Browse archive

Latest news

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

F-Secure advances fight against exploits

Free anti-spam software for the Mac

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Hacking charge stations for electric cars

Open standards are key for security in the cloud

by Nataraj Nagaratnam - IBM Distinguished Engineer; CTO for Security Solutions - Tuesday, 5 March 2013.

Visibility into who did what enables the enterprise to determine what kind of activities went on in the past and identify compliance and regulatory issues. Beyond identity authentication, open standards are also key for enabling such visibility and security intelligence – analyzing big data to analyze user activities, recognize attacks and anomalies in real time.

However, identifying threats relies on log and event information – for example, which user is doing what, when and from where – which often spans across enterprise and cloud providers. When it comes to interoperability with hybrid clouds, every vendor or cloud provider has their own way to do logs and currently no standard to exchange log information exists.

Open cloud standards have the potential to change that. With interoperable standards, we could communicate across vendors about suspicious activity and what a suspect user is up to – an API driven approach to collect logs that providers can subscribe and feed information to. This is the kind of security innovation that open standards could make a reality, but simply isn’t feasible in proprietary cloud model.

There is more work to be done, but if we continue to embrace standards, the open cloud ecosystem builds out, innovation is enabled, and security improves as the benefits for user identity, authentication and security intelligence are realized.