Information Security Leader, Author, Instructor and Speaker

IDC PlanScape: Building Compliant Cloud Environments

“Compliance has come to the cloud,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP). “Enterprises planning a large-scale cloud migration should absolutely consider regulated workloads as part of the pool of candidate services to operate in the cloud. Those who already completed cloud migration projects but held back regulated workloads should reexamine that decision and consider the potential technical and compliance benefits of migrating those workloads as well.”

IDC Research Report published October 2017.

Read the full report: IDC PlanScape: Building Compliant Cloud Environments

Posted in White Papers | Tagged , | Leave a comment

3 Tips for a Smooth Data Loss Prevention Rollout

Edward Snowden and Reality Winner grabbed headlines for leaking sensitive information from agencies, but they?re only the most visible examples of data theft. Agency leaders see these high-profile cases as evidence they must dedicate time and attention to insider threats. In a recent Symantec survey, 85 percent of federal IT managers say they are more focused on the insider threat than one year ago. In addition, 86 percent say they now run a formal insider threat prevention program, up from 55 percent in 2015.

Published October 2017 in FedTech Magazine.

Read the full article: 3 Tips for a Smooth Data Loss Prevention Rollout 

Posted in Articles | Tagged , | Leave a comment

DHS’s CDM Program Moves to the Next Phase: Protection

From Russian and Chinese hackers to WikiLeaks and North Korea, nefarious actors have long targeted federal systems, looking to steal sensitive national security information and disrupt government activities. But as agencies answered these threats, IT shops found they simply didn’t have the technical tools or sophistication to defend themselves.

Published October 2017 in FedTech Magazine.

Read the full article: DHS’s CDM Program Moves to the Next Phase: Protection

Posted in Articles | Tagged | Leave a comment

Find Your Footing in Cloud Security with CCSK

The cloud is here to stay. Organizations of all sizes and industries are turning to cloud services as a flexible, agile alternative to building expensive data centers, maintaining silos of technical expertise, and overprovisioning capacity to meet future demand.

Gartner recently estimated that the cloud computing industry will grow at an 18 percent rate in 2017, reaching a total market size of $246 billion dollars. There’s no sign that the adoption of cloud services is slowing down, and a quick search of technical job descriptions shows that technologists with experience on cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, Salesforce, Workday, and other similar services are in high demand.

At the same time, however, that organizations are turning to the cloud to achieve cost savings, improve their agility and drive flexibility in computing, they also remain concerned about the security of data stored and processed in the cloud. Turning over responsibility for handling data at any layer of the cloud computing stack raises the eyebrows of security professionals and calls for a different kind of expertise than securing traditional environments.

Published June 26, 2017 on gocertify.com

Read the full story: Find Your Footing in Cloud Security with CCSK

Posted in Articles | Leave a comment

Solving the cybersecurity staffing shortage

Cybersecurity is at a critical juncture. Organizations around the world increasingly recognize the importance of cybersecurity to their reputation and ongoing operations, driven by mainstream media reports about breaches. This recognition results, in many cases, in an increased desire to hire skilled cybersecurity professionals to protect systems and information assets.

This renewed interest in cybersecurity talent also is creating a significant skills gap, a cybersecurity staffing shortage, as employers struggle to stand out among the pack and recruit talented professionals to fill their open positions. Recent research confirms that this trend exists and that organizations are truly struggling to fill positions.

Information security industry association (ISC)² released its Global Information Security Workforce Study in February. This study surveyed more than 19,000 security professionals and projects that there will be a gap of 1.8 million cybersecurity experts over the next five years. That gap represents a 20 percent increase from the 1.5 million shortfall predicted by the same study last year — and provides quantitative evidence of the anecdotal pain felt by hiring managers around the world.

Published June 5, 2017 on certmag.com

Read the full story: Solving the cybersecurity staffing shortage

Posted in Articles | Leave a comment

IDC PlanScape: Deploying Multifactor Authentication

“Multifactor authentication is a time-tested approach that is finally coming of age,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP). “Organizations recognize that they face an increasing threat from the compromise of password-based credentials; knowledge-based authentication simply doesn’t provide an adequate level of protection against those threats. Push-based authentication using smartphones is both simple for end users and cost-effective for the organization.”

