Stories by Gregory Machler

Protecting data with WORM drives

There is an enormous amount of administrative data that is being collected in audits each day at large companies across the world. And administrators have the power to steal PCI and other profitable data and cover up their tracks. But, this is more difficult at companies that implement a strict separation of duties for administrators.

Gregory Machler | 05 Jul | Read more

The future of SCADA-control security

If you're a CXO overseeing a critical infrastructure that contains SCADA (supervisory control and data acquisition) controls, a chief concern is how to protect the infrastructure against terrorist attacks. Changes in control software will continue to accelerate until the most critical infrastructure weaknesses (oil refineries, electrical power plants, water treatment facilities) are addressed worldwide. But it may take years to replace all of the controls.

Gregory Machler | 04 May | Read more

Lessons learned from a recent Amazon outage

Another <a href="http://www.csoonline.com/article/681894/amazon-s-cloud-failed-how-can-your-cloud-be-better-">Amazon cloud-services outage</a> occurred on Sunday, August 7th in a Dublin, Ireland data center. This one occurred due to a lightning strike that hit a transformer near the Dublin data center. It led to an explosion and fire that knocked out all utility services thereby leading to a total data center outage. Amazon had its only European data center located there.

Gregory Machler | 16 Aug | Read more

Cloud architecture: More questions to ask a provider

This is a continuation of the <a href="http://www.csoonline.com/article/686312/cloud-architecture-questions-to-ask-your-provider-for-reliability">previous cloud deployment article</a> where I created architectural questions that enable a consultant to understand what products are used to support a corporation's top 10 critical applications. Once these product lists are created, it is much easier to map private or public cloud products that can support these same applications.

Gregory Machler | 11 Aug | Read more

Creating a cloud SLA from diagnostic data

As a CSO and CIO you may be wondering why I crafted a diagnostic related to understanding your most critical web products. The original purpose of the diagnostic was to discern which applications and how applications are ported successfully to a service provider's cloud. The diagnostic determines which cloud IaaS products (storage components, network components, and virtualization machines) are needed for an application. It addresses the platform components (server/operating system and web server) in the PaaS layer. Lastly, it focuses on the SaaS software application.

Gregory Machler | 05 Aug | Read more

Cloud architecture: Questions to ask for reliability

I've been an architect on some complex applications and I have a significant concern about assessing architectural risk for public/private cloud applications. Traditional risk assessments focus on external/internal access to confidential information like social security numbers, credit card number, and for banks PINs for the ATMs. Access controls and network protection are high priorities because they suppress the risk.

Gregory Machler | 19 Jul | Read more