Initial Thoughts on Cloud A6

October 27th, 2009 admin

I’m a little late to this issue, but let me start by saying I read Craig Balding’s RSA Europe 2009 Presentation this evening. In it he mentioned something called the A6 Working Group. I learned this is related to several blog posts and a Twitter discussion. In brief: In May, Chris Hoff posted Incomplete Thought: The Crushing Costs of Complying With Cloud Customer “Right To Audit” Clauses , where Chris wrote Cloud providers I have spoken to are being absolutely hammered by customers acting on their “ right to audit ” clauses in contracts. In June, Craig posted Stop the Madness! Cloud Onboarding Audits – An Open Question… where he wondered Is there an existing system/application/protocol whereby I can transmit my policy requirements to a…


Originally posted on TAOSecurity

Related Videos from Youtube

  • phone security and cybersecurity ar...
    taosecurity.blogspot.com another of my two in one videos but this time i want to say to my subbers, that i will protect you guys from hackers, whenever i can in any form, cell phone security or pc i'm here for you guys and the youtube cominuty at large....
  • is prillo a nice security person or...
    geeks.pirillo.com i wouldn't mind if i got more subscribers who can watch my videos and i could help them in a friendly way and a good way, i'm not like prillo in any way i don't get mad at hateful comments etc taosecurity.blogspot.com
  • Zombie aware month.......avi...
    blog.fortinet.com come on join me and help in the fight against pc zombies..... i will deffend the youtube comminuty against hackers...... taosecurity.blogspot.com
  • AFCERT circa 2000...
    This video shows the United States Air Force Computer Emergency Response Team (AFCERT) in 2000. Kelly AFB, Security Hill, and Air Intelligence Agency appear. The colonel who leads the camera crew into room 215 is James Massaro, then commander of the Air Force Information Warfare Center. The old Web-based interface to the Automated Security Incident Measurement (ASIM) sensor is shown, along with a demo of the "TCP reset" capability to terminate TCP-based sessions. We have a classic quote about a "digital Pearl Harbor" from Winn Schwartau, "the nation's top information security analyst." Hilarious, although Winn nails the attribution and national leadership problems; note also the references to terrorists in this pre-9/11 video. "Stop the technology madness!" Incidentally, if the programs shown were "highly classified," they wouldn't be in this video!

More videos ...

 
  Related Posts
Hitler learns about Cloud Computing
Hitler learns about Cloud Computing
This video showing how Hitler would have responded to a breach of his Cloud Computing infrastructure was especially funny to me coming on the tail of sitting in on this week’s Cloud Audit conversation.  Read More →
Network Forensics Vendors: Get in the Cloud!
Network Forensics Vendors: Get in the Cloud!
I know some of us worry that the advent of the “cloud” will spell the end of Network Security Monitoring and related network-centric visibility and instrumentation measures. I have a proposal for any network forensics vendors reading this blog: get in the cloud! For example, imagine you are a proxy-in-the-cloud (PITC) provider, like... 
Review of Digital Forensics for Network, Internet, and Cloud Computing Posted
Review of Digital Forensics for Network, Internet, and Cloud Computing Posted
Amazon.com just published by two star review of Digital Forensics for Network, Internet, and Cloud Computing by Terrence V. Lillard and company. From the review : Digital Forensics for Network, Internet, and Cloud Computing (DFFNIACC) is one of the worst books I’ve read in the last few years. You may wonder why I bothered reading a two star... 
“PCI Compliance” and “Public Cloud” don’t mix
“PCI Compliance” and “Public Cloud” don’t mix
PCI ( Payment Card Industry Data Security Standards ) compliance and cloud computing are two great tastes that truly suck when you put them together.  Read More →
Thor vs Clown
Thor vs Clown
It started with this post by M.D.Mufambisi to the pen-list list: Im designing an SMS baking application but i need to research on the security risks involved first… What are the risks around this application? How are such applications normally subverted? Are there any case studies someone can point me to? After a few responses, Craig Wright... 
Shadows in the Cloud
Shadows in the Cloud
You might remember the Ghostnet white paper that was released a year ago? We blogged about it extensively. The same researchers, with the help of Shadowserver Foundation, has now published a new whitepaper, called Shadows In The Cloud: Investigating Cyber Espionage 2.0 (link to a PDF). This investigation into targeted attacks (à la “Operation... 
CloudShark, Another Packet Repository in the Cloud
CloudShark, Another Packet Repository in the Cloud
I’ve been interested in online packet tools for several years, dating back to my idea for OpenPacket.org , then continuing with Mu Dynamics’ cool site Pcapr.net , which I profiled in Traffic Talk 10 . Yesterday I learned of CloudShark , which looks remarkably similar to Wireshark but appears as a Web application. I generated the picture... 
Alpha Software disclosure leads to confusion
Alpha Software disclosure leads to confusion
A few days ago, Security Fix heard from a reader who received a breach notification so casual in tone that he asked me to verify whether it was for real. Sure enough, Burlington, Mass.-based database application company Alpha Software Inc. recently told customers that a data breach had exposed their payment information. That fact was confirmed... 
Thoughts on "Application SOC" and New MSSPs
Thoughts on "Application SOC" and New MSSPs
I’d like to briefly comment on a few ideas that appeared on lists I read. First, in this Daily Dave post from June, Dave Aitel writes: So when I gave the FIRST talk, one of the questions was “What is the solution?” … Immunity sees lots of success (and has for many years) with organizations that have done high level instrumentations... 
Traffic Talk 10 Posted
Traffic Talk 10 Posted
I just noticed that my tenth edition of Traffic Talk , titled Pcapr.net — where Web 2.0 meets network packet analysis , has been posted. From the article: Solution provider takeaway: Pcapr.net is a free packet collaboration site hosted by Mu Dynamics. Solution providers can participate in the community to exchange, analyze and gather traces... 
  Related Tweets from Twitter
asteingruebl (Andy Steingruebl)  : @taosecurity That was true of incidents Verizon and USSS handled. That doesn't by itself = all incidents. Right?..
Updated : 2010-07-31T02:40:16Z   |  Reply  |  View Tweet
shirkdog (shirkdog)  : @taosecurity so... the outsider attacks would be 69% pre 2008 :)..
Updated : 2010-07-31T01:59:43Z   |  Reply  |  View Tweet
shirkdog (shirkdog)  : @taosecurity When jobs are there, maybe some people think about getting back at the company...but people seem to be more pessimistic now...
Updated : 2010-07-31T01:58:37Z   |  Reply  |  View Tweet
alexhutton (Alex Hutton)  : RT @taosecurity: Schultz: study puts to rest the lingering legend that most attacks are due to insiders http://bit.ly/cafM51..
Updated : 2010-07-31T01:47:12Z   |  Reply  |  View Tweet
taosecurity (Richard Bejtlich)  : Schultz: This study should put to rest the lingering information security legend that most attacks are due to insiders http://bit.ly/cafM51..
Updated : 2010-07-31T01:44:00Z   |  Reply  |  View Tweet
  Related News from Digg
Leave a comment | Trackback
No comments yet.
You must be logged in to post a comment.
TOP