Security Management

Cyber Security Exposure – Who is to blame!

March 12th, 2015

On an almost semi-weekly basis, there is something printed about yet another set of photos released to the public, much to the embarrassment of the person who got exposed.  And of course, the photos always seem to contain some salacious view of the individual(s).   The articles are also usually very quick to point out the

The Phenomenon of BYOD

October 24th, 2012

Bring Your Own Device (BYOD) phenomenon started when smartphones and tablets with more convenient form factor became ubiquitous among consumers. These devices with their touch-screen interfaces and powerful processors allow employees who brought them to work to be more productive on the go.  Assuming of course they could somehow get connected to the in-house WiFi.

Is a Private Cloud Solution to PCI?

October 14th, 2010

Enterprises at the early stages of cloud adoption are deploying private clouds and internal cloudlets, which can be thought of as local access points and logical divisions of their own larger infrastructure.  Private clouds are characterized by scalability through virtualization but the actual physical infrastructure is kept local to the Enterprise.  This provides scalability and

Barriers to Cloud Adoption

September 23rd, 2010

Many businesses are reluctant to deploy cloud-based services for their core mission-critical applications.  Large and medium sized companies that have supporting IT organizations, have striven to increase vertical backward integration of core business processes.  Businesses believe that they inherently gain more certainty, control and competitive advantage by directly owning the data critical to their line

Security in the Cloud and Elsewhere

September 21st, 2010

Security, in the cloud or elsewhere, is a crucial topic that could fill many pages. There are however a smaller number of summary requirements that should be examined by IT architects. As companies move or build solutions in the cloud, having a consistent security model is vital to simplify development and to avoid vendor lock-in

Security in the New Data Center

August 31st, 2010

Information security in data centers has historically relied on perimeter firewalls, pattern matching “after the fact” with intrusion detection, and at the server level by installing host-based intrusion detection, identity enforcement, antivirus, and other software agents.  Internal LANs can be segmented and boundary controls implemented using the same firewall technology. Virtualization adds a layer of

Subcontracting Issues within Cloud Computing Services

August 10th, 2010

Multi-cloud relationships and subcontractors can be an issue when using some cloud providers.  For example, a Customer might start out slow with Cloud Computing and enter into a SaaS service just to get a feel for how all of this works and to satisfy an immediate need that the internal IT department cannot quickly fulfill.

Due Diligence for Cloud Computing Service Arrangements

August 3rd, 2010

It does not matter how you start down the path towards cloud computing or outsourcing, but a written RFP that has been vetted by the stakeholders within the organization—IT, legal, compliance, information security, and all of the relevant business groups, is usually a helpful starting point.   Listed below is a starter set of questions that

Difference between computing in-house, normal IT outsourcing and cloud computing

July 28th, 2010

Cloud computing tends to be based on virtualization of servers and storage and software that supports many companies, simultaneously.  Cloud computing is the utilization of technology infrastructure to outsource a business process through what are shared virtualized infrastructures.  The maturity of the virtualized infrastructure may magnify the challenges for organizations in operating side-by-side with competitors

Personal Data – Cloud – Regulatory Compliance

Regulatory compliance plays a key role on whether to place sensitive personal data in a cloud service.  There are explicit implications concerning cross-border data and trying to understand and track where you data might end up in the cloud can be challenge all by itself.  The whole point of cloud computing is that you should