Tag Archives: Compliance

Automating Security and Compliance Assessments using SCAP – On-demand Scanning and Compliance Reporting with Remediation

Manually assessing security controls, host and application configuration, access control policies, software patch levels and creating on-demand compliance readiness reports has always been a daunting task, especially when it is critical to adhere standards and regulatory mandates.  Not only those processes are very time consuming and they are also highly prone to human errors.  It becomes even more complicated when… Read more »

Using Hardware Security Module (HSM) for Oracle Transparent Data Encryption (TDE)

Hardware Security Module (HSM) plays a critical role in securing the storage of private keys and accelerating compute-intensive cryptographic processes associated with public-key encryption, symmetric-key(secret-key) encryption and digital signature applications. Using HSM in Oracle Transparent Data Encryption applications will ensure that the Key material stored on the card is protected and not exportable (never leaves the card) and all associated… Read more »

Does your Performance Tests address Security ?

      2 Comments on Does your Performance Tests address Security ?

The untold reality is ….when your Web application on the DMZ hits the Internet… the colorful performance graphs/numbers does’nt mean anything !  Unless your performance guru in the lab captured the QoS requirements and realized it proactively and accounted its actual overheads associated with Security, Network bandwidth, High-availability and other mission-critical requirements.  Otherwise…performance is the nagging issue that every datacenter guy gnaws…. when an application… Read more »

Unleashing SSL Acceleration and Reverse-Proxying with Kernel SSL (KSSL)

Last few weeks, I have been pulled into an interesting gig for demonstrating security for _____  SOA/XML Web Services and Java EE applications…. so I had a chance to play with some untold security features of Solaris 10. KSSL is one of the unsung yet powerful security features of Solaris 10.  As the name identifies, KSSL is a Solaris Kernel Module that… Read more »

Are you a victim of Identity theft ?

      No Comments on Are you a victim of Identity theft ?

Just came across this interesting web site – NationalIDWatch.org  a consumer protection web site by Liberty Coalition, which provides a registry of personalized data breach reports… that reports whether your personal identity information has been stolen or publicly exposed or not !  If your identity information is compromised, it indicates the size of exposure, sensitivity and how it is distributed and so… Read more »

Enabling FIPS-140 compliance for Java based SSL/TLS applications

FIPS-140* compliance has gained overwhelming attention these days and it has become a mandatory requirement for several security sensitive applications (mostly in Government and Security solutions and recently with select finance industry solutions and particularly for achieving compliance with regulatory mandates such as PCI DSS, FISMA, HIPPA, etc ). FIPS-140 also helps defining security requirements for supporting integration with cryptographic hardware and software tokens.  Ensuring… Read more »

Cloud Computing confuses Senior IT Professionals :-)

Jim Seward (@VersionOne) asked me to take a look at this research study (by Version One, UK) about the confusion surrounding cloud computing amongst senior IT professionals –  I’m not sure it includes your boss !  This high-level study was conducted with a group of 60 Senior IT professionals at UK….. has revealed some interesting findings.  41% of senior IT professionals admit that they “don’t… Read more »

The 6 Worst Cloud Security Mistakes…

I just had a chance to read this article at DarkReading….it enumerates the following six common security mistakes found with businesses while adopting to Cloud infrastructure based services : Mistake #1: Assuming the cloud is less secure than your data center. Mistake #2: Not verifying, testing, or auditing the security of your cloud-based service provider. Mistake #3: Failing to vet your… Read more »

Microsoft's Cloud Infrastructure Security…….gets ISO/IEC 27001 certified.

I did’nt get a chance to experience with Microsoft’s Cloud infrastructure….but it’s quite interesting to see Microsoft gone “proactive” on Security with its Cloud infrastrusture ! When everyone else is still itching the head with a burning stick ….Microsoft cloud users may breathe a sigh of relief 🙂 Recently, Microsoft Cloud infrastructure team (Global Foundation Services division)  published a document on their security features which highlights… Read more »