CISOs, don't be so vanilla
In a recent Enterprise Security Group blog, Senior Analyst Jon Oltsik calls for CISOs to channel Steve Jobs' energy and "think different" about security initiatives. While security has been following a list of "status quo" defenses, cybercriminals have found ways to get past all of them. Oltsik suggests that creativity and a change from assembly line processes is needed to take security best practices to the next level. Oltisk suggests changing security organizations from an individual task-based environment to a teamwork- and consensus-based workflow. He also points to universities and cybersecurity training organizations as potential incubators of next-generation security professionals.
Network disaggregation might not be for everyone
Garterner Research Director Andrew Lerner says that network disaggregation is a cool idea. He explains the term disaggregation as the ability to purchase hardware and operating systems (OS) from different vendors. While this typical in the server domain, it is new territory in networking. Among vendors currently spearheading this transition, he writes, are Cumulus Networks, Big Switch and Pica8 for operating systems; and Quanta, Accton and Foxconn for hardware. While disaggregation might not be for everybody, some of the benefits include eliminating vendor lock-in, minimizing costs and permitting increased availability.
Heartbleed isn't surprising; lack of awareness is
Current Analysis analyst Paula Musich is not surprised that security researchers found the Heartbleed bug in OpenSSL. She is surprised that it took experienced researchers two years to find the vulnerability. With 66% of the world using OpenSSL, Heartbleed poses a serious threat. Musich blames the delay on a lack of software integrity and calls for more investments in that aspect of the industry. In order to prevent another attack, Musich suggests bug bounty programs that focus on vulnerability research.
Amazon Web Services abandons ECU
Gartner Research Director Kyle Hilgendorf wonders what kind of effect the decision by Amazon Web Services (AWS) to switch from its elastic compute unit (ECU) approach to vCPU will have on customers. On one hand, moving toward vCPU might be welcomed by some operations administrators and AWS customers who want simplicity and familiarity. On the other hand, two instances of 2 vCPU will not necessarily be the same. Hilgendorf says that AWS will need to clarify the physical processor architecture strategy per instance type in order to maintain transparency.