What Are the True Dangers of the Cloud?

Posted by Christine Drake in Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization Sep 8th, 2011 | 7 Comments We often hear that security and privacy concerns are the main inhibitors to cloud adoption.  But what are the true threats?  Is the cloud really more dangerous than your on-site data center?  I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation.  There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical...

Open Source Clouds Become Enterprise-Grade: Citrix and OpenStack

Posted by Dave Asprey in Citrix, Cloud, Cloud-based Security, cloudbursting, Deep Security, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Virtualization, VMware May 25th, 2011 | No Comments Today at Synergy, Citrix announced “Project Olympus,” effectively making open source clouds a more viable option for enterprises. In the past, it was cloud providers like Rackspace who tended to focus on open source cloud infrastructure, while enterprises tended to make more conservative choices where support contracts were available. The new support from Citrix, along with about 60 other supporting commercial hardware and software vendors, should go a long way towards helping enterprises see OpenStack as an enterprise-grade choice of cloud infrastructure. Enterprises can now get a Citrix-certified...

The Small Business Journey to the Cloud is Actually a Round Trip

Posted by Greg Boyle in Cloud, Cloud-based Security, DataCenter, hybrid-cloud, IaaS, PaaS, Privacy, Compliance and Identity, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization Apr 20th, 2011 | 2 Comments The Small Business Journey to the Cloud is Actually a Round Trip      By Greg Boyle, Trend Micro Global Product Marketing Manager Many small businesses are still uncertain about cloud computing. They wonder if it can help with their profitability without being extremely risky. Let’s start by defining cloud computing in small business terms. There are two commonly agreed upon types of cloud computing: 1) software-as-a-service and 2) infrastructure-as-a-service. Software-as-a-service (SaaS) is cloud computing where the software you would normally install on your computers in the office is instead...

Scalability Testing In The Cloud

Posted by Justin Foster in Cloud, DataCenter, IaaS, PaaS, Secure Data Centers, Securing the Cloud, Virtualization Apr 18th, 2011 | 1 Comment Not long ago, we set out on a mission to perform a full scalability test on one of our products (Trend Micro Deep Security). After some quick, back-of-the-napkin calculations we discovered that we needed somewhere in the order of 35 Dell 710′s with virtualization to complete our test. Finding that many available servers is a tall order for any company, and buying that many servers for a month long test was completely out of the question (try asking your managers for 35 servers and see how pale they go!). Naturally we turned to the cloud to help us out. Amazon Web Services (AWS) was a good...

New type of cloud emerges: Exploits as a Service (EaaS)

Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization Apr 7th, 2011 | 1 Comment For years now, if you knew where to shop on the shady side of the Internet cloud, you could pick up a botnet for cheap. But it was so much work to log in to IRC and pay with egold that a busy cybercriminal just couldn’t be bothered. That’s not a problem anymore, thanks to Robopak. Applying the latest cloud provisioning and marketing analytics technologies, they’ve created an entirely new type of cloud service, Exploits as a Service, or EaaS. Robopak’s EaaS lets you pay as little as $30 per day to access Java, PDF, and IE exploits and roll them out to build your cybercrime...

Devops Does Not Make for Secure Ops

Posted by Dave Asprey in Cloud, Cloud-based Security, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Threats from the Cloud Mar 22nd, 2011 | 7 Comments In our hectic cloud-based world, devops (the mixing of infrastructure operations with software development) has become the standard way we build and run high-scale sites from IaaS to SaaS. There are lessons to be learned from how we got here, especially because devops isn’t very security friendly. Here’s how we got to this sorry state, from the perspective of someone who started working on cloud infrastructure in 1998. I’ve run both dev and ops functions in multiple cloud environments and launched two early cloud computing services. I also ran the Web & Internet Engineering program for...

OpenPaas and CloudBees: Java in the Cloud

Posted by Bharath Chandrasekhar in Cloud, IaaS, PaaS, SaaS, Secure Data Centers, Securing the Cloud, Virtualization Feb 28th, 2011 | 1 Comment One of the delivery models of Cloud Computing is Platform-as-a-Service. In its true definition, a PaaS provider takes care of the underlying infrastructure including the VMs, OS patches, elasticity, auto-scaling, firewalling, etc and provides an API — and a language runtime — to which the programmer should write the code. The users of PaaS have no control over the underlying infrastructure, i.e. there is nothing “open” about it. The most prominent PaaS offerings are Force.com from Salesforce (Apex), Google App Engine (Python and Java), and Microsoft Azure (.NET). It is obvious...

STILL Got Cloud Confusion? Check out these resources…

Posted by Justin Foster in Cloud, Cloud-based Security, IaaS, PaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization Feb 14th, 2011 | 1 Comment A year ago we posted a compendium of Cloud and Cloud Security resources. This posting has been consistently among the top hits to the Cloud Security Blog proving that, when it comes to Cloud the one thing we all need is clarity! Two of the most useful resources for Cloud 101 make up the common body of knowledge for the CCSK certification: Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing European Network and Information Security Agency: Cloud Computing Risk Assessment Once you have the basics down, there are several industry organizations and groups which...

Good Clouds, Evil Clouds: Why Microsoft Hasn’t Lost Yet in Cloud Computing

Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, IaaS, Malware, PaaS, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud Feb 6th, 2011 | 6 Comments In a recent eWeek interview, Citrix CTO Simon Crosby described Conficker malware as “the world’s largest cloud.” He’s right. Cybercriminals use Conficker to create massive clouds of remotely-controlled PCs capable of carrying out a variety of cyber-attacks, including DDoS (Distributed Denial of Service) attacks on a scale larger than any centralized cloud provider could. We tend to think about data center-based clouds with names like Infrastructure-as-a-Service or Software-as-a-Service, but the future of really big clouds looks more like Conficker’s very powerful networks of distributed...

London Bridge is Falling Down

Posted by Justin Foster in Cloud, Cloud-based Security, IaaS, PaaS, SaaS, Virtualization Jan 11th, 2011 | Comments Off Drawing of London Bridge from a 1682 map.  Image courtesy of Wikipedia. Everyone is familiar with the traditional nursery rhyme, “London Bridge is Falling Down.” However, few know that it traces its roots back to a factual wonder of the medieval world. In 1209 a massive stone bridge was opened over the river Thames. Quite different than the modern London Bridge we know today, this colossal structure was an engineering marvel of its day and included a chapel at the apex of the bridge. It didn’t take long for people to realize the potential of this new prime real estate and by the late 1200’s...