OK, we're in the home stretch - this is the final entry in my 'Security and Disaster Recovery' series. So far we've covered security incidents as disasters, DR for security controls and the security of your DR environment. The last area of consideration is what happens when you need to return to normal operations. The disaster has occurred, you've successfully moved to your DR environment, and things have been humming along. Now the damage to your primary site has been repaired and you're ready to move back - how does this impact security?

I recently spoke at a VMware user group conference about securing virtualization. The audience comprised datacenter administrators and managers who are at the center of their organization's virtualization initiatives.  I was fortunate to be able to talk with several of them at length about their experiences in virtualizing datacenters.  There are several trends to note.

At the April 2009 RSA Conference, over 500 speakers discussed the most pressing information security issues organizations face today. I was very interested to hear the Carnegie Mellon University Software Engineering Institute (SEI) talking about best practices for mitigating insider threat. (As discussed in my previous blog, this is the aspect of insider risk dealing with insiders who deliberately exploit security vulnerabilities to cause harm or for personal gain.)

The conversation develops with such consistency and regularity I've begun to wonder why I still ask. But I do. Without fail, at every customer I meet I utter the question "do you use any frameworks to help with your governance, risk, and compliance?"

What does the term 'insider risk' mean to you? Does it make you think about employees sabotaging systems, or stealing confidential information for their own benefit?

Click to Download/Listen

Roland Cloutier, VP and CSO of EMC joins us on this week's Speaking of Security podcast.

Sorry for the delay in updating my blog - for some reason Q2 seems to be the event season, and we've been pretty busy here at RSA supporting HIMSS, RSA Conference, MS TecEd, EMC World and a bunch of other events. Anyway, it's time to continue our discussion of the relationships between security and disaster recovery. In this entry we'll take a look at what needs to be considered to ensure your DR environment itself remains secure.

Recently there has been a lot of chatter about how security teams need to get out ahead of the latest technology advances. There is talk about how cloud computing and virtualization are going to take business to new levels and enable new relationships. On top of this social networking is finding its way into the business environment and raising concern that with mounting financial pressures businesses won’t be prepared to address the increased risks these technologies introduce.