.
  • Finally, 2012 will unfortunately see no end in sight to advanced attacks resulting in data breaches, with attacks on mobile devices to ramp up significantly.  In response the move to Big Data and data hoarding may reverse as companies in specific sectoral areas begin paring back on how much data they retain.

For additional 2012 infosec and privacy predictions, pop over to Christine Marciano of Cyber Data Risk Managers’ collection, which includes the author’s  views of 2012, at


The 2011 TIME 100

January 2, 2012

Meet the most influential people in the world. They are artists and activists, reformers and researchers, heads of state and captains of industry. Their ideas spark dialogue and dissent and sometimes even revolution.
Read more:,28757,2066367,00.html #ixzz1iFeAkVMW