by Jay Heiser | February 14, 2012 | Submit a Comment
While I would hope that the CEO of a major technology firm (albeit a somewhat diminished firm in this case) does not have a copy of the root password, the idea of ‘executive privilege’ maybe needs to be rethought.
Category: security Tags: authentication, hacking, passwords
by Jay Heiser | February 3, 2012 | 1 Comment
The dozens of petabytes of Megaupload data belonging to millions of Internet users is manifesting itself as a giant hot potato, currently burning a cashflow and PR hole into the bottom lines of several global hosting firms.
Category: Cloud risk management security Tags: Cloud, security
by Jay Heiser | February 1, 2012 | Comments Off
Last November, Gartner analyst Richard Hunter and I published research entitled ‘Black Swans’ Are Sure to Fly in the Public Cloud. Based on ideas popularized by Nassim Nicholas Taleb (The Black Swan: The Impact of the Highly Improbable, Random House, 2007), we strongly urged the users of cloud-based services to plan for the possibility of ”severe failure with [...]
Comments Off
Category: Cloud risk management security Tags: Cloud, security
by Jay Heiser | January 31, 2012 | Comments Off
Leverage and scale are two of the most fascinating aspects of Cloud Computing. In one fell swoop, the US Department of Justice burst Megaupload’s cloud, sending a loud anti-piracy message.
Comments Off
by Jay Heiser | January 30, 2012 | 4 Comments
It is almost certainly the case that individuals within thousands of organizations, having decided that Megaupload was a useful service, had uploaded corporate data into it. If that data wasn’t backed up, it is probably gone for good.
by Jay Heiser | December 23, 2011 | 2 Comments
Demanding that users not write down their passwords is a quarterly opportunity to send the message that security policy is a useless bureaucratic exercise.
Category: Cloud IT Governance risk management security Tags: passwords, policy
by Jay Heiser | December 14, 2011 | Comments Off
Even worse is a policy statement such as “all employees must obey all applicable laws.” What reasonable person would disagree with that requirement? For a start, I would.
Comments Off
Category: IT Governance risk management security Tags: law, policy, security
by Jay Heiser | December 1, 2011 | 1 Comment
Its been suggested more than once that avoiding public cloud computing is tantamount to keeping your money in a mattress. Given what’s happened over the last 4 years, why would anyone automatically assume that the use of banks represents a low level of risk?
Category: Cloud risk management security Tags: backups, disaster recovery
by Jay Heiser | November 28, 2011 | 2 Comments
With the understanding that I am not a lawyer, and Gartner is not a law firm, here’s my brief summary of the contractual language dealing with SaaS security as provided by a prominent vendor: We believe that we obey the law. If there are any questions pertaining to how your data is handled within our [...]
Category: Cloud Vendor Contracts risk management security Tags: disaster recovery
by Jay Heiser | November 9, 2011 | 1 Comment
In the olden days, the business viability of your local book store had absolutely no impact on your ability to read whatever you might have bought from them. In the digital world, your continued ability to use rights-managed content, be it music, video, or books, is completely dependent upon the willingness and ability of a service to support it on your device.
Category: Applications Cloud risk management security Tags: DRM, rights management, vendor lockin
