Cloud Security Alliance UK presentation for Cloud World Forum 2015 in London. What companies should do to make correct decision when considering cloud solutions.
One of the most important parts of the cloud is security. Your data is protected by both advanced threat protection and redundancy from cloud to cloud backup.
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
There is an art to securely using cloud apps and services, including SaaS, PaaS, and IaaS. In this Symantec webcast, hear from Steve Riley, a Gartner senior director analyst who focuses on public cloud security, and Eric Andrews, Symantec’s vice president of cloud security, as they share best practices with practical tips for deploying CASB. Watch here: https://symc.ly/2QTyUec.
My SACON.IO conference presentation about how to architect secure IaaS/PaaS services.
Presentation mostly uses AWS examples, but relevant also to Azure / GCE and similar services.
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
One of the most important parts of the cloud is security. Your data is protected by both advanced threat protection and redundancy from cloud to cloud backup.
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
There is an art to securely using cloud apps and services, including SaaS, PaaS, and IaaS. In this Symantec webcast, hear from Steve Riley, a Gartner senior director analyst who focuses on public cloud security, and Eric Andrews, Symantec’s vice president of cloud security, as they share best practices with practical tips for deploying CASB. Watch here: https://symc.ly/2QTyUec.
My SACON.IO conference presentation about how to architect secure IaaS/PaaS services.
Presentation mostly uses AWS examples, but relevant also to Azure / GCE and similar services.
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
An overview of cloud security
- Quick Context of Security in the cloud
- General Best Practices
- Networking Services
- Security and Identity Services
- Management Tools
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
Passing through the Lion’s den – How to sell cloud services to security guys:
Pitching your SaaS offering is usually fun, until the security guys walks into the room as anyone who try to promote cloud services to organizations probably knows. On the other hand, for the CISO, sometimes cloud vendors represent the sum of all their greatest fears.
So, how can providers of cloud based software do better job in satisfying those gate keepers? Learn to speak their language and understand their terminology and way of thinking. In this presentation we will walk through the do’s and don’ts when pitching to information security professionals, and try to better understand their motivation and how to address their concerns.
This presentation is an introduction to a workshop providing better tools for cloud based companies to overcome challenges when selling their offering.
5 Highest-Impact CASB Use Cases - Office 365Netskope
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top Office 365-specific five CASB use cases that have the highest impact on cloud-consuming enterprises.
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
Security teams are constantly keeping up with complex attacks leveraging the cloud, but traditional security stacks just can’t keep pace with malicious actors or insiders. In the session, we’ll explore Gartner’s new SASE framework and how organizations can utilize Zero Trust, visibility into cloud-based traffic and cloud threat protection to build a modernized cloud-first stack.
CASB Workshop Part 2
(Technology Taxonomy for Cloud Security,Key Components of Cloud Security Architecture,Blue Print To Build Your Cloud Security Program,Basics of Cloud Security Access Brokers)
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- Device Security, Network Security, Cloud Security
- Open Architecture
- Industry Analyst
- Services
- MVISION
- Unified Cloud Edge (UCE)
Please note all the information is based prior to Feb 2020.
Just about all of my current technical content in one 364 slide mega-deck. Source files at https://github.com/adrianco/slides
Sections on:
Scene Setting
State of the Cloud
What Changes?
Product Processes
Microservices
State of the Art
Segmentation
What’s Missing?
Monitoring
Challenges
Migration
Response Times
Serverless
Lock-In
Teraservices
Wrap-Up
An overview of cloud security
- Quick Context of Security in the cloud
- General Best Practices
- Networking Services
- Security and Identity Services
- Management Tools
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
Passing through the Lion’s den – How to sell cloud services to security guys:
Pitching your SaaS offering is usually fun, until the security guys walks into the room as anyone who try to promote cloud services to organizations probably knows. On the other hand, for the CISO, sometimes cloud vendors represent the sum of all their greatest fears.
So, how can providers of cloud based software do better job in satisfying those gate keepers? Learn to speak their language and understand their terminology and way of thinking. In this presentation we will walk through the do’s and don’ts when pitching to information security professionals, and try to better understand their motivation and how to address their concerns.
This presentation is an introduction to a workshop providing better tools for cloud based companies to overcome challenges when selling their offering.
5 Highest-Impact CASB Use Cases - Office 365Netskope
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top Office 365-specific five CASB use cases that have the highest impact on cloud-consuming enterprises.
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
Security teams are constantly keeping up with complex attacks leveraging the cloud, but traditional security stacks just can’t keep pace with malicious actors or insiders. In the session, we’ll explore Gartner’s new SASE framework and how organizations can utilize Zero Trust, visibility into cloud-based traffic and cloud threat protection to build a modernized cloud-first stack.
CASB Workshop Part 2
(Technology Taxonomy for Cloud Security,Key Components of Cloud Security Architecture,Blue Print To Build Your Cloud Security Program,Basics of Cloud Security Access Brokers)
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- Device Security, Network Security, Cloud Security
- Open Architecture
- Industry Analyst
- Services
- MVISION
- Unified Cloud Edge (UCE)
Please note all the information is based prior to Feb 2020.
Just about all of my current technical content in one 364 slide mega-deck. Source files at https://github.com/adrianco/slides
Sections on:
Scene Setting
State of the Cloud
What Changes?
Product Processes
Microservices
State of the Art
Segmentation
What’s Missing?
Monitoring
Challenges
Migration
Response Times
Serverless
Lock-In
Teraservices
Wrap-Up
It will be a quick intro about Cloud Security Alliance (CSA). Overview of current cloud security research, events and other opportunities are covered. We will touch cloud security related certifications (for professionals and companies that provide cloud offerings)/ CSA Lviv Chapter membership and active participation will be discussed as well.
