News
3/10/2008
10:53 PM
Terry Sweeney
Terry Sweeney
Commentary
50%
50%

Demise Of The Specialist

Security's never been an afterthought in storage, but it wasn't exactly a major cornerstone as stored bytes moved beyond the mainframe and into storage networks. Lost or stolen hard drives, laptops, and backup tapes have made big headlines in recent years, and prompted state and federal lawmakers to horn in on the act.

Security's never been an afterthought in storage, but it wasn't exactly a major cornerstone as stored bytes moved beyond the mainframe and into storage networks. Lost or stolen hard drives, laptops, and backup tapes have made big headlines in recent years, and prompted state and federal lawmakers to horn in on the act.The advent of storage security can be attributed to a number of related dynamics:

--The rise of e-commerce and online culture --The preponderance and relatively easy access to lots of personal information, whether credit card numbers, date of birth, Social Security numbers, PINs, etc. --The rising value of that information, given the number of hackers, social engineers, and good, old-fashioned thieves interested in it.

These trends are on my mind as I get ready to attend the Data Protection Summit for Byte & Switch. The three-day event is just down the road from me in Irvine. Calif., and will tackle the latest thinking where encryption's concerned, as well as Windows security and how to lock down virtual environments better. There are lots of other sessions addressing biometrics security, safeguarding mobile data, and dealing with hostile attackers.

It's indicative of the IT industry's evolution that something as specialized as storage can have a specialty within it called storage security (around which you can then build more than two dozen sessions over three days).

Storage and security used to be extremely discrete functions and skill sets -- but the Internet and information proliferation have ensured the demise of the IT specialist. Security, it seems, is everyone's job now, from the receptionist to the CEO. We'll see how these roles all converge amidst applications, networks, and new technologies during the next few days.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.