IDC Research Report published May 2017.
Read the full report: IDC PlanScape: Deploying Multifactor Authentication

Posted in White Papers | Tagged | Leave a comment

Keep Your Campus Both Smart and Secure as IoT Expands

The Internet of Things is taking college campuses by storm. From a Google Home in a professor’s office to a control system in a campus power plant, IoT devices are rapidly spreading, with no sign of slowing down. Within three years, analysts project, IoT devices may outnumber traditional computing devices by a 2-to-1 ratio. These devices offer diverse benefits, but they also introduce new security concerns.

In fall 2016, hackers drove these concerns home when they harnessed thousands of video cameras and other IoT devices to conduct the largest distributed denial of service (DDoS) attacks in internet history. Those attacks highlighted the question of IoT security in the minds of many IT leaders. Campuses should learn from this experience and take steps to keep their networks secure in the IoT era.

The Changing Connected Campus

IoT devices aren’t entirely new. Colleges often deploy sensors for physical plants that transmit data about temperature, humidity and other issues to centralized control systems, which use this data to optimize functionality. Such devices were once hard-wired to control systems, but many institutions now connect them to the network.

Published April 17, 2017 on edtechmagazine.com

Read the full story: Keep Your Campus Both Smart and Secure as IoT Expands

Posted in Articles | Leave a comment

4 Ways to Use Context-Aware Security for Maximum Advantage

Professionals at higher education institutions make context-aware security decisions every day. A security guard decides which visitors to allow on campus based on a quick assessment of vehicles and their drivers. Cybersecurity teams decide to allow or deny exceptions to endpoint security policies based on the nature of a device and the types of information it handles. The world of context-aware security seeks to automate these decision-making processes, bringing the world of analytics to bear on the problems of cybersecurity.

Context-aware security — the use of supplemental information to improve security decisions — holds great promise for the future of higher education cybersecurity. Institutions that start with the fundamentals and focus on high-value targets will reap the greatest rewards from this investment. Analysts will be able to dig deeper into security data with less time and effort, uncovering the relevant needles in the security data haystacks.

1. Begin with the Security Fundamentals

Context-aware security requires context. That’s not a startling conclusion, but it’s an area where many institutions fall short. Security decisions that are both contextual and wise require deep information about users and data. Before embarking on a context-aware security initiative, make sure you have a robust identity and access management infrastructure capable of providing useful attributes about individuals. For example, security products must be able to identify a person’s status — faculty member, student or administrator — and, preferably, his or her department.

Published March 29, 2017 on edtechmagazine.com

Read the full story: 4 Ways to Use Context-Aware Security for Maximum Advantage

Posted in Articles | Leave a comment

Half-a-billion reasons not to use free e-mail

On September 26, 2016, Yahoo! announced to the world that they were the victim of the largest systematic account compromise in the history of the Internet. Attackers managed to penetrate Yahoo!’s network as early as 2014 and steal account information belonging to more than 500 million Yahoo! users.

News of the breach at Yahoo! rocked the cybersecurity world as use of the service is so widespread, ranging from hosting personal e-mail accounts on the Yahoo.com domain to managing thousands of fantasy football, baseball, and basketball leagues on their servers, and hosting millions of photographs through their Flickr service.

Indeed, it’s hard to imagine an American Internet user who hasn’t had some need to create a Yahoo! account over the past decade.

Published February 21, 2017 on certmag.com

Read the full story: 3 Tips for Feds Looking to Ditch Old Datasets

Posted in Articles | Leave a comment

3 Tips for Feds Looking to Ditch Old Datasets

The digital universe is expanding at a staggering rate as government agencies, businesses and citizens generate troves of data each day. The McKinsey Global Institute estimated in December that the United States possesses more than two zettabytes of information — equivalent to 2 trillion gigabytes.

Such growth creates opportunities for innovation but poses challenges to federal agencies seeking to comply with data retention requirements. What’s more staggering? That number likely will double every three years.

IT officials should pay attention to their organization’s electronic activities and ensure they stay within the bounds of federal records laws and regulations.

Published February 16, 2017 on fedtechmagazine.com

Read the full story: 3 Tips for Feds Looking to Ditch Old Datasets

Posted in Articles | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple