by Jay Heiser | November 28, 2011 | 2 Comments
With the understanding that I am not a lawyer, and Gartner is not a law firm, here’s my brief summary of the contractual language dealing with SaaS security as provided by a prominent vendor: We believe that we obey the law. If there are any questions pertaining to how your data is handled within our [...]
Category: Cloud risk management security Vendor Contracts Tags: disaster recovery
by Jay Heiser | November 17, 2011 | 2 Comments
An SLA from a public cloud service promising some sort of recoverability is a crow feather, clutched in the trunk of the enterprise elephant, providing them the false courage to be willing to fly in the public cloud.
Category: Cloud risk management Vendor Contracts Tags: continuity, contract, Dumbo, feather, recovery, SLA
by Jay Heiser | November 9, 2011 | 1 Comment
In the olden days, the business viability of your local book store had absolutely no impact on your ability to read whatever you might have bought from them. In the digital world, your continued ability to use rights-managed content, be it music, video, or books, is completely dependent upon the willingness and ability of a service to support it on your device.
Category: Applications Cloud risk management security Tags: DRM, rights management, vendor lockin
by Jay Heiser | November 2, 2011 | 1 Comment
Its easy to imagine a smallish procurement shop in which the only person to have been sent a warning was on a 2-week vacation, and won’t get around to reading about it until it is several days too late to download their only copy of several years worth of past and current purchasing data.
Category: Applications Cloud risk management Tags: cloud failure, continuity, data loss, disaster recovery, outsourcing, recovery, SaaS, vendor lockin, vendor viability
by Jay Heiser | October 10, 2011 | 1 Comment
I ask you to take a silent moment to try to visualize the sort of infosec security failure that would be solved with scooters.
Category: Cloud risk management security Tags: BCP, Cloud, security, symposium, transparency
by Jay Heiser | October 5, 2011 | 1 Comment
The truth of the matter is that the provider actually has no idea of the likelihood of a loss event within their own offering. If a failure occurred, it could impact all of their customers simultaneously. No cloud service provider has enough cash on hand to cover that portfolio risk, and they can’t find any insurer willing to underwrite it.
Category: Cloud risk management security Tags: Cloud, contracts, risk management, symposium
by Jay Heiser | September 29, 2011 | 1 Comment
What good is a fresh password if it is sitting on top of stale security technology? The history of computer security suggests that attention to the code is at least as important as operational processes.
Category: Applications Cloud IT Governance risk management security Tags: history, history of security, security history, security testing
by Jay Heiser | August 29, 2011 | Comments Off
After days of constant media and social networking attention, and after stern warnings from governors of multiple states, Irene has had the bad graces to spread herself so thinly that nothing truly dramatic happened (well, other than the several dozen people who have died, the several dozen houses that have been knocked over, the disappearance [...]
Comments Off
Category: risk management Tags: disaster preparedness, disaster recovery, hurricane, Irene
by Jay Heiser | August 25, 2011 | Comments Off
Tuesday afternoon, I was using my cell phone on a conference call when my chair started hopping up and down. I never lost my phone connections, but text messages were delayed and even an hour after the quake, co-workers were reporting difficulties in phoning me. Unsurprisingly after such an unusual event, people wanted to talk [...]
Comments Off
Category: risk management Tags: BCP/DR, continuity, emergency preparedness
by Jay Heiser | August 10, 2011 | 3 Comments
A common natural disaster strikes, the high availability mechanisms don’t work, a recovery mechanism turns out to be broken, and fixing it takes a long time….because it is a cloud.
Category: Cloud risk management Tags: cloud disaster, disaster recovery, recovery
