Security Experts:

Danelle Au's picture

Danelle Au

Danelle Au is head of product marketing at Adallom, a SaaS security company. Danelle has more than 15 years of experience bringing new and innovative security technologies to market, and is a frequent speaker at conferences. Prior to Adallom, Danelle was responsible for solutions marketing at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. She was also co-­founder of a high-­speed networking chipset startup. She is co-­author of an IP Communications Book, "Cisco IP Communications Express: Operation, Implementation and Design Guide for the Small and Branch Office” and holds 2 U.S. Patents.

Recent articles by Danelle Au

  • Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
  • Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
  • As the era of Internet of Things dawns, the amount of data and other cloud applications developed for unique industries will increase and bring a new era of privacy and security concerns.
  • As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
  • The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
  • Trying to defend against modern, advanced attacks with one-off point solutions is like playing a whack-a-mole game, always one step behind the attacker and trying to play catch up with the alerts as they’re received.
  • Enterprises must find the right balance to deliver a mobile security environment that meets productivity and flexibility needs without putting devices, apps, or data at risk.
  • Zero Trust advocates for a segmented network, and security built into the architecture rather than an afterthought. It also advocates for some key principles built around the concept of “never trust, always verify”.
  • While there may be some interesting predictions and trends being proposed for 2014, what may be more helpful as you prepare for 2014 are the practical ways to plan for network security.
  • The most effective CISOs today can’t just be experts in security. Organizations need a versatile security leader that speaks a new language-- one that is a blend of technology and business.
  • If local, state and global governments can share critical information collaboratively among their entities and with the private sector, this can provide actionable intelligence on current and future attacks. But there continues to be significant challenges with global cybersecurity collaboration:
  • Many have opined that security is the killer app for SDN… is this true? SDN allows many security use cases to be implemented in a manner that requires fewer configuration changes, and fewer networking headaches.
  • How does network virtualization differ from software defined networking (SDN) and network functions virtualization? And, more importantly, how does it impact network security?
  • Unlocking the promise of the cloud requires a closer integration between virtualization and security elements and delivering the right security feature set.
  • Securing a hybrid cloud environment may be different from your traditional private cloud infrastructure. The security challenges include a dependency on networks that are outside your immediate control and may be accessed outside of the normal corporate access methods.
  • The next big thing for network security is automation and orchestration. It may not be sexy, but it will become the key enabler to truly realize the vision of your next-generation data center.
  • The building blocks for a robust cybersecurity strategy are not uniquely different from security requirements for a traditional enterprise...
  • As we define what may arguably be the “next big thing” for networking, did we leave network security as an afterthought? What are the new considerations for security in a software-defined network?
  • When faced with the daunting costs of a data center, it can be easy to allocate for security only as an afterthought, or to only assign a small percentage of the IT budget to security.
  • The challenge is how to give users the full advantage of their mobility platform of choice without introducing risks to the business. A key part of that challenge is enabling flexible mobile security options depending on the device and use case
  • The most important aspect to consider when securing enterprise applications is their complicated architecture. The old network security model of “hard and crunchy on the outside, soft and gooey on the inside” is no longer sufficient.
  • Along with the deployment of a robust security architecture is the need for a monitoring and response process that allows enterprises to continuously monitor and process security data efficiently and proactively act upon this data if something suspicious is found.
  • Malware targeting SCADA systems from Stuxnet and Flame to Duqu have already shown the vast amounts of knowledge that attackers have on these proprietary control systems and are now available to other attackers to leverage.
  • As you embark on 2013 and evaluate your security risks for the coming year, what should not change in terms of your network security focus is data center security.
  • There are various characteristics of the AWS model that we can extend to security -- the ability to leverage economies of scale for security analysis, or to work more closely with application developers to embrace their speed of innovation.