Cloud & Telecom Security

Nowadays, many companies spent a lot of resources to build and improve their branding impage at Internet. The Internet has transfered the control from trational media and PR company to bloggers and users. Jeff Jarvis told an interesting story at his book “What Would Google Do?” which introduced how Dell succeded in recovering its customer satisfaction and image through new strategy tuned for Internet – from overlooking Internet voices to listening to bloggers, fully leveraging Internet and transfering complainers into advocates.

Inspired by Jeff’s book, I start to do some simple research on this topic of Internet branding and complainers, i.e. “sucks” speakers, trying to find something interesting. Don’t you want to know how many customers were saying your company sucks? Read more…

Information is the new currency of business – a critical corporate asset whose value rises and falls at different times, and in different ways, depending on when, how, where and by whom it is placed into circulation as a medium of exchange.
Therein lie the risks. And the opportunities.

“Safeguarding the new currency of business”, Findings from the 2008 Global State of Information Security Study®, PWC

【说在前面的话】前面已有一些留言说起匿名转载问题，呼吁喜欢埋头“生吞活剥”的网编们提高一下自己的工作品味，尊重原创作者的劳动，署上作者原名和URL，这也是尊重自己的劳动，不要把自己的青春浪费在制造互联网垃圾冗余信息上面。如果您做不到这一点，谢绝转载！
【事先声明】本人不保证内容 正确性，不对后面文字中的分析和预测给您的企业和工作所产生的任何后果承担责任，因为您也不会和我分享您你的收益。呵呵，所以，我说了，您听了，您赚了，您亏了，您笑了、您不屑、您怒了，都与本文和作者无关。

上回书（http://sbin.cn/blog/2009/06/01/cloud-computing-1/）说到了云计算大背景下的一些东家长、西家短的陋见，Chinacloud.cn上刘鹏教授做了大量的、很全面的资料收集，感兴趣者可以自助前往。 故谚云: 云是天上的雾, 雾是地上的云。不管是跳进云里，还是把拉到上，总是要腾云驾雾一番了。书归正传，讨论一下云计算对安全圈的启发 – 这个那个产品和技术会如何演变。在后面的文字中将会讨论到风险评估和渗透测试、安全管理中心、终端安全、身份和访问控制（也包含信任管理）、安全审计、Web应用和生命周期安全、符合性认证和培训等。 Read more…

Many business units are being drawn into using cloud services by the attractive economics, bypassing IT departments to host their applications and data in the cloud directly. This creates several problems for the IT organizations with reduced internal and external control.

- From RSA Whitepaper “The Role of Security in Trustworthy Cloud Computing”.

Even they are not directly for Cloud services, but there were cases that BUs signed contracts with 3rd providers to host their applications directly, bypassing IT department. Obviously, it’s not good practice from governance perspective. It might be a head-up for CIOs at Cloud time.