Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:Achilles heel of the cloud apps.... (Score 1) 72

by dave562 (#48772669) Attached to: Study: 15 Per Cent of Business Cloud Users Have Been Hacked

SAML repository for authentication so that we can treat it as much as possible like an extension of our general security stance with password attempt monitoring, rate throttling and attack blocking, user lockout, etc.

You sir, sound like you know what you are doing.

Do you ever have attempts coming back from any of your vendors?

Or is the vendor simply passing data back to you about when accounts from your site are used in failed logon attempts to the cloud apps, via whatever their presentation layer is?

Comment: Cloud Security is a Bitch (Score 1) 72

by dave562 (#48772653) Attached to: Study: 15 Per Cent of Business Cloud Users Have Been Hacked

A typical SaaS vendor has numerous clients, all with varying levels of sophistication in their password and identity management procedures.

As if the need to ensure tenant isolation does not put enough pressure on the architects, they also have to worry about how well their customers are securing their own staff. The smart ones are doing Federation for predictable data transfers, and two-factor to secure the application layer. Even then, the legal people still make them sign disclaimers that ultimately, data breaches due to compromised credentials are the responsibility of the authorized bearer of the credentials.

It sucks to have to secure a slew of web servers, especially for those who have to run LOB apps on Windows platforms. VDI is being used pretty heavily on that front prevent information leakages. It's cheaper to spin up a session for them via a webpage, than it is to trust that their client is secure. Not to mention easier to maintain and troubleshoot. Staff can shunt the user to a clean session, shadow it, hold the user's hand through whatever.

On the plus side, with a good cloud provider, when your datas get pwnt, it is replicated somewhere else. Maybe even on tape in some cold, humidity controlled warehouse. Because no matter how good security is, sooner or later, it will get compromised.

At that point though, it is all about RTO/RPO which is outside the scope of security. BTW even with LTO6, restore rates from cold storage still blow.

Comment: Re:"...the dawn of the first real-world experiment (Score 1) 319

by dave562 (#48769631) Attached to: How Close Are We To Engineering the Climate?

I see the geo-engineering deniers are out in force today with their mod points.

Go ahead and ignore what is hanging above your heads. I have made my peace with it already.

I am not sure why people get so defensive whens someone points out that they are trying to make it rain over California, a state that is experiencing its worst drought in decades.

One would think that I was touting conspiracy theories about the Illuminati trying to poison the masses with aerial bombardments of bacteriological agents.

Comment: Re:"...the dawn of the first real-world experiment (Score 1) 319

by dave562 (#48769603) Attached to: How Close Are We To Engineering the Climate?

Some data where desalinization projects did not go through due to greed on the part of the incumbent water utility.

I am curious because I used to live in a city that used desalinization. I always wondered why it was not more widely adopted. Everything that I found led me to believe that the root cause was due to the cost of energy required to make the process work.

Comment: "...the dawn of the first real-world experiments" (Score -1, Troll) 319

by dave562 (#48768687) Attached to: How Close Are We To Engineering the Climate?

I call bullshit on "the first". I do not know what is going on in the rest of the world, or even the rest of the United States, but geo-engineering is happening nearly every day in California. Jets are creating clouds on a daily basis. Just search Google image for "Chemtrails" and you can see plenty of evidence, from the clouds themselves, to the interior shots of the planes with all of the tanks and pipes and systems for creating the clouds.

The results are real. Just last week we had tropical storm level winds and snow at less than 1000 feet. That is in Southern California, which is a desert climate.

I believe that they are doing everything that they can to keep the state's agricultural economy from cratering. Too much of the Western United States is dependent on California's agriculture. The drought has the powers that be more worried than they are letting on to.

Comment: Re:Can't avoid medical records (Score 1) 528

by dave562 (#48528929) Attached to: The Sony Pictures Hack Was Even Worse Than Everyone Thought

It is a combination of a previous back injury, a bunch of poor dietary and health choices, and a genetic predisposition to weight gain.

I have talked to him about it as much as I feel like I can. Like I said, I care about the guy. It is just that my hands are tied.

And, he's not a single point of failure, but the organization would feel the loss.

Comment: Re:Can't avoid medical records (Score 5, Interesting) 528

by dave562 (#48528555) Attached to: The Sony Pictures Hack Was Even Worse Than Everyone Thought

As a practical matter, a lot of valuable talent is not healthy.

This is so true. It is difficult to deal with as a boss and even more so as an employer. One of my guys is seriously over weight, and has a number of health complications that come with it. He is also highly intelligent and very capable. It is challenge because I want to be able to depend on him, and for the most part I can. But I also have to mitigate risk and make sure that there are people shadowing his projects and documenting his recommendations so that they can carry on if the time comes that he is no longer able to come into work.

As his boss, I want to have a legitimate, sincere conversation with him about his health and his value to the company. I also want to have it with him as a friend and someone who cares about him. But due to the way employment law works, I have to avoid the subject.

Comment: Built the Business Case (Score 1) 247

by dave562 (#48526935) Attached to: Ask Slashdot: Convincing My Company To Stop Using Passwords?

What is the risk of continuing to use passwords?

What is the cost to the business if the risk of continuing to use passwords is realized?

What is the cost of implementing an alternate system? Be sure to include the costs in training, process re-engineering, systems re-engineering, etc.

What value, if any, is generated by replacing passwords?

Unless the money you are going to spend is either going to generate more money for the business than the dozens of other projects that are competing for resources, you practically have zero hope of your change being embraced.

While some organizations are risk adverse to the point where they will act on them, more often than not unless you or your direct supervisor are liable for mitigating the risk, you are doing your career a disservice by raising the risk.

The confusion of a staff member is measured by the length of his memos. -- New York Times, Jan. 20, 1981

Working...