ISACA, the Information Systems Audit and Control Association just surveyed
1 529 of its members across 50 countries in EMEA.
It turns out that UK businesses are leading Europe on Cloud Adoption 40% to
33%. But a whopping 35% of respondents do not plan to use Cloud for any IT
services (actually 35.6% in Europe and 31.8% in the UK). This is a huge
impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and
PaaS respectively Software as a Service, Infrastructure as a Service and
Platform as a Service.
Let’s spin this another way: 60% of respondents are not using Cloud yet,
and of these more than half do not plan to use it at all.
Why is that? How come despite all the benefits around Clouds, so many are
not planning on leveraging this approach to IT? The survey doesn’t provide
answers. But it gives interesting clues concerning the role of underlying
We saw what typically happens when trying to use static rule-based log
correlation to perform real-time incident management... combinatory explosion
and lack of scalability. How do you automate non-deterministic attacks in a
few discrete steps???
Today, we'll look at more scenarios for which static rule-based log
correlation doesn't make sense.
Attack Scenario Example 2: Brute Force Attack
Let's look at another example scenario. Brute Force Attack.
- A user tries to log in to his account
- He fails many times in a row and then finally succeeds
- Then "probably" a successful Brute ... (more)
Back from SecureCloud 2010 in Barcelona
I’ve been in information and system security for almost 20 years. Yes
it’s possible! At the time Gopher was the killer app and NCSA Mosaic was in
the making; I was working on Arpanet and Internet wasn’t born; and
information security was a non-issue, all my friends, colleagues, coworkers
and family were telling me “don’t even try and make a living out of this
dead-end information security thingy stuff”.
But somehow I was convinced that it would be a great ride, that it would be
fun and that I had to do it. My crystal ball was crystal clear,... (more)
Trust is the fundamental business enabler.
It is absolutely necessary for clients to trust their Cloud Providers.
Without trust, business relationships cannot exist. Without
trust, existing relationships cannot blossom.
Trust becomes an issue as soon as there are potential conflicts of
As a client, do you think it's unfair that your Cloud Provider is also the
entity generating reports on actual usage for Pay-per-Use billing
calculations? Do you think it represents a conflict of interest?
How about when your Cloud provider also generates reports on his level of
Daisy Chaining Clouds, how transitive is Trust?
So we talked about some of the challenges - and hence opportunities - faced
by Cloud Providers. Last time we talked about Trust, and how important
Trust is for business relationships.
Trust is already difficult in pretty straightforward environments, but in the
context of Clouds, it can become very fuzzy... Read on.
Clouds: Providers, Clients, Partners and Competitors... all at the same time!
We could imagine a world where there are so many cloud providers, so many
interconnections between them and so many trust relationships that ... (more)