Companies that do not do business in Europe or in any jurisdiction that works with the EU don’t need to comply with the EU General Data Protection Regulation (GDPR). If your company, or any company you provide services for, works in a country with GDPR compliance requirements, any data you manage or handle has to …
Continue reading “I’m Not in Europe: What Has GDPR Got to Do with Me?”
The VMworld 2016 conference in Las Vegas, Nevada, gave a great deal of attention to both NSX and security this year. While walking around the Solution Exchange floor, I had the opportunity to stop and talk with Tufin about its Tufin Orchestration Suite, which orchestrates security polices across complex, hybrid cloud, and physical environments.
In a recent Twitter conversation, I asked if serverless is anything new, and if so, where are the documents expressing what is new about it. I was asked in reply if I needed a document to understand the difference between Uber and taxicabs. That got me wondering: is the serverless movement a business plan, or is …
Continue reading “Serverless: Business Plan or an Approach to Technology?”
A big part of the secure hybrid cloud is the need for multi-tenant analytics to determine when security events and compliance issues happen. However, analytics cover many different aspects of security within the hybrid cloud from being a control point for compliance to handling vulnerability scanning. What are the requirements for multi-tenant analytics?
There is a dilemma for all tenants of a public or private cloud: Scope. For the tenant, they want everything to be in scope. For the Cloud Service Provider (CSP) they want to limit scope to the bare minimum. What does it mean for a Cloud to be ‘PCI Compliant’ and why is this a requirement for some tenants. The real issue, is what is in scope for PCI-DSS while your data is in the cloud and how can you as the tenant meet those requirements.
We recently moved workloads to the public cloud and the public cloud reality does not match the hype, nor does it match the application security requirements of a small or even large organization.
