By Jim Reavis

This is my first blog entry on behalf of Securent as a member of their advisory board.  As some of you may know, application security has been a very important issue to me, and a big part of the advisory work I have been involved with has dealt with initiatives in this space.  As an advisory board member for SPI Dynamics and a moderator for many events within their Secure Software Forum, I have been an advocate for taking a lifecycle approach to software development and getting the software developers to work more closely with the information security team – and to do it earlier.  Progress is being made to secure applications, but what I have learned from my experience so far is that while we do need to do a better job of collaboration between application development and security, we also need to better evaluate the risks of our applications.  By doing threat modeling to understand your application attack surfaces and performing a risk assessment it becomes evident that we need to apply some fundamental changes to application architecture.  Here are some of the outcomes of those risk assessments I have seen: (more…)

Score another one for industry consolidation and the trend towards IT virtualization.  Google Apps is getting increasingly enterprise-ready.  Click here for the CNet news brief.