Over the last few weeks I've been hearing a lot of discussion around HIPAA.
When we speak about HIPAA, invariably the two components of data security and
data privacy arises.
In the traditional data centers, database managers and data owners know where
their data resides and implement the necessary processes to preserve privacy
and audit access.
However, when we move to the cloud, the cloud being all about data, we are
looking at servers, network, and storage that are abstracted. This raises
concern that data owners may not necessarily know where their data sets
physically reside and we are looking at Cloud Service Provider (CSP)
employees who will be handling confidential patient data or Personally
Identifiable Information (PII).
Of importance here is that when it comes to leveraging the cloud ecosystem
for healthcare segments, the foremost concerns are around HI... (more)
Digital Forensics is not an elephant, it is a process and not just one
process, but a group of tasks and processes in investigation. Examiners now
perform targeted examinations using forensic tools and databases of known
files, selecting specific files and data types for review while ignoring
files of irrelevant type and content. Despite the application of
sophisticated tools, the forensic process still relies on the examiner's
knowledge of the technical aspects of the specimen and understanding of the
case and the law - Mark Pollitt.
As has been established from articles by var... (more)
As mentioned in Part 1 of this article, one of my functions is to research
current and up and coming solutions within the technology realm, particularly
that of distributed computing and cloud computing.
It is a strong possibility that malicious users will eventually identify and
exploit potential flaws within the cloud computing model. CSPs, in their
pursuit to secure market share may have underestimated the possibilities of
attack and misuse of their cloud resources by a malicious user or users.
The likelihood that the creation, storage, processing and distribution of
illicit ... (more)
These days when we hear the term "cloud computing" there is an understanding
that we are speaking about a flexible, cost-effective, and proven delivery
platform that is being utilized or will be utilized to provide IT services
over the Internet. As end users or researchers of all things "cloud" we
expect to hear about how quickly processes, applications, and services can be
provisioned, deployed and scaled, as needed, regardless of users' physical
When we think of the typical traditional IT security environment, we have to
be cognizant of the potential for an onslaugh... (more)
As cloud computing technologies and offerings mature and evolve in its
services to customers, one common consumer use will be that of the Software
as a Service (SaaS) model.
My earlier articles have touched on the various models, risks, security and
forensics at several levels. There is also a plethora of resources available
now that end users can educate themselves with that are freely available
This article will focus on aspects of security that impact the SaaS
environment as developed, presented or augmented by me for several Cloud
Before we proc... (more)