- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Before now, midsize customers settled for either an expensive and complex array or low cost solution that lacked functionality. Now experience virtual storage with enterprise class functionality at an affordable price.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch this webcast to learn in six modules how to more cost effectively consolidate your Windows servers with virtualization. This unique program allows you to pick and choose which of the six modules you would like to view or watch the entire webcast at once. Topics covered: Performance, Use Cases, Enterprise-level Support, Managing Windows Workloads, Setup and Configuration and The Future. Find out how you can simplify server consolidation within your organization today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
win baby- Anonymous
Corporate security experts face a crisis as they are caught between regulators demanding better accountability for data security and the need to keep businesses up and running with the help of many business partners, an American Express security executive told Interop New York attendees Tuesday.
As more data is housed at least temporarily outside corporate data centers, it becomes more difficult to comply with industry and government regulations, according to Steven Suther, director of information security management for American Express.
"Tell me where your data is and how it is being secured," regulators want to know, he says. "So we need to define at what point is information outside our domain and how is it being protected."
But businesses have very little control over how partners with whom they must share data protect it, he says. Amex asks its vendors to self-assess their security and if it comes up short, Amex will conduct on-site visits to assess the security in person. "We're testing their controls so we can tell regulators we're comfortable with what they are doing," Suther says.
Amex has designated vendor-relations managers who are responsible for ensuring that data controls are in place for a specific list of firms that Amex has hired to perform financial services jobs, he says.
The problem is complicated by whether the tools needed to protect data are available and affordable, says John Pironti, a principal for enterprise and security architecture for Unisys, and what combination of protections is considered sufficient by regulators. "What is good enough that everyone can agree on," Pironti says.
It is difficult to take the requirements of, say, Sarbanes-Oxley, and translate that into security policies, Suther says. "We're all suffering the same kind of lack of confidence in what we should be doing," he says.
Suther says he struggles to balance imposing security on his financial services vendors and allowing them to do their jobs so Amex's financial services business keeps running. "I have to be flexible right now if I want a universe of vendors for my business departments to choose from," Suther says.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
