Great Read for Fun for Cloud & Info Geeks

Please read "Snow Crash"  by Neal Stephensen.  See http://www.booksamillion.com/ncom/books?pid=0553380958

SO worth it even if you're not particularly a sci-fi fan.  I won't ruin it for you but the Cloud implications and data protection implications online and off are at once subtle and right up in your face.

It's becming a bit Catcher in the Ryeish for me as I read it before I came to Sun when I mostly cared about medical device patents, again when I entered Privacy Nation, and I was thinking about picking it up again because the Cloud is so obviously implicated.

Remember the ACLU's Pizza Delivery guy call demonstrating data proliferation several years ago?  http://www.aclu.org/pizza/images/screen.swf

That the protagonist in Snow Crash is a pizza delivery dude makes it all the better.

 While we're all feeling nice & literary this fine Friday evening, I started in on Dan Geer's latest security as a business proposition book.  The "Info on the Balance Sheet" from Rear Admiral Hopper quote is on page 42...  Coincidence?  I think not.  I am love love loving it.

This is the book I imagined I could write one day, only I didn't imagine writing it this well.  (Funnier, perhaps.)  The title is Economics & Strategies of Data Security.  That I am reading it before digging back into Neal Stephensen's world again is probably telling.

 Note to self, get babysitter & go out from time to time...

 Nighty night Hackers!!! 

Posted at 10:36PM May 29, 2009 by Michelle Finneran Dennedy in Fun facts  |  Comments[1]

What's Standards got to do with it??

So, here's the thing.  There is no comprehensive Standard (read:  hugely politically debated adopted scoffed at embraced published THING) for The Cloud for information governance (read: slightly insane mixture of art and law and business technique and documentation and compliance and policy and pragmatic execution). 

There isn't.  I've looked.

Why???  Well, mostly because we can't seem to stop debating who has the bigger better faster definition for Cloud or the most internet based services that can be crammed into the latest buzz generating tech new kid on the block.  Once we settle on the what & the scope of the what, we can start to focus on the how.

While we wait for some of the Cloudness to come to earth, I believe that we *can* leverage frameworks in the various data governance categories to begin to define the scope of protection in the appropriate context-- if you've read my data musings for more than 10 seconds you know I'm a gal all about context and the decisions we make based thereon.

Security is one of those critical categories.  While a Cloud Standard does not yet exist, we must recognize that a statement, "I am secure"-- as if being secure were a static state or indeed possible in an empirical sense-- is simply not enough.  

I can say, "I am happy" because it is a statement I have chosen to make given a context I uniquely experience.  3d parties can make this state a challenge or temporarily impracticable, but the happy party is largely in control of this state.

"Security" in the enterprise context is a bit different.  An enterprise can be temporarily incident free or incident attempt free, but the fact remains that active or inadvertent mischief  is wildly out of the guards' zone of ultimate control.  Attackers have all the time in the world to find just one way in whilst the governance teams must think of every possible entre and plan and resource accordingly.  It's a noble calling but never a steady state and rarely one for which the enterprise servant is given thanks.

Sigh.  Was I just talking about happiness a few lines ago...?  

SO, you have choices.  (Ah, making choices & feeling some control is indeed a psychological factor in basic happiness and self efficacy studies, so I think we're getting somewhere on this rant.  I *did* studymy Psych books between beers at OSU after all, Mom & Dad!!) 

One choice is to look at the myriad of security standards and Standards and pay to play standards, pick one best suited to purpose and context and audience and apply it to Cloud offerings as best fit as possible.  Once done, a good old fashioned gap analysis, risk assessment and mitigation plan can be set in motion.  It may not be text book because the text book isn't written yet, but it sure feels like progress.  It also feels a lot like deja vu.

 Remember grabbing the Fair Processing Principles and applying them to personal data before all the specific regs and data breach laws were promulgated?  Worked then & a similar practice may wprk now to at least get this Cloud party into a more stable state and ready for bigger and more diverse work loads. 

More on this on another night.

Cute kid story for Miss Sweet Cheeks that's utterly unrelated to Clouds, security but intimately related to happiness.

SC had her check up at the doctor this week.  The good doc was asking my husband developmental questions (relating to the girl, not him) & then went over her measurements.  

Doctor: "Well, she's 84% for ..." 

Sweet Cheeks (interrupting):  "I am NOT 84, I'm THREE!"

Doc: "Nothing wrong with her development.  You can take her home."

Ah, the good old notions of immediate access to personal data and correction from an authenticated (though often unreliable) source.  Makes a Momma proud.

Sweet dreams Info Nation! 

Posted at 10:11PM May 21, 2009 by Michelle Finneran Dennedy in General  |  Comments[2]

Team Sun Rides on!!

This is not an information governance entry but something that is important to this information governance geek.

So, I was riding along at 5:45 AM & these two little guys roll down the window of their Prius & shout, "GO SUN!!!  We love you!!!".  Granted, I nearly fell off my bike from shock, but, once recovered, I looked down at my bike jersey & finished the rest of my ride with a big happy grin.  It *has* been fun here.  Team Sun the Multiple Sclerosis fightin' biker warriors make me happy too.

Here's some info for you so that you can join Team Sun for at least one more ride:

Bike MS: Waves to Wine Ride 2009 - Sept. 12th and 13th
New in
2009: We’ll be starting from the UCSF Mission Bay Campus quad.


Bike
MS:  Waves to Wine Ride takes you on an unforgettable two-day journey
from San Francisco up Highway 1 to Healdsburg in Sonoma County. More
than 1,700 riders will cruise along scenic roads riding anywhere from
50 to 175 miles. Six full meals, generous amenities, stunning
landscapes, stocked rest stops every 12 to 15 miles at spectacular
sites, and spirited festivities that include music and a beer garden
are all included.


This is the link to my page (got my money & my cycle where my mouth
is):

http://main.nationalmssociety.org/site/TR/Bike/CANBikeEvents?px=2090354&pg=personal&fr_id=10611

This is the link to the Team Sun page:

http://main.nationalmssociety.org/site/TR/Bike/CANBikeEvents?pg=team&fr_id=10611&team_id=144809


Thanks everyone!!!

Posted at 05:17PM May 12, 2009 by Michelle Finneran Dennedy in Fun facts  |  Comments[1]

Operation Transparent Cloud

It's in the works.

Here's the problem statement I gleaned from RSA:

What is cloud?

How do I use/ leverage/ own cloud?

How can I trust cloud?

How we answer this problem statement is, in my opinion, critical to how this thing plays out over the next 10 years of development.  We can make meaningful improvements to the state of informational asset management if we don't give up because we are too frightened or too weak or just too darn cynical.  We are none of those things & I think it's time we invite users, hackers and builders onto the same page to start writing how we thing this thing should go.

It's not too late to try.

Just a thought...

Posted at 04:47PM May 11, 2009 by Michelle Finneran Dennedy in General  |  Comments[0]