tag:blogger.com,1999:blog-25881969.post8382575471157962611..comments2022-11-26T16:43:30.155-05:00Comments on IdM Thoughtplace: Where are the controlsMatt Pollicovehttp://www.blogger.com/profile/11479416427404291100noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-25881969.post-34664616531108725412011-03-07T08:05:03.735-05:002011-03-07T08:05:03.735-05:00I know you'll all be surprised that the acutal...I know you'll all be surprised that the acutal story this article is based on is an Urban Myth. <br /><br />http://www.thisisbristol.co.uk/news/Urban-myth-Bristol-Zoo-parking-attendant/article-1073841-detail/article.html<br /><br />I don't think that invalidates the argument though...Matt Pollicovehttps://www.blogger.com/profile/11479416427404291100noreply@blogger.comtag:blogger.com,1999:blog-25881969.post-84161758227616649002009-06-29T20:05:40.956-04:002009-06-29T20:05:40.956-04:00Well that's kinda the million dollar question:...Well that's kinda the million dollar question: Once you go out of infrastructure that you control what happens?<br /><br />It will all come down to the relationship between the identity providers and consumers of the (supposedly) federated relationship.<br /><br />I'm afraid until we have some strong means of authentication in widespread use this will be more of a legal/paper concept than an operational/IT one.<br /><br />But that opens a whole new issue... How do you prove your identity in the cloud?Matt Pollicovehttps://www.blogger.com/profile/11479416427404291100noreply@blogger.comtag:blogger.com,1999:blog-25881969.post-29194624192095426632009-06-29T18:22:56.908-04:002009-06-29T18:22:56.908-04:00And now for the topic of the moment that I have be...And now for the topic of the moment that I have been reflecting on - how does Governance fit in "The Cloud"?<br /><br />You are essentially trusting a 3rd party selling commodity computing infrastructure to enforce security controls that you are responsible for.<br /><br />"The Cloud" sounds a lot to me like "securitisation" of IT services. A vendor packages up services with risks that they may or may not be aware of and they are sold on to corporations as "Cloud computing". <br /><br />I would suggest that even if a "due diligence" takes place, in many cases different standards will be applied to external vs. internal controls.<br /><br />So is "the Cloud" really another set of sub-prime risks, packaged up in a AAA-rated wrapper?Unknownhttps://www.blogger.com/profile/16588109297893958262noreply@blogger.com