Posted in Security, Technology, tagged citrix, cloud computing, DaaS, HAL 9000, Microsoft, skynet, the Death Star, Virtualization, VMWare on June 23, 2009 | 3 Comments »
Systems and security management is difficult, ineffective, costly and becoming ever more so in increasingly distributed, heterogeneous, complex, and mobile computing environments…
98% of all external attacks take advantage of poorly administered, misconfigured, and unmanaged systems (Source: Verizon Data Breach Investigations Report 2009)
A locked down and well managed PC can cost 42% less than an unmanaged [...]
Posted in Security, tagged Altiris, cloud computing, DLP, endpoint security, Gerhard Eschelbeck, IBM, Law of vulnerability, Luke Skywalker, Micro, Microsoft, NAC, Philippe Courtot, Quays, SCCM, silly proclamations, SMS, Storm trooper fail, Symantec, Wolfgang Kandek on May 7, 2009 | 6 Comments »
So apparently the latest version of the Qualys Laws of Vulnerabilty Report has Qualys jumping to some pretty outrageous claims about how cloud-computing – invented by Qualys according to Courtot (insert cute smiley here) – can secure IT more effectively or allow people to not patch any more or some such nonsense (thanks to Hoff [...]
Posted in Security, tagged anti-virus, AV, cloud computing, daa breaches, Desktop Virtualization, encryption, endpoint security, mobile computing, SC Magazine on April 2, 2009 | 1 Comment »
Quotes from a recent SC Magazine article “Increased Mobile Working Has Caused a Rethink on Endpoint Security” (here) focuses on encryption, cloud-computing and desktop virtualization…
Posted in Security, tagged Amazon, cloud computing, endpoint security, evolution, Google, hype, information technology, Microsoft, mobile computing, smart phones, Trend Micro, VC, VDI, Virtual Center, Virtualization, VMWare on February 19, 2009 | 9 Comments »
I had an interesting conversation with a peer recently that started with a statement he made that “innovation was all but dead in security”. The implication was that we had done all we could do and that there was very little more that would be accomplished. Of course I felt this was an overly simplistic [...]
Posted in Security, tagged Auditing, BigFix, cloud computing, Gartner, IDS, Intrusion detection, Intrusion prevention, IPS, McAfee, Monitoring, nCircle, network security, Risk, threats, Virtualization, vulnerabilities, Vulnerability Assessment on December 22, 2008 | 1 Comment »
Quick thought for the day. Most technologies in the security world move through a predictable cycle of adoption. First an organization implements a solution to gain visibility into the scope of the problem (VA, IDS, DLP/CMF, SIEM) then once it becomes apparent that the problem is vast and overwhelming they move to operationally implement technical [...]
Posted in Security, tagged Amazon AWS, Amazon EC2, Amazone S3, cloud computing, Compliance, Data security, database security, firewall, Google App Engine, Microsoft Azure, Sarbanes-Oxley, SAS 70, Security, SOX, Xen hypervisor on December 10, 2008 | 5 Comments »
Recently I posted some thoughts on cloud security (here), (here), and (here). The bottom line still holds true…
When we allow services to be delivered by a third party we lose all control over how they secure and maintain the health of their environment and in many cases we lose all visibility into the controls themselves, [...]
Posted in Security, tagged Amazon AWS, Amazon EC2, BigFix, Chris Hoff, cloud computing, Control, Gartner, Google App Engine, James Urquhart, Microsoft Azure, salesforce.com, Security, Visibility on December 3, 2008 | 5 Comments »
Cloud computing, or as I like to call it the return of the mainframe and thin-client computing architecture – only cloudier, has been creating a lot of interesting discussion throughout IT recently.
Cloud computing, which we will define as any service or set of services delivered through the Internet (Cloud) without requiring additional infrastructure on the [...]
Posted in Security, tagged Botnets, cloud computing, distributed intelligence, Hoff, Reuven Cohen, Security, Swarm Intelligence, Virtualization on November 3, 2008 | 5 Comments »
Reading through my blog feeds I came across something Hoff wrote in response to Reuven Cohen’s “Elastic Vapor: Life In the Cloud Blog, in particular I wanted to respond to the the following comment (here)
This basically means that we should distribute the sampling, detection and prevention functions across the entire networked ecosystem, not just to [...]
Posted in Security, tagged Amazon, Azure, cloud computing, EC2, Manuvir Das, Microsoft, Ray Ozzie, Seve Marx, technology hype du jour on October 27, 2008 | 1 Comment »
Ray Ozzie, Microsoft Chief Software Architect and creator of Lotus Notes, announced Windows Azure today during the Windows PDC (Professional Developers Conference) event in Los Angeles (here). Azure coincidentally sounds an awful lot like du Jour, as in “technology hype du Jour”
Windows Azure, previously code name “Red Dog” is a hosted suite of services, including [...]
Posted in Security, tagged apocalypse, ASP, Chris Hoff, cloud computing, FUD, IT efficiency, IT outsourcing, MSP, operational maturity, SaaS, Security, SOA, Web 2.0, Web Services on October 26, 2008 | 12 Comments »
And on the second day God said “let there be computing – in the cloud” and he gave unto man cloud computing…on the seventh day man said “hey, uhmm, dude where’s my data?”
There has been much talk lately about the “Cloud“. The promise of information stored in massive virtual data centers that exist in the [...]
Posted in Security, tagged CIA, cloud computing, comcast, data confidentiality, data integrity, SaaS, salesforce.com, software as a service on August 29, 2008 | 4 Comments »
Although cloud computing and Software as a Service (SaaS) offer tremendous opportunities for business innovation and return on investment, they also present unique challenges that companies developing new technologies, looking to take advantage of new services, or investors looking for new opportunities must understand.
Security, especially integrity of the service and confidentiality of the information, is [...]
Twitter Feed
