Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Gorka Sadowski
What is the layered approach for fraud prevention? Entity-link analysis? And how come a 10-people fraud ring can bust-out $1.5 million?? Catching fraud rings and stopping them before they cause damage is a challenge. One reason for the challenge is that traditional methods of fraud de...
While the exact details behind each first-party fraud collusion vary from operation to operation, the pattern below illustrates how fraud rings commonly operate.
First-party fraud involves fraudsters who apply for credit cards, loans, overdrafts and unsecured banking credit lines with no intention of paying them back. It is a serious problem for banking institutions. U.S. banks lose tens of billions of dollars every year to first-party fraud, w...
A good Log Management solution is a solution that collects 100% of the logs 100% of the time, stores all this data and provides intuitive searching and reporting mechanisms to better understand some aspects of the changes applied to the actual data. If this solution provides for alerti...
You remember that "False Sense of Security," the feeling that you are secure, but in fact you're not...? Attackers know that an attack is a process, it is not an event. And they use this - and they use time - to their advantage. They use time scales that static rule-based correlation ...
The PCI Council just released last month (June 2011) a document on PCI Compliance in Virtualized Environments... entitled "PCI DSS Virtualization Guidelines." This is an interesting development because it confirms the evolution trend in how specific and granular PCI-DSS is becoming, ...
Last week, we saw that Defensive Security is not enough to solve the $1 trillion Intellectual Property and IT theft and cybercrime problem. This week, more about Preventive Security. Preventive Security is a set of technologies and processes used to prevent security incidents from ev...
Over the next few weeks, we'll investigate how the expression "An ounce of prevention is worth a pound of cure" could also be applied to the IT world, and what are the tools to foster preventive security through behavior modification. When looking at IT security, it seems that most of...
Wow, quite a journey… We spent time in articulating how and why logs contribute to building Trust between Cloud Providers and customers, paving the way for smoother and cleaner relationships between clients and provider. This time, let’s look at another specific use case for logs, ...
The Cloud Provider that you so carefully selected is not performing like you expected and you are eying the competition. You might even be considering re-insourcing back some of your IT services. So what happens to all the logs? Can customers Trust that their Providers will not let...
Log Integrity is at the core of using logs for such purpose as building Trust, providing non-repudiation and indisputable proof in business relationships between Customers and Providers, but also to provide for evidence admissible in a court of law. We saw that not all Log Management s...
So far in this series we have addressed: Trust, visibility, transparency. SLA reports and service usage measurement. Daisy chaining clouds. Transitive Trust. Intelligent reports that don’t give away confidential information. Logs. Log Management. Now, not all Log Management s...
Did you read about the Blippy Data Breach? You know… Blippy, that up-and-coming startup that allowed very sensitive information to leak out and then tried to downplay the incident. In short, it was recently discovered that for two months, the credit card numbers of four Blippy user...
So we talked about some of the challenges – and hence opportunities – faced by Cloud Providers. Last time we talked about Trust, and how important Trust is for business relationships. Trust is already difficult in pretty straightforward environments, but in the context of Clouds, i...
Trust is the fundamental business enabler. It is absolutely necessary for clients to trust their Cloud Providers. Without trust, business relationships cannot exist. Without trust, existing relationships cannot blossom. Trust becomes an issue as soon as there are potential conflicts...
Last time we saw the difficulty in Predictive Rightsizing, a frustrating exercise based on "guesstimation" aimed at predicting future SLA in an ever changing business environment... So what's the answer? The solution is a truly dynamic, elastic, real-time on-demand SLA with a pro...
Last time, we saw that the biggest impediments to Cloud Provider’s adoption are Trust and Visibility. Today, we’ll look at the difficulty of predictive rightsizing, and how elasticity is one of the biggest value proposition of Cloud Providers.
Public and hybrid Clouds are upon us. They offer a unique value proposition and solve some big issues in the Industry, streamlining IT infrastructures, enabling enterprise business processes and operational models, offering industrialization of Best Practices, and shaving investment c...
ISACA, the Information Systems Audit and Control Association just surveyed 1 529 of its members across 50 countries in EMEA. 60% of respondents do not use Cloud Services. How can Log Management help?
Back from SecureCloud 2010 in Barcelona I know that in a few years I will look back at this event and say “I feel very privileged; at the time I was part of LogLogic and we were inventing Clouds”.