Archie Reed’s Secure Observations Blog

Cloud Security - New ISACA Whitepaper on "Business Benefits with Security, Governance and Assurance Perspectives"

ArchieReed — Mon, 02 Nov 2009 16:09:00 GMT

ISACA put out a paper on 29th Oct, 2009, titled " Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives " While somewhat short, this paper is a must read for senior IT and business folks, as it shows that cloud...(read more)

Cloud Security – HP’s CEO finds cloud computing – vague, unsecure, what?

ArchieReed — Tue, 20 Oct 2009 23:01:00 GMT

HP's CEO, Mark Hurd, took the stage today as a keynote speaker at Gartner's Symposium . Out of the gate we see the headlines such as " HP's Hurd dings cloud computing, IBM " (CNET) and " HP's Hurd: Cloud Computing Has its...(read more)

HP panel examines proper security hurdles on road to successful enterprise cloud computing adoption

ArchieReed — Tue, 29 Sep 2009 15:31:00 GMT

A couple months ago I was engaged in a podcast hosted by Dana Gardner with BriefingsDirect . Alongside Tim Van Ash and David Spinks, also from HP, we discussed cloud security challenges for successful enterprise adoption. The podcast is up, and you can...(read more)

REPOST: Cloud Security - Key Risks for Cloud Computing

ArchieReed — Thu, 04 Jun 2009 21:49:00 GMT

The cloud is a means by which global class, highly scalable and flexible services can be delivered and consumed over the internet through an as-needed, pay-per-use business model. This is one of HP's core definitions for cloud computing. For more...(read more)

Cloud Security - Response to Craig Balding

ArchieReed — Tue, 02 Jun 2009 17:41:00 GMT

Craig Balding offers some great commentary for " Assessing the Security Benefits of Cloud Computing ". As I referenced in my last post " Cloud Security - Key Risks for Cloud Computing ", folks love lists, and Craig includes a list...(read more)

Cloud Security - Key Risks for Cloud Computing

ArchieReed — Thu, 28 May 2009 20:27:00 GMT

The cloud is a means by which global class, highly scalable and flexible services can be delivered and consumed over the internet through an as-needed, pay-per-use business model. This is one of HP’s core definitions for cloud computing. For more...(read more)

Virtualization and Security...

ArchieReed — Fri, 22 May 2009 03:21:00 GMT

In my post " Virtualization - Rethink Virtualization in Business Terms ", I said - "[Virtualization is] a huge field with a great deal of market(ing) opportunity, AND a great deal of expectation..." Its true when you consider virtualization...(read more)

Virtualization - What's Missing? Part 2

ArchieReed — Fri, 15 May 2009 00:27:00 GMT

So, what's missing today? Many things, especially as we look towards the approaching clouds. I have been editing this entry for a while now, but an article came up this week that made me reference it over some of my own thoughts, as it nicely aligns...(read more)

Virtualization - What's Missing? Part 1

ArchieReed — Wed, 13 May 2009 20:48:00 GMT

With all the hyper-growth in virtual computing you expect a level of competition between the vendors, but be aware of the trade-offs you make when choosing one vendor over another. Is VMWare truly ahead of the crowd with their vSphere offering, or in...(read more)

Key Management - The Standard is Coming

ArchieReed — Sat, 14 Feb 2009 00:16:00 GMT

Security is one of those things that folks often accept as a necessary evil, but turn is sideways and consider it as a straight management problem, and it sometimes starts to make more sense... As an example, consider Key Management. Its taken some time...(read more)

Social Engineering data - apply at facebook - friends only, most of the time

ArchieReed — Fri, 13 Feb 2009 17:27:00 GMT

I've seen the "25 things About Me" meme roll through Facebook... have you? Here's my version... 25 Specifically Random Things About Me... Rules: Once you've been tagged your annoyed as you are supposed to write a note with 25 random...(read more)

Dana Gardner BriefingsDirect - Changing business landscape makes identity and access management key to IT security

ArchieReed — Tue, 09 Dec 2008 20:09:00 GMT

Yes- Archie Reed is still looking at security and identity... Last month I spent some time with Dana Gardner as part of the ZDNet BriefingsDirect. Alongside me were Dan Rueckert , worldwide practice director for security and risk management in HP’s Consulting...(read more)

Virtualization: Five Steps to Safer Virtual Servers

ArchieReed — Wed, 03 Sep 2008 20:15:00 GMT

Chris Whitener is HP's Security Strategist. Last month Chris wrote an article in CIO magazine titled Virtualization How-To: Five Steps to Safer Virtual Servers . This was based on a lot of our insights drawn from our customer engagements, our research...(read more)

Virtualization - Rethink Virtualization in Business Terms

ArchieReed — Wed, 03 Sep 2008 19:58:00 GMT

I've been spending a fair amount of time over the last few months looking into the field of virtual computing, with a focus on secure virtualization. It's a huge field with a great deal of market(ing) opportunity, AND a great deal of expectation...(read more)

HP and Identity Management - Strategy Update 2

ArchieReed — Tue, 02 Sep 2008 16:52:00 GMT

Towards the end of May I posted a note that while HP was out of the software business in Identity Management, there was still a clear need for Identity Services across almost any business solution.

Over the last few months HP has been refining its security and identity management strategies, and working on widening our capabilities across a broader business solution mix.

This is embodied in HP's Secure Advantage program alongside both HP Service's Security and IT Service Management (ITSM) solution offerings.

So... as part of that effort I've also been talking to various analysts over the last month or two to update them on the alliance HP now has with Oracle's Identity Management solutions around Secure Advantage, and Identity Management in particular. We're still supporting the Novell announcement made here, however, Oracle have joined the Secure Advantage Alliance and have already had great success around the world with HP Services. In addition they have some offerings that allow current customers to migrate more cost effectively, should they have previously invested directly in the HP Select Identity Suite of products.

You can read additional details here and here...

Martin Kuppinger of Kuppinger Cole talks about the situation here, noting several key things that folks should be aware of:

These divisions [Hardware, Software and Sevices] have different strategies. And they have different partner strategies. The agreement between Novell and HP is from the software division. The services have, also depending on the regions, sometimes another view. Thus, none of the partnership announcements of HP around IAM should be overestimated.

Very true. It is also true that the HP Services group will use its identity management deployment expertise to define and implement the right solutions for customers, The critical point being that the services group will implement Novell AND Oracle or others if that is what is right for the customer. These partnerships however help define what HP feels are key market leading solutions and help refine a commitment level to each.

This relates closely to Martin's follow up comments:

Given the fact, that IAM becomes more and more business driven, integrated into the GRC and/or BSM context, you should first redefine and update your IAM strategy and afterwards select the best vendors and partners for you. That might be Novell, Oracle, or someone else.

and

The costs of software licenses are a small percentage of the overall costs of IAM projects. Thus, these costs have to be considered but aren’t the main criterion for a decision. The main criterion is that what you’re doing there fits to your IT strategy and is aligned to the business requirements.

That's what HP is taking forward from a services point of view.

In a follow up post, I'll relay some details about the HP Secure Advantage Alliance program - what is means in general, and more specifically in relation to Identity Management.