Jon Shende

These days when we hear the term "cloud computing" there is an understanding that we are speaking about a flexible, cost-effective, and proven delivery platform that is being utilized or will be utilized to provide IT services over the Internet. As end users or researchers of all things "cloud" we expect to hear about how quickly processes, applications, and services can be provisioned, deployed and scaled, as needed, regardless of users' physical locations. When we think of the typical traditional IT security environment, we have to be cognizant of the potential for an onslaught of attacks, be they zero day, the ever-evolving malware engines and the increase in attacks via social engineering, the challenge for any security professional is to develop and ensure as secure an IT system as possible. Thoughts on Traditional Security and Risk Common discussions within t... (more)

Risk and Its Impact on Security Within the Cloud - Part 2

In Part 1 we discussed risk, security and cloud computing at a high level. Having been a part of design teams as a contributor as well as project manager to include security and assessment team management over the last few years, I still find the same security concerns and issues directed at the cloud. Here is my take on a few of them with respect to a private cloud environment. Remember a private cloud can be housed within the infrastructure of a service provider (more cost effective for you) or within your own in-house network. Some of these thoughts can be translated into the ... (more)

Digital Forensic Challenges within Cloud Computing

Proponents of the cloud ecosystem touts its "vastness, flexibility and scalability as advantages for the implementation of cloud services. However, from a digital point of view this can be a veritable forensic challenge as we view the cloud in terms of its scope and diversity. According to Dr. Stephen Wolthusen[1] "Digital forensics (also referred to at times as computer forensics) encompasses approaches and techniques for gathering and analyzing traces of human and computer-generated activity in such a way that it is suitable in a court of law." A key challenge to a digital inve... (more)

A Walk Through Cloud Expo

Last Wednesday I had the distinct honor of being part of one of Jeremy Geelan's Panel of Expert segments at the 7th International Cloud Expo in Santa Clara. To be honest, when I got the email, despite the pleasure of being considered to present my trade, I was not too excited about visiting another series of booths and presentations that was more of the same. It's been two years since my last visit to a technology trade show, I know... I know...what was I thinking ?! Imagine my loss from not participating in the deluge of suave marketing and sales pitches that comes around severa... (more)

The Impact of Airport X-Ray Technologies - Part 1

Over the last three weeks due to the nature of my IT security job, I have traveled through major airports at least eight times. With all the commotion recently regarding the airports new back-scatter X-ray machines (privacy, health, etc.) I wanted a firsthand look/feel at this experience. While I am sensitive to and an advocate for issues of privacy regarding persons with medical conditions and children, at 15 pounds overweight I don't think any airport security personnel will take pleasure in looking at a scanned image of me. Far from it, I hope I don't give them any nightmares... (more)