Author Archive

The Phenomenon of BYOD

October 24th, 2012

Bring Your Own Device (BYOD) phenomenon started when smartphones and tablets with more convenient form factor became ubiquitous among consumers. These devices with their touch-screen interfaces and powerful processors allow employees who brought them to work to be more productive on the go.  Assuming of course they could somehow get connected to the in-house WiFi.

Changing the Dynamics of IT Planning

January 27th, 2012

Most organizations spend a large portion of their IT budget “keeping the lights on” and maintaining the status quo, save for a couple of major initiatives.  Each of those initiatives undergoes a business analysis and total cost of ownership review and with great fanfare begins the journey to completion. The fallacy of this planning approach

Is a Private Cloud Solution to PCI?

October 14th, 2010

Enterprises at the early stages of cloud adoption are deploying private clouds and internal cloudlets, which can be thought of as local access points and logical divisions of their own larger infrastructure.  Private clouds are characterized by scalability through virtualization but the actual physical infrastructure is kept local to the Enterprise.  This provides scalability and

Who is responsible for risk mitigation in the Cloud?

October 6th, 2010

RISK THREAT MITIGATING PARTY Insecure, Porous APIs Man in the middle, content threats, code injection, DoS attacks § Enterprise and Cloud Provider Logical Multi-Tenancy Virtual machine attacks, malicious code execution, comingled tenant data § Cloud Provider Data Protection and Confidentiality Reduced confidentiality and privacy for private data stored in the clear at the cloud provider

Security Risks in the Cloud

September 30th, 2010

Security risks are concrete negative expressions businesses face when considering moving critical business systems to the cloud. Enterprises should make “demands” and ensure compliance of the cloud provider through the use of contracts or third party audits, but in reality the market will determine the amount of security provided to Enterprises by cloud service providers

Barriers to Cloud Adoption

September 23rd, 2010

Many businesses are reluctant to deploy cloud-based services for their core mission-critical applications.  Large and medium sized companies that have supporting IT organizations, have striven to increase vertical backward integration of core business processes.  Businesses believe that they inherently gain more certainty, control and competitive advantage by directly owning the data critical to their line

Security in the Cloud and Elsewhere

September 21st, 2010

Security, in the cloud or elsewhere, is a crucial topic that could fill many pages. There are however a smaller number of summary requirements that should be examined by IT architects. As companies move or build solutions in the cloud, having a consistent security model is vital to simplify development and to avoid vendor lock-in

Security Certifications and Promoting Cloud Computing

September 13th, 2010

There is an abundance of certifications in the IT industry covering application development, project management, security, and vendor tool specific.  An interesting spin to all of this is a security framework tied specifically to cloud computing. The Cloud Security Alliance (CSA) published the second edition of its guidelines for secure cloud computing, delivering a document

Cloud Computing Definitions and Use Cases

September 9th, 2010

An active discussion on cloud computing use cases brings a somewhat more practical approach to what this service might offer to a company and how it might evolve over time.  Not everyone can use salesforce.com or Google mail services, which are the most frequently cited examples of cloud computing. The NIST definition describes five essential

Building Super Secure Security

September 7th, 2010
Tags: , ,

Can a resilient and fail-safe security system be created?  Given time and money can the ultimate secure network technology be developed?  Defense Advanced Research Projects Agency (DARPA) intends to fund an initiative to find out and in June 2010 announced the Clean‐Slate Design of Resilient, Adaptive Secure Hosts (CRASH).  It relies on human biology to