by Jay Heiser | December 1, 2011 | 1 Comment
Its been suggested more than once that avoiding public cloud computing is tantamount to keeping your money in a mattress. Given what’s happened over the last 4 years, why would anyone automatically assume that the use of banks represents a low level of risk?
Category: Cloud risk management security Tags: backups, disaster recovery
by Jay Heiser | November 28, 2011 | 2 Comments
With the understanding that I am not a lawyer, and Gartner is not a law firm, here’s my brief summary of the contractual language dealing with SaaS security as provided by a prominent vendor: We believe that we obey the law. If there are any questions pertaining to how your data is handled within our [...]
Category: Cloud risk management security Vendor Contracts Tags: disaster recovery
by Jay Heiser | November 2, 2011 | 1 Comment
Its easy to imagine a smallish procurement shop in which the only person to have been sent a warning was on a 2-week vacation, and won’t get around to reading about it until it is several days too late to download their only copy of several years worth of past and current purchasing data.
Category: Applications Cloud risk management Tags: cloud failure, continuity, data loss, disaster recovery, outsourcing, recovery, SaaS, vendor lockin, vendor viability
by Jay Heiser | August 29, 2011 | Comments Off
After days of constant media and social networking attention, and after stern warnings from governors of multiple states, Irene has had the bad graces to spread herself so thinly that nothing truly dramatic happened (well, other than the several dozen people who have died, the several dozen houses that have been knocked over, the disappearance [...]
Comments Off
Category: risk management Tags: disaster preparedness, disaster recovery, hurricane, Irene
by Jay Heiser | August 10, 2011 | 3 Comments
A common natural disaster strikes, the high availability mechanisms don’t work, a recovery mechanism turns out to be broken, and fixing it takes a long time….because it is a cloud.
Category: Cloud risk management Tags: cloud disaster, disaster recovery, recovery
by Jay Heiser | July 5, 2011 | 1 Comment
I get a never-ending stream of questions that usually amounts to something like “What control tasks do I need to do to be sure that this SaaS service we are going to use will be adequately secure?” Unfortunately, at this point in time, SaaS providers offer relatively little support for enterprise control over anything. Assuming that the [...]
Category: Applications Cloud IAM IT Governance risk management security Vendor Contracts Tags: backups, BCP/DR, Cloud, cloud security, continuity, disaster recovery, information security, malware, phishing, Trojan horse, vendor risk
by Jay Heiser | May 30, 2011 | Comments Off
The Commonwealth of Virginia has recently announced that they have settled up with their service provider, Northrup Grumman, over an incident last year that apparently brought down 3/4 of state applications, resulted in the loss of a several days worth of drivers license photos, and forced state offices to open on weekends. Compensation to the state, [...]
Comments Off
Category: Cloud risk management Tags: backups, BCP/DR, continuity, critical infrastructure, disaster recovery, risk management, Security-Summit-NA, storage
by Jay Heiser | May 23, 2011 | 1 Comment
Its not surprising that as a technology approaches the top of the Hype Cycle, some of the vendors turn their Spin Cycle up to 11, which means there are going to be some disappointed buyers, especially those with high expectations for data encryption, and data recovery.
Category: Cloud IT Governance risk management security Vendor Contracts Tags: Cloud, cloud security, continuity, disaster recovery, information security, infosec, outsourcing, risk management, security, Security-Summit-NA, vendor risk
by Jay Heiser | May 10, 2011 | 1 Comment
Commercial cloud computing raises two significant disaster recovery issues: What is the cloud provider’s ability to recover their own services? What is the enterprise’s ability to obtain an alternative to a vendor that can’t recover themselves? To the extent that cloud computing actually exists, and actually is a new model, we have to consider that [...]
Category: Cloud risk management security Tags: Cloud, cloud security, continuity, disaster recovery, Security-Summit-NA
by Jay Heiser | May 9, 2011 | Comments Off
Is it really possible that a single attack can simultaneously impact 100,000,000 people? Multi-tenancy truly gives new significance to concerns about monoculture risk.
Comments Off
Category: Cloud IT Governance risk management security Tags: backups, BCP/DR, Cloud, cloud security, continuity, critical infrastructure, disaster recovery, risk assessment, risk management, security, Security-Summit-NA
