With the advent of bug bounties, the transition of healthcare charges aligned to outcomes, and the history of legal services tied to outcomes, there needs to be a transition to technical professional services being aligned to outcomes.
Now, one may argue that FFP "packaged" projects are already tied to outcomes, though those are far & few between.
So, eventually industry should tie compensation to outcomes & we may see a better percentage of efficiencies from the larger consulting firms.
Sunday, August 26, 2018
Saturday, August 25, 2018
Cloud Architecture: Build (IaaS) versus Buy (PaaS)
Cloud providers are introducing many new services to their portfolios. So, organizations now have a decision to make regarding build vs buy.
Here are pros & cons for each:
PaaS / Buy: (pros) time to market, CapEx reductions; (cons) usually multi-tenant, will require skill-set updates, vendor lock-in, OpEx increases
IaaS / Build: (cons) familiar ITSM / ITIL model, CapEx focus, single tenant, existing skill-set, increased portability; (cons) slower agility
Here are pros & cons for each:
PaaS / Buy: (pros) time to market, CapEx reductions; (cons) usually multi-tenant, will require skill-set updates, vendor lock-in, OpEx increases
IaaS / Build: (cons) familiar ITSM / ITIL model, CapEx focus, single tenant, existing skill-set, increased portability; (cons) slower agility
Monday, June 25, 2018
Cloud Visibility
With more organizations going to the cloud, with shadow IT, and with GDPR requirements cloud visibility seems to be the latest fad....
Microsoft & Amazon picked up on this several years ago, thus Azure Info Protection (AIP) and AWS Macie but, that does not cover them together or Google / Salesforce / Rackpsace.
So, expect this area to gain traction for several more years...
Microsoft & Amazon picked up on this several years ago, thus Azure Info Protection (AIP) and AWS Macie but, that does not cover them together or Google / Salesforce / Rackpsace.
So, expect this area to gain traction for several more years...
Saturday, June 23, 2018
Incident Response v.2.0: Partner Office 365 (O365) Compromise
As more ecosystems move to Microsoft's Office 365 it seems necessary to create an IR playbook for O365 compromises.
Said playbook should include proper responses.
Tasks to perform should include:
Said playbook should include proper responses.
Tasks to perform should include:
- Disabling established trusts
- Quarantining emails / messages
- Establishing enhanced security policies / black lists
- Calibrating monitoring / notification rules
Wednesday, March 21, 2018
Facebook, Cambridge Data Compromise Should Not Surprise Consumers
Facebook is receiving bad press due to compromised consumer data by a Cambridge-based analytics firm for political purposes.
Frankly, this should not be news as social media outlets, and free online services (email, vlogs, blogs), use subscribing advertisers to generate their revenue by selling the (supposed to be anatomized) data. Said data extraction models have been the point of episodes on shows like Netflix's House of Cards.
Regardless, the sensitive data is supposed to be masked. And how obfuscated said data is, is often a matter of debate.
So, the questions is, will the US get serious about data privacy now and / or will consumers migrate from these services in droves?
TBD....
Frankly, this should not be news as social media outlets, and free online services (email, vlogs, blogs), use subscribing advertisers to generate their revenue by selling the (supposed to be anatomized) data. Said data extraction models have been the point of episodes on shows like Netflix's House of Cards.
Regardless, the sensitive data is supposed to be masked. And how obfuscated said data is, is often a matter of debate.
So, the questions is, will the US get serious about data privacy now and / or will consumers migrate from these services in droves?
TBD....
Friday, February 23, 2018
Metrics for Risk Management & Cybersecurity
A book by the name of How to Measure Anything in Cybersecurity
Risk articulates enhanced metrics (versus impact & likelihood) via Bayesian
models.
However, sans cyber insurers
& actuaries, most risk management / cybersecurity functions struggle with
the most simple metrics. That happens due to a lack of technical key risk
indicators (KROs) agreed to by the business.
While quantitative analysis can
help derive budgeting priorities, most organizations are simply not mature
enough to know the qualitative gaps within their enterprise.
Friday, February 16, 2018
Hypervisor Replication for Virtualization Security
Vendors like Bracket & BitDefender are rolling out virtualization security solutions meant for hybrid cloud deployment to negate rootkits & chip-based exploits (Spectre, Meltdown).
However, comprehensive coverage / support seems limited & you would think that the big cloud service providers (CSPs: AWS, MSFT Azure, GCP) have hardened their own hypervisors already.
VMware's partnership w/ AWS could pave the way for hardened hypervisors that can lift & shift among on / off prem deployments.
However, comprehensive coverage / support seems limited & you would think that the big cloud service providers (CSPs: AWS, MSFT Azure, GCP) have hardened their own hypervisors already.
VMware's partnership w/ AWS could pave the way for hardened hypervisors that can lift & shift among on / off prem deployments.
Subscribe to:
Posts (Atom)