Seguridad: sembrando confianza en el cloudNextel S.A.
Presentación de Oscar Lopez, de Nextel S.A., durante la XV Jornada de Seguridad TI de Nextel S.A. en la Alhóndiga de Bilbao el jueves 27 de junio de 2013.
CipherCloud for Salesforce - Solution OverviewCipherCloud
Enable Salesforce Security by extending data privacy compliance controls to the cloud with the CipherCloud solution for Salesforce:
-Discover what your users are doing in the cloud and prevent data loss with detailed and precise visibility over all activity in Salesforce.
-Protect your cloud data with strong encryption (FIPS 140-2 validated), tokenization, and malware protection to ensure that no unauthorized users can access sensitive information.
-Monitor cloud usage with complete visibility over user activity and alerting on user behavior anomalies
The rapid growth and many flavors of cloud capabilities can provide great business value. If not well planned, they may also give security professionals fits. With perspective and a deliberate approach, CISOs can not only manage cloud security effectively, but leverage the cloud to power security capabilities.
This session will introduce challenges and trends relating to the cloud for information security practitioners. Much of the session will focus on the speaker's own successes, failures, pitfalls and pratfalls as CISO for a cloud-based startup that built an AWS-based SAAS predictive analytics platform. We will also touch on private cloud concerns, architecture planning and real-world solutions.
David Linthicum (@davidlinthicum) from Cloud Technology Partners (@cloudtp) and Bart Copeland (@bart_copeland) from ActiveState (@activestate) will include private and public PaaS perspectives on six competitive areas where the key PaaS players strive to gain an advantage in the PaaS marketplace.
Application development
Application infrastructure
Database management
Application deployment
Business intelligence
Application security
Slides for October 15 webinar with ESG Analyst Scott Sinclair and Avere Systems Engineer Bernie Behn reviewing ESG lab results that tested the Avere vFXT Edge filer on Google Cloud Platform.
A keynote presentation I gave for BELTUG in June 2015 based on ISACA research on cloud computing security and based on experiences in industry with proper references to SMALS, ISACA, ENISA, CSA and NIST
Vulnerability management is one of the most important, yet most difficult and ‘boring’ information security processes I know. As it includes stakeholders from various business functions it requires delicate design and execution. I see VM as a big data and stakeholder management challenge.
Vulnerability Management @ DevSecOps London GatheringVladimir Jirasek
Vulnerability management is one of the most important processes in cyber security strategy. Whether it is executed in agile DevOps organisation or in a traditional one.
The presentations should help security professionals create security architecture that supports business objectives, covers all areas of security technology, and allows for effective measurement of security value.
The presentation was given at BrighTalk
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Epistemic Interaction - tuning interfaces to provide information for AI support
C-Level tools for Cloud security
1. @CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Everyone is in Cloud,
shouldn't we be too?”
Tools C-level can use to make informed decisions
Cloud World Forum 2015, 25 June 2015
Vladimir Jirasek, CSA UK Research
3. @CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Your organisation stakeholders and Cloud
Customers Business
managers,
CEO/CFO
CIO Legal Security
Is my data safe
and available?
Happiness 😀
Customer
satisfaction,
ROI, EBITDA
ROI, System
architecture,
Migrations
Legality of data
processing and
locations,
Privacy
Security
architecture,
Cyber threats,
Monitoring
4. @CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Prepare your organisation
for Cloud deployments
People
training &
awareness
Processes &
Governance
Technology
architecture
& controls
5. @CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Does you organisation have a Cloud policy?
Generic requirements
• Requirement 1: Discover Cloud services being used in
organisation
• Requirement 2: Alignment of organisation enterprise and
security architectures with the Cloud
Before a Cloud service procurement
• Requirement 3: Comply with organisation data classification
requirements
• Requirement 4: Encrypt all sensitive data processed in the
Cloud
• Requirement 5: Link the Cloud service into the organisation
Identity and Access architecture and monitoring of activities
of users
During a Cloud service procurement
• Requirement 6: Perform due diligence activities before the
contract is signed
During a Cloud service procurement (contd)
• Requirement 7: Require “Right to audit” clause in the contract
• Requirement 8: Know locations of personal identifiable information in
the cloud
• Requirement 9: Assess the availability of the Cloud services
• Requirement 10: Assess the cloud provider’s security
arrangements
• Requirement 11: Assess the Cloud provider’s ability to comply with the
organisation forensic investigations
Running a Cloud service
• Requirement 12: Limit the use of live data for testing and development
purposes
• Requirement 13: Monitor Cloud providers security arrangements
Decommissioning a Cloud service
• Requirement 14: Destroy sensitive information when not required
7. @CSAUKResearch
Cloud Security
Alliance, UK chapter https://cloudsecurityalliance.org.uk
Get involved! Share knowledge and push
towards transparency and standards
Call for contributors for a new version of CSA Cloud Guidance,
opened on Monday, June 8, for 6 weeks
https://cloudsecurityalliance.org/media/news/call-for-volunteers-
security-guidance-for-critical-areas-of-focus-in-cloud-computing/
Editor's Notes
Business need to have customer data in a new app and presented to customers
IT quoted 6-9 months and £500k
Business hired 3rd party to develop app and host it as well – 2 months and £50k cost to develop
Hosted in small hosting provider, no security audit, separate employee login, no AIM connect, no data encryption
Year later migration to an internal system
Who is at fault?