by Stephen Kuenzli | Apr 2, 2020 | Cloud, DevOps, Risk, Security, Strategy
Ever stared at a screenful of Cloud resources and wondered: Who owns this resource? What application does it belong to?Who should we call when the application is broken?Who should pay for this resource? Which applications are driving our costs?Do access controls... by Stephen Kuenzli | Mar 6, 2020 | DevOps, Risk, Security
I attended two and a half days of the RSA security conference last week and I’d like to share my first-timer perspective with you. Summary The opening keynote challenged Information Security to reorganize to collaborate better with users, business, risk, and IT... 
by Stephen Kuenzli | Feb 13, 2020 | AWS, Cloud, DevOps, Risk
RT: 5 minutes Modeling Risk in Cloud Deployments described how to estimate and record threat impact and likelihood information in tags applied to Cloud resources such as databases and object stores. You can compute the risk of those threats by plugging that impact and... by Stephen Kuenzli | Feb 10, 2020 | AWS, DevOps, Risk, Security, Systems
Information Security risks are those risks “that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations, organizational assets, individuals,... by Stephen Kuenzli | Feb 5, 2020 | AWS, Cloud, DevOps, Risk, Security, Systems
Cloud deployments often use tagging to describe the context of a compute or resource such as a who owns or what application a virtual machine or object storage bucket belongs to. However, the common resource tagging models in use don’t describe the context... 
by Stephen Kuenzli | Jan 31, 2020 | Cloud, Risk, Security, Systems
Reading Time: 6 minutes The current crop of Best Practice tagging schemes and recommendations don’t describe the context required for people or tools to assess security or manage risk easily. But I never explained why risk management is important nor how to... 