Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'security'


All your password are belong to us, or my heart bleeds

by Jay Heiser  |  April 11, 2014  |  2 Comments

Change all your passwords. Now. And then do it again in a week. Of course, there’s no evidence that any passwords have been exploited, but isn’t the lack of substantive evidence a suspicious fact in and of itself? It can be if you want it to be. My favorite presentation at the RSA Conference was […]

2 Comments »

Category: risk management security     Tags: ,

Everything is more better with Cyber on it

by Jay Heiser  |  September 13, 2013  |  2 Comments

Computer Security is dead; long live computer security.

2 Comments »

Category: risk management security     Tags: , ,

Peter G. Neumann on Cloud Risks

by Jay Heiser  |  November 28, 2012  |  1 Comment

Anyone with a stake in the overall success of cloud computing should take a few minutes to read the recent NYT interview with Peter G. Neumann, a highly-respected computer security researcher who, now entering his 9th decade, continues to do ground breaking work on digital reliability. Commercial cloud computing creates new levels of urgency for […]

1 Comment »

Category: BCP/DR Cloud risk management security     Tags: , , ,

Definition: Service Provider Security Evaluation

by Jay Heiser  |  August 10, 2012  |  2 Comments

The process in which the buyer asks a random list of questions that might have some minor relevance to some aspect of a provider’s security posture, and the potential provider pretends to answer them.

2 Comments »

Category: Cloud risk management security     Tags: , , ,

Passwords are dead; long live the password

by Jay Heiser  |  August 1, 2012  |  1 Comment

I spent a frustrating 5 minutes this weekend enduring a forced password change on a retirement account containing $400. I was sure that the randomly generated and completely unmemorizable string my password utility came up with exceeded 7 characters, contained upper and lower case letters, at least 1 number, and a special character. It finally […]

1 Comment »

Category: security     Tags: , , , , , ,

Megaupload is world’s biggest hot potato

by Jay Heiser  |  February 3, 2012  |  1 Comment

The dozens of petabytes of Megaupload data belonging to millions of Internet users is manifesting itself as a giant hot potato, currently burning a cashflow and PR hole into the bottom lines of several global hosting firms.

1 Comment »

Category: Cloud risk management security     Tags: ,

Megaupload’s Black Swan Song

by Jay Heiser  |  February 1, 2012  |  Comments Off

Last November, Gartner analyst Richard Hunter and I published research entitled ‘Black Swans’ Are Sure to Fly in the Public Cloud.  Based on ideas popularized by Nassim Nicholas Taleb (The Black Swan: The Impact of the Highly Improbable, Random House, 2007), we strongly urged the users of cloud-based services to plan for the possibility of “severe failure with […]

Comments Off

Category: Cloud risk management security     Tags: ,

Mega Retrieval

by Jay Heiser  |  January 31, 2012  |  Comments Off

Leverage and scale are two of the most fascinating aspects of Cloud Computing. In one fell swoop, the US Department of Justice burst Megaupload’s cloud, sending a loud anti-piracy message.

Comments Off

Category: Cloud security     Tags: ,

How much of your data is lost at Megaupload?

by Jay Heiser  |  January 30, 2012  |  4 Comments

It is almost certainly the case that individuals within thousands of organizations, having decided that Megaupload was a useful service, had uploaded corporate data into it. If that data wasn’t backed up, it is probably gone for good.

4 Comments »

Category: Cloud security     Tags: ,

All employees must obey the law!

by Jay Heiser  |  December 14, 2011  |  Comments Off

Even worse is a policy statement such as “all employees must obey all applicable laws.” What reasonable person would disagree with that requirement? For a start, I would.

Comments Off

Category: IT Governance risk management security     Tags: , ,