Posted by
Jonathan Gershater in
Cloud, Cloud-based Security, Privacy, Compliance and Identity, public cloud, Securing the Cloud, Security
Mar 28th, 2012 |
No Comments
I recently read a blog post outlining how a customer should evaluate where they should store their encryption keys when encrypting data in the cloud. The post outlines the various options for storing keys and concludes, “Enterprises must assess their risk tolerance and audit requirements before they can select a solution that best meets their encryption key management needs.“
I completely agree with the post. Risk tolerance assessments and adherence to audit standards are essential elements of any quality data security program. I would argue though, that if the customer is following...
Posted by
Christine Drake in
Cloud, Cyber crime, Privacy, Compliance and Identity, Securing the Cloud, Security, Threats
Feb 2nd, 2012 |
1 Comment
Recently I became a victim of identity theft. Criminals gained access to my name, address, date of birth, driver’s license number, social security number, and bank account number. I’ve spent the last 10 years marketing Internet security solutions, but now I know firsthand how painful it can be to individuals when a data breach occurs.
How did they get my personal information? Working in the security industry, I’m pretty careful. I’m good at recognizing phishing scams; emails that use various ploys to get you to reveal your personal information (see this paper I co-authored on the...
Posted by
Christine Drake in
Cloud, Cloud-based Security, SaaS, Security, Smart Protection Network, Threats
Jan 19th, 2012 |
4 Comments
When people talk about cloud security it can mean either 1) security for the cloud—security that protects your cloud initiatives, like protection for virtual machines or data stored in the cloud; or 2) security from the cloud such as Security as a Service that uses the cloud to deliver some aspect of protection, like hosted email or web security. Here, I’d like to focus on security from the cloud that’s delivered in a hybrid model—a cloud-client architecture.
Using the cloud for security can deliver faster threat protection and better security. Traditional security has relied on signature...
Posted by
Christine Drake in
Cloud, Privacy, Compliance and Identity, public cloud, Securing the Cloud
Jan 18th, 2012 |
1 Comment
Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”). The U.S. might seize your data or other governments might gain access for a multitude of reasons. Even if your government doesn’t have laws that allow data access, they may work with a government that does, and may hand over your data—perhaps without your knowledge.
But governmental seizure of data is only a small component of potential data loss. It doesn’t really...
Posted by
Jonathan Gershater in
Cloud, Cloud-based Security, public cloud, Securing the Cloud, Security
Nov 10th, 2011 |
1 Comment
Perhaps bubonic plague is uncommon, but influenza or cold germs are easily transmitted in the public domain. What degree of assurance do you have that when you check into your hotel room, that it is safe and sanitized? The hotel employs a cleaning staff and adheres to standards of cleanliness and hygiene to ensure your room is clean. However, door knobs, elevator buttons etc handled by the other guests all day, are an avenue of transport for infection. These are some of the risks we take in daily public life – our own immune systems and personal hygiene help to ward off illness and infection.
When...
Posted by
Christine Drake in
Cloud, Cloud-based Security, Consumerization of IT, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, VMware
Oct 7th, 2011 |
1 Comment
Traditionally businesses have focused their IT security on perimeter defense—blocking threats before they enter the network. This protection is still important. But with today’s cloud computing, mobile devices, and advanced persistent threats (APTs), businesses need security that protects their data wherever it travels and in whatever type of device it resides, requiring new data-centric security.
Earlier this week, Trend Micro held its annual insight event for the analyst community and announced our new vision on data-centric security (see video clips of the event here and here). Back...
Posted by
Christine Drake in
Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization
Sep 8th, 2011 |
7 Comments
We often hear that security and privacy concerns are the main inhibitors to cloud adoption. But what are the true threats? Is the cloud really more dangerous than your on-site data center? I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation.
There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical...
Posted by
Christine Drake in
Cloud, Deep Security, hybrid-cloud, IaaS, Privacy, Compliance and Identity, private cloud, public cloud, Securing the Cloud
Sep 1st, 2011 |
4 Comments
By saying that encryption is not enough for cloud security, I don’t mean that you also need other types of protection like server security, identity management, etc. I think most people deploying cloud computing plan to implement more than encryption for security. What I mean is that encryption alone is not enough in an encryption solution when it comes to cloud environments.
Of course, industry-standard encryption is essential, but it’s table stakes. When dealing the multi-tenant nature of the public cloud, or even the inter-departmental shared resources of a private cloud, how encryption...
Posted by
Christine Drake in
Cloud, DataCenter, Deep Security, private cloud, Secure Data Centers, Securing the Cloud, Virtualization, VMware
Aug 30th, 2011 |
No Comments
In my last blog post, I discussed some of the benefits of agentless security for virtual and private cloud servers. Today at VMworld, Harish Agastya, Director of Data Center Security at Trend Micro, conducted a presentation on Agentless Security for VMware Environments (listed on the Trend Micro VMworld page). Trend Micro released agentless antivirus in Deep Security at last year’s VMworld and has seen impressive results over the last year. With such success, today Trend Micro announced an extension of its agentless security with new agentless file integrity monitoring (FIM) in Deep Security...
Posted by
Christine Drake in
Cloud, IaaS, private cloud, public cloud, Securing the Cloud, Security, Virtualization
Aug 30th, 2011 |
7 Comments
There’s a lot of talk about cloud computing and cloud security this week as many people are attending VMworld in Las Vegas (follow Trend Micro at VMworld). But not all types of cloud security are best suited for all types of cloud computing.
When people generically refer to “cloud computing” they usually mean the public cloud. But what about private clouds or hybrid clouds? The May 2011 Trend Micro cloud survey results showed that companies are adopting all three models almost equally. Although there are certainly overlaps in security best practices across these models, there are...
Stumble It!
Trend Cloud Security Blog – Cloud Computing Experts