by Jay Heiser | April 26, 2012 | Comments Off
When you buy SaaS, you get what is written on the box. Well, you get what is written on the virtual box. That text may consist of page after page of dense legalese that puts a higher level of emphasis on what you do NOT get than what you DO get. Consumer-oriented agreements often amount [...]
Comments Off
Category: Cloud IT Governance Policy risk management security Vendor Contracts Tags: Cloud, contracts, lawyers, legalese, SaaS, SLA, SLAs
by Jay Heiser | April 16, 2012 | Comments Off
Sometimes when you spend a week on vacation, you like to leave work behind, so I was a little bit surprised during my morning coffee last week to hear an NPR story on MegaUpload. They managed to find someone who, through explainable circumstances, had lost all other copies of his valuable files, leaving the inaccessible [...]
Comments Off
Category: Cloud risk management Tags: Cloud, cloud risks, Megaupload
by Jay Heiser | February 3, 2012 | 1 Comment
The dozens of petabytes of Megaupload data belonging to millions of Internet users is manifesting itself as a giant hot potato, currently burning a cashflow and PR hole into the bottom lines of several global hosting firms.
Category: Cloud risk management security Tags: Cloud, security
by Jay Heiser | February 1, 2012 | Comments Off
Last November, Gartner analyst Richard Hunter and I published research entitled ‘Black Swans’ Are Sure to Fly in the Public Cloud. Based on ideas popularized by Nassim Nicholas Taleb (The Black Swan: The Impact of the Highly Improbable, Random House, 2007), we strongly urged the users of cloud-based services to plan for the possibility of ”severe failure with [...]
Comments Off
Category: Cloud risk management security Tags: Cloud, security
by Jay Heiser | January 31, 2012 | Comments Off
Leverage and scale are two of the most fascinating aspects of Cloud Computing. In one fell swoop, the US Department of Justice burst Megaupload’s cloud, sending a loud anti-piracy message.
Comments Off
by Jay Heiser | January 30, 2012 | 4 Comments
It is almost certainly the case that individuals within thousands of organizations, having decided that Megaupload was a useful service, had uploaded corporate data into it. If that data wasn’t backed up, it is probably gone for good.
by Jay Heiser | October 10, 2011 | 1 Comment
I ask you to take a silent moment to try to visualize the sort of infosec security failure that would be solved with scooters.
Category: Cloud risk management security Tags: BCP, Cloud, security, symposium, transparency
by Jay Heiser | October 5, 2011 | 1 Comment
The truth of the matter is that the provider actually has no idea of the likelihood of a loss event within their own offering. If a failure occurred, it could impact all of their customers simultaneously. No cloud service provider has enough cash on hand to cover that portfolio risk, and they can’t find any insurer willing to underwrite it.
Category: Cloud risk management security Tags: Cloud, contracts, risk management, symposium
by Jay Heiser | July 5, 2011 | 1 Comment
I get a never-ending stream of questions that usually amounts to something like “What control tasks do I need to do to be sure that this SaaS service we are going to use will be adequately secure?” Unfortunately, at this point in time, SaaS providers offer relatively little support for enterprise control over anything. Assuming that the [...]
Category: Applications Cloud IAM IT Governance risk management security Vendor Contracts Tags: backups, BCP/DR, Cloud, cloud security, continuity, disaster recovery, information security, malware, phishing, Trojan horse, vendor risk
by Jay Heiser | May 23, 2011 | 1 Comment
Its not surprising that as a technology approaches the top of the Hype Cycle, some of the vendors turn their Spin Cycle up to 11, which means there are going to be some disappointed buyers, especially those with high expectations for data encryption, and data recovery.
Category: Cloud IT Governance risk management security Vendor Contracts Tags: Cloud, cloud security, continuity, disaster recovery, information security, infosec, outsourcing, risk management, security, Security-Summit-NA, vendor risk
