So, it looks like the UK Government really may go for cloud. The Carter Report, "Digital Britain", includes a number of references to cloud computing and particularly the use of cloud computing in Government - the fabled G-Cloud. I've quoted a paragraph from the report below.
"The establishment of a G-Cloud will however require investment in
technical development and physical facilities, and the CIO Council and the
Intellect Public Sector Council are now developing the strategic business
case to justify funding the G-Cloud. Provided that this business case can be
properly developed, the adoption of the G-Cloud will be a priority for
Government investment to secure efficiencies, even within the very
constrained framework for public expenditure, over the next 3 years."
The nice thing about this paragraph is that they've even put some timelines in there - 3 years. I don't know about you, but I always feel that things are more likely to happen once people put numbers in timelines rather than aspirational references to the future.
The Carter Report, coupled with the well-publicised posting by John Suffolk to the Cloud Computing Interoperability Forum (CCIF) (see http://groups.google.com/group/cloudforum/browse_thread/thread/c75cde1d7c519363) is all very positive for the adoption of cloud within HMG. But what really makes me believe this is a serious initiative? Well, according to several reports in the IT press Martin Bellamy (formerly Head of Connecting for Health) has moved to the Cabinet Office primarily to look after the G-Cloud strategy - a significant investment by HMG at this time of budget cuts. Watch this space :-)
[Disclaimer: I am a small part of the CIO Council/Intellect Public Sector Council work referenced above so may well have an interest or two here].
Monday, 29 June 2009
Wednesday, 24 June 2009
Nessus web app tests
Well well well. For years now I've enjoyed laughing at pen test firms who answer the question "So what do you use to do your web app testing?" with "Nessus". But, looking at the blog post linked to below:
http://blog.tenablesecurity.com/2009/06/enhanced-web-application-attacks-added-to-nessus.html
it appears that Tenable have stepped up their game somewhat to deliver some useable web app security tests. I have to state that I haven't had chance to try out this new functionality but it certainly looks to be an improvement on the old cgi checks. Maybe I'll have to stop laughing now and just chortle a little instead... (it's still not the tool of choice for serious web app testing - as Tenable acknowledge. Horses for courses.)
http://blog.tenablesecurity.
it appears that Tenable have stepped up their game somewhat to deliver some useable web app security tests. I have to state that I haven't had chance to try out this new functionality but it certainly looks to be an improvement on the old cgi checks. Maybe I'll have to stop laughing now and just chortle a little instead... (it's still not the tool of choice for serious web app testing - as Tenable acknowledge. Horses for courses.)
Friday, 5 June 2009
Cloud proliferation
In some ways I believe that the adoption of cloud computing services within enterprises will take a very similar form to that which we saw for wireless networking a few years back. And for very similar reasons - convenience, cost and the lack of reliance on central, often unresponsive, IT departments.
So what should we do about it? Well, rather than let it get out of control which (let's be honest!) happened to a number of organisations with respect to wireless networking, organisations should be
i) adopting policies governing acceptable cloud usage and
ii) monitoring network traffic to ensure that no unauthorised cloud usage is occuring.
More to the point organisations should be doing this now - regardless of whether they have any organisational desire to embrace cloud services. Just because a central IT function does not fancy the prospect of cloud computing, there is no guarantee that projects and programmes will not strike out independently. Time to get a grip now, don't you think?
So what should we do about it? Well, rather than let it get out of control which (let's be honest!) happened to a number of organisations with respect to wireless networking, organisations should be
i) adopting policies governing acceptable cloud usage and
ii) monitoring network traffic to ensure that no unauthorised cloud usage is occuring.
More to the point organisations should be doing this now - regardless of whether they have any organisational desire to embrace cloud services. Just because a central IT function does not fancy the prospect of cloud computing, there is no guarantee that projects and programmes will not strike out independently. Time to get a grip now, don't you think?
Subscribe to:
Posts (Atom)
