Cloud Computing Dangers: Incident Detection

This posting is Part 2 of the Case Study in Cloud Computing Dangers.

At around Noon U.S. Eastern Daylight Time (EDT) on Wednesday, May 9, I forwarded a calendar invite from my corporate account to my VA address. The message included some important attachments that originated from a prime-contractor colleague. I also responded to several email messages from the same colleague, sending mail to both his corporate and his VA accounts. Everything that seemed to have worked fine a few minutes prior was about to blow up in my face.

A Case Study in Cloud Computing Dangers

"A cloud computing approach could save 50 to 67 percent of the lifecycle cost for a 1,000-server deployment." Kevin Jackson - Forbes.

It's not hard to understand why business executives are completely intoxicated by cloud computing.  For the uninitiated, cloud computing essentially allows organizations to outsource just about any IT processing to a third party. If you need new servers, then you can just go to Amazon to quickly and cheaply procure new server capacity that's available immediately. Sick of managing your internal email system? Go to Microsoft to get Exchange email, calendaring, instant messaging, and SharePoint with the click of a button. Want to gain access to enterprise-class back office accounting and support system? Check out Google Apps for Business and all of the add-ons that it makes available. An organization can get instant satisfaction by moving to the cloud while paying a small fraction of what it would cost to procure the equipment, software, and people to do it all internally.

Sounds great, right?  Look closer and you may not be so convinced.

Mozilla Persona: Future of Authentication?

While doing research for a new analysis of modern authentication last week, I discovered that Mozilla had released the beta distribution of Persona, a new authentication system Mozilla describes as "an easy way to sign in to a website." I become so enamored with Persona that I figured that it deserved a quick posting rather than get buried into an analytical perspective that will not look too favorably on modern authentication mechanisms. Consider yourself teased.

This posting introduces Persona as an authentication mechanism, discusses the advantages that organizations and individuals could gain from using Persona, and some of the new vulnerabilities that they should consider before using Persona.

Why I Love and Hate Apple Maps in iOS 6

Apple surprised me with its Maps update in iOS 6. It wasn't just that it represents one of the few missteps that Apple makes but that Apple violated several tenets of its very well-honed brand foundation and reputation.

The debacle that is Apple Maps is epic with failures in three key areas: usability, data, and business decision-making. This posting expands on each of those areas.

Are Mobile Carriers Killing Business Security?

Mobile service providers, including Verizon Wireless, AT&T, and Sprint, know something about your smartphone that you don't.  What is this little nugget of information?  Service providers have no problem with selling you a supercomputer (a.k.a. smartphone) that they have no intention to protect.  It's not that they make it a secret or that the information isn't readily available, it's just that they know that you don't care, and they're right.  That's killing the ability for organizations to protect themselves.

The Problem with Google's Two-Factor Authentication

The media has rightly gone crazy over what what technology writer Mat Honan wrote in Wired called "My Epic Hacking." If you haven't read about what happened to Mat, then I urge you to check out the article and then try to calm down for a few minutes before moving on.

In a business that focuses on quick solutions to big problems, many bloggers and writers have focused on this one statement that Mat makes in his article:

"Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened…"

I don't doubt for a second that Mat is correct.  Google's innovative application of stronger authentication is a great resource and one that I began using just about a month ago after I found some kid in Houston constantly trying to access my Gmail account thinking that it was his.  (I'll rant about that some other time.)  But, don't think for a second that Mat's statement points to a solution.  It's not.

Defect Acceptance

Cybersecurity has been a hot topic for over a decade and only seems to be getting hotter.  When I meet new folks and mention being "in" information security, I cringe when I hear the standard response, "Oh, that's a really hot field.  I bet that there are a lot of opportunities for someone like you."  Well, yes and no.