You picked a great name! I wish we could see something similar for the HIPAA business associate agreements in healthcare. It's pretty standard language, and a substantial part of healthcare contracts. I had to chuckle about the choice of court example on your website - it comes up so frequently, even I am aware of it, despite being on the tech side.
So is any other piece of software you use. Do you expect software to be secure by default? Exchange comes with all apps and protocols enabled by default. If you’re selective on the services you need, place the server behind a smart host for spam protection, inspect the traffic on the firewall, I’d argue that it is as secure if not more secure than the cloud version. You have more tools at your disposal than Microsoft, which has to enable more services in more geographies. Just because it’s in the cloud, doesn’t make it more secure. I’m tired of people pushing the cloud for no reason other than lacking understanding. You’re renting the platform and the software, the same software you could run in your data center. Those staff savings promised by the cloud never materialized. And Exchange Online is a few orders of magnitude more expensive than the on-prem solution.
Do what is right, regardless of incentives, culture, etc. I couldn't agree more. But the mishandling of the breach is indicative of failures at multiple layers, not just security. And I am not sure how his indictment fixes much.
That's a good point. There's an old Italian saying: "A fish rots from the head". It seems clear that executive management said "find a way to cover this up", and the CISO made every effort to do so.
It is disruptive but only to one type of art - flat. So yes, since we are in front of screens most of the time flat will disrupt some. But art is more than that.
I think that machine learning models will quickly hit some walls that feel unintuitive due to a lack of training data, but I also wouldn't want to bet on which ones.
