The discussion on desktop virtualization, or hosted virtual desktop, is heating up. Some view it as futuristic. Others say it is throwback to the world of mainframe computing. With economic concerns forcing businesses to take a hard look at expenses across the enterprise, however, there are many reasons this is such a hot topic.

A recent Gartner Blog Network post and Wall Street Journal article both focus on new, stricter data regulations being passed in several states, including Massachusetts. The final set of the Massachusetts regulations focus on restricting employee access to data, monitoring malicious activity on the network, and strong authentication protocols. The new regulations will go into effect beginning January 1, 2009.

The other week, we announced some findings from a survey conducted over the past couple of months aimed at understanding where authentication and access management sits in the eyes of those concerned with Payment Card Industry (PCI) data security standards (DSS). With PCI publishing the latest PCI Data Security Standard 1.2 on Oct. 1, 2008, this online survey highlighted some interesting trends as companies work toward compliance. Here are a few stats to briefly call out...

This week I was part of Network World's second annual real-life scary security stories podcast, a panel hosted by Keith Shaw that told the tales of some frightful security happenings over the past year. There were some amazing examples of breaches of data, corporate espionage and simple access and authentication mis-steps, of which I added a few anecdotes from actual conversations I've had over the past year. [to protect the innocent, actual names were not used]

While the concept of cloud computing (accessing applications online) has been around for close to a decade, talks on the subject have intensified significantly in recent months. The catalysts to these discussions range from the sharp decline in hardware and network infrastructure costs to the desire for a business to 'go green' to the need for accessibly by an increasingly distributed workforce. Whatever the reason, big business has taken notice and as this interest turns into action, these companies must be prepared to look at all of the key issues around this move before taking action.

Strong authentication can come in a variety of forms, each with it's own unique strengths and weaknesses. Before selecting a type of strong authentication, think about the following:

Hundreds of McKesson customers converged in Grapevine, Texas this past week to learn what their peers are doing and to get the latest product updates from McKesson. Infrastructure upgrades was a common theme this year for many of the attendees I spoke to, with virtualization in particular continuing to rise in priority. Many hospitals had partially or completely virtualized their data center, and some had even virtualized all their desktops.

I just came back from the ASIS 2008 Show in Atlanta and boy, do my feet hurt. Over 15,000 attendees, participation in 6 booths including our own, 3 days of constant conversation will do that to a person. This security show is the top venue for those wanting to be educated on the latest in security...from state of the art manhole covers to new IP video and access control systems.

I was recently asked to comment on the future of biometrics so I wanted to share my thoughts here after distilling them down into four buckets... What's Next in Adoption, What's Next in the Tech, What's Next in the Enterprise, and What's Next in Consolidation.

Since 1996, HIPAA has become one of the most important and highly publicized pieces of healthcare legislation in the United States. Over this time it has also become one of THE biggest topics of conversation within the healthcare and security industries and with good reason-HIPAA involves two major issues, patients and privacy. What's truly amazing to me is that behind the scenes, one would naturally have to assume that the majority of healthcare organizations are being driven by the worry of the potential penalties that might be levied on them by the Department of Health & Human Services (HHS) for their failure to fully comply with HIPAA...