Security.Exe powered by The CISO Group with Alan Shimel

HIPAA, HITECH and other regulatory compliance mandates have given many a health care professional headaches. It is hard enough practicing health care, dealing with complex insurance regulations and running a business. Making sure you comply with the latest patient confidentiality and security laws are frankly beyond many health care providers. Who are they going to call?

That is where Steve Spearman and his company Health Security Solutions comes in. Steve's company have become the HIPAA experts for health care providers throughout the country.

I had a chance to speak with Steve and find out how he makes these complex regulatory compliance issues doable for the doctors.

Have a listen and you can learn too!

This episode of the Open Network is with Jason Brvenik, VP of Security Strategy at Sourcefire. Jason and I speak about the recent trend in security that acknowledges that successful attacks happen and we need to put resources into response, potentially at the expense of resources dedicated to prevention. Which is more important?

Jason's expertise in security gives us great insight into this question as well as some great advice for what you need to do in putting your security strategy in place.

Enjoy!

One of my favorite people in the security industry is my friend Wendy Nather, Director of Security Research for 451 Research. Wendy has a new report coming out on the "real cost of security". This is somewhat of a follow up to her earlier "security below the poverty line" report. Wendy likes to look at what type of security CISO's think they need and what it actually costs.

It is always educational and fun to hear what Wendy has to say. Enjoy!

I am very pleased to report that once again the good folks over at Microsoft's Trustworthy Computing Group have agreed to sponsor the Security Bloggers Network.  The SBN has a long history of working with TWC and we are happy to work with them again.

Microsoft is holding their second annual Security Development Conference in San Francisco, May 14-15, 2013. The conference will feature Scott Charney, Corporate VP Trustworthy Computing, Microsoft; Edna M Conway, Chief Security Strategist Global Supply Chain, Cisco Systems; Brad Arkin, Senior Director of Security Adobe Secure Software, Engineering Team (ASSET).

Conference specialty tracks target three different types of professionals: Engineers, Project Management, and Leadership. Combining keynotes from thought leaders as well as specialized breakout sessions, this conference is a can’t-miss for security professionals at any level. You can register now!

I had a chance to chat with director of TWC Tim Raines. We were going to talk about the conference, but Tim and I started talking about the TWC, the world of security and what the challenges on the horizon are. By the time we were done, we never got to the conference, LOL!

Anyway, I think you will find the conversation very interesting. Enjoy and if you can go to the conference.

This third in a series of podcasts about RSA 2013 and the the Alert Logic partner pavilion is with Urvish Vashi, VP of marketing at Alert Logic.

Urvish gives us the behind the scenes thinking on why Alert Logic thought it was important that they exhibit with some of their leading partners at RSA this year. He also tells us that it was not difficult to convince these partners that exhibiting at RSA was good for them. In fact it was somewhat of a no brainer for them.

I know Urvish for many years and he is a sharp thinker who understands the market and the technology. This is a short conversation and well worth the time to listen in.

RSA Conference is where the world gathers around information security.  This year in addition to their own exhibit, Alert Logic is also hosting a partner pavilion where 5 of the leading hosting and cloud providers in the world will be exhibiting as well.

I had a chance to speak with Chris Patterson, VP of Product Management at Navisite, one of the Alert Logic Partners exhibiting.

Chris is one of the driving forces behind the Navi cloud.  He also has some great insight into the state of cloud security and what market drivers are influencing the direction of future innovation.

Chris shares some great insight into Navisite's offerings including not just cloud, but security, managed desktop and the state of the market.

It is a great conversation and worth the listen!

RSA Conference is THE information security event of the year. My friends at Alert Logic in addition to exhibiting themselves have set up a partners pavilion this year. The pavilion features some of the leading cloud and hosting providers in the world.

I had a chance to catch up with a representative from one of these partners, Sunguard Availability Services in this episode of Security.exe. Cara Camping, Product Manager, Managed Security Services for Sunguard AS is my guest. Cara talks about Sunguard's approach to security in depth, why they partner with Alert Logic and what they expect from exhibiting at RSA Conference.

Below are two slides that give some detail to what Cara is talking about:

Have a listen and learn about Sunguard managed security.

