Focusing on Data and Fact with less Hype

Jon Shende

Subscribe to Jon Shende: eMailAlertsEmail Alerts
Get Jon Shende: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Jon Shende

One major concern with the adoption of cloud computing is the lack of a defined standard or standards that are specific to operations impacting security, interoperability & mobility within the Cloud ecosystem. As most managers of security departments will attest to, there is a fine line between security and operations. While we as business managers want to ensure that we maximize the ROI on our operational investments and ensure that availability is paramount  for our users, we do not want to do so at the expense of our security measures, policies and protocols. On the other hand we do not want to lock down a system providing maximum security, but to such an extent that there is a degradation in availability - thus negatively impacting operations and our revenue stream by extension. In the traditional IT Security/Operational world we balance tools and metrics from I... (more)

Live Forensics and the Cloud

Cloud Computing offers a sense of "vastness" in terms of storage and remote processing. According to Simpson Garfinkil, a major challenge to any digital forensics investigator investigating data within the cloud; can be an inability to locate or identify data or code that is lost when single data structures are split into elements. This in effect directly impacts forensic visibility. Within this ecosystem a major concern can be access to and the preservation of data within an on-going digital forensic investigation. Of consideration as mentioned in Part 1 - is that in a live and ... (more)

GRC and the Cloud - Governance, Risk Management & Compliance

As we become more technology dependent, more so in today's "cloud"-driven environment, IT security needs to evolve from the traditional sense of digital security. We should see the advent and acceptance of a more holistic, flexible and adaptive model of security that focuses more on managing information security, people and processes in a natural evolution from the traditional model of implementation, monitoring and updating. According to Teubner and Feller [1] "Governance is understood as securing a responsible corporate management, having its roots in value-based management."... (more)

Standards Acceleration to Jump-Start Adoption of Cloud Computing (SAJAAC)

One major concern with the adoption of cloud computing is the lack of a defined standard or standards that are specific to operations impacting security, interoperability & mobility within the Cloud ecosystem. As most managers of security departments will attest to, there is a fine line between security and operations. While we as business managers want to ensure that we maximize the ROI on our operational investments and ensure that availability is paramount for our users, we do not want to do so at the expense of our security measures, policies and protocols. On the other hand we... (more)

The Impact of the Cloud on Digital Forensics - Part 2

As mentioned in  Part 1 of this article, one of my functions is to research current and up and coming solutions within the technology realm, particularly that of distributed computing and cloud computing. It is a strong possibility that malicious users will eventually identify and exploit potential flaws within the cloud computing model. CSPs, in their pursuit to secure market share may have underestimated the possibilities of attack and misuse of their cloud resources by a malicious user or users. The likelihood that the creation, storage, processing and distribution of illicit ... (more)