Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'certification'

The Dilemma that is Cloud

by Jay Heiser  |  June 3, 2013  |  1 Comment

Life in the cloud would be so much easier if there were only some sort of ‘cloud risk seal of approval’.  Most public cloud services seem to offer a reasonable risk proposition, but its extremely difficult to provide defensible evidence of this. A comprehensive and well-accepted ‘standard’ would go a long way towards bridging this […]

1 Comment »

Category: Cloud security     Tags: , ,

SAS 70 not a proof of security, privacy or ‘ccompliance’

by Jay Heiser  |  July 14, 2010  |  1 Comment

Gartner analysts have claimed that SAS 70 is being misused by many vendors and their customers.

1 Comment »

Category: Cloud IT Governance risk management security     Tags: , , , , ,

The SAS 70 Charade

by Jay Heiser  |  July 5, 2010  |  4 Comments

SAS 70 is  a) not a certification, b) not a standard, and c) isn’t meant to be applied the way it is being applied now.  To be fair, all service providers are under huge customer pressure to provide SAS 70, but instead of explaining their security, continuity, and recovery capabilities in more appropriate terms, most […]


Category: Cloud IT Governance risk management security Vendor Contracts     Tags: , , , ,

Why I’m ambiguous about SaaS email

by Jay Heiser  |  June 30, 2010  |  4 Comments

Ideally, there would be no sensitive data in email, or it would be encrypted.  Email is an unsafe, and unreliable service, and it leaks like a sieve. It was never meant to be ‘secure’, and it is not.  While careful administration and reliable technology can protect stored email from unauthorized access, hacking into PST files […]


Category: Applications Cloud risk management security Vendor Contracts     Tags: , , , , , ,