Tuesday, March 16, 2021
Thursday, February 25, 2021
Visit https://rolp.co/4babk and type JoinOCTO in the search.
OCTO’s mission is to create a future of disruptive technologies for VMware and enable a culture of perpetual innovation. We are thought leaders and trusted advisors who collaborate with our entire VMware ecosystem—co-innovating cross-company and with technologists from academia, our customer and partner communities. We invest in people, nurture their ideas, and embrace acceptable risk. Obstacles don’t stop us. We run past them because shifts in direction can lead to new insights and innovations, and to places we never would have otherwise gone.
We are actively seeking inclusive people who bring diverse skills, backgrounds, perspectives, and ideas to the table; people who can transcend limits and always have their eyes on the future. This is how great advances are made, how contributions are valued, and how innovation thrives.
Thursday, February 11, 2021
Congratulations to the collaborators on the updated NIST SP800-53 Revision 5. There are many improvements in this version which seeds several standards efforts around the globe.
- Corrected withdrawn column which had one control mismarked and another not marked.
- Added 2-digit Control ID which enables proper sorting on control identifiers. Current published version is incorrectly sorted.
- Added column named PK (Primary Key) for proper sorting
- AU-5(4) references AU-15 which is withdrawn into AU-5. Updated to reflect AU-5.
- AU-9 references AU-15 which is withdrawn into AU-5. Updated to reflect AU-5.
Friday, August 28, 2020
Ghost written after an interview with me as the source. Heck of a job by Dennis McCafferty.
Wednesday, July 22, 2020
Friday, June 26, 2020
- Financial Services and Insurance,
- Consumer and Industrial Products,
- Energy and Resources,
- Technology and Telecommunications, and
- Life Sciences And Healthcare
- 94% of organizations use more than 1 cloud platform
- 60% use between 2 and 5 platforms
- AWS is the most popular public cloud service provider
- Technical complexity (42%)
- Maintaining comprehensive security (39%)
- Ensuring compliance (32%)
- Companies investing more than $100 million in cloud are trimming the number of tools they use. 53% of this high-spending group use just 5 or fewer cloud security tools
- Acquiring more tools and vendors can create inefficiencies and make employee tool training more difficult
- Companies start to see overlaps between tools and vendor offerings, so they consolidate and rationalize tools and tool providers
- 71% of companies use third-party vendor tools, 65% use CSP-provided security tools and 62% use open source tools
- Cloud security spend is highest for companies with an annual cloud budget of $100 million or more
- 34% of these high spenders allocate 16% or more of their cloud budget to security
- Lack of visibility 15%
- Tool training 14%
- Safe practice training 11%
- Evaluating current state 11%
- Integration of security tools 10%
- Securing budget 10%
- Security reporting tools 8%
- Automation 6%
- Executive buy-in 4%
- Other 1%
- 65% of survey organization’s invested more than 10% of their 2019 cloud budget in securing their cloud estates.
- 58% use 6 or more cloud security vendors.
- 57% use 6 or more cloud security tools.
- 77% of companies have cloud security teams bigger than 20 people.
Tuesday, June 23, 2020
All-in on All-cloud!Excellent summary by Joe McKendrick on ZDNet of a survey conducted by O'Reilly Media covering large organizations with more than 10,000 employees. Market share for this study was AWS at 67%, Azure at 48%, and GCP at 32%.
Here's the summarized takeaways:
- 17% of large organizations employees have already moved 100% of their applications to the cloud.
- 25% of large organizations have plans to move 100% of their infrastructure to the cloud next year.
- 54% of large organizations use multiple CSP's.
- 67% of large organizations have plans to move more than 50% of their infrastructure to the cloud.
- 90% of large organizations expect to increase their usage of cloud infrastructure.
- 34% of large organizations are using serverless computing
- 52% of large organizations use microservices with 70% saying they have <3 years experience using them
- 35% of large organizations have implemented Site Reliability Engineering (SRE)
- 47% of large organizations expect to implement Site Reliability Engineering (SRE)
Friday, April 24, 2020
- Categorize System
- Select Controls
- Implement Controls
- Assess Controls
- Authorize System
- Monitor System
- Failing to prioritize and rank impact your findings. This is the purpose of a risk management framework.
- Failing to take any action as you look for perfect information, solutions, decision points. Analysis paralysis. Take the problem, break it down into small chunks, and delegate.
- Ignoring blind spots because you don't have enough technical depth or visibility across the multi-cloud environment.
Wednesday, March 4, 2020
|Click the image to see detail.|
What does this mean? How do we get there? Here's the short answer.
Assurance is the confidence in your ability to provide for the confidentiality, integrity, availability, and accounting of your systems (NIST). Getting your systems set up "in the cloud" is one thing. Doing it with the appropriate controls to enforce security and meet compliance requirements… That's another. Step up the maturity of your processes and maintain your security and compliance posture over time. Step it up further to provide actionable intelligence for proactive (automatic or manual) responses. Document everything. Details matter.
This has been discussed before, and this is an illustration that I created a few years ago. It came up again this week while discussing governance with a peer. Maintaining and governing systems requires work. It. Just. Does.
Automation is a great tool, but then, consider the details as well. What is your scope? Is it accurate? How much of it is automation cover? Who covers the rest? What about the business processes? Which ones are supportive of your endeavor? Which ones are antagonistic? What is an acceptable substantive change? According to what metrics? How do you measure your success?
It's difficult to do. It requires revisiting previously executed routines multiple times and measuring your results. Success is derived when you stop looking at this as a series of athletic sprints (not to be confused with agile processes). Set yourself up with the endurance to excel in ongoing operations.
Wednesday, February 12, 2020
Take a look at the details here:
- Google Certified Professional Cloud Architect — $175,761
- AWS Certified Solutions Architect – Associate — $149,446
- CISM – Certified Information Security Manager — $148,622
- CRISC – Certified in Risk and Information Systems Control — $146,480
- PMP® – Project Management Professional — $143,493
- CISSP – Certified Information Systems Security Professional — $141,452
- CISA – Certified Information Systems Auditor — $132,278
- AWS Certified Cloud Practitioner — $131,465
- VCP6-DCV: VMware Certified Professional 6 – Data Center Virtualization — $130,226
- ITIL® Foundation — $129,402
- Microsoft Certified: Azure Fundamentals — $126,653
- Microsoft Certified: Azure Administrator Associate — $125,993
- CCA-N: Citrix Certified Associate – Networking — $125,264
- CCNP Routing and Switching — $119,178
- CCP-V: Citrix Certified Professional – Virtualization — $117,069