Cloud Computing: Trust but Verify
The rush to cloud computing has brought about amazing new services, but, without adequate vendor monitoring, businesses may be building digital supply chain risks that will show up later when cost and market pressures are felt by cloud vendors. We can learn from business processing outsourcing experiences.
The New York Times reports today a $280K+ OSHA fine against a Hershey’s chocolate packing plant in Pennsylvania. The fine was for injuries and safety violations at the plant over four years. The plant is owned by Hershey’s and used for packing Reese’s cups, Kit-Kat bars and Hershey’s Kisses. Its operations had been outsourced to another firm, Exel. Exel in turn outsourced labor to a temporary help firm that employed, among others, international student labor. This is the kind of violation that could have been avoided if Hershey’s had monitored that plant’s operations and Exel’s results during the four years.
Monitoring is critical to digital outsourcing and cloud computing. NIST Special Publication 800-144 (“Guidelines on Security and Privacy in Public Cloud Computing”, December, 2011) is the best and most current written document on how to maintain security and trust, while benefiting from new public cloud services.
Posted on 02/22/2012 1:46 PM by Frederick Scholl
Background Checks May Not Be Enough
The NY Times reported on 2/15/2012 the amazing story of Edward Maher, the suspect in a $1.5M 1993 armored car heist in the UK. Recently apprehended, for almost 20 years he had been on the run in the US. He had a number of regular jobs including, including eight years at Nielsen, the television ratings company. This says to me that background checks today are more important than ever. Not only that, we must be sufficiently skeptical even of a clean background check. Since Mr. Maher has not been convicted, he would have no criminal record. Kevin Mitnick in his recent book documents his past employment at a prominent Denver law firm. Human judgment must be added to any security information, including the background check. You don’t want to be hiring the next Mitnick or Maher, without knowing anyway.
Posted on 02/17/2012 11:36 AM by Frederick Scholl
PERFECT SECURITY STORM FOR LAW FIRMS?
Marc Russinovich’s recent book Zero Day: A Novel tells an action-packed tale of international hackers; the action passes through a NYC law firm and brings the entire firm down. Great story, but it seemed a little farfetched when I read it. In the book, the entire fictional law firm grinds to a halt as a result of a malware attack. Now we read about the major attacks on law firm Puckett & Faraj (ABA Journal, February 6, 2012). Web site down and emails on YouTube is not what any firm wants. Firm shut down; although their site is now back up. Mr. Russinovich’s book does not seem so farfetched at this point. CFO Magazine just did a story on cyber thieves targeting small and midsized businesses, “Where the Money Is, and the Security Isn’t”. All this is a good reminder for small and midsized law firms, at least those involved with litigation, to take steps to secure their data and business processes.
Posted on 02/13/2012 3:51 PM by Frederick Scholl