Synopsis

I sat down at the HP Master the Cloud (hp.com/go/cloud) event in Toronto, Canada to answer some Twitter-based questions, talk about the trade show, and listen to some of the fantastic things Victor and his team are working on right now in their incubator ... and it was a really great 20 minutes.  We covered the questions below (posted directly from Twitter, special thanks to all who participated) and talked about technology, the evolution of security, and how organizations can take advantage of this shift as technology turns the corner in a new operating and delivery paradigm.  Is cloud right for everyone?  Probably not.  Is cloud right in every situation?  Probably not.  This is exactly why you need to listen to Victor ... this is definitely a worthwhile way to spend 20 minutes of your time.

Questions from Twitter

1. "What's your perspective on letting the entire Internet pen test your service in a sandboxed environment?" -- HackBlat (@HackBlat)
2. Virtual processing is great, but how are we supposed to layer on data privacy? IoW - w/the "To the Cloud!" rush, why aren't there any (effective) integration patterns emerging? Lift & Drop is bad for data. -- awpiii (@awpiii)
3. How does one establish bandwidth requirements when establishing a pipe to a cloud service? -- RonService (@RonService)
4. Vendor routinely sell something not using themselves. What percentage of HP infrastructure is running in public cloud offering? -- brew_ninja (@brew_ninja)
   

Guest

• Victor Garcia (CTO HP Canada) - Victor is the Chief Technology Officer for HP's Canada business, leading the business in technology & business strategy, incubation and commercialization of new technologies, strategic alliances, and systems integration as well as business management.  Victor's LinkedIn profile is here.
  

Links

• "The security poverty line" from Wendy Nather of the 451 Group (podcast with Alan Shimel) - https://gpodder.net/podcast/securityexe-powered-by-the-ciso-group-with-alan-shimel-1/security-below-the-poverty-line-with-wendy-nather-of-the-451-group
• <Links to whitepapers Victor mentioned will be here shortly>

Synopsis

  This special episode of Down the Rabbithole is sponsored exclusively by HP Canada, and I wanted to thank them for hosting this fantastic event!  In this episode I sat down with Charlie Bess and EG Nadhan to talk about Cloud Computing.  Now, this isn't your standard cloud discussion ... no my friends, these are two of the top technologists HP has to offer from the labs and services organizations talking about the paradigm shifts in computing that "the cloud" offers.  We talk through business adoption, getting over the "it's cheaper" mentatlity, security ... and even some of the things learned here at the event in Montreal.

  What a fantastic opportunity to pick the brains of some extremely smart people, and hear their responses to one of the most difficult and rewarding business shifts in technology in the last 10 years.  You're not going to want to miss this.

Guests

• EG Nadhan - Distinguished Technologist, HP Enterprise Services
  
• Charlie Bess - Fellow, HP Labs

Synopsis

  This month's cal lkicks off 2012 with a big question - "Do security professionals follow their own policies?" ... and as we talk through this issue we discover that there are other subtleties to this question.  Does it make sense for Information Security to have separate accounts for general and administrative access?  Does a securit policy fail if it does not account for 'exceptions' to that policy - legitimate exceptions?  What about an exception policy that allows information security professionals to navigate complex policy issues and receive 'allowances' to do their jobs without being limited by the general user policy?

  These are complex questions that we tackle, and offer some guidance for ... and in the end, things aren't as simple and black-and-white as we'd all like ... you'll just  have to listen to hear the advice we dispense!

Guest

• [Co-Host] Michelle Klinger of EMC Consulting joins me to co-moderate the first SecBiz 2012 monthly call.  Michelle is currently a consultant with EMC.
  

Synopsis

This episode with Jeff was awesome, recorded at the OWASP LASCON security conference, I got a chance to sit down with Jeff in person and talk shop.  I always learn something, but in this podcast Jeff dispensed his usual wisdom in buckets, I could barely write this stuff down fast enough.  We covered the raising of the "information security table stakes", and what the last 15 years have meant to the information security profession in terms of evolution.  We went into a discussion on how information security can avoid being a cost center and feeling the traditional expansion and contraction with workload and economic times, and I learned what the phrase "it was a business decision" really means.  In case you need one more compelling reason, Jeff brought up yet another gem when he discussed how the business pushes the boulder off the cliff, then expects information security to change its trajectory mid-fall ... you're not going to want to miss this.  I had a wonderful time catching up with Mr. Reich, and you'll enjoy this podcast, that's a promise.

Guest

• Jeff Reich - (hint: it's prounounced "rich") - A solid history of developing and providing expertise and leadership on information security and all associated disciplines by integrating Managed Risk into the business in the energy, manufacturing, technology and financial services industries. Successfully created and implemented comprehensive Security and Risk Management Infrastructure for a large oil and gas company as well as four of the largest Internet and e commerce providers in their respective industries. Holds a national reputation of excellence through results, publications and presentations of value. Known for ability to hire, train and inspire high performance teams that support and help drive the core business structures. [LinkedIn: http://www.linkedin.com/in/jreich]
  
  In addition to that, I've known Jeff for a very, very long time throughout his illustrious career, and have always been amazed by his ability to dispense one-liner wisdom, like this one on a recent blog post on "The compliance hamster wheel": "I have been saying for years that simply chasing compliance is like chasing your tail.  You probably won't catch it and if you do, it will hurt."