Jay Heiser

A member of the Gartner Blog Network

Entries Categorized as 'security'


All Your Phone Books Are Belong To Us

by Jay Heiser  |  October 6, 2014  |  1 Comment

We do not need to protect more data; we need to protect less.

1 Comment »

Category: risk management security     Tags: , , , , ,

Doctor, it hurts when I do this

by Jay Heiser  |  August 4, 2014  |  2 Comments

C: we are concerned about putting our email into the cloud. J: why? C: Somebody might look at it.  J: Somebody can already look at it, even when you do host your email server in house.  SMTP is a data leakage protocol, that isn’t designed to secure your data, but is intended to disseminate it […]

2 Comments »

Category: Cloud IT Governance risk management security     Tags: ,

Cloud sabotaged, all your data is permanently lost

by Jay Heiser  |  June 19, 2014  |  1 Comment

Code Spaces, a vendor that claimed to provide secure Source Code hosting and project management support, has just been forced to admit to their customers that they’ve been sabotaged by a cyber extortionist, and they probably cannot fully recover.   They put all their hopes, and all their customers’ data, into a single cloud, and it burst.  […]

1 Comment »

Category: Cloud IT Governance risk management security     Tags:

All your password are belong to us, or my heart bleeds

by Jay Heiser  |  April 11, 2014  |  2 Comments

Change all your passwords. Now. And then do it again in a week. Of course, there’s no evidence that any passwords have been exploited, but isn’t the lack of substantive evidence a suspicious fact in and of itself? It can be if you want it to be. My favorite presentation at the RSA Conference was […]

2 Comments »

Category: risk management security     Tags: ,

Unknown unknowns in the Cloud

by Jay Heiser  |  April 8, 2014  |  5 Comments

Its too bad that Dick Cheney’s awkward little epistemological speech has been so thoroughly politicized, turning an important risk management principle into an opportunity for derision.  Intelligence analysts, and IT analysts, need to be acutely aware of the limits of their knowledge, especially when making decisions about the how to take advantage of public cloud services. […]

5 Comments »

Category: Cloud IT Governance risk management security     Tags:

You have 2 weeks to pickup your cloud

by Jay Heiser  |  September 18, 2013  |  1 Comment

You’ve got 2 weeks to get several Petabytes of data from a dissipating cloud. Will you get it all back safely? Hundreds of Nirvanix customers are asking themselves that question right now. Although their web site remains blissfully mum about this unfortunate development, The Wall Street Journal is only one of several media organizations reporting […]

1 Comment »

Category: Cloud risk management security     Tags:

Everything is more better with Cyber on it

by Jay Heiser  |  September 13, 2013  |  2 Comments

Computer Security is dead; long live computer security.

2 Comments »

Category: risk management security     Tags: , ,

Everything is better with cyber on it

by Jay Heiser  |  June 14, 2013  |  1 Comment

Gartner security analysts are being bombarded with questions about CYBER security. Is this cyber reality, or cyber hype? A few years ago, we had seriously entertained the idea of creating a sort of ‘IT Buzz Term Hype Cycle’, that would map overused prefixes across trigger, hype, disillusionment, and productivity. At the time, ‘I-‘ had reached […]

1 Comment »

Category: risk management security     Tags: , , ,

The Dilemma that is Cloud

by Jay Heiser  |  June 3, 2013  |  1 Comment

Life in the cloud would be so much easier if there were only some sort of ‘cloud risk seal of approval’.  Most public cloud services seem to offer a reasonable risk proposition, but its extremely difficult to provide defensible evidence of this. A comprehensive and well-accepted ‘standard’ would go a long way towards bridging this […]

1 Comment »

Category: Cloud security     Tags: , ,

Why do you classify?

by Jay Heiser  |  May 29, 2013  |  Comments Off

Gartner clients have a lot of questions about the topic of data classification. It is a primary concept that has long been enshrined in the canon of computer security, yet in practice, it remains a concept that is impractical for the majority of non-military organizations to successfully apply. In 1998, information security pioneer Donn Parker […]

Comments Off

Category: IT Governance Policy security     Tags: