Stories by Mathias Thurman

Security Manager's Journal: You can't secure every employee's home

We recently deployed RSA SecurID software authentication tokens to replace the hardware tokens we had been using to provide strong authentication for remote access via a VPN client. Hardware tokens are more secure for two-factor authentication in some ways (but not in every way, as you'll see), but the software tokens can be used on mobile devices such as phones; they are much less expensive; and they can be deployed more quickly and easily. What's more, when a user no longer needs access, it's much simpler to disable a software token than it is to retrieve a hardware token from somewhere like China, Russia or India.

Security Manager's Journal: BYOD planning gets a big boost

We're making big strides toward our CIO's goal of enabling a "bring your own device" (BYOD) policy. For me, it's none too soon.

Security Manager's Journal: A rush to judgment on DLP deployment

I got most of what I asked for, and I got it early. Sounds good, right? Not so much.

Sensitive company data gets released into the wild

If you don't think it's a big challenge to protect sensitive company information and intellectual property, listen to this story.

Deciding how to spend a $10K windfall wisely

We have a lean IT department. Its budget is well below the industry average, and my security budget is only about 3% of that. So, as you can imagine, I didn't hesitate to say yes when I was asked this week if I could spend $10,000 before the end of the month.

Getting the most out of a new SIEM tool

The CIO continues to question the value of our $250,000 investment in a security incident and event management (SIEM) tool. I want more money in the budget next year to expand SIEM deployment to other areas of the world, and he wants to know what he'll get for that money.

Stopping the mobile madness

I love my iPad, but I hate what it represents.

Security manager's journal: The perils of enterprise search

I'm a big fan of search. The ability to use the Internet to cull information on virtually any topic with just a few clicks has made me more efficient and better informed. And "information" can come in the form of pictures, documents, videos, news feeds -- whatever you need.

Giving cloud storage the axe

Want to know what keeps me, my company's go-to security guy, awake at night? Many things, I can assure you, but lately the No. 1 threat to a good night's sleep has been the proliferation of Software as a Service (SaaS)at my company.

Opinion: Webmail gets hacked, corporate passwords exposed

This week, one of our C-level executives suffered a personal security incident that spilled over to the workplace. Here's what happened.

Security manager's journal: Keeping in-house code safe

We have a major problem, which explains why I'm sitting in an airport right now. I'm heading off to visit some third parties that develop portions of our software for us.

New firewalls should increase protection

This week, my company began deploying new firewalls. The old ones have been in place for more than six years; the new ones will allow us to take advantage of the next generation of features.

Security Manager's Journal: Getting a handle on the data

Three months into my new job, I've had a chance to assess the landscape and establish some priorities. No. 1 will be the way we handle data.

Lifting rocks and seeing what dangers lurk beneath

I'm still getting acquainted with my new company. As a security manager, that means I'm seeking out all the risks that are lurking in various functional areas.

Security Manager: First task is to tighten up SaaS security

After just a couple of weeks at my new post, I'm already finding plenty of things to do.