Cloud Security Journal on Ulitzer
Two weeks ago, I delivered a webinar about new security models in the cloud
with Anne Thomas Manes from Burton Group. Anne had one slide in particular,
borrowed from her colleague Dan Blum, which I liked so much I actually
re-structured my own material around it. Let me share it with you:
This graphic does the finest job I have seen of clearly articulating where
the boundaries of control lie under the different models of cloud computing.
Cloud, after all, is really about surrendering control: we delegate
management of infrastructure, applications, and data to realize the benefits
of commoditization. But successful transfer of control implies trust–and
trust isn’t something we bestow easily onto external providers. We will
only build this trust if we change our approach to managing cloud security.
Cloud’s biggest problem isn’t securi... (more)
Despite all our advances in communications—from social networking, to
blogs, to actual functional video meetings—the trade conference is still a
necessity. Maybe not as much for the content, which makes the rounds pretty
fast regardless of whether you attend the show or not, but for the
serendipitous meetings and social networking (in the pre-Facebook sense).
I find something comforting in the rhythm and structure a handful of annual
conferences bring to my life. The best ones stay rooted in one location,
occurring at the same time, year after year. They are as much defined by tim... (more)
True story from the consulting trenches: the operations staff had left hours
ago, shaking their heads and reluctantly leaving the consultants to resolve a
problem with their code. It was well past midnight, in the middle of winter,
in a town many time zones from home. The project was late. Altogether, this
was an awkward situation that you probably know well.
The consultants - falling into that murky classification of not quite
outsider, nor regular employee - worked from hobbled accounts; the security
staff were pros and took their charge seriously. By 2:00 a.m., the group was
Cloud is now mature enough that we can begin to identify anti-patterns
associated with using these services.
Keith Shaw from Network World and I spoke about worst practices in the cloud
last week, and our conversation is now available as a podcast.
Come and learn how to avoid making critical mistakes as you move into the
Has it really been one whole year since my last post? I suspected I was near
that milestone, but it’s still surprising to discover it has been so long.
Blogs have a natural ebb and flow, governed by the irregular rhythms of the
day job. But this was a pretty big ebb—maybe more accurately described as a
Naturally, my absence was not lost on the spammers. That curious breed who
prey on dormant blogs left me with a mountain of weirdly unctuous commentary
that I needed to shovel out of the way just to get to the front door. But now
that I’ve finally worked my w... (more)