Sarbanes Oxley Compliance Journal on Ulitzer

Sarbanes Oxley on Ulitzer

Subscribe to Sarbanes Oxley on Ulitzer: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Sarbanes Oxley on Ulitzer: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

The Cloud Security Alliance (CSA) Thursday announced the release of the CSA Cloud Control Matrix (CCM) Version 3.0, the most comprehensive update to the industry's gold standard for assessing cloud centric information security risks. The CCM Version 3.0 expands its control domains to address changes in cloud security risks since the release of the CSA's seminal guidance domain, "Security Guidance for Critical Areas of Focus in Cloud Computing version 3.0" while making strides towards closer harmonization of the two. Having drawn from industry-accepted security standards, regulations, and control frameworks such as ISO 27001/2, the European Union Agency for Network and Information Security (ENISA) Information Assurance Framework, ISACA's Control Objectives for Information and Related Technology, the American Institute of CPAs Trust Service and Principals Payment Card... (more)

My Personal 2010 Predictions

New Year 2010 on Ulitzer In an effort to save a lot of pain and suffering for those people who don’t want to read an incredibly long blog post, I have a nice little summary table.  The predictions run the gamut of my personal and professional interests, so they may not be 100% interesting to all people. 99% of All Decade Lists That Come This Year Will Be Wrong Twitter Will Become A Footnote Real Time Has Had It’s Time Interest Rates Will Begin To Rise Housing Prices Being To Stall And Then Fall Jorge Lorenzo Will Win MotoGP World Championship Netbook Market Disappears Apple’s Disdain For Developers Will Reach A Tipping Point ChromeOS Proves To Be Another Of Google’s Failures The Final Season Of Lost Will Not Be Seen Foundations For The Repeal Of Sarb-Ox The Venture Business, As We Know It, Is Dead Oil Trading Draws Legislative Scrutiny Windows Mobile 7 Will Impress ... (more)

i365 Collaborates on Cloud Data Protection Solution with Microsoft

i365, Inc., today announced a collaboration with Microsoft on development of a heterogeneous solution that will allow IT managers to extend Microsoft System Center Data Protection Manager (DPM) 2010 across non-Microsoft platforms and into the cloud, using i365’s EVault data protection software and cloud-connected storage solutions infrastructure. The combined solution will be available in several configurations. The first configuration will include an appliance-based backup solution, powered by Seagate® technology, which is scheduled for delivery in first half of 2010 with the release to manufacturing of DPM 2010. This collaboration includes both technology and joint go-to-market components. “System Center Data Protection Manager is seeing greater traction in the data protection and recovery software market as more companies standardize on it to protect their Windo... (more)

Breach and Akamai Deliver Cloud Computing Security

Akamai Session at Cloud Expo Breach Security has announced the release of the WebDefend Global Event Manager, a solution developed to work in conjunction with the new Web Application Firewall service offered by Akamai Technologies. When deployed with Akamai’s Web Application Firewall service, the WebDefend Global Event Manager is the first web application security management solution that defends against global application security threats by enabling customers to make distributed cloud and data center defense-in-depth architectures operational. The WebDefend Global Event Manager is designed to work in concert with Akamai’s solutions across joint customers’ web environments in real-time to accurately detect and block attacks, prevent unauthorized data leakage, improve performance and identify and remediate web application coding errors. The launch of the Akamai Web... (more)

Cloud Replication Is Not Backup, But Backup Is!

Early Bird Registration at Cloud Expo Go read that headline again: W. Curtis "Mr. Backup" Preston points out on his blog that replication is not backup, and we can't disagree. Keeping alternative copies of data in multiple locations is a great idea, reducing the risk of data loss and potentially enabling enhanced access, but it's not a historical data protection (aka, backup) strategy. Backup requires management of multiple historic copies of a data set. Clearly, cloud storage in itself isn't backup. Backup vs. Storage SNIA defines "backup" thus: [Data Recovery] A collection of data stored on (usually removable) non-volatile storage media for purposes of recovery in case the original copy of data is lost or becomes inaccessible; also called a backup copy. To be useful for recovery, a backup must be made by copying the source data image when it is in a consistent stat... (more)

