Archives for February, 2010
by Jay Heiser | February 26, 2010 | Comments Off
YouTube has arguably seen far too many ‘remixes’ of a dramatic scene from the WWII flick “Downfall” (Der Untergang), but this new one, “Hitler and Cloud Computing,” hits the cloudsec nail right on the head. Thanks to Gunnar Peterson and Marcus Ranum.
Category: Uncategorized Tags: Cloud, cloud computing risks, cloud computing security
by Jay Heiser | February 24, 2010 | 1 Comment
I’m concerned that we’re going to legally mandate the application of last century’s standards and practices (SAS 70, FISMA, etc) to new computing models that we have only begun to understand. I’m in favor of revisiting the US privacy regulations, but it would be premature to apply them to cloud computing in any highly specific way. Commercial and goverment entities that want to store PII in unproven multi-tenanted services should be held accountable if that experiment fails.
Category: Uncategorized Tags: Cloud, PII, privacy, privacy regulation, regulation, regulatory compliance, risk assessment, security, US Congress
by Jay Heiser | February 9, 2010 | Comments Off
A man walks into a physician’s office and says “Doctor, it hurts when I use my computer.” The physician replies, “then don’t use your computer.” A dumb old joke or a wise observation on human nature? I receive several calls a week from people looking for the best practices on managing cloud computing security and [...]
Category: Uncategorized Tags: Cloud, cloud security, information security, infosec, risk assessment, risk management
by Jay Heiser | February 8, 2010 | Comments Off
I really do not want to see some new Department of Internet Security closing examining my privates every time I take a flight on the Internet.
Category: Uncategorized Tags: congress, cyber security, cyberczar, information security, infosec, Internet security, politics, regulation, security
by Jay Heiser | February 1, 2010 | 5 Comments
When the global financial services firms melted down in late 2007, much of the blame was attributed to an over-reliance on a highly-leveraged financial abstraction called a Collateralized Debt Obligation (CDO). As described in a recent blog entry by Gartner analyst Andrew White, Cheap money, sloshing around the place, feeding an insatiable growth in demand [...]
Category: Cloud risk management security Tags: CDO, Cloud, cloud risks, cloud security, risk assessment, vendor viability