Trend Cloud Security Blog – Cloud Computing Experts

“Hey, You, Get Off of iCloud!”

Posted by Patrick Wheeler in Cloud, Cloud-based Security, Consumerization of IT, hybrid-cloud, Privacy, Compliance and Identity, private cloud, public cloud, SaaS, Securing the Cloud, Security, Threats, Virtualization Jun 20th, 2011 | 2 Comments
For all its hype iCloud does not represent a fundamentally new problem. Employees are already bringing personal devices to work and wanting to use them in their jobs, and these unmanaged devices are mixing personal and corporate data on a system that is outside the control of the security and IT teams. There are already many apps and cloud-based services for sharing data between users and between devices (such as Dropbox), and these services are giving security pros fits. What is new is that iCloud will make these things happen automatically, and potentially without the intent or even awareness... read more

Chrome OS: So secure we don’t need security?

Posted by Rik Ferguson in Cloud, Cloud-based Security, Cyber crime, Malware, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud May 31st, 2011 | 2 Comments
With the launch announcements of various Google Chrome netbooks, the focus of the press and security companies alike is beginning to take a closer look at the security promises made and also at some of the more ’media friendly‘ statements such as, “…users don’t have to deal with viruses, malware and security updates”.   Let’s have a look at some of the security features of Chrome OS:   1 – Get out of my playpen. Each process runs in its own sandbox.  Effectively this means that if an application is malicious or compromised, it is unable to interact with or otherwise affect... read more

New type of cloud emerges: Exploits as a Service (EaaS)

Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization Apr 7th, 2011 | 1 Comment
For years now, if you knew where to shop on the shady side of the Internet cloud, you could pick up a botnet for cheap. But it was so much work to log in to IRC and pay with egold that a busy cybercriminal just couldn’t be bothered. That’s not a problem anymore, thanks to Robopak. Applying the latest cloud provisioning and marketing analytics technologies, they’ve created an entirely new type of cloud service, Exploits as a Service, or EaaS. Robopak’s EaaS lets you pay as little as $30 per day to access Java, PDF, and IE exploits and roll them out to build your cybercrime... read more

OpenPaas and CloudBees: Java in the Cloud

Posted by Bharath Chandrasekhar in Cloud, IaaS, PaaS, SaaS, Secure Data Centers, Securing the Cloud, Virtualization Feb 28th, 2011 | 1 Comment
One of the delivery models of Cloud Computing is Platform-as-a-Service. In its true definition, a PaaS provider takes care of the underlying infrastructure including the VMs, OS patches, elasticity, auto-scaling, firewalling, etc and provides an API — and a language runtime — to which the programmer should write the code. The users of PaaS have no control over the underlying infrastructure, i.e. there is nothing “open” about it. The most prominent PaaS offerings are Force.com from Salesforce (Apex), Google App Engine (Python and Java), and Microsoft Azure (.NET). It is obvious... read more

STILL Got Cloud Confusion? Check out these resources…

Posted by Justin Foster in Cloud, Cloud-based Security, IaaS, PaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization Feb 14th, 2011 | 1 Comment
A year ago we posted a compendium of Cloud and Cloud Security resources. This posting has been consistently among the top hits to the Cloud Security Blog proving that, when it comes to Cloud the one thing