December 2nd, 2009

Burton Group: Who is in control of Security across computing models

This Burton Group slide floated by on Twitter this morning.  Nice illustration of who controls security.  Note how the organization always participates in control of the data.

Click on Picture to enlarge.

Tagged as: Burton Group, data, security

Posted by brenda michelson at 12:46 pm in analyst positions, Cloud Watch, cyber risk, security | Permalink | Comments(0)
| Trackback URL

June 22nd, 2009

@ Enterprise 2.0 Cloud Roadmaps Panel

Jake Sorofman, rPath, James Duncan, Joyent and Chet Kapoor, Sonoa Systems chat with Alistair Croll on the futures of cloud.  These companies offer software, products that are adjacent to, or run on, the cloud.  They are not cloud operators.

 more >>

Tagged as: Alistair Croll, archives, Chet Kapoor, enterprise2.0, Jake Sorofman, James Duncan, Joyent, live coverage, rPath, Sonoa Systems

Posted by brenda michelson at 4:56 pm in Blog, cloud computing offering, provider positions, security, standards | Permalink | Comments(0)
| Trackback URL

May 18th, 2009

@Cloud Camp @Interop: Un-conference, Un-panel

This evening, we are at Cloud Camp.  For background, check out this interview with Cloud Camp co-founder Dave Nielsen.  Dave is also our host today. 

The lightening rounds are done.  For insights, search on twitter with either of these tags: #cloudcamp #cloudcampinterop

Now, Dave is building an un-panel session.  He started with 5 empty chairs and no questions.  Filled the chairs with folks who raised hands to “Folks that know a lot about cloud computing”.  No one admitted expertise.  Now, he’s asking the audience to build a list of 10 questions.

 more >>

Tagged as: archives, CloudCamp, Dave Nielsen, DMTF, Interop, James Urquhart, John Willis, live coverage, RightScale

Posted by brenda michelson at 9:41 pm in Blog, compliance, data, fundamentals, security, standards | Permalink | Comments(0)
| Trackback URL

May 18th, 2009

@ Interop’s Enterprise Cloud Summit: Drew Bartkiewicz, The Hartford, Cloud Insurance

Session: Security, Risk, Legislation, and Compliance: Pandora’s New Box. 

Speakers:

Drew Bartkiewicz, Vice President of Cyber Risk and New Media Markets, The Hartford

Robert Parisi, SVP & National Technology, Network Risk & Telecommunications Practice Leader, FINPRO, Marsh USA

I happened to sit next to Drew this morning, and we chatted a little on what he’s doing at The Hartford.  Drew isn’t in IT.  He runs the business line that covers (insures) the cloud operators, and it sounds like, in the near future smart cloud consumers.  He mentioned a phenomenal month-to-month business growth, which makes me believe that not only is the cloud real, but operators are serious about protecting against business risk, for themselves and their customers.

 more >>

Tagged as: archives, cyber risk insurance, Drew Bartkiewicz, Interop, live coverage, Robert Parisi, The Hartford

Posted by brenda michelson at 7:35 pm in assurance, Blog, compliance, cyber risk, data, regulatory, security | Permalink | Comments(0)
| Trackback URL

April 20th, 2009

Cloud Slam: Michael Berman, Catbird Networks, Security in Virtual Data Center

Session abstract:

“You are on cloud 9. You are ready to go lights-on in your new virtual data center. But wait: virtualization changes everything when it comes to security. Some gaps are obvious, such as the elimination of separation of duties, or the lack of visibility into the virtual network. Some issues are more subtle, such as temporal attacks against crypto. This talk will describe what gaps are introduced in the move from physical to virtual specifically where security is concerned, and prescribe specific steps to ensure security and compliance for production deployments.

Specific topics to be covered include:

• Recommend strategies for updating in-house security and compliance best-practices guides to incorporate and protect virtual infrastructure.

• An analysis of the new virtualization threat surface and what new policies should be introduced to prevent, detect and control risks and violations.

• Configuration of the virtual network for security and visibility, even over Vmotion and over VMware port groups.

• Enforcement of separation of duties, least privilege and change management in the virtual data center (currently not part of most virtualization platforms).

• Examination of the risks of VM Sprawl and establishment of programs and policies for managing this risk.

• How you can guarantee your cloud implementation is even more secure than your pre-cloud analogue.”

Michael Berman is CTO of Catbird Networks, a provider of security virtualization solutions to cloud computing operators.

 more >>

Tagged as: archives, Catbird Networks, cloudslam, live coverage, Michael Berman

Posted by brenda michelson at 6:01 pm in Blog, provider positions, security, standards, virtualization | Permalink | Comments(0)
| Trackback URL