Author Archive
The Phenomenon of BYOD
Bring Your Own Device (BYOD) phenomenon started when smartphones and tablets with more convenient form factor became ubiquitous among consumers. These devices with their touch-screen interfaces and powerful processors allow employees who brought them to work to be more productive on the go. Assuming of course they could somehow get connected to the in-house WiFi.
Changing the Dynamics of IT Planning
Most organizations spend a large portion of their IT budget “keeping the lights on” and maintaining the status quo, save for a couple of major initiatives. Each of those initiatives undergoes a business analysis and total cost of ownership review and with great fanfare begins the journey to completion. The fallacy of this planning approach
Is a Private Cloud Solution to PCI?
Enterprises at the early stages of cloud adoption are deploying private clouds and internal cloudlets, which can be thought of as local access points and logical divisions of their own larger infrastructure. Private clouds are characterized by scalability through virtualization but the actual physical infrastructure is kept local to the Enterprise. This provides scalability and
Who is responsible for risk mitigation in the Cloud?
RISK THREAT MITIGATING PARTY Insecure, Porous APIs Man in the middle, content threats, code injection, DoS attacks § Enterprise and Cloud Provider Logical Multi-Tenancy Virtual machine attacks, malicious code execution, comingled tenant data § Cloud Provider Data Protection and Confidentiality Reduced confidentiality and privacy for private data stored in the clear at the cloud provider
Security Risks in the Cloud
Security risks are concrete negative expressions businesses face when considering moving critical business systems to the cloud. Enterprises should make “demands” and ensure compliance of the cloud provider through the use of contracts or third party audits, but in reality the market will determine the amount of security provided to Enterprises by cloud service providers
Barriers to Cloud Adoption
Many businesses are reluctant to deploy cloud-based services for their core mission-critical applications. Large and medium sized companies that have supporting IT organizations, have striven to increase vertical backward integration of core business processes. Businesses believe that they inherently gain more certainty, control and competitive advantage by directly owning the data critical to their line
Security in the Cloud and Elsewhere
Security, in the cloud or elsewhere, is a crucial topic that could fill many pages. There are however a smaller number of summary requirements that should be examined by IT architects. As companies move or build solutions in the cloud, having a consistent security model is vital to simplify development and to avoid vendor lock-in
Security Certifications and Promoting Cloud Computing
There is an abundance of certifications in the IT industry covering application development, project management, security, and vendor tool specific. An interesting spin to all of this is a security framework tied specifically to cloud computing. The Cloud Security Alliance (CSA) published the second edition of its guidelines for secure cloud computing, delivering a document
Cloud Computing Definitions and Use Cases
An active discussion on cloud computing use cases brings a somewhat more practical approach to what this service might offer to a company and how it might evolve over time. Not everyone can use salesforce.com or Google mail services, which are the most frequently cited examples of cloud computing. The NIST definition describes five essential
Building Super Secure Security
Can a resilient and fail-safe security system be created? Given time and money can the ultimate secure network technology be developed? Defense Advanced Research Projects Agency (DARPA) intends to fund an initiative to find out and in June 2010 announced the Clean‐Slate Design of Resilient, Adaptive Secure Hosts (CRASH). It relies on human biology to