Last week I attended the PCI Security Standards Council’s Community meeting in Las Vegas and there was a lot of interesting discussion. Attendance was good as there was a large group of merchants, service providers, Approved Scanning Vendors (ASVs) (like AlertLogic), and Qualified Security Assessors (QSAs).
One topic that was reiterated and is a theme we have touched on several times is that passing a PCI security audit is not the goal of the standards council. The standards are about security and not compliance. Bob Russo, GM of the Security Standards Council emphasized the need for consistent security practices by making an analogy to locking his car. He made the point that you lock your car every day, not just Monday, Wednesday and Friday. You want your systems ready and monitored so that when someone tries to break into your car- the alarms bells go off.
Read the full story…
Recently I’ve spent time writing about the pros and cons of SaaS security and cloud-based log management. Today I thought I would take a moment to discuss some of the advantages of cloud storage.
Cloud storage is a hot topic. A quick Google search on cloud storage reveals an increasing level of market competition in this space. Here are some of the highlights:
Read the full story…
More businesses than ever are either engaging in or have passed a PCI audit. The stakes for online retailers have never been higher. Retail sites continue to come under attack, the security of online retailers and their protection of consumer data has the attention of the US Congress, and the payment card industry is increasing its attention on how to strengthen requirements to combat identity and card theft. In the mix of the push for passing the PCI audit, it is important to remember that improving your security requires more than enduring an annual audit, it requires maintaining and monitoring the security systems you have put in place year round.
Any merchant who processes over 20,000 transactions per year is already required to be PCI compliant. Additionally, a recent requirement from Visa goes into effect on October 1st, 2009 requiring merchants and software providers to decertify payment applications that they have deemed vulnerable regardless of the merchant size. Failure to comply with this requirement can cost the business their ability to process card payments. This new requirement means that businesses of all sizes are impacted by PCI standards.
Read the full story…
We were at the Hosting Transformation Summit last week in Las Vegas and it was a great event. Our CEO, Gray Hall, was interviewed by Web Host Industry Review (WHIR) TV. He discussed Alert Logic and the strong demand for managed security services by managed hosting companies and their customers.
At the show it was clear that businesses are continuing to embrace hosted IT infrastructure at a very healthy pace. Two of the more interesting discussion topics at the event were the overall growth rates of the managed hosting market and the brisk adoption of cloud storage.
Despite the contraction that overall IT spending has experienced during the recent economic downturn, the managed hosting market has continued to grow at a healthy 20%+ rate annually. Businesses more than ever are embracing cloud-based IT infrastructure as a means of reducing costs, gaining operational efficiencies, and reducing their workload in order to focus on their core business.
One of the hottest technology offerings in this space is cloud storage. This is an area where the vast economies of scale in the cloud are offering clear cost advantages over traditional self-managed storage. A good example of the growth in this area is the success of Amazon’s and Rackspace’s Jungle Disk. 15 cents per GB, pay-as-you-go, and 99.9% availability is a compelling offering. Cloud storage offerings also have strategic value for many hosting providers because they are providing an initial entry point into the fast growing cloud computing space that offers hosting companies an avenue for offering more sophisticated (and potentially more lucrative) services.
Cloud-based storage is an area where we have also seen tremendous growth in our business around cloud-based log management. A key driver for moving log management to the cloud is the significant cost involved around storing and managing the vast quantity of data produced in log files. We recently blogged about this data explosion in the post “Log Management – IT’s greatest challenge?”
Overall the HTS was a great event and we will be posting the link to the interview with WHIR TV as soon as it is available.
Cloud computing has been receiving significant attention and hype in 2009. Last week we featured a couple of posts looking at security in the cloud. The first featured an article that looked at the advantages of cloud-based security and the second featured an interview with thought leader Michael Suby on recent trends in SaaS security. Of all the security functions that may be impacted by cloud computing, log management may be the killer application that leads to its large scale adoption.
Log management lends itself to deployment in the cloud gaining clear advantages in functionality, speed and cost. For many of our customers moving to a cloud based log management solution not only helps them meet compliance objectives, it allows them to integrate log management as a more integral part of their overall security processes. Log management is a part of so many compliance requirements because it plays an important role in combating an insider threat as well as supporting investigation into uncovered incidents. Cloud computing makes log management accessible to thousands of mid-sized companies who simply don’t have the resources or expertise to build an effective function inside their corporate infrastructure.
We are going to be discussing the advantages and momentum for cloud computing this Wednesday, September 16th in a webinar titled, Is Log Management the Killer App for Cloud Computing? Randy Rosenbaum and I will be discussing the practical deployment of cloud-based log management by our customers and how they have been able to meet compliance requirements, reduce costs, and significantly improve the benefits from log review processes. To learn more about how you can benefit from cloud-based log management, be sure to tune in and join us.
