Access your Pro+ Content below.
Marcus Ranum: Cloud service-level agreements
This article is part of the March 2013/ Volume 15 / No. 2 issue of Information Security magazine
Marcus Ranum: Randy, thanks for taking the time to talk. When I look at the list of stuff you’re involved in, it makes my head hurt. But whenever I hear about another big cloud service disruption, I think of you! I know that security people always say you’ve got to look carefully at service-level agreements [SLAs] and conditions, and we were saying that a long time before “the cloud” was cool. Are the requirements for these big SaaS [Software as a Service] and cloud deals getting sorted out to the point where it’s not a big headache? Are customers still dealing with a wilderness of negotiations, or the “you can have any color you want, as long as it’s black” kind of model? Randy Sabett: Thank you for asking me to have a chat, Marcus. On this first question, though, you’re forcing me to start right off with the typical lawyer’s response, “it depends.” But, in this case, it really does. If someone’s looking for a commodity service to cut costs and doesn’t care about security, they likely won’t have too many headaches. Think of the...
Features in this issue
Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.
In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.
The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help enterprises get smarter while keeping consumers happy.
Columns in this issue
Security in the cloud has come a long way and it’s now possible to control the quality of security you get in Web deployments, and to monitor what’s going on in your slice of the cloud.
A security-savvy IT staff can help reduce risk. Learn about information security training and education options for IT professionals.
Marcus Ranum, security expert and Information Security magazine columnist, goes one-on-one with Randy Sabett, counsel at ZwillGen PLLC and formerly with the National Security Agency to discuss cloud SLAs.