June 14, 2010 3:42 PM
Posted by: Arian Eigen Heald
Adventures in Auditing,
cloud computing,
Cloud Security,
data securityAfter a nice vacation in the north woods of Maine, I returned to the excitement of my first "cloud computing" audit event.
In doing a SAS 70 for a client, I discovered that they had outsourced a new application. No news there. When data is hosted by the provider, along with the application, all...
May 21, 2010 3:18 PM
Posted by: Arian Eigen Heald
cloud computing,
Cloud Security,
Data Breaches,
Data CenterWell, it finally happened: I got asked to audit information that is stored in a cloud by a third-party vendor.
I've acquired the controls, such as password polices, presented in a browser to my client. Several questions came immediately to mind:
1. Given that web browsers are still...
December 29, 2009 7:58 PM
Posted by: Arian Eigen Heald
Automatic Theft Machines,
cloud computing,
Cloud Security,
information security,
SQL Injection,
Start Laughing Now,
TCM (Truly Clueless Management)There are a bunch of year end studies coming out, predicting various sorts of rises and decreases in criminal activity on the Internet. ("cybercriminal" sounds way too glamorous for me.)
So I thought I'd offer up, in the spirit of the season, my two cents:
Under the Category of Bad...
November 5, 2009 4:52 PM
Posted by: Arian Eigen Heald
cloud computing,
Cloud Security,
Data Breaches,
Data Center,
data security,
information securityAs I'm sure you know, I'm not yet a big fan of "cloud computing," known by various acronyms. I have yet to see a really comprehensive approach to audit and security. Ultimately, you don't know where your data is in the "cloud." And the Feds have access to it without a warrant.
So you...
September 15, 2009 2:06 PM
Posted by: Arian Eigen Heald
cloud computing,
Cloud Security,
data security,
information securityI had an up-close-and-personal experience today of "cloud computing." It's worth thinking about.
I had just finished reading Bruce Schneier's essay on cloud computing, (which is a great read, by the way) and was considering the following point...
June 11, 2009 2:50 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
cloud computing,
Cloud Security,
PCI,
PrivacyIt seems like every big vendor is pushing for business to "use the cloud." Only now are we starting to see some questions arise in the general media about how secure cloud computing is.
The short answer is: it's not. Intrinsically, whoever has physical ownership of your hardware has your data....
May 6, 2009 5:30 PM
Posted by: Arian Eigen Heald
"How Do You Know?",
cloud computing,
Compliance,
Data Center"Cloud" computing continues to beat the drum of "cutting costs." Although I must say that I am hard put to differentiate between "cloud computing" and data centers that host hardware, the emphasis seems to be on shared server resources and supposedly quick turnaround for new applications.
In my...
February 19, 2009 2:47 PM
Posted by: Arian Eigen Heald
cloud computing,
data securityI know I keep harping on this "new" concept. The only "new" thing about it is the marketing around the name. It's still off-site data storage and third-party management of corporate hardware and data. It's got a prettier face than the old green-screen connection to the mainframe, but the concept...
October 30, 2008 3:33 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
DataManagement,
Development,
Microsoft Windows,
Security,
Storage,
VirtualizationI had a co-worker ask me yesterday what my opinion on "cloud computing" is, and whether it should be something they could recommend to clients. He had seen announcements about cloud computing from Microsoft
According to a 2008 paper...
