Welcome!

Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Gorka Sadowski

ISACA, the Information Systems Audit and Control Association just surveyed 1 529 of its members across 50 countries in EMEA. It turns out that UK businesses are leading Europe on Cloud Adoption 40% to 33%. But a whopping 35% of respondents do not plan to use Cloud for any IT services (actually 35.6% in Europe and 31.8% in the UK). This is a huge impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and PaaS respectively Software as a Service, Infrastructure as a Service and Platform as a Service. Let’s spin this another way: 60% of respondents are not using Cloud yet, and of these more than half do not plan to use it at all. Why is that?  How come despite all the benefits around Clouds, so many are not planning on leveraging this approach to IT? The survey doesn’t provide answers.  But it gives interesting clues concerning the role of underlying R... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea... Part 4

We saw what typically happens when trying to use static rule-based log correlation to perform real-time incident management... combinatory explosion and lack of scalability. How do you automate non-deterministic attacks in a few discrete steps??? Today, we'll look at more scenarios for which static rule-based log correlation doesn't make sense. Attack Scenario Example 2: Brute Force Attack Let's look at another example scenario. Brute Force Attack. - A user tries to log in to his account - He fails many times in a row and then finally succeeds - Then "probably" a successful Brute ... (more)

Back from SecureCloud 2010 in Barcelona

Back from SecureCloud 2010 in Barcelona I’ve been in information and system security for almost 20 years. Yes it’s possible! At the time Gopher was the killer app and NCSA Mosaic was in the making; I was working on Arpanet and Internet wasn’t born; and information security was a non-issue, all my friends, colleagues, coworkers and family were telling me “don’t even try and make a living out of this dead-end information security thingy stuff”. But somehow I was convinced that it would be a great ride, that it would be fun and that I had to do it. My crystal ball was crystal clear,... (more)

Logs for Better Clouds - Part 4: The Trust Factor

Trust is the fundamental business enabler. It is absolutely necessary for clients to trust their Cloud Providers. Without trust, business relationships cannot exist.  Without trust, existing relationships cannot blossom. Trust becomes an issue as soon as there are potential conflicts of interest. As a client, do you think it's unfair that your Cloud Provider is also the entity generating reports on actual usage for Pay-per-Use billing calculations? Do you think it represents a conflict of interest? How about when your Cloud provider also generates reports on his level of compli... (more)

Logs for Better Clouds - Part 5: Daisy Chaining Clouds

Daisy Chaining Clouds, how transitive is Trust? So we talked about some of the challenges - and hence opportunities - faced by Cloud Providers.  Last time we talked about Trust, and how important Trust is for business relationships. Trust is already difficult in pretty straightforward environments, but in the context of Clouds, it can become very fuzzy...   Read on. Clouds: Providers, Clients, Partners and Competitors... all at the same time! We could imagine a world where there are so many cloud providers, so many interconnections between them and so many trust relationships that ... (more)