Articles from rationalsurvivability.com

1. Why Is NASA Re-Inventing IT vs. Putting Men On the Moon? Simple.

   Explore Article rationalsurvivability.com (Aug 26 2010)

   Image via Wikipedia I was struck with a sense of disappointment as I read Bob Wardspan’s (Smoothspan) blog today “NASA Fiddles While Rome Is Burning.” So as Bob was rubbed the wrong way by Alex Howard’s post (below,) so too was I by Bob’s perspective. All’s fair in love and space, I suppose. In what [...] (Read Full Article)
   

   Comment on Article Mentions:   Nasa

2. Dear Verizon Business: I Have Some Questions About Your PCI-Compliant Cloud…

   Explore Article rationalsurvivability.com (Aug 24 2010)

   You’ll forgive my impertinence, but the last time I saw a similar claim of a PCI compliant Cloud offering, it turned out rather anti-climatically for RackSpace/Mosso, so I just want to make sure I understand what is really being said. I may be mixing things up in asking my questions, so hopefully someone can shed [...] (Read Full Article)
   

   Comment on Article Mentions:   Red Hat Enterprise Linux   Microsoft   Hewlett-Packard

3. Hoff’s 5 Rules Of Cloud Security…

   Explore Article rationalsurvivability.com (Aug 21 2010)

   Mike Dahn pinged me via Twitter with an interesting and challenging question: I took this as a challenge in 5 minutes or less to articulate this in succinct, bulleted form. I timed it. 4 minutes & 48 seconds. Loaded with snark and Hoffacino-fueled dogma. Here goes: Get an Amazon Web Services account, instantiate a couple [...] (Read Full Article)
   

   Comment on Article Mentions:   Amazon   Amazon Web Services

4. Airing Private Cloud’s Dirty Laundry…

   Explore Article rationalsurvivability.com (Aug 7 2010)

   Image via Wikipedia It’s 10:13pm on a Friday night and as the highlight of my day begrudgingly reveals itself, I discover in preparation for the inevitable appearance of tomorrow, that I am once again out of clean underwear. There are many potential remedies for this situation. Option number one suggests I could borrow a pair [...] (Read Full Article)
   

   Comment on Article Mentions:   Toronto   Canada

5. On Amrit Williams’ (BigFix) Beyond The Perimeter Podcast

   Explore Article rationalsurvivability.com (Jul 18 2010)

   My good friend Amrit Williams (@amrittsering) from BigFix (congrats on the IBM acquisition!) has an awesome Podcast titled “Beyond the Perimeter.” He was nice enough to invite me to record episode 93 titled “Is Trust the Real Barrier To Cloud Computing?” (ultimately points you to an iTunes subscription.) We spoke for almost an hour on [...] (Read Full Article)
   

   Comment on Article

6. Incomplete Thought: Why We Need Open Source Security Solutions More Than Ever…

   Explore Article rationalsurvivability.com (Jul 17 2010)

   Image via Wikipedia I don’t have time to write a big blog post and quite frankly, I don’t need to. Not on this topic. I do, however, feel that it’s important to bring back into consciousness how very important open source security solutions are to us — at least those of us who actually expect [...] (Read Full Article)
   

   Comment on Article

7. The Classical DMZ Design Pattern: How To Kill Security In the Cloud

   Explore Article rationalsurvivability.com (Jul 7 2010)

   Every day I get asked to discuss how Cloud Computing impacts security architecture and what enterprise security teams should do when considering “Cloud.” These discussions generally lend themselves to a bifurcated set of perspectives depending upon whether we’re discussing Public or Private Cloud Computing. This is unfortunate. From a security perspective, focusing the discussion primarily [...] (Read Full Article)
   

   Comment on Article

8. Novell Marketing Genius: Interpretive Reading Of One Of My Cloud Security Blog Posts…

   Explore Article rationalsurvivability.com (May 18 2010) IAM

   Speechless. The embedded version (Flash) appears below. Direct link here. “Cloud: Security Doesn’t Matter (Or, In Cloud, Nobody Can Hear You Scream)” by Chris Hoff from Novell, Inc. on Vimeo. Hysterical. /Hoff (Read Full Article)
   

   Comment on Article Mentions:   Chris Hoff   Novell , Inc.

9. Virtualization & Cloud Don’t Offer An *Information* Security Renaissance…

   Explore Article rationalsurvivability.com (May 11 2010)

   I was reading the @emccorp Twitter stream this morning from EMC World and noticed some interesting quotes from RSA’s Art Coviello as he spoke about Cloud Computing and security: Fundamentally, I don’t disagree that virtualization (and Cloud) can act as fantastic forcing functions that help us focus on securing the things that matter most if we [...] (Read Full Article)
   

   Comment on Article Mentions:   RSA Security Conference

10. Dear SaaS Vendors: If Cloud Is The Way Forward & Companies Shouldn’t Spend $ On Privately-Operated Infrastructure, When Are You Moving Yours To Amazon Web Services?

