Comments on: Private Clouds and Phishy Clouds http://blogs.gartner.com/greg_young/2009/10/06/private-clouds-and-phishy-clouds/ A member of the Gartner Blog Network Fri, 11 Feb 2011 21:13:39 +0000 hourly 1 http://wordpress.org/?v=3.0.4 By: Danger. Danger, Will Robinson! (enough with the panic, please) « Hyperguarding your Web Applications http://blogs.gartner.com/greg_young/2009/10/06/private-clouds-and-phishy-clouds/comment-page-1/#comment-520 Danger. Danger, Will Robinson! (enough with the panic, please) « Hyperguarding your Web Applications Tue, 13 Oct 2009 19:04:17 +0000 http://blogs.gartner.com/greg_young/2009/10/06/private-clouds-and-phishy-clouds/#comment-520 [...] things to people. Is your cloud provider being transparent with bugs, glitches, etc? Do you have provider options (Google, Amazon, DISA’s RACE)? How id your data handled and protected? Is the cloud application [...] [...] things to people. Is your cloud provider being transparent with bugs, glitches, etc? Do you have provider options (Google, Amazon, DISA’s RACE)? How id your data handled and protected? Is the cloud application [...]

]]> By: Jay Heiser http://blogs.gartner.com/greg_young/2009/10/06/private-clouds-and-phishy-clouds/comment-page-1/#comment-490 Jay Heiser Thu, 08 Oct 2009 10:30:34 +0000 http://blogs.gartner.com/greg_young/2009/10/06/private-clouds-and-phishy-clouds/#comment-490 “For its cloud-based applications, DISA conducts a full SAS 70 audit.” Why would the US military, with a 40-year history of computer security research and practice, use an auditing standard that is explicitly not intended to be applied to technical evaluations? Can it really be the case that the GSA wants to apply FISMA to the cloud-based apps that are purchased from Google, SFDC, etc (see apps.gov), while the military wants to apply Statement of Accounting Standards Seven Zero to their in-house systems? “For its cloud-based applications, DISA conducts a full SAS 70 audit.”

Why would the US military, with a 40-year history of computer security research and practice, use an auditing standard that is explicitly not intended to be applied to technical evaluations?

Can it really be the case that the GSA wants to apply FISMA to the cloud-based apps that are purchased from Google, SFDC, etc (see apps.gov), while the military wants to apply Statement of Accounting Standards Seven Zero to their in-house systems?

]]>