A couple of years ago I decided, along with support from my management, that Enterprise Risk Management would become a focal point for my Information Security Program. I was convinced that framing vulnerabilities in the form of risks was essential to giving management visibility into issues they currently didn’t know existed and to give our […]
I had a meeting yesterday with a vendor who sells a SaaS solution for binary application vulnerability testing. They tell a very interesting story of a world where dynamic testing (“black box”) takes place alongside static testing (“white box”) to give you a full picture of your application security posture. They even combine the results […]
We’re trying to come to an agreement with a SaaS vendor about performance and availability service level agreements (SLAs). I discussed this topic some in my previous “SaaS Headaches” post. I thought it would be instructive to show people the standard kind of “defense in depth” that suppliers can have to protect against being held […]
The industry is abuzz with people who are freaked out about the outages that Amazon and other cloud vendors have had. “Amazon S3 Crash Raises Doubts Among Cloud Customers,” says InformationWeek! This is because people are going into cloud computing with retardedly high expectations. This year at Velocity, Interop, etc. I’ve seen people just totally […]
There’s a lot of promise in the new SaaS (software as a service; what used to be called ASPs, or Application Service providers, till Microsoft crapped all over that acronym) and newer PaaS (platform as a service) spaces (and look for a steady stream of new “aaS”es to come). However, there are a lot of […]
