Jay Heiser

A member of the Gartner Blog Network

Archives for May, 2011


Yes, Virginia, there are single points of failure

by Jay Heiser  |  May 30, 2011  |  Comments Off

The Commonwealth of Virginia has recently announced that they have settled up with their service provider, Northrup Grumman, over an incident last year that apparently brought down 3/4 of state applications, resulted in the loss of a several days worth of drivers license photos, and forced state offices to open on weekends.  Compensation to the state, [...]

Comments Off

Category: Cloud risk management     Tags: , , , , , , ,

Breach Loading? Disappointing New Presidential Proposal

by Jay Heiser  |  May 26, 2011  |  Comments Off

I hesitate to suggest that what the world really needs are more laws, but it is not reasonable is not reasonable to suggest painting some lipstick on the breach notification pig and then taking credit for protecting consumers.

Comments Off

Category: IT Governance risk management security     Tags: , , , , , ,

SaaS Translation: What your Service Provider REALLY Means

by Jay Heiser  |  May 23, 2011  |  1 Comment

Its not surprising that as a technology approaches the top of the Hype Cycle, some of the vendors turn their Spin Cycle up to 11, which means there are going to be some disappointed buyers, especially those with high expectations for data encryption, and data recovery.

1 Comment »

Category: Cloud IT Governance risk management security Vendor Contracts     Tags: , , , , , , , , , ,

Time for a rant about passwords

by Jay Heiser  |  May 13, 2011  |  Comments Off

How much mental anguish is the result of ignorant accounting grads working for Big 4s, struggling to find SOX-relevancy, totally oblivious to the huge amount of HCI research that has been done on the topics of passwords, so ignorant to the history of computer security that they don’t recognize they are demanding the use of pre-network, pre-malware controls that were developed by mathematicians who were completely ignoring human factors.

Comments Off

Category: risk management security     Tags: , , , , , , ,

Your Suppliers Don’t Have Your Goals

by Jay Heiser  |  May 11, 2011  |  Comments Off

Your company will usually do whatever it needs to do to survive—so will your supplier. They are not marching to your music, they are not heading towards the same goal line, they are not thinking your thoughts, and their ultimate loyalty is to themselves, not to you.

Comments Off

Category: Cloud risk management Vendor Contracts     Tags: , , , , , ,

How long does it take to reboot a cloud?

by Jay Heiser  |  May 10, 2011  |  1 Comment

Commercial cloud  computing raises two significant disaster recovery issues: What is the cloud provider’s ability to recover their own services? What is the enterprise’s ability to obtain an alternative to a vendor that can’t recover themselves? To the extent that cloud computing actually exists, and actually is a new model, we have to consider that [...]

1 Comment »

Category: Cloud risk management security     Tags: , , , ,

Diversity is nature’s way of managing portfolio risk

by Jay Heiser  |  May 9, 2011  |  Comments Off

Is it really possible that a single attack can simultaneously impact 100,000,000 people? Multi-tenancy truly gives new significance to concerns about monoculture risk.

Comments Off

Category: Cloud IT Governance risk management security     Tags: , , , , , , , , , ,

Butterfly Wings and Nuclear Bombs

by Jay Heiser  |  May 6, 2011  |  Comments Off

It is easier to build a nuclear bomb shelter than it is to anticipate every stroke of the software butterfly’s wing that might cascade into a cloud data storm.

Comments Off

Category: Cloud risk management     Tags: , , , , , , ,

Harry Potter, Egg Baskets and Cloud Computing

by Jay Heiser  |  May 5, 2011  |  1 Comment

The final book in the Harry Potter series would have been an extremely short one if Voldemort had chosen to place all his eggs into a single basket.

1 Comment »

Category: Cloud risk management security     Tags: , , , ,

The other problem with the utility metaphor

by Jay Heiser  |  May 4, 2011  |  1 Comment

Commercial cloud computing is like sending your rings, bracelets, and brooches out to be repaired–the service provider has your family jewels in hand. Unlike a CSP, a power company doesn’t have possession of your means of production or your IP, a signficant loss potential that is also missing from the utility trope.

1 Comment »

Category: Cloud IT Governance risk management security     Tags: , , ,