Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Security roundup: virtualization is key to public cloud security; China, Russia accused of cyber-espionage; More Duqu for you

And there's a changing of the guard at Cisco plus baking security into chips...

Ever been in an argumentative mood? Well, last week we were, with editors here coming up with 33 red-hot arguments, such as open source vs. proprietary, or which browser is better.

We got argumentative on security topics, too. We asked whether you should share data-breach information, with one side arguing against it unless you're forced to, and the other saying it will help the community as a whole to stop cybercrime. We're asking readers to vote their opinions online, and interestingly, about three-quarters spoke out in favor of sharing breach information.

More on security: The Security All-Stars

In a story on the "bring your own device" (BYOD) phenomenon, we focused on the question of whether corporations should say "yes" to employees wanting to use their personal iPhones, Android devices, iPads or any mobile device they own for business use on the corporate network.

Out of those who voted, about 28% said "Yes, but it is not my choice to do so," about 38% said "Yes, but I must review the devices first," and about a third said, "No way. I have seen too many viruses."

The BYOD debate story shows some businesses with close association to the federal government are contractually restricted from allowing employee-owned devices, and that the U.S. government is not a BYOD workplace at all. Former White House cybersecurity adviser Richard Clarke says the BYOD question is among the most important enterprise security questions today.

Virtualization holds a key to public-cloud security

While conventional wisdom says virtualized environments and public clouds create massive security headaches, the godfather of Xen, Simon Crosby, says virtualization actually holds a key to better security. Isolation -- the ability to restrict what computing goes on in a given context -- is a fundamental characteristic of virtualization that can be exploited to improve trustworthiness of processes on a physical system even if other processes have been compromised, says Crosby, a creator of the open source hypervisor and a founder of startup Bromium, which is looking to use Xen features to boost security.

China blasting

In further efforts to confront cyber-espionage from nation states, the U.S. government last week issued a report blasting China and Russia for stealing information for economic gain.

"Chinese actors are the world's most active and persistent perpetrators of economic espionage," the report from the office of the National Counterintelligence Executive said. The report said China's intelligence agencies often leverage people who have inside access to corporate networks to gain trade secrets and copy them to removable media.

Last week, Enterprise Strategy Group, in a survey of 244 security professionals, found that the majority of them believe they have been hit by the kind of stealthy infiltration to steal information of economic or military value. Many today call this the "advanced persistent threat," and the survey also found that APT concerns are leading to an increase in security budgets and more involvement from the executive management in the doings of the IT and security department.

The governments of the U.S. and the United Kingdom showed some solidarity last week as Vice president Joseph Biden and British Prime Minister David Cameron condemned efforts by some countries to censor their citizens' use of the Internet. They also made the case that free expression online has long-term benefits.

Biden said, "No citizen of any country should be subject to a repressive global code when they send an email or post a comment to a news article," For his part, Cameron said, "Governments must not use cybersecurity as an excuse for censorship or to deny people their opportunities that the Internet represents."

More on Duqu

Last week researchers provided more insight into Duqu, the windows-based Trojan seen as a successor to Stuxnet, though Duqu is now seen as more aimed at reconnaissance of networks rather than attempts to interfere with operation of industrial control systems. It was learned that Duqu attempts to exploit a Windows kernel zero-day vulnerability, but as of this writing remains unclear exactly when Microsoft, which is suggesting a workaround, might issue a patch against Duqu.

Changing of the guard at Cisco

Chris Young, former senior vice president at VMware, has been tapped to head up the security direction for Cisco, now that Tom Gillis, formerly vice president of the security technologies business unit, has left to pursue an entrepreneurial opportunity elsewhere, according to Cisco. Cisco has created the Cisco Security Group by combining two formerly separate units, the security engineering unit that Gillis had directed, with what was called Cisco's global government security solutions. Young, as senior vice president, is expected to head up Cisco's security direction, and he starts work on Nov. 14.

Baking security into chips

The cutting-edge intelligence research development arm of the government wants to take advantage of the world's semiconductor manufacturing capacity but make sure that US security and intellectual property protection is baked in. The Intelligence Advanced Research Projects Activity (IARPA) group is looking to fund development of new, advanced chip-making technology under a program it calls Trusted Integrated Chips. TIC would feature what IARPA calls "split-manufacturing," where fabrication of new chips would be divided into Front-End-of-Line manufacturing consisting of transistor layers to be fabricated by offshore foundries and Back-End-of-Line development that would be fabricated by trusted US facilities.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: APT, Cisco, Facebook, Google, LAN, Microsoft, TIC, VMware
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: data breach, security, Virtualization
Latest Blog Posts
Whitepapers
  • Web 2.0 in the Workplace Today
    More than a decade after the term ‘Web 2.0’ was coined, many businesses are still nowhere near to taking full advantage of the collaborative technologies the term refers to. Undoubtedly, confidence is growing in relation to using tools such as Facebook, Skype, Twitter, and indeed many more organisations are using such technology now compared to even just a couple of years ago. But the fact remains that a worrying amount of businesses seem to be operating a ‘lockdown’ approach – an approach that I’m sure many Board-level staff know is simply not good for business in the long-term.
    Learn more »
  • Why Encrypt? Securing Email without compromising communications.
    Encryption is a vital component of any DLP strategy. It allows businesses to exchange sensitive information without compromising on security; even if data is intercepted, encryption makes it unreadable and renders it tamper-proof. Read on.
    Learn more »
  • Agile: Transforming small-team thinking into big business results
    Agile is fast becoming the development method of choice for many Australian businesses. This whitepaper discusses key trends and best practices for scaling agile within complex organisations.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.