by Jay Heiser | November 28, 2012 | 1 Comment
Anyone with a stake in the overall success of cloud computing should take a few minutes to read the recent NYT interview with Peter G. Neumann, a highly-respected computer security researcher who, now entering his 9th decade, continues to do ground breaking work on digital reliability. Commercial cloud computing creates new levels of urgency for [...]
Category: BCP/DR Cloud risk management security Tags: complexity, Peter G. Neumann, security, security history
by Jay Heiser | August 10, 2012 | 2 Comments
The process in which the buyer asks a random list of questions that might have some minor relevance to some aspect of a provider’s security posture, and the potential provider pretends to answer them.
Category: Cloud risk management security Tags: cloud computing risk, cloud security standards, risk assessment, security
by Jay Heiser | August 1, 2012 | 1 Comment
I spent a frustrating 5 minutes this weekend enduring a forced password change on a retirement account containing $400. I was sure that the randomly generated and completely unmemorizable string my password utility came up with exceeded 7 characters, contained upper and lower case letters, at least 1 number, and a special character. It finally [...]
Category: security Tags: authentication, Dropbox, hacking, password slurping, passwords, SaaS security, security
by Jay Heiser | February 3, 2012 | 1 Comment
The dozens of petabytes of Megaupload data belonging to millions of Internet users is manifesting itself as a giant hot potato, currently burning a cashflow and PR hole into the bottom lines of several global hosting firms.
Category: Cloud risk management security Tags: Cloud, security
by Jay Heiser | February 1, 2012 | Comments Off
Last November, Gartner analyst Richard Hunter and I published research entitled ‘Black Swans’ Are Sure to Fly in the Public Cloud. Based on ideas popularized by Nassim Nicholas Taleb (The Black Swan: The Impact of the Highly Improbable, Random House, 2007), we strongly urged the users of cloud-based services to plan for the possibility of ”severe failure with [...]
Comments Off
Category: Cloud risk management security Tags: Cloud, security
by Jay Heiser | January 31, 2012 | Comments Off
Leverage and scale are two of the most fascinating aspects of Cloud Computing. In one fell swoop, the US Department of Justice burst Megaupload’s cloud, sending a loud anti-piracy message.
Comments Off
by Jay Heiser | January 30, 2012 | 4 Comments
It is almost certainly the case that individuals within thousands of organizations, having decided that Megaupload was a useful service, had uploaded corporate data into it. If that data wasn’t backed up, it is probably gone for good.
by Jay Heiser | December 14, 2011 | Comments Off
Even worse is a policy statement such as “all employees must obey all applicable laws.” What reasonable person would disagree with that requirement? For a start, I would.
Comments Off
Category: IT Governance risk management security Tags: law, policy, security
by Jay Heiser | October 10, 2011 | 1 Comment
I ask you to take a silent moment to try to visualize the sort of infosec security failure that would be solved with scooters.
Category: Cloud risk management security Tags: BCP, Cloud, security, symposium, transparency
by Jay Heiser | June 14, 2011 | Comments Off
In the worst of cases, a figurehead is appointed to give the impression that the problem is being taken care of. This is tantamount to putting a fig leaf over a sucking chest wound.
Comments Off
Category: IT Governance risk management security Tags: CISO, security, Security-Summit-NA
