Out-of-Date and Unsupported Cloud Workloads ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

100%

RFormer,
User Rank: Author
7/29/2020 | 3:52:56 PM

Revenue Recognition vs Compliance vs Security - A path forward

Through a number of iterations of frontline and leadership roles in InfoSec, one tool I have found valuable to move stale systems forward on versions is to tie the security need to a compliance requirement, and then relate the compliance to a specific revenue stream. For example, generally speaking, compliance assessments and certifications are undertaken to satisfy client requirements. Be it ISO27001, PCI-DSS, HIPAA, FedRAMP, etc. Any instance in cloud that has a compliance requirement can usually be tied to one of these. This means that when a package or OS falls into EoL or has major security finding, you have a way to tie a revenue stream to the remediation.

It's impressive the about face that can occur when a patch or upgrade is associated, directly or indirectly, to protecting a 7 figure deal. It not ALWAYS effective, but it's a valuable lever to move the conversation along and illustrates a business risk focus to senior leadership. In doing so, we can move the perception of our work from being alarmist to directly affecting the bottom line.

Reply | Post Message | Messages List | Start a Board

50%

RyanSepe,
User Rank: Ninja
7/29/2020 | 10:22:39 AM

Keep the Lights On!

Unfortunately, the thought process of many is if its working DONT TOUCH IT. Which has implications that you are never upgrading until the business requires it. Even if your OS, app, or cloud workload falls out of support.

It's a foolish ideology that actually has more detriment long term.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel

Kelly Sheridan, Staff Editor, Dark Reading, 2/23/2021

Security + Fraud Protection: Your One-Two Punch Against Cyberattacks

Joshua Goldfarb, Director of Product Management at F5, 2/23/2021

Cybercrime Groups More Prolific, Focus on Healthcare in 2020

Robert Lemos, Contributing Writer, 2/22/2021

Live Events

Webinars

Interop Digital - Free Cybersecurity Event April 29

Communications & Collaboration: 2024 (March 9-10)

More Informa Tech Live Events

White Papers

Sunburst: Impact and Timeline

Intelligent Outcomes Are Key to Business Resilience

Are We Cyber-Resilient? The Key Question Every Organization Must Answer

How Hyatt Eliminated Bot Attacks Without Impacting their User Experience

Building the SOC of the Future

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Building the SOC of the Future

Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-23534
PUBLISHED: 2021-02-25

A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.

CVE-2021-27330
PUBLISHED: 2021-02-25

Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.

CVE-2021-3124
PUBLISHED: 2021-02-25

Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.

CVE-2021-21064
PUBLISHED: 2021-02-25

Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which...

CVE-2021-21065
PUBLISHED: 2021-02-25

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]