RSS Alerts

Roger Halbheer

Job title:
Chief security advisor, Microsoft

Areas of expertise:
Policy, architecture, law enforcement, cybersecurity, processes

Biography:
Roger Halbheer joined Microsoft as Chief Security Advisor of Microsoft Switzerland in 2001 and was promoted to the role of Chief Security Advisor for Microsoft Europe, the Middle East and Africa (EMEA) in February 2007. Roger leads a team of national Chief Security Advisors across EMEA who work with organizations in the commercial and public sectors - including national governments, law enforcement and intelligence agencies - on information technology issues and strategies. He is a trusted advisor to C-level executives, governments and law enforcement agencies and has established relationships with security communities and government agencies across the region. Roger is a regular speaker at industry events and has worked with national and international print and broadcast media both to represent Microsoft and to provide expert comment on broader security issues. A Swiss national, Roger holds a Master of Computer Science degree from the Federal Institute of Technology in Zurich and is a Certified Information System Security Professional (CISSP). Before joining Microsoft, he was responsible for e-Business Risk Management at PricewaterhouseCoopers in Switzerland. He lives in Zurich and is married with two sons.

Tag Cloud

Blackhat SEO Rogue AV Malware Web Security Business Value Cybercrime compromised sites spam

Bloggers

Blog

Insider Threat of Cloud Computing

Tonight I got this article forwarded to me: Afraid of outside cloud attacks? You're missing the real threat. David Linthicum (the author) claimed that if you are looking at the hackers attacking “your” cloud from the outside, you are missing the real problem as the insider threat is still bigger.

When I read the article, I agreed but on the other hand I was quite surprised. The article actually tends to reduce the risks of the cloud to the hacking attack from the outside. As we know, the problem space is much, much bigger as we outlined in our Cloud Computing Security Considerations paper as did others in numerous other papers on the web.

However, there is one fundamental thing I agree with the article: When people talk about the Cloud and security they tend to forget the past. It seems to me when I read the blog sphere and articles on the web, the cloud is something completely new and the threat landscape is completely new and the risks are completely new. To me, it is “just” a variation of the theme. We had outsourcing in the past and we had virtualization in the past. Now, we combine the two, add some salt and pepper and have Cloud computing (I know that I am oversimplifying now).

I am completely aware and supportive of the fact that the Cloud is adding a lot of business opportunities – and new risks. But we definitely have to make sure that we do not forget what we learned in the last few years – the last two decades – of information security as the “old” risks – like the insider threat – do not go away because we move to the Cloud. Nor will the responsibility for securing our information being transferred to a cloud provider. And this is probably the most important thing we have to consider, when we plan the cloud.

Roger

Posted 11/03/2010 by Roger Halbheer

Tagged under: Cloud

RE: Insider Threat of Cloud Computing
Posted 12/03/2010 by Alex Clayton
Unfortunately, human nature is such that we are pretty bad at learning from the past! This is why we still stuff like this...http://www.youtube.com/watch?v=D6w8R--CQ3Q

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water