    Explore Article rationalsurvivability.com (Apr 30 2010)

    We’re told repetitively by Software as a Service (SaaS) vendors that infrastructure is irrelevant, that CapEx spending is for fools and that Cloud Computing has fundamentally changed the way we will, forever, consume computing resources. Why is it then that many of the largest SaaS providers on the planet (including firms like Salesforce.com, Twitter, Facebook, etc.) continue [...] (Read Full Article)
    

    Comment on Article Mentions:   Amazon   Salesforce   CapEx

11. You Can’t Secure The Cloud…

    Explore Article rationalsurvivability.com (Apr 30 2010) Compliance

    That’s right. You can’t secure “The Cloud” and the real shocker is that you don’t need to. You can and should, however, secure your assets and the elements within your control that are delivered by cloud services and cloud service providers, assuming of course there are interfaces to do so made available by the delivery/deployment model [...] (Read Full Article)
    

    Comment on Article

12. Patching the (Hypervisor) Platform: How Do You Manage Risk?

    Explore Article rationalsurvivability.com (Apr 12 2010)

    Hi. Me again. In 2008 I wrote a blog titled “Patching the Cloud” which I followed up with material examples in 2009 in another titled “Redux: Patching the Cloud.” These blogs focused mainly on virtualization-powered IaaS/PaaS offerings and whilst they targeted “Cloud Computing,” they applied equally to the heavily virtualized enterprise. To this point I wrote another [...] (Read Full Article)
    

    Comment on Article

13. [Webinar] Cloud Based Security Services: Saving Cloud Computing Users From Evil-Doers

    Explore Article rationalsurvivability.com (Mar 30 2010) Compliance

    I wanted to give you a heads-up on a webinar that Andy Ellis (Akamai,) Jeremiah Grossman (Whitehat) and I did at the tail-end of the RSA Security Conference. The webinar will be held on 3/31/10 at 12:00 pm EST. You can register here. Web based threats are becoming increasingly malicious and sophisticated every day The timing couldn’t be [...] (Read Full Article)
    

    Comment on Article Mentions:   RSA Security Conference

14. Slides from My Cloud Security Alliance Keynote: The Cloud Magic 8 Ball (Future Of Cloud)

    Explore Article rationalsurvivability.com (Mar 7 2010) Compliance

    Here are the slides from my Cloud Security Alliance (CSA) keynote from the Cloud Security Summit at the 2010 RSA Security Conference. The punchline is as follows: All this iteration and debate on the future of the “back-end” of Cloud Computing — the provider side of the equation — is ultimately less interesting than how the applications [...] (Read Full Article)
    

    Comment on Article Mentions:   Cloud Security Alliance   RSA Security Conference

15. The Great Cloud Security Challenge: I Triple-Dog-Dare You…

    Explore Article rationalsurvivability.com (Dec 27 2009)

    There’s an awful lot of hyperbole being flung back and forth about the general state of security and Cloud-based services. I’ve spent enough time highlighting both the practical and hypothetical (many of which actually have been realized) security issues created and exacerbated by Cloud up and down the stack, from IaaS to SaaS. It seems, however, that [...] (Read Full Article)
    

    Comment on Article Mentions:   Ciso

16. 2010 – It’s Time for Security Resolutions Not Predictions…

    Explore Article rationalsurvivability.com (Dec 21 2009)

    November and December usually signal the onslaught of security predictions for the coming year. They’re usually focused on the negative. I’ve done these a couple of times and while I find the mental exercise interesting, it really doesn’t result in anything, well, actionable. So, this year I’m going to state what I am *going* to do rather [...] (Read Full Article)
    

    Comment on Article Mentions:   Boston   Cloud Security Alliance   Distributed Management Task Force

17. Cloud Providers and Security “Edge” Services – Where’s The Beef?

    Explore Article rationalsurvivability.com (Sep 30 2009) Compliance

    Previously I wrote a post titled “Oh Great Security Spirit In the Cloud: Have You Seen My WAF, IPS, IDS, Firewall…” in which I described the challenges for enterprises moving applications and services to the Cloud while trying to ensure parity in compensating controls, some of which are either not available or suffer from the [...] (Read Full Article)
    

    Comment on Article Mentions:   Security

18. Incomplete Thought: Forget VM Sprawl, Worry More About SaaSprawl…

    Explore Article rationalsurvivability.com (Sep 19 2009)

    A lot of fuss has been made about run-away VM sprawl in enterprises who are heavily virtualized due to the ease with which a VM can constructed and operationalized. I’m not convinced about the reality versus the potential of VM Sprawl, meaning that I have no evidence from anyone facing this issue to date. I wrote [...] (Read Full Article)
    

    Comment on Article Mentions:   CapEx

19. Contentious Issue: When Does a SaaS Offering Qualify As a Cloud SaaS Offering?

    Explore Article rationalsurvivability.com (Aug 1 2009)

    I made a comment on Twitter a couple of days ago reacting to how some were positioning McAfee’s purchase of MX Logic as the latter representing a “Cloud Security provider.” The link above has the article’s author referring to the deal as one focused on the expansion of McAfee’s “Cloud portfolio” whilst all the McAfee quotes [...] (Read Full Article)
    

    Comment on Article Mentions:   McAfee   Amazon   Salesforce

20. Cloud Computing [Security] Architectural Framework

    Explore Article rationalsurvivability.com (Jul 19 2009) Compliance , IAM

    For those of you who are not in the security space and may not have read the Cloud Security Alliance’s “Guidance for Critical Areas of Focus,” you may have missed the “Cloud Architectural Framework” section I wrote as a contribution. We are working on improving the entire guide, but I thought I would re-publish the Cloud [...] (Read Full Article)
    

    Comment on Article Mentions:   Amazon   API   Cloud Security Alliance

21. Cloud Security: Waiting For Godot & His Silver Bullet

    Explore Article rationalsurvivability.com (Jul 16 2009)

    It’s that time again. I am compelled after witnessing certain behaviors to play anthropologist and softly whisper my observations in your ear. You may be familiar with Beckett’s “Waiting For Godot”*: Waiting for Godot follows two days in the lives of a pair of men who divert themselves while they wait expectantly and unsuccessfully for someone named [...] (Read Full Article)
    

    Comment on Article

1-21 of 21