IBM's VP of marketing and strategy for SMB, Ed Abrams is my guest on this episode of the Open Network. Ed discusses the findings in the 2012 IBM Trends Report. The trends pointing to the future for the midmarket are very dramatic.

First it seems that security is no longer an inhibitor to cloud adoption for the midmarket and SMB. This segment is moving to the cloud in a big way. Ed says that this is being done with the help of MSPs. This trend will accelerate in the months to come.

Based on the findings in this report IBM is moving a lot of attention to this market. If you are servicing the SMB and midmarket, perhaps you should too!

Over the last month I have sat down with several of my friends in various tech sectors to discuss the happenings of the past year and what may lay ahead in the coming year. In this episode I speak with my friend David Wartell, VP of server backup at Idera.

David is a long time player in the world of Backup and his insights into where the market is going are very insightful. Factors like the cloud, backup as a service and virtualization have turned this market upside down. This will create opportunities for new leaders to emerge.

Who will be the winners and what will make them so? Listen to what David has to say to find out.

I had a chance to speak with Dr. Rich Wolski, CTO of Eucalyptus Systems. Eucalyptus open source cloud management software makes it possible to have AWS compatible private clouds and hybrid clouds. They have been getting a lot of traction lately in the very competitive open source cloud space.

I spoke with Dr. Wolski about Eucalyptus, the state of the cloud and could we see in the future a Eucalyptus that works with Open Stack. His answer may surprise you.

Rich Wolski is one of the pioneers of cloud computing and always a great interview. Enjoy!

Building new app marketplaces is the business of AppDirect. They are allowing companies to create instant app marketplaces for their customers. Actually there is an entire ecosystem to these app marketplaces though. From the app developers themselves who want their apps in these marketplaces, to the companies wanting to offer the marketplaces, this is a far reaching ecosystem.
When you think about it, it is not just a list of apps. Billing, management and updates are all part of the equation.
I had a chance to sit down and talk with Daniel Saks, co-founder and CEO, AppDirect, Jonathan Rende, Vice President of product, Appcelerator, Mike Borozdin, Director of integration development, DocuSign. These three companies are all blazing trails in delivering cloud based and mobile apps.
It is an interesting conversation, running about 20 minutes. There was a slight audio problem when introducing Daniel Saks, but that is just a few seconds. Enjoy the podcast!

Nothing like a disaster to show you how important it is to plan for one. With the super storm Sandy wreaking havoc in the Northeast, many an organization is realizing that their disaster recovery plan was either out of date or even worse non-existent. Of course the lesson is a painful and costly one, but perhaps it will help others to better plan in the future.

I had a chance to speak with Rachel Dines, senior analyst at Forrester for disaster recovery and business continuity. Rachel recently published the latest in a line of analysis recommending that companies need to update their planning from Disaster Recovery to Technology Resiliency.

Have a listen to our conversation and right after head over to http://forr.com/BTRfree as Forrester has lowered their paywall and made a whole set of reports on DR available for free during the month of November. Don't miss this!

In the spirit of Halloween, here are some IT Horror stories courtesy of Nimmy Reichenberg of Algosec and Matthew Pascucci, security researcher and analyst.

Listen in to these horror stories of what can happen if you don't follow best practices!

Happy Halloween!

Recently emerged from stealth, Metacloud is bringing Managed Private Cloud-as-a-Service to you. Based on OpenStack, the managed cloud service can be run on your own equipment from any data center or location you desire.

The folks behind MetaCloud team have managed some of the largest cloud instances in the world and have the experience and expertise to manage yours.

Listen in as I speak with co-founders Steve Curry and Sean Lynch as they explain why even Jerry Yang, co-founder of Yahoo invested in their idea of a managed cloud future.

In the current political climate a big theme is taking personal responsibility rather than relying on the government. In security responsibility has always been a big thing. Who is responsible for security an organizations digital assets and ensuring network performance and integrity.

The recent case of PACTCO v Peoples United Bank has called the whole question of security responsibility into question. Should a bank be liable of a commercial customer was tricked into giving up its online banking credentials? How can a bank know when it is actually the customer versus someone who has stolen their log in? When is the customer liable for their own negligence?

My friend Jody Brazil, President of Firemon wrote a good blog article on this.I had a chance to sit down with Jody and discuss it on this episode of the open network.

Next Page