Threat modelling was the subject of the latest Virtualization Security Podcast (which I am still trying to upload, so time for a new service). Threat modelling is what every security person does, but not necessarily formally. Threat modelling in many ways takes an architecture and looks for well-known threats. One such threat that could come …
Companies Leave a Treasure Trove of Data
For the last several years, and really ever since public repositories and storage were first used, API and other confidential data has been leaking. The treasure trove as the start of an attack is now becoming common place (most recently from Accenture, DXC Technology, and now the drone maker DJI). The treasure troves are either …
No Need for Independent Clusters for Security or Compliance
On the latest Virtualization and Cloud Security Podcast (11/09/2017), senior technical marketing architect for vSphere Security Mike Foley and I discussed security and compliance, and segregated or independent clusters for each. This has been one of my personal hot topics for a while. The issue is that many folks think, rightly or wrongly, that a …
Continue reading “No Need for Independent Clusters for Security or Compliance”
Unplanned Obsolescence – Digital Lifespan
Recently, the xkcd comic (https://xkcd.com/1909/) mentioned digital lifespan with a pithy comment about digital resources disappearing quickly. This is quite prevalent in the project to restore NASA records from Apollo missions, such as LOIRP. NASA participated in unplanned obsolescence as well as misunderstanding the value of its data. It picked data formats that were not …
Continue reading “Unplanned Obsolescence – Digital Lifespan”
Process, People, Ptechnology, and Politics
The four Ps of security, DevOps, Agile Cloud Development, and cloud migration are Process, People, Ptechnology, and Politics. In that order. The Ptechnology piece is by far the easiest piece, though it is often considered to be critical. Without Process and People, at this time, technology is just a bunch of 1s and 0s. Unfortunately, …
Continue reading “Process, People, Ptechnology, and Politics”
Reduced Complexity: The Reality
The goal and driver of many tools is reduced complexity. There are many IT as a Service products that claim they reduce complexity—but is that what they really do? IT has gotten inherently complex, yet we are claiming to reduce complexity by adding in more layers, such as automation, platforms, containers, etc. Do these technologies …