Access your Pro+ Content below.
Time for a closer look at software security
This article is part of the Information Security issue of November 2013 Vol. 15 / No. 9
Virtualization and cloud computing have advanced rapidly despite overarching security concerns. Industry guru and provocateur Chris Hoff predicted a bumpy ride, and some of the vendor and technology fallout, as virtualization deployments spun up -- and lowered costs for some companies -- but security lagged behind. After two years of research and "solid hands-on collaborative work with networking, security and audit practitioners and managers" at enterprises and service providers worldwide, Hoff delivered a landmark presentation on the issues surrounding virtualization security at the Black Hat conference in 2008 that caught people's attention. Five years later, we are thrilled that he is the author of our November cover story, "Virtualization Security Dynamics Get Old," and catching us up on the past, present, and perhaps most importantly, future of virtualization, cloud computing and security. Many of the problems he initially outlined remain, but progress is being made, writes Hoff: "Recently, the impact of cloud computing ...
Access this PRO+ Content for Free!
Features in this issue
Companies have embraced virtualization and cloud computing, but security is still bolted-on. Here's what needs to change.
In the November 2013 Beyond the Page on virtual security, Chris Hoff examines the challenges infosec pros face in finding the right security strategy for their enterprise network.
Enterprises cannot always keep attackers out of their networks. Instead, defense-in-depth strategies aim to raise the cost to black hats -- in terms of time and money.
Software security ranks high among security executives' concerns but low in terms of time spent, according to an (ISC)2 CXO study.
Columns in this issue
If software security keeps you up at night -- and it should -- you are in good company.
Wading into the murky waters of security metrics? Jay Jacobs offers his take on data collection and incident reporting with the VERIS framework.
What's a dollar spent on security worth in terms of risk? Break-even analysis helps you decide.