Why is it cloud everything now?

< rant > I'm getting really annoyed at the use of "cloud" for everything these days. By far the most ridiculous has to be the Microsoft advertisements with the tag line "to the cloud". In the beginning cloud computing had a definition and a point. Now it has been bastardised to an extent that we should relegate it to marketing gibberish.

Balancing security and employee productivity

My response to a HARO question: Finding the right balance between IT security and employee productivity can be tricky. You want to ensure your company and its data are secure, but you also don’t want policies and protections that prevent employees from being able to easily do their jobs. How do you find the right balance? What are the most important issues to consider? How can you tell if your enterprise security is off balance?

Demise of Blockbuster, Borders and Google?

The collapse and subsequent bankruptcy of Blockbuster and Borders recently got me thinking about how swiftly the online world has become a critical factor for survival. Both these companies were a long time coming so it hardly should be a surprise but still thinking back only 5 years or so when Borders opened a massive store in Lygon street in Melbourne Australia. Even back then we thought it was the height of arrogance but for different reasons*. Similarly Blockbuster was at least a weekly event, during my second year of Uni boredom meant five videos from the local Blockbuster. It is one thing to realize intellectually companies are being born and dying at an exponential rate, it is another to experience the death of  these giants that seemed bluechips only years ago.

Open source security - angels fear to tread?

Simon Philipps from Computerworld has a short post on why open source is good for security. He highlights two old security vulnerabilities, one that was fixed as soon as it was discovered by the open source community. The second in a closed code remained outstanding since 2002 until the community got involved to fix it. It makes sense, security through obscurity is a fallacy, many hands makes light work and plenty of other cliché's. Why would you not use as much open source software as possible? Management likes the price and now you're saying it's more secure? I'll take two!

You will still lose data so is DLP worthwhile?

Today I was reading an article titled: Data Leak Prevention Bypass which got me thinking about all the data loss vectors which I had considered when making the business case for DLP in the past. The author has an interesting project of a device that uses the keyboard USB interface to bypass protection of removable media control. The wrong message to take from this is that DLP is not worthwhile because it can be bypassed


Written by