Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'disaster recovery'

Is a cloud safer than a mattress?

by Jay Heiser  |  December 1, 2011  |  1 Comment

Its been suggested more than once that avoiding public cloud computing is tantamount to keeping your money in a mattress. Given what’s happened over the last 4 years, why would anyone automatically assume that the use of banks represents a low level of risk?

1 Comment »

Category: Cloud risk management security     Tags: ,

Bulletproof Contracts

by Jay Heiser  |  November 28, 2011  |  2 Comments

With the understanding that I am not a lawyer, and Gartner is not a law firm, here’s my brief summary of the contractual language dealing with SaaS security as provided by a prominent vendor: We believe that we obey the law.  If there are any questions pertaining to how your data is handled within our […]


Category: Cloud risk management security Vendor Contracts     Tags:

Uh, oh, Mumboe! You have 2 weeks to get your data

by Jay Heiser  |  November 2, 2011  |  1 Comment

Its easy to imagine a smallish procurement shop in which the only person to have been sent a warning was on a 2-week vacation, and won’t get around to reading about it until it is several days too late to download their only copy of several years worth of past and current purchasing data.

1 Comment »

Category: Applications Cloud risk management     Tags: , , , , , , , ,

Hurricane Hype?

by Jay Heiser  |  August 29, 2011  |  Comments Off

After days of constant media and social networking attention, and after stern warnings from governors of multiple states, Irene has had the bad graces to spread herself so thinly that nothing truly dramatic happened (well, other than the several dozen people who have died, the several dozen houses that have been knocked over, the disappearance […]

Comments Off

Category: risk management     Tags: , , ,

For want of a nail, the cloud was lost

by Jay Heiser  |  August 10, 2011  |  3 Comments

A common natural disaster strikes, the high availability mechanisms don’t work, a recovery mechanism turns out to be broken, and fixing it takes a long time….because it is a cloud.


Category: Cloud risk management     Tags: , ,

Are you the SaaS Scapegoat?

by Jay Heiser  |  July 5, 2011  |  1 Comment

I get a never-ending stream of questions that usually amounts to something like “What control tasks do I need to do to be sure that this SaaS service we are going to use will be adequately secure?” Unfortunately, at this point in time, SaaS providers offer relatively little support for enterprise control over anything.  Assuming that the […]

1 Comment »

Category: Applications Cloud IAM IT Governance risk management security Vendor Contracts     Tags: , , , , , , , , , ,

Yes, Virginia, there are single points of failure

by Jay Heiser  |  May 30, 2011  |  Comments Off

The Commonwealth of Virginia has recently announced that they have settled up with their service provider, Northrup Grumman, over an incident last year that apparently brought down 3/4 of state applications, resulted in the loss of a several days worth of drivers license photos, and forced state offices to open on weekends.  Compensation to the state, […]

Comments Off

Category: Cloud risk management     Tags: , , , , , , ,

SaaS Translation: What your Service Provider REALLY Means

by Jay Heiser  |  May 23, 2011  |  1 Comment

Its not surprising that as a technology approaches the top of the Hype Cycle, some of the vendors turn their Spin Cycle up to 11, which means there are going to be some disappointed buyers, especially those with high expectations for data encryption, and data recovery.

1 Comment »

Category: Cloud IT Governance risk management security Vendor Contracts     Tags: , , , , , , , , , ,

How long does it take to reboot a cloud?

by Jay Heiser  |  May 10, 2011  |  1 Comment

Commercial cloud  computing raises two significant disaster recovery issues: What is the cloud provider’s ability to recover their own services? What is the enterprise’s ability to obtain an alternative to a vendor that can’t recover themselves? To the extent that cloud computing actually exists, and actually is a new model, we have to consider that […]

1 Comment »

Category: Cloud risk management security     Tags: , , , ,

Diversity is nature’s way of managing portfolio risk

by Jay Heiser  |  May 9, 2011  |  Comments Off

Is it really possible that a single attack can simultaneously impact 100,000,000 people? Multi-tenancy truly gives new significance to concerns about monoculture risk.

Comments Off

Category: Cloud IT Governance risk management security     Tags: , , , , , , , , , ,