French Caldwell

A member of the Gartner Blog Network

Entries Categorized as 'Cloud'


Gartner Dubai Symposium: An Interactive Conversation on Security and Risk Management

by French Caldwell  |  April 8, 2014  |  4 Comments

A couple of months ago, the conference chair for Gartner’s Dubai Symposium, Mary Mesaglio, presented me a challenge.  She said, “French, we need more local content and more security content.  What’s possible?” Having made some trips to the Gulf region in the last year, I’d met some really interesting people and heard some great stories.  [...]

4 Comments »

Category: Cloud Cybersecurity Risk Management     Tags:

#RSAC Buzz — Regulators Raising the Bar on Vendor Risk Management

by French Caldwell  |  February 27, 2014  |  2 Comments

  I went to the RSA conference once  — it was really busy and hearing from my buddies at the front, it’s now busier than ever.  So much for the boycott, eh? A lot of my security buddies are at RSA this week, and are broadcasting the buzz back to the rest of us here [...]

2 Comments »

Category: Cloud compliance Cybersecurity Risk Management Third Party Risk Management Vendor Contracts     Tags: , , ,

To Improve Cloud Security, by 2020, Enterprises Will Fire Senior Managers

by French Caldwell  |  January 17, 2014  |  1 Comment

I came across a survey report last week from security and investigations service firm Stroz-Freiberg that highlights the fundamental tenet of effective compliance and risk management – tone at the top.   The survey of 764 information workers shows that senior managers are the worst offenders when it comes to using personal cloud services to manage [...]

1 Comment »

Category: Cloud compliance IT Governance Risk Management     Tags:

New FFIEC Guidance on Social Media Risk Management Effective Immediately

by French Caldwell  |  December 13, 2013  |  1 Comment

The final guidance from the FFIEC on social media risk management for financial institutions has been promulgated.  It is effective immediately.  As I mentioned earlier this year, regulatory guidance of this sort is not optional. I did a study recently on the public comments for my doctor in law and policy program at Northeastern University– [...]

1 Comment »

Category: Cloud compliance GRC public policy Risk Management Social Technology     Tags: , , ,

SMAC in the Middle of the Nexus at LegalTech

by French Caldwell  |  January 30, 2013  |  Comments Off

I’m on the road this week — first Boston for client visits and then PwC’s industry analyst summit, and now New York for a day at the LegalTech conference.  What struck me most with PwC is how they were talking SMAC — the convergence of social, mobile, analytic and cloud technologies — what Gartner calls [...]

Comments Off

Category: Cloud compliance Legal IT Social Technology     Tags:

The Risks Are Always Greener on the Other Side

by French Caldwell  |  October 24, 2012  |  Comments Off

I’m here at Orlando Symposium talking to a good colleague, Neil McDonald, and I ask Neil, “Why don’t IT service providers, who complain so much about the intrusiveness and costs of customer inquiries, inspections and audits of their security controls, just provide their customers an IT GRC dashboard?  That way customers can see for themselves [...]

Comments Off

Category: Cloud GRC Risk Management     Tags: , ,

Time to Stop Misusing SSAE 16 in Vendor Marketing

by French Caldwell  |  October 9, 2012  |  5 Comments

Some vendors and their auditors appear to be misusing SSAE 16 the same as they did SAS 70. For example, today I saw an announcement from security vendor Prolexic with the headline, “Prolexic Completes SSAE 16 Examination for Distributed Denial of Service (DDoS) Attack Mitigation Services.” SSAE 16 (aka SOC 1) like SAS 70 before [...]

5 Comments »

Category: Cloud compliance GRC Standards Vendor Contracts     Tags: , ,