Focusing on Data and Fact with less Hype

Jon Shende

Subscribe to Jon Shende: eMailAlertsEmail Alerts
Get Jon Shende: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Jon Shende

Over the last few weeks I've been hearing a lot of discussion around HIPAA. When we speak about HIPAA, invariably the two components of data security and data privacy arises. In the traditional data centers, database managers and data owners know where their data resides and implement the necessary processes to preserve privacy and audit access. However, when we move to the cloud, the cloud being all about data, we are looking at servers, network, and storage that are abstracted. This raises concern that data owners may not necessarily know where their data sets physically reside and we are looking at Cloud Service Provider (CSP) employees who will be handling confidential patient data or Personally Identifiable Information (PII). Of importance here is that when it comes to leveraging the cloud ecosystem for healthcare segments, the foremost concerns are around HI... (more)

The Impact of the Cloud on Digital Forensics - Part 1

Digital Forensics is not an elephant, it is a process and not just one process, but a group of tasks and processes in investigation. Examiners now perform targeted examinations using forensic tools and databases of known files, selecting specific files and data types for review while ignoring files of irrelevant type and content. Despite the application of sophisticated tools, the forensic process still relies on the examiner's knowledge of the technical aspects of the specimen and understanding of the case and the law - Mark Pollitt. As has been established from articles by var... (more)

The Impact of the Cloud on Digital Forensics - Part 2

As mentioned in  Part 1 of this article, one of my functions is to research current and up and coming solutions within the technology realm, particularly that of distributed computing and cloud computing. It is a strong possibility that malicious users will eventually identify and exploit potential flaws within the cloud computing model. CSPs, in their pursuit to secure market share may have underestimated the possibilities of attack and misuse of their cloud resources by a malicious user or users. The likelihood that the creation, storage, processing and distribution of illicit ... (more)

Risk and Its Impact on Security Within the Cloud - Part 1

These days when we hear the term "cloud computing" there is an understanding that we are speaking about a flexible, cost-effective, and proven delivery platform that is being utilized or will be utilized to provide IT services over the Internet. As end users or researchers of all things "cloud" we expect to hear about how quickly processes, applications, and services can be provisioned, deployed and scaled, as needed, regardless of users' physical locations. When we think of the typical traditional IT security environment, we have to be cognizant of the potential for an onslaugh... (more)

Software as a Service (SaaS), Security and Risk Management: Part 1

As cloud computing technologies and offerings mature and evolve in its services to customers, one common consumer use will be that of the Software as a Service (SaaS) model. My earlier articles have touched on the various models, risks, security and forensics at several levels. There is also a plethora of resources available now that end users can educate themselves with that are freely available online. This article will focus on aspects of security that impact the SaaS environment as developed, presented or augmented by me for several Cloud Computing projects. Before we proc... (more)