The security review: Virtualization, diversity and encryption

Get up-to-date with the latest happenings in information security with our review of the past week.

Get up-to-date with the latest happenings in information security with our review of the past week.

From virtualization adoption to diversity in information security and Apple’s CEO on encryption, this week’s review of the past seven days on We Live Security and beyond is a great way to get to grips with the latest happenings in the industry.

Five things to think about when investing in virtualization


The idea of virtualization has gained traction in recent years, piquing the interest of executives looking for contemporary technological solutions, observed Camilo Gutierrez Amaya, a senior security researcher at ESET. However, before such a project can be undertaken by a company, there are at least five key considerations that must be taken into account, the expert elaborated. This includes appreciating the impact of adopting a virtualized infrastructure and reviewing data access controls.

Same game with a few twists – information security diversity discussed

“I’m encouraged by both the quantity and quality of options that are indeed available.’

ESET security researcher Lysa Myers delivered an insightful piece on the diversity challenges and opportunities in information security, noting that while it is the “same old game”, there are, nevertheless, a “few twists” … good and bad. “There were a few elements of people’s stories that surprised me,” she remarked. “Such as the ways in which women are making each other’s jobs more difficult, and ways in which military-related security jobs can be more welcoming.”

Instagram update to its API policy makes feed access a lot tougher


After the slight furore over a third party app surreptitiously harvesting user details, Instagram announced an update to its API policy. The photo and video sharing social network explained that the modifications it has made to its platform will “improve people’s control over their content”. In effect, it will make application program interface access criteria more difficult, helping crack down on any sort of activity that compromises its users.

Apple’s Tim Cook defends the idea of end-to-end encryption

Encryption iPhone

The hotly contested and divisive debate over encryption is one that shows no sign of going away, with the Guardian offering its view on the matter just yesterday. “Neither perfect security nor perfect privacy is attainable,” it stated. “Neither of them should be fetishised.’ Apple’s CEO, Tim Cook, was however unequivocal on the matter, explaining that any kind of backdoor access to its encryption technology undermines its purpose. He also said that he was optimistic that some sort of deal between tech companies and governments could be achieved.

Carnegie Mellon issues statement defending its work in cybersecurity

“The university abides by the rule of law, complies with lawfully issued subpoenas, and receives no funding for its compliance.”

After much speculation and wide coverage over Carnegie Mellon’s working relationship with the Federal Bureau of Investigation in relation to Tor – including this by Wired – the university responded with a strongly worded statement. It explained that “from time to time, [the university] is served with subpoenas requesting information about research it has performed”. It added that it acts in accordance with the law and that contrary to media reports, receives no funding for its compliance.

Many enterprises expect some sort of insider data breach in 2016

Data breach

New research from Clearswift revealed that 40 percent of enterprises are of the opinion that in 2016 they will experience an “insider data breach”. The principal cause of this security compromise is due to employees lacking “an awareness of good cyber security practice”. Interestingly, the index found that 75 percent of employees consider a lax understanding of security to be their company’s fault – many fail to provide an adequate level of information on data policies, they argued. Other interesting findings included the revelation that internal security threats are not treated as importantly as external threats at a board level.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center