by Jay Heiser | November 28, 2011 | 2 Comments
With the understanding that I am not a lawyer, and Gartner is not a law firm, here’s my brief summary of the contractual language dealing with SaaS security as provided by a prominent vendor: We believe that we obey the law. If there are any questions pertaining to how your data is handled within our [...]
Category: Cloud risk management security Vendor Contracts Tags: disaster recovery
by Jay Heiser | November 17, 2011 | 2 Comments
An SLA from a public cloud service promising some sort of recoverability is a crow feather, clutched in the trunk of the enterprise elephant, providing them the false courage to be willing to fly in the public cloud.
Category: Cloud risk management Vendor Contracts Tags: continuity, contract, Dumbo, feather, recovery, SLA
by Jay Heiser | November 9, 2011 | 1 Comment
In the olden days, the business viability of your local book store had absolutely no impact on your ability to read whatever you might have bought from them. In the digital world, your continued ability to use rights-managed content, be it music, video, or books, is completely dependent upon the willingness and ability of a service to support it on your device.
Category: Applications Cloud risk management security Tags: DRM, rights management, vendor lockin
by Jay Heiser | November 2, 2011 | 1 Comment
Its easy to imagine a smallish procurement shop in which the only person to have been sent a warning was on a 2-week vacation, and won’t get around to reading about it until it is several days too late to download their only copy of several years worth of past and current purchasing data.
Category: Applications Cloud risk management Tags: cloud failure, continuity, data loss, disaster recovery, outsourcing, recovery, SaaS, vendor lockin, vendor viability
by Jay Heiser | October 10, 2011 | 1 Comment
I ask you to take a silent moment to try to visualize the sort of infosec security failure that would be solved with scooters.
Category: Cloud risk management security Tags: BCP, Cloud, security, symposium, transparency
by Jay Heiser | October 5, 2011 | 1 Comment
The truth of the matter is that the provider actually has no idea of the likelihood of a loss event within their own offering. If a failure occurred, it could impact all of their customers simultaneously. No cloud service provider has enough cash on hand to cover that portfolio risk, and they can’t find any insurer willing to underwrite it.
Category: Cloud risk management security Tags: Cloud, contracts, risk management, symposium
by Jay Heiser | September 29, 2011 | 1 Comment
What good is a fresh password if it is sitting on top of stale security technology? The history of computer security suggests that attention to the code is at least as important as operational processes.
Category: Applications Cloud IT Governance risk management security Tags: history, history of security, security history, security testing
by Jay Heiser | August 10, 2011 | 3 Comments
A common natural disaster strikes, the high availability mechanisms don’t work, a recovery mechanism turns out to be broken, and fixing it takes a long time….because it is a cloud.
Category: Cloud risk management Tags: cloud disaster, disaster recovery, recovery
by Jay Heiser | July 8, 2011 | 1 Comment
Just as the transition from a physically-secure batch-oriented environment to a remotely-accessible multi-tasking/multi-user environment had huge implications for security, the evolution from multi-user host-based environments to multi-tenant cloud-based environments represents an equally significant security challenge.
Category: Cloud risk management security Virtualization Tags: architecture, system internals
by Jay Heiser | July 5, 2011 | 1 Comment
I get a never-ending stream of questions that usually amounts to something like “What control tasks do I need to do to be sure that this SaaS service we are going to use will be adequately secure?” Unfortunately, at this point in time, SaaS providers offer relatively little support for enterprise control over anything. Assuming that the [...]
Category: Applications Cloud IAM IT Governance risk management security Vendor Contracts Tags: backups, BCP/DR, Cloud, cloud security, continuity, disaster recovery, information security, malware, phishing, Trojan horse, vendor risk
