In this podcast, Brian Wolfe comments on the security issues around cloud computing and provides several takeaways CIOs can use to improve their corporate security.

It’s hard to avoid all of the news stories about the economic downturn, company layoffs, or employees being asked to take drastic pay cuts.  Most employees understand that businesses have no choice but to reduce their costs. On the other hand, those disgruntle employees or former employees in dire financial straits could find themselves doing things they wouldn’t normally do. As a result, these employees could pose a whole new set of security threats to an organization. Brian Wolfe, a security expert and co-founder of Laurus Technologies, an IT consulting firm specializing in security, says that companies must have controls in place to make sure that people can’t do things, such as authorizing a purchase order to a fictitious vendor, and having funds disbursed to a company that never receives the goods.”
 
Meanwhile, security breaches still continue to plague America at the rate of about one a week. In fact, within the first few months of 2009, Merrill Lynch, Continental Airlines, the Federal Aviation Administration, and the United States Postal Security all became victims of security breaches. Wolfe says that CIOs do have something to worry about.  He adds that about 75 companies out of the Fortune 1000 have an ISO 27001 certification for security.  “ CIOs must think about whether or not they have the proper security controls in place to both prevent on-going threats, and these newer threats. They need to have some access controls that clearly delineate between the software development area, test and quality assurance, and product. The goal here is make sure that no one person is in a position to introduce fraudulent or malicious code or data into some critical applications. CIOs also need to cover all of their bases with respect to vulnerability assessment, and penetration testing, especially data loss or data leakage prevention.”

Bio
Brian is a co-founder of Laurus Technologies, where he directs the software solutions group. He has 18 years of IT experience, with emphasis on healthcare.  His accomplishments in this area include the development of an early TCP/IP-based distributed medical imaging protocol “Simple Image Transfer Protocol” (SITP) for UNIX and VMS systems at the Medical Imaging Research Center of Henry Ford Hospital. His paper on SITP was accepted and presented at the Radiological Society of North America.  He belongs to the Greater Chicago Chapter of HIMSS, and the Society for Information Management.  He also chairs the Sun Microsystems Education Market Advisory Board and belongs to the Sun Microsystems Software Partner Council. Wolfe is also a member of the advisory board for the School of Computer Science, Telecommunications and Information Systems at DePaul University. He received his MS in Computer Science from DePaul University in 1996, and his BS in Computer Science from University of Michigan.

Resources
Searchstorage.com: Healthcare IT Eyes Medical Record Digitization Hurdle
Chicago Tribune: Building on Trouble Times
Entry-Level Security Technician: Laying the Groundwork Certification Magazine (pdf)

Production Credits
Elizabeth Ferrarini, Executive Producer
Tom Parish, Host and Audio Producer
Audio Editing by Doug Marcis