Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
IaaS gives you plenty of rope. It’s up to you not to hang yourself. For example consider how IaaS allows you to rapidly create and deploy new virtual machines within the production environment. Without proper care and feeding, this can quickly result in VM sprawl. If a VM remains dormant for a long time and sits out many rounds of updates and patches, what happens when it finally reawakens?
For the rest of Ed’s latest column at TechNewsWorld, please click here.
Does Your IaaS Environment Have Sleeper Cells?
In my monthly piece over at TechNewsWorld, I have a few comments on what organizations can do to make sure that service providers toe the proverbial line when it comes to security. From the article:
Vetting a service provider’s capabilities when it comes to security is obviously a useful first step, particularly when confidential or critical data is in scope. However, sometimes the temptation is for organizations to view this as a “fire and forget” activity. Organizations may not want to hear it, but it really is a good idea to continuously revalidate and vet their service providers throughout the… Continue reading: When in the Cloud, Trust – but Verify
As you know, sometimes a few of my comments about cloud make their way over to the Savvis Blog for publication in that venue. This month, I have a few comments there about VM Sprawl and why security folks should care about it. It’s written about a lot from a performance angle in the industry press, but the disorganization of it is also a huge security problem too. Anyway, I try to give a brief overview of what the issue is, why it happens, and why security teams ought to be thinking about it now… Continue reading: Comments on why Sprawl Matters
I take on a few budget-minded steps for cloud security this month over on TechNewsWorld:
The big-money savings that cloud implementations promise when they’re still on the drawing board can dry up quickly as they become real-life projects. Unfortunately, security is something that too often gets caught in the cost-cutting crossfire. It behooves security professionals to try to squeeze every bit of value they can from resources they already have.
Check out the rest of the article here.
A Real-World Approach to Improving Security in the Cloud
Two interesting pieces of survey data this morning:
- Everybody’s virtualizing, but nobody’s protecting. While 68% of organizations are already virtualized and 24% have plans to do it in the next year, it appears there isn’t a corresponding uptick in security controls to address security issues specific to that environment
- Cloud services are following the same trajectory: adoption is on the rise, but security measures are stagnant.
So everyone’s getting on the bus but nobody’s buckling up? Seems like a recipe for disaster to me.
Changing risk means changing investment
My opinion is that anytime you change the risk dynamics, there should be a corresponding adjustment in strategy, spending,… Continue reading: Probability masks incompetence: why idiot CIO’s go unnoticed
|
|
