The SAS 70 Emperor Has No Clothes
Oct 2, 2012
A commonly cited auditing standard has little use for cybersecurity. When you put your data into the cloud, you turn over control. Operational responsibility moves to your cloud provider and you also lose visibility. You no longer do the work, you can’t even watch the work being done. However, you are still responsible for its […]
What Is “The Cloud” And How Can It Be Secure?
Sep 20, 2012
What is “The Cloud”? That depends on who you ask, and some of the answers are downright silly. A recent Microsoft ad campaign featured a woman frustrated with her attempts to take a family picture with everyone cooperating simultaneously. “To the cloud!” was her solution. “Photoshop-as-a-Service”, perhaps? Apparently, “The Cloud” means “Software”. Then I wandered […]
The Undetectable Threat of Cloud Sprawl
Jul 23, 2012
In my previous post, I shared about how someone’s greatest fear about cloud computing was how easy it can be. It is so easy, and so tempting, for someone inside your organization to quickly and quietly push some of your data out into the cloud. There is no trail left to tell that this happened, […]
Operation Card Shop
Jul 3, 2012
News outlets throughout the US reported last week about “Operation Card Shop” a series of crimes related to stolen credit card information.. The press release from the US Attorney’s Office for the Southern District of New York is titled Manhattan U.S. Attorney And FBI Assistant Director-In-Charge Announce 24 Arrests In Eight Countries As Part Of […]
Flame Authorship is Acknowledged… Now What?
Jul 2, 2012
Last week the Washington Post reported that “Western officials with knowledge of the effort” said that the malware called Flame had been jointly developed by the United States and Israel. The main surprise here was the announcement itself. The complexity and sophistication of the Flame malware had led researchers to conclude that it was probably […]