Controls in security and GRC (Governance, Risk Management, and Compliance) systems are commonly structured in preventive, detective, and reactive controls. When we look at IAM/IAG (Identity and Access Management/Governance), we can observe a journey from the initial focus on preventive controls towards increasingly advanced detective and corrective controls. Initially IAM started with a preventive focus. […] READ MORE
Did someone just steal my password?
Large-scale security breaches are nothing new. Last December we’ve heard about the American retail chain Target’s network hack, when over 40 million credit cards and 70 million addresses have been stolen. This May, eBay announced that hackers got away with more than 145 million of their customer data. And the trend doesn’t stop: despite of […] READ MORE
Cloud Provider Assurance
Using the cloud involves an element of trust between the consumer and the provider of a cloud service; however, it is vital to verify that this trust is well founded. Assurance is the process that provides this verification. This article summarizes the steps a cloud customer needs to take to assure that cloud a service […] READ MORE
EU-Service Level Agreements for Cloud Computing – a Legal Comment
Cloud computing allows individuals, businesses and the public sector to store their data and carry out data processing in remote data centers, saving on average 10-20%. Yet there is scope for improvement when it comes to the trust in these services. The new EU-guidelines, developed by a Cloud Select Industry Group of the European Commission, […] READ MORE
Data retention directive in Europe considered illegal by EU court
Have you seen this WSJ article? This is great news for privacy, human rights and a profound public security based on individual freedom: nations can no longer require IT and telecom companies to store communication data about all customers and communication partners – at least there need to be clear indications for the need to […] READ MORE
Why SDCI needs organizational change in IT
My last post focused on the challenges and the potential of SDN (Software Defined Networking) and SDCI (Software Defined Computing Infrastructures) for improving Information Security. APIs are being used to control more devices from a central point, bringing agility to networks, virtual systems, storage, and other elements of the computing infrastructure that meet the demands […] READ MORE
New Newsletter Season to come: KC Analysts’ View
It’s a new year, and there are some new changes coming to KuppingerCole, especially in the material that will come into your inbox. First, some background. After the past year or so we’ve been growing by leaps and bounds with new offices in Europe and the Asia-Pacific area as well as new analysts all over […] READ MORE
“Google Home Automation” – Do We Really Need This?
It was recently reported that Google has bought Nest Labs, a manufacturer of home automation sensors and devices with, currently, two products: a digital thermostat and a Smoke + CO Alarm. Why is it, then, that somebody would spend 3.2 Billion USD for a company producing home appliances that have been around for ages from […] READ MORE