A Vision of the Future Cloud Data Center

A new year is often a time for reflection on the past and pondering the future.  2010 was certainly a momentous year for cloud computing.  An explosion of tools for creating clouds, a global investment rush by service providers, a Federal “cloud first” policy, and more.  But in the words of that famous Bachman Turner Overdrive song — “You ain’t seen nothin’ yet!” In fact, I’d suggest that in terms of technological evolution, we’re really just in the Bronze Age of cloud.  I have no doubt that at some point in the not too distant future, today’s cloud services will look as quaint as an historical village with no electricity or running water.  The Wired article on AI this month is part of the inspiration for what comes next.  After all, if a computer can drive a car with no human intervention, why can’t it run a data center? Consider this vision of a future cloud dat... (more)

Cloud Identity and VDC services

Cloud Computing is now a maturing field with a number of sub-topics that make up its structure, and smart Cloud Providers can use these as building blocks for their service offerings, combining them through consultative selling techniques to deliver the ideal client solutions. For example the core building blocks include ‘Cloud Identity’ as well as virtualization, and an excellent description of how they can be combined is this case study from BT of Norfolk County Council. Supporting nearly 110,000 children and young people at all stages of their development, Norfolk County Council Children’s Services works with 450 schools across Norfolk. It also provides ICT services to those schools, and began to experience these types of business issues: An expensive-to-support architecture Maintaining local expertise was a constant problem Lack of communication between different... (more)

Working with Microsoft Security Tools

How many of us take for granted Microsoft’s family of tools that contribute to the security of your organization? The most commonly used and appreciated tools are: Forefront Family Microsoft Security Essentials Windows Intune / Windows Update / Microsoft System Center Family Windows Firewall (with Advanced Security) Let’s take a look at all of these tools and their features. Then, we can look at other less popular tools offered by Microsoft — such as Microsoft Security Compliance Manager and Microsoft Security Assessment Tool. Forefront Family Microsoft has spent a great amount of time trying to supply a manageable easy-to-use security solution for its products. The result of these efforts is the Forefront Family. It consists of several tools you can use to secure your Microsoft infrastructure. Also, it is designed to interact with other Microsoft tools, such as Ac... (more)

Any Language, Any Stack, Any Cloud

"This is a great day for developers and enterprises looking to the cloud," said ActiveState CEO Bart Copeland (pictured) as he announced the general availability of Stackato 1.0.  "Stackato delivers on the promise of the cloud -- convenience, cost-efficiency -- with the security, control, and compliance the real-world enterprise demands," Copeland added. Bart Copeland, ActiveState CEO, talks to Cloud Expo Conference Chair Jeremy Geelan "Stackato is about freedom, control, and ROI," continued Copeland. "Developers have the freedom to work with multiple stacks; use the best-suited tools; configure, test, and deploy faster; and ultimately build more apps. IT managers get control: They can create new apps and migrate existing ones; eliminate the risks of data silos or rogue clouds; ensure tighter security and compliance; and deploy to the cloud model that's right for th... (more)

MySQL in the Cloud

MySQL is probably the most popular open source database. While there is a wealth of discussion online for MySQL database encryption,doing it right in a cloud computing environment is tricky. The discussion here is quite long, and contains a lot of interesting details. So if you want a spoiler: it is possible to achieve true confidentiality for your MySQL database today; using the industry best practice which is split-key encryption. Here’s why. Cloud encryption for MySQL – Setting your goals Before talking tech, it’s actually essential to understand what your goals are, and then how they relate to the technical solution for your MySQL database. Sometimes it is hard to get transparency when it comes to what goals are achievable with different techniques. The classic goals of any information security solution are “CIA”, meaning Confidentiality: your data cannot be rea... (more)

Red Hat Unveils Big Data and Open Hybrid Cloud Direction

Red Hat on Wednesday announced its Big Data direction and solutions to satisfy enterprise requirements for highly reliable, scalable, and manageable solutions to effectively run their Big Data analytics workloads. In addition, Red Hat announced that the company will contribute its Red Hat Storage Hadoop plug-in to the Apache Hadoop open community to transform Red Hat Storage into a fully supported, Hadoop-compatible file system for Big Data environments, and that Red Hat is building a robust network of ecosystem and enterprise integration partners to deliver comprehensive Big Data solutions to enterprise customers. Red Hat Big Data infrastructure and application platforms are suited for enterprises leveraging the open hybrid cloud environment. Red Hat is working with the open cloud community to support Big Data customers. Many enterprises worldwide use public cloud... (more)