In the past weeks I have been talking to a number of small software providers. Most software these days is no longer shipped (CD-ROMs are really oldskool, aren’t they?), but is delivered as a service over the internet. These software providers are starting to realize that this means they are a SaaS provider. This also […]
Read More
At the recent Usenix Enigma 2016 conference, NSA TAO chief Rob Joyce explains how his team works. By the way, TAO means Tailored Access Operations, which is a euphemism for hacking. See the full presentation here. Rob explains their methods, but between the lines he implies that other nation states are doing the same, so […]
Read More
Encrypting data is one of the best ways of protecting your data as it moves to the cloud. The only thing better than encrypting your data, is not storing your data at all. Let’s first look at the case of using file sharing applications such as Dropbox. If you are the only user of the […]
Read More
Most people and companies are now using a significant amount of SaaS solutions. Companies are running sales support software, file sharing, collaboration, e-mail and a lot more in the cloud. But that usage also leads to concerns about the security of those solutions. How safe are they? What risks do we run? Here are a […]
Read More
The number one concern cited for avoiding cloud computing is security. And there is a reason for that. Cloud providers have demonstrated some spectacular failures in the past, including Amazon’s near total shutdown of an entire region, Dropbox’s authentication snafu, and innumerous cloud providers that go belly-up. However, in the long run, cloud computing is […]
Read More
The typical software development model of develop, deploy and run (with security often as an afterthought) does not work very well in a cloud environment. The two biggest reasons are feature velocity and operational assurance. In a cloud provider environment, functional features come (and sometimes go) on a daily basis. At the same time, both […]
Read More
or: what would General Eisenhower say about PRISM. Last week, I was asked to present at Campus Party Europe, a big event focused mainly on young digital entrepreneurs and start-ups. For this audience, it felt appropriate to present an overview of IT, so young entrepreneurs can use those lessons to find the next disruptive innovation. […]
Read More
Last week I delivered a two-day CCSK (certificate of cloud security knowledge) in Kuala Lumpur. The typical structure of this training, as suggested by the Cloud Security Alliance, calls for a day of lecture followed by a day of practical exercises. However, I mixed lecture with case study and exercise, because I have experienced that […]
Read More