Sister CISA CISSP:

Virtualization


August 31, 2010  6:23 PM

From the Council of Gov’t CIOs to the Feds: Address the Risks of Cloud Computing



Posted by: Arian Eigen Heald
cloud computing, Cloud Security, Data Center, information security, Privacy, privacy on the web

Last week the Chief Information Officers Council, a government body established by legislation in 1996, comes a Privacy Recommendations Paper from the Council to all government departments and agencies. So this paper carries a little extra...

June 14, 2010  3:42 PM

Where IS the Data, Exactly?



Posted by: Arian Eigen Heald
Adventures in Auditing, cloud computing, Cloud Security, data security

After a nice vacation in the north woods of Maine, I returned to the excitement of my first "cloud computing" audit event. In doing a SAS 70 for a client, I discovered that they had outsourced a new application. No news there. When data is hosted by the provider, along with the application, all...


May 21, 2010  3:18 PM

First Dance in the Cloud



Posted by: Arian Eigen Heald
cloud computing, Cloud Security, Data Breaches, Data Center

Well, it finally happened: I got asked to audit information that is stored in a cloud by a third-party vendor. I've acquired the controls, such as password polices, presented in a browser to my client. Several questions came immediately to mind: 1. Given that web browsers are still...


December 29, 2009  7:58 PM

Just in Time for the Holidays…..



Posted by: Arian Eigen Heald
Automatic Theft Machines, cloud computing, Cloud Security, information security, SQL Injection, Start Laughing Now, TCM (Truly Clueless Management)

There are a bunch of year end studies coming out, predicting various sorts of rises and decreases in criminal activity on the Internet. ("cybercriminal" sounds way too glamorous for me.) So I thought I'd offer up, in the spirit of the season, my two cents: Under the Category of Bad...


November 5, 2009  4:52 PM

A Not-So-Great Use of Cloud Computing



Posted by: Arian Eigen Heald
cloud computing, Cloud Security, Data Breaches, Data Center, data security, information security

As I'm sure you know, I'm not yet a big fan of "cloud computing," known by various acronyms. I have yet to see a really comprehensive approach to audit and security. Ultimately, you don't know where your data is in the "cloud." And the Feds have access to it without a warrant. So you...


September 15, 2009  2:06 PM

Who REALLY Owns Your Data



Posted by: Arian Eigen Heald
cloud computing, Cloud Security, data security, information security

I had an up-close-and-personal experience today of "cloud computing." It's worth thinking about. I had just finished reading Bruce Schneier's essay on cloud computing, (which is a great read, by the way) and was considering the following point...


June 11, 2009  2:50 PM

Storm Clouds Ahead



Posted by: Arian Eigen Heald
Admins and Auditors, cloud computing, Cloud Security, PCI, Privacy

It seems like every big vendor is pushing for business to "use the cloud." Only now are we starting to see some questions arise in the general media about how secure cloud computing is. The short answer is: it's not. Intrinsically, whoever has physical ownership of your hardware has your data....


May 6, 2009  5:30 PM

Watching Your Data Evaporate in the Cloud



Posted by: Arian Eigen Heald
"How Do You Know?", cloud computing, Compliance, Data Center

"Cloud" computing continues to beat the drum of "cutting costs." Although I must say that I am hard put to differentiate between "cloud computing" and data centers that host hardware, the emphasis seems to be on shared server resources and supposedly quick turnaround for new applications. In my...


February 19, 2009  2:47 PM

“Cloud Computing” Redux



Posted by: Arian Eigen Heald
cloud computing, data security

I know I keep harping on this "new" concept. The only "new" thing about it is the marketing around the name. It's still off-site data storage and third-party management of corporate hardware and data. It's got a prettier face than the old green-screen connection to the mainframe, but the concept...


October 30, 2008  3:33 PM

Don’t Be Seduced Just Yet



Posted by: Arian Eigen Heald
Admins and Auditors, DataManagement, Development, Microsoft Windows, Security, Storage, Virtualization

I had a co-worker ask me yesterday what my opinion on "cloud computing" is, and whether it should be something they could recommend to clients. He had seen announcements about cloud computing from Microsoft According to a 2008 paper...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: