Security Experts:

Jeff Hudson's picture

Jeff Hudson

Jeff Hudson serves as CEO of Venafi. A key executive in four successful, high-technology start-ups that have gone public, Hudson brings over 25 years of experience in IT and security management. Prior to joining Venafi, Hudson was the CEO of Vhayu Technologies which was acquired by ThomsonReuters. Prior to Vhayu, Hudson held numerous executive leadership posts, including CEO and cofounder of MS2, SVP of Corporate Development at Informix Software, CEO of Visioneer, and numerous senior executive posts at NetFRAME Systems and WYSE Technology. He started his career with IBM. Mr. Hudson earned a B.A. in communications at the University of California, Davis.

Recent articles by Jeff Hudson

  • Making decisions based on anomalies is predicated by one very important assumption—you must understand what “normal” looks like.
  • Organizations need to consider more than just the malware itself if they are to defend against it; the first step in defending against malicious code infections is ensuring that a strong trust infrastructure is in place and well secured.
  • Security and risk professionals need to understand that the means by which digital smart weapons are guided into their targets and authenticate within target networks have changed dramatically.
  • As the use of Secure Shell (SSH) keys and related encryption services evolves and expands, security experts question what drives that evolution and are looking for ways to maximize the security effectiveness of the ubiquitous technology.
  • Trust comes at a price. However, while IT security professionals understand this, they often treat trust as an afterthought. As a result, companies suffer the consequences in unexpected recovery costs and failed business relationships.
  • Trust is the foundation of all relationships: trust between admins and servers, between servers and users, between servers and other servers—and between enterprises and the markets they serve. When trust is compromised, business stops.
  • What happens when a lack of control over the technologies on which trust is built means you can no longer trust them? Take a look, for example, at our reliance on cryptographic keys and digital certificates—technologies that were once thought of as intrinsically trustworthy.
  • How can applications and infrastructure be trusted and controlled when organizations have seemingly given up both to their cloud providers?
  • The rapid growth of Smart Grid technologies is only matched by security risks that follow its wide spread adoption. Protecting Smart Grids from cyber attacks and compromises should be a top priority for any utility, as failure could cripple the nation's way of life.
  • The use of Public Key Infrastructure (PKI) and digital certificates is on the rise, making certificate authorities a more likely target for sophisticated cyber-attacks. How can today’s IT Managers deal with those threats and prepare and recover from a certificate authority breach?
  • The latest iteration of PCI compliance regulations adds to the already increasing burdens of the typical IT security professional. For example, exposing cryptographic key management information to more than those that need to know creates a compliance violation.
  • Certificate authorities (CAs) issue and ensure third-party trust for human-to-machine and machine-to-machine communications and authentication. But, leveraging the security benefits of trust providers like CAs doesn't relieve your organization of its management responsibilities.
  • As data and applications moving to the cloud and can move from one physical location to another almost instantly, ubiquitous encryption becomes even more important, 2012 is set to be be the year of ubiquitous encryption.
  • In 2011 the world has witnessed several cases in which network security companies – RSA, Comodo and StartSSL—themselves fell victim to hacking at a severe cost to their reputation. All enterprises need to look at their highest-value assets—servers and applications where sensitive and regulated data flows, and that are protected by certificates.
  • Thwarting attacks requires technology that can help protect enterprises from risk, but technology alone can’t fully protect a network. Companies also need effective management systems and best Practices in place.
  • Data breaches can be costly to a company’s bottom line and its reputation. When data is encrypted, even if it’s exposed to hackers, they can’t do anything without the proper encryption keys and credentials, and accessing the data is nearly impossible.
  • Too many IT and risk managers are surprised by security breaches, compromised keys or operational failures that occur from sheer neglect that result when you leave your valuable keys as exposed as a password on a post-it. Hefty, potential fines for failing to comply with regulations are risk enough, but the risks of ignoring these vulnerabilities extend even further.