Posted by
Christine Drake in
Cloud, Cyber crime, Privacy, Compliance and Identity, Securing the Cloud, Security, Threats
Feb 2nd, 2012 |
1 Comment
Recently I became a victim of identity theft. Criminals gained access to my name, address, date of birth, driver’s license number, social security number, and bank account number. I’ve spent the last 10 years marketing Internet security solutions, but now I know firsthand how painful it can be to individuals when a data breach occurs.
How did they get my personal information? Working in the security industry, I’m pretty careful. I’m good at recognizing phishing scams; emails that use various ploys to get you to reveal your personal information (see this paper I co-authored on the...
Posted by
Christine Drake in
Cloud, Privacy, Compliance and Identity, public cloud, Securing the Cloud
Jan 18th, 2012 |
1 Comment
Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”). The U.S. might seize your data or other governments might gain access for a multitude of reasons. Even if your government doesn’t have laws that allow data access, they may work with a government that does, and may hand over your data—perhaps without your knowledge.
But governmental seizure of data is only a small component of potential data loss. It doesn’t really...
Posted by
Jonathan Gershater in
Cloud, Cloud-based Security, public cloud, Securing the Cloud, Security
Nov 10th, 2011 |
1 Comment
Perhaps bubonic plague is uncommon, but influenza or cold germs are easily transmitted in the public domain. What degree of assurance do you have that when you check into your hotel room, that it is safe and sanitized? The hotel employs a cleaning staff and adheres to standards of cleanliness and hygiene to ensure your room is clean. However, door knobs, elevator buttons etc handled by the other guests all day, are an avenue of transport for infection. These are some of the risks we take in daily public life – our own immune systems and personal hygiene help to ward off illness and infection.
When...
Posted by
Christine Drake in
Cloud, Cloud-based Security, Consumerization of IT, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, VMware
Oct 7th, 2011 |
1 Comment
Traditionally businesses have focused their IT security on perimeter defense—blocking threats before they enter the network. This protection is still important. But with today’s cloud computing, mobile devices, and advanced persistent threats (APTs), businesses need security that protects their data wherever it travels and in whatever type of device it resides, requiring new data-centric security.
Earlier this week, Trend Micro held its annual insight event for the analyst community and announced our new vision on data-centric security (see video clips of the event here and here). Back...
Posted by
Christine Drake in
Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization
Sep 8th, 2011 |
7 Comments
We often hear that security and privacy concerns are the main inhibitors to cloud adoption. But what are the true threats? Is the cloud really more dangerous than your on-site data center? I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation.
There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical...
Posted by
Christine Drake in
Cloud, Deep Security, hybrid-cloud, IaaS, Privacy, Compliance and Identity, private cloud, public cloud, Securing the Cloud
Sep 1st, 2011 |
4 Comments
By saying that encryption is not enough for cloud security, I don’t mean that you also need other types of protection like server security, identity management, etc. I think most people deploying cloud computing plan to implement more than encryption for security. What I mean is that encryption alone is not enough in an encryption solution when it comes to cloud environments.
Of course, industry-standard encryption is essential, but it’s table stakes. When dealing the multi-tenant nature of the public cloud, or even the inter-departmental shared resources of a private cloud, how encryption...
Posted by
Christine Drake in
Cloud, IaaS, private cloud, public cloud, Securing the Cloud, Security, Virtualization
Aug 30th, 2011 |
7 Comments
There’s a lot of talk about cloud computing and cloud security this week as many people are attending VMworld in Las Vegas (follow Trend Micro at VMworld). But not all types of cloud security are best suited for all types of cloud computing.
When people generically refer to “cloud computing” they usually mean the public cloud. But what about private clouds or hybrid clouds? The May 2011 Trend Micro cloud survey results showed that companies are adopting all three models almost equally. Although there are certainly overlaps in security best practices across these models, there are...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Securing the Cloud, Security
Jul 28th, 2011 |
3 Comments
The application-layer DDoS threat actually amplifies the risk to data center operators. That’s because IPS devices and firewalls become more vulnerable to the increased state demands of this emerging attack vector – making the devices themselves more susceptible to the attacks. Moreover, there is a distinct gap in the ability of existing edge-based solutions to leverage the cloud’s growing DDoS mitigation capacity, the service provider’s DDoS infrastructure or the dedicated DDoS mitigation capacity deployed upstream of the victim’s infrastructure.
Current solutions do not take advantage...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Securing the Cloud, Security
Jul 7th, 2011 |
No Comments
What awesome news. OpSource just got acquired at a premium by Dimension Data, itself a part of NTT. I’ve been an OpSource fan since Treb Ryan founded it as an MSP about a decade ago. Treb’s previous company, SiteSmith, was a major competitor to Mark Andreesseen’s company LoudCloud, which morphed into Opsware before it got acquired by HP. I took a hard look at acquiring SiteSmith for Exodus Communications and would gladly have done the deal if AboveNet hadn’t swooped in with an acquisition price so stratospheric it made my nose bleed. But I really liked Treb because he understood operations...
Posted by
Patrick Wheeler in
Cloud, Cloud-based Security, Consumerization of IT, hybrid-cloud, Privacy, Compliance and Identity, private cloud, public cloud, SaaS, Securing the Cloud, Security, Threats, Virtualization
Jun 20th, 2011 |
2 Comments
For all its hype iCloud does not represent a fundamentally new problem. Employees are already bringing personal devices to work and wanting to use them in their jobs, and these unmanaged devices are mixing personal and corporate data on a system that is outside the control of the security and IT teams. There are already many apps and cloud-based services for sharing data between users and between devices (such as Dropbox), and these services are giving security pros fits. What is new is that iCloud will make these things happen automatically, and potentially without the intent or even awareness...
Stumble It!
Trend Cloud Security Blog – Cloud Computing Experts