Protecting your data in the cloud
Several factors combine to make data security in the cloud a challenge. Web applications have fundamental vulnerabilities. HTTP is the cloud protocol of choice for everything from file backup in the cloud to Sales force management in the cloud. HTTP and HTML evolved from a protocol for static file delivery to a protocol for 2 […]
Why Rich Web 2.0 may break the cloud
There are some good reasons why cloud computing is growing so rapidly. First of all there are the technology enablers: Bandwidth and computing power is cheap. Software development is more accessible than ever. Small software teams can develop great products and distribute it world wide instantly. But cloud computing goes beyond supply-side economics and directly […]
Data availability and integrity – the Apple/Microsoft version
I have over 2,300 contacts on my iPhone and like any reasonable person, I wanted to backup my contacts. I figure my iPhone wont last forever. Like a fool, I thought it might be a good idea to test the restore process also. The Ubunutu One service based on Funambol doesn’t really work so that […]
How to assess risk – Part I: Asking the right questions
It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process, a) don’t really understand the notion of risk and b) don’t really care. Let’s face it – risk is difficult to understand, since it […]
Run security like you run the business
Is there any conceivable reason why should not run your security operation like you run your core business? The sales people in your firm have sales quotas and are measured by gross profit margin and collections. The people who run manufacturing and distribution have quotas for manufacturing throughput and inventory cycle times. So why shouldn’t your […]
The psychology of data security
Over 6 years after the introduction of the first data loss prevention products, DLP technology has not mainstreamed into general acceptance like firewalls. The cultural phenomenon of companies getting hit by data breaches but not adopting technology countermeasures to mitigate the threat requires deeper investigation but today, I’d like to examine the psychology of data security […]
What is security?
So what is security anyhow? Security is not about awareness. A lot of folks talk about the people factor and how investing in security awareness training is key for data protection. I think that investing in formal security awareness training, internal advertising campaigns and all kinds of fancy booklets and cards for employees is a […]
Are we glorifying the attackers and prosecuting the victims?
With all the media noise about Stuxnet, cyber war and cyber terror, I proposed taking a closer look at how we relate to the players. Whether uber hackers or PLO terrorists; are we glorifying the attackers at the expense of prosecuting the victims? In data security I don’t subscribe to utilitarian ethics (which attempts to […]
How to improve your data security in 3 steps
How to protect your systems, your most sensitive data, avoid malware infections and never have a single minute of downtime due to malware. Run Ubuntu Get your services in the cloud Practice safe computing.
When defense in depth fails – two deadly sins
Defense in depth is a security mantra, usually for very good military security and information security reasons. However – defense in depth may be a very bad idea, if your fundamental assumptions are wrong or you get blinded by security technology. The sin of wrong assumptions In the defense space – we can learn from […]
