Jay Heiser

A member of the Gartner Blog Network

Archives for April, 2012


SaaS is a Simon Says World

by Jay Heiser  |  April 26, 2012  |  Comments Off

When you buy SaaS, you get what is written on the box.  Well, you get what is written on the virtual box. That text may consist of page after page of dense legalese that puts a higher level of emphasis on what you do NOT get than what you DO get.   Consumer-oriented agreements often amount [...]

Comments Off

Category: Cloud IT Governance Policy risk management security Vendor Contracts     Tags: , , , , , ,

You may not write down unmemorizable passwords

by Jay Heiser  |  April 19, 2012  |  1 Comment

I frequently see end user policies that contain the following two elements: Passwords must be so complex that they cannot be guessed Passwords may not be written down This is almost a model case of perfectly secure and perfectly unusable. I say almost, because the unfortunate fact of the matter is that strong passwords only [...]

1 Comment »

Category: Policy security     Tags: , , , ,

It is against our policy to commit sabotage

by Jay Heiser  |  April 18, 2012  |  Comments Off

A significant number of enterprise IT policies include some sort of prohibition against the use of computer viruses, interference with the network, and other forms of deliberate harm.  Is it really the case that without a policy against it, some employees will insist on using malware to destroy their PC and attempt to bring down [...]

Comments Off

Category: IT Governance Policy     Tags: , ,

MegaCosts for Maintaining MegaUpload

by Jay Heiser  |  April 16, 2012  |  Comments Off

Sometimes when you spend a week on vacation, you like to leave work behind, so I was a little bit surprised during my morning coffee last week to hear an NPR story on MegaUpload. They managed to find someone who, through explainable circumstances, had lost all other copies of his valuable files, leaving the inaccessible [...]

Comments Off

Category: Cloud risk management     Tags: , ,