Archive

Posts Tagged ‘Security’

Insider steals 9M from a california based water company

May 20, 2009 Leave a comment

I was reading a news report about how an auditor at the California Water Service Company in San Jose broke into the company’s computer system and transferred $9 million into offshore bank accounts and fled the country, or so they think.

It’s a very interesting story but what’s stopping me is that this insider was able to work at a Critical Infrastructure Company without being a US citizen nor have any legal status that allows him to actually work anywhere! . The news article mentioned that “Abdi is not a U.S. citizen and was ordered deported to Somalia in 2005“.

But what’s really funny is that they have no idea of his whereabout or if he actually left the country.

Jose Garcia the public information officer at the San Jose Police Department said ” Due to the ongoing investigation, the police department could not confirm Abdi’s legal status in this country or if he fled the country.“. how clever is that.

A colorful bonanza of possible security breaches:

– No background checking
– No security clearance
– Lack of proper financial controls over critical/financial systems
– Abdi was seen by a janitor on the night of the crime.

The Full article is HERE

Keeping Cloud Computing Secure

May 17, 2009 Leave a comment

With this trend continuously on the rise ( Google Apps , Salesforce.com , PANDA’s Security Cloud Antivirus …etc) working in the cloud means that you are sharing your information and data with the service provider as well as other customers “might as well be competitors”, I’m not implying that your security and privacy are at risk but never the less a cloud computing user must be vigilant.

In Google Apps Terms of Service I came across the limitation of liabilities section (HERE) that basically states that ” Google disavow any warranty or any liability for harm that might result from Google’s negligence, recklessness, malevolent intent, or even purposeful disregard of existing legal obligations to protect the privacy and security of user data.” ..take a minute to think about it..then continue reading

A question rises and that is : Who checks the Security of the Cloud Providers ?

in recent weeks I read many articles discussing this issue and most of them agreed that a cloud computer user must consider the following:

– Encrypt the data

– Replicate the data

– Keep detailed Security logs

– Check the service compliance with SaaS 70 and/or HIPPA if you work with medical records.

– Check the SLAs particularly the provisions of Security/Privacy.

More about the topic can be found in the following articles:

– How to Keep Cloud Computing Secure (HERE)
– Who will check the security of cloud providers? (HERE)
– The Cloud Security Alliance (HERE)

PS: I have attached a decent security guide called (Security Guidance for Critical Areas of Focus in Cloud Computing ) produced by the Cloud Security Alliance.