Stories by Andreas M. Antonopoulos

  • Parting Thoughts: The world of security has turned on its head

    By Andreas M. Antonopoulos | 12 October, 2011 02:29

    For the past several years, I have had the honor of writing for Network World in "Risk and Reward." Unfortunately, that time has come to an end as I am leaving the world of independent analysts to pursue new adventures. In my last column, I'd like to explore some of my recurring themes and offer some predictions for the future.

  • Fail a security audit already -- it's good for you

    By Andreas M. Antonopoulos | 05 October, 2011 03:24

    Failing an audit sounds like the last thing any company wants to happen. But that's because audits are seen by many as the goal of a security program. In reality, audits are only the means of testing whether enforcement of security matches the policies. In the broader context, though, an audit is a means to avoid a breach by learning the lesson in a "friendly" exercise rather than in the real world. If the audit is a stress-test of your environment that helps you find the weaknesses before a real attack, you should be failing audit every now and then. After all, if you're not failing any audits there are two possible explanations:

  • Competing for privacy in a social media world

    By Andreas M. Antonopoulos | 08 September, 2011 08:48

    For years, Facebook users have been clamoring for better privacy controls and clarity, while Facebook engineers oscillate between improvements and major privacy snafus. Every now and then a new wave of exasperated users cry out "That's it, I'm leaving". Up to now, users really didn't have anywhere to go after quitting, so they effectively quit the social media scene, self-ostracized (MySpace is equivalent to being exiled, perhaps worse). Now that they have somewhere else to go (Google+), Facebook is ramping up its privacy controls and seems to be taking privacy more seriously. Let the privacy competition begin!

  • How to be an effective security buyer

    By Andreas M. Antonopoulos | 02 May, 2011 21:45

    In previous columns I have repeatedly emphasized the importance of interoperability and the danger of security fragmentation. Security is so fragmented that it is often hard to discern between hype and reality. Large security vendors try to draw you into a single-vendor closed integration package. Small vendors try to sell you the latest magic bullet, presenting what should be a feature as a whole new industry. Inevitably, you are left to cobble together disparate systems in order to get the depth of defense and layering of controls that you need.

  • Security fragmentation needs to end

    By Andreas M. Antonopoulos | 14 April, 2011 07:45

    A new week, a new rash of attacks against security vendors, email marketers and banks. It would be easy to point fingers and laugh at the irony, especially in the case of security vendors, but that would be both petty and shortsighted.

  • Security will rescue cloud computing

    By Andreas M. Antonopoulos | 18 March, 2011 06:46

    Whenever the topic of security is mentioned in the context of cloud computing, it is usually discussed as the "big barrier" to adoption. The perceived or actual lack of security in the cloud makes it impossible for businesses to make the leap into this new computing paradigm. I propose a different perspective: Security will rescue cloud computing.

  • More censorship, data breaches and devices: Security predictions for 2011

    By Andreas M. Antonopoulos | 17 December, 2010 08:04

    This past year has been a doozy in the security world.

  • The missing piece of cloud security?

    By Andreas M. Antonopoulos | 22 September, 2010 08:14

    Cloud computing, especially public cloud infrastructure-as-a-service is not yet a reality for the vast majority of companies. Recent announcements however, from VMware, Citrix and Oracle clearly show that enterprise cloud computing is gaining momentum.

  • Security-as-a-service growing

    By Andreas M. Antonopoulos | 01 September, 2010 01:32

    When you ask IT professionals if they use cloud computing or software-as-a-service, most start by saying "no". But if you ask some follow up questions, you will quickly find out about "that one application" that is a SaaS application.

  • Our growing security quagmire

    By Andreas M. Antonopoulos | 21 May, 2010 05:44

    Information security was always an esoteric field but with personal computing came personal security issues, culminating in the identity theft problem that concerns even the most techno-phobic of consumers. It's about to get much worse.

  • Google's privacy afterthought

    By Andreas M. Antonopoulos | 27 April, 2010 06:12

    A few days ago, 10 privacy commissioners from Canada, the United Kingdom, France, Germany, Italy, Spain, Israel, Ireland, The Netherlands and New Zealand wrote an open letter to Google's CEO Eric Schmidt asking for more proactive privacy protections in new applications. The commissioners are not objecting to Google's overall privacy policies, but to the way Google launches new services.

  • Mobile malware will test Android and iPhone

    By Andreas M. Antonopoulos | 13 January, 2010 07:59

    2009 ushered in mobile malware with the first (and second) iPhone worm appearing just before Christmas.

  • iPhone security problems bring new risks

    By Andreas M. Antonopoulos | 12 November, 2009 04:35

    In just four days, not one but two worms targeting the iPhone have emerged. Both of the worms target the same vulnerability, a default password in the SSH server that is installed on jail-broken iPhones. While one worm is a mostly a nuisance, the second siphons personal information from the iPhone, which makes it a serious identity theft threat.

  • Managed security services all the rage

    By Andreas M. Antonopoulos | 23 September, 2009 03:01

    It's an understatement to say that IT organizations face exceptionally challenging times. For many, budget cutbacks for 2009 were worse than predicted.

  • Virtualization security: So far nothing

    By Andreas M. Antonopoulos | 11 February, 2009 10:17

    In April 2004 I wrote my first article on the topic of virtualization security. I was trying to bring attention to the security aspects of this "new" technology that was getting quite a bit of hype at the time. The hope was that this time security would not be an afterthought, that we would reverse the equine-escape/egress-closure sequence. The naïvete of youth!

 

Latest News

04:20PM
VIDEO INTERVIEWS: ARN Insight Luncheon Series No 2
04:06PM
Demand for smart devices to create channel competition: Cellnet
03:31PM
Definable business-based outcomes to dictate IT spend: UXC Connect
03:08PM
Cloud is the “real disruptor” in IT: NetApp
More News
25 Nov
GovInnovate Summit
03 Dec
DC Infrastructure Solutions Professional
04 Dec
DC Infrastructure Delivery Professional
16 Dec
DC Infrastructure Solutions Professional
View all events