The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including Retail, Financial Services, Healthcare, Higher Education, Software, Government and Utilities.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.
The PCI DSS Cloud Computing Guidelines: An Executive Summary
April 22, 2013, Matt Getzelman, PCI Practice Director
The PCI SSC and its Cloud Special Interest Group has released its Cloud Computing Guidelines after a year of collaboration and input from SIG members. Coalfire was a big contributor to this document, and we think it is required reading for anyone who has front-line responsibility for managing compliance at companies using a Cloud Service Provider (CSP). Read More
Posted in: cloud, Payments, PCI | 0 Comments
FedRAMP Question and Answer session from PMO webinar
November 13, 2012, Tom McAndrew, EVP, Coalfire Federal
On October 25, the FedRAMP PMO conducted its first webinar, in what will be a series of webinars, on the FedRAMP process. This first webinar covered the four methods that CSPs can get listed in the FedRAMP repository.
This webinar is well worth the time to listen to it. The PMO had a lengthy Q&A session, which we have transcribed for your convenience below. The FedRAMP PMO also provides a transcription, but leverages a speech-to-text service which garbled some of the phrases and meanings. Our human reviewed Q&A of that section of the webinar is below. Read More
Posted in: cloud, federal, fedramp, government | 0 Comments
Moving to the Cloud: Considerations for Implementing Cloud Migration Plans
May 25, 2012, Kennet Westby, President and COO
Over 60 executive level attendees came to the Omni Interlocken Resort in Broomfield, Colorado for the National Council of Higer Education Loan Programs (NCHELP) Spring convention and to hear from a panel of cloud experts on how the migration to cloud IT services could impact their business in the future. Read More
Posted in: cloud, compliance, security | 0 Comments
RSA 2012: Mobile, Cloud, and Intelligent Control
March 02, 2012, Rick Norman, Director, Professional Services
It was good to catch up with our customers and partners at RSA 2012 this week. Much of the buzz this year was around mobile devices and securing the cloud. We were glad to see innovative organizations introducing compliance-validated architectures based on these emerging technologies. One such organization was Hewlett-Packard, a Coalfire client and business partner. Read More
Posted in: byod, cloud, compliance, RSA | 0 Comments
Data Privacy Day 2012 – BYOD
January 30, 2012, Kennet Westby, President and COO
January marks Data Privacy Month and on January 28th we celebrated Data Privacy Day. In the past year, we have seen an increase in the consumerization of IT and “Bring Your Own Device” (BYOD) in the enterprise. In honor of Data Privacy Day 2012, we have partnered with The Center for Identity at The University of Texas to host a seminar on Wednesday, February 1. Read More
Posted in: BYOD, Cloud, Data, Privacy | 0 Comments