Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Highlights the importance of risk management (Score 1) 214

Here we have a risk that requires mitigation. If you owned the facilities in question you would know your disaster preparedness and would know how much effort you are willing and able to put into enhancing it.

But since you don't own these facilities you have to trust the companies that do own them to do what you would do (or better). The only real controls you have are in negotiating the initial contract (regarding SLAs, especially) and in designing your system to withstand a failure of one company to protect their facility. That means you have to either buy resources on both coasts from one company or buy resources from multiple companies whose facilities are geodispersed and make sure your code/platform understands and deals with losing one or more of them.

The leggy gal on the sales team won't tell you any of this. I think most people don't find out about it until the disaster actually happens. It's pretty much like any other piece of your tech stack: the vendors will whitewash the risks and your job is to see through that and manage it.

I submit this isn't a risk caused by the use of "the cloud" (egad, do I hate that term!) so much as a risk that's part of any IT project and you deal with it the same way.

So to answer the original question, maybe a CAT 5 hurricane can take those facilities down but the question you should be asking is, "Have we completely understood the risk to the business and have we taken appropriate steps to protect it?".
Security

Study Shows Many Sites Still Failing Basic Security Measures 103

Orome1 writes with a summary of a large survey of web applications by Veracode. From the article: "Considered 'low hanging fruit' because of their prevalence in software applications, XSS and SQL Injection are two of the most frequently exploited vulnerabilities, often providing a gateway to customer data and intellectual property. When applying the new analysis criteria, Veracode reports eight out of 10 applications fail to meet acceptable levels of security, marking a significant decline from past reports. Specifically for web applications, the report showed a high concentration of XSS and SQL Injection vulnerabilities, with XSS present in 68 percent of all web applications and SQL Injection present in 32 percent of all web applications."

Comment Re:Ha ha (Score 1) 307

I took that oath myself and served honorably, so I can say with some authority that you are correct. The oath is to defend and uphold the Constitution of the United States of America against all enemies, both foreign and domestic.

It is most certainly not to obey any individual. The UCMJ takes care of that.

Comment Re:It's our fault the program is over (Score 2) 80

That's pretty much my point. I doubt many Americans WANT a huge department of justice/prison-filling-machine but many Americans continue to go with the status quo instead of demanding change. I'm of the opinion that our democracy is failing principally because the people won't get (and stay) engaged on matters of substance.

Comment Not a good long-term move (Score 1) 538

I work in the healthcare vertical. I've seen 2 major health systems attempt this form of outsourcing over the last few years. In both cases, the short-term cost savings were far outweighed over the long term by down times and a complete lack of true integration between the tech implementers and the business units (e.g. doctors and nurses).

This is the exact opposite of the experience detailed in TFA.

You think your IT is glacial? Try to get an IT org to move for you when they don't even work in the same company. Lawyers can sue to enforce the contract and all that, but by the time your case gets to court you've already lost your competitive advantage.

Slashdot Top Deals

"Show me a good loser, and I'll show you a loser." -- Vince Lombardi, football coach

Working...