FedRAMP: Gov2.0?
The Federal Risk and Authorization Management Program (FedRAMP) was released to federal information technology managers on November 14, 2010. The program aims to establish a standardized framework for...
View ArticleCSA Governance, Risk Management & Compliance Stack
In November, 2010, the CSA (Cloud Security Alliance) announced the release of its Governance, Risk Management and Compliance (GRC) Stack. The CSA recognized the challenges involved in meeting the...
View ArticleData Governance in the Cloud
Data security should be a primary concern for organizations considering cloud computing. The possibility of having to move their data to the cloud is forcing many organizations to take a close look at...
View ArticleAmazon Cloud Outage: April 2011
By now, just about everyone’s been affected by – or at the very least, heard of – the Amazon EC2 (Elastic Cloud) outage that occurred from April 21 to 22, 2011. Unfortunately, the incident took down...
View ArticleTalking about Security Automation: SecurityAutomata, CloudPassage and...
Something that’s on our mind a lot is data security. Whenever a new product or solution comes out, what we’ll always look at is the level of security involved. Typically, if something is outside your...
View ArticleCloud Service Providers & Questionable Contracts
Cloud service contracts are often rushed through, which leads to costly blunders and serious risks. According to a recent Techaisle estimate, small and medium businesses are reviewing and signing about...
View ArticleCloud Security Doubts: Firewall Risk Management
While more and more enterprises these days are using cloud infrastructures, the majority of executives are doubtful of their ability to secure their IT systems. This article takes a look at a special...
View ArticleData Protection Basics
Developments in technology, particularly computers and the internet, have accelerated the generation and amassing of huge amounts of data. Data comes from two main sources: 1) The conversion of...
View ArticleProblems with Data Protection Technologies
As mentioned in an earlier article, data protection is enforced b network devices, operating systems, or applications. Experts have argued that this approach is fundamentally flawed, especially given...
View ArticleNew Cloud Computing Security Requirements Guide – Part II
The DoD’s new Cloud Computing Security Requirements Guide (SRG), released by the Defense Information Systems Agency (DISA), replaces their previous Cloud Security Model. The guide outlines an overall...
View Article