Cloud Computing and Data Security

We cannot attribute the beginning of cloud computing to a particular person or time. It evolved with the evolution of Internet and enterprise computing. We may be able to trace its roots all the way back when Dr. Larry Roberts developed the ARPANET in 1969. (Whitman & Mattord, 2016)

While the evolution of ARPANET, to Ethernet and then to Internet happened, enterprises were discovering new ways to compute from mainframes to multi-tier computing. During the early stages of enterprise computing, enterprises were purchasing hardware and software to host internally. Though not in the form that we see today, enterprises had an early version of cloud in the form of networked mainframe systems with dumb terminals. They then slowly began to outsource their information systems to Internet Service Providers (ISPs) and Application Service Providers (ASPs).

The concept of using computing, as a utility was probably first proposed by Professor Noah Prywes of the University of Pennsylvania in the Fall of 1994 at a talk at Bell Labs. “All they need is just to plug in their terminals so that they receive IT services as a utility. They would pay anything to get rid of the headaches and costs of operating their own machines, upgrading software, and what not.” (Faynberg, Lu, & Skuler, 2016). It came to fruition when Amazon launched its limited beta test of Elastic Cloud Compute Cloud (EC2) in 2006. Meanwhile, Salesforce.com has already mastered how to deliver an enterprise application using a simple website. Continue reading “Cloud Computing and Data Security”

Reporting Illegal or Unethical Behavior

What should employees do if they discover unethical or illegal behavior? Should they raise concerns without fears of retaliation?

Employees are doing a favor for the company and its stakeholder by raising concerns about unethical or illegal behaviors. One day or the other, the act will come to light, and it will cost the company its reputation on top of legal suits, regulatory penalties, settlement costs and loss of market share.

The latest on Volkswagen (VW) diesel emissions scandal is that “Volkswagen has agreed to pay almost $15 billion to settle claims in the United States, and it must buy back or fix affected vehicles by December 2018. As part of the settlement, more than $10 billion has been set aside to buy back the roughly 475,000 Volkswagens and Audi A3 models that have 2-liter engines.” (Gates, Ewing, Russell, & Watkins, 2016) Continue reading “Reporting Illegal or Unethical Behavior”

Roles of Management and Technology in InfoSec

Information security is both a management issue and a technology issue.

The management of an institution could be the owner or custodian of the data that their information security program is trying to protect. They need to ensure that the systems they employ execute all the functions on the data as they are supposed to while ensuring the data is not leaked to unauthorized personnel. “Primary mission of an information security program is to ensure information assets-information and the systems that house them-remain safe and useful” (Whitman & Mattord, 2014)

Management is responsible for the reputation of the business, it’s proper functioning, the data it holds, and safeguarding the technology it uses. However, all these could be impacted if the technology that they deploy do not meet the requirements – functional as well as non-functional. Technology is only a tool that facilitates proper function of the business providing value to its customer and keeping track of all its transaction. Technology must be configured in such a way that the data that the business holds is protected while in transit, at rest and in process. Continue reading “Roles of Management and Technology in InfoSec”