Sponsoring Project Honey Pot

Dogsbody Technology is a proud sponsor of Project Honey Pot with the donation of over 40 mail server addresses and some raw cash to the project.

Project Honey Pot allows us to track the reputation of all of our customers servers.  They would do this without donations from us but it’s the least we can do to support such a great service.

To quote their website…

Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

If you run servers yourself, we encourage you to signup to the project, monitor your IP addresses and donate an MX record or a link from your site.

Feature image – “Storage Servers” by grover_net is licensed under CC BY ND 2.0

ISO27001 Certification

 

We are often asked to make sure we source servers or products from companies that are ISO27001 (or ISO9001) certified.  While it’s good to have a stamp to prove that a company has attained a level of standard I feel there is often confusion over what this certification means.

Luckily, Alec Muffett, a friend of mine wrote a lovely piece on his blog about Google receiving ISO27001 certification for their Google Apps products…

ISO27001 is good to see stamped upon a vendor’s product and business processes – however it is emphatically not a “seal of security approval” – not at all.

The promise of 27001 certification is that a vendor has considered and documented various security risks and threats which would impact their offering – and has established a process to continue this in an ongoing fashion – and then has had the documentation of that understanding cross-checked and validated by an external agency.

In sporting metaphor: a vendor (in this case, Google) gets to design their own high-jump bar, document how tall it is and what it is made of, how they intend to jump over it; and then they jump over it and the certification agency simply attests that they have successfully performed a high-jump over a bar of their own design. The design documents and jump technique do not need to be made public.

So what would be really interesting would be if Google publishes their security requirements, their standards, their policies and risk assessments, so everyone else can see what kind of high-jump they have just performed – how high, how hard, and landing upon what kind of mat?

It would be that which would inform me of how far I would trust Google Apps with sensitive data, most especially with regard to the provisions they must make for “lawful access” to data by government actors.

Dogsbody Technology helps you cut through all the layers of sourcing new infrastructure. Talk to us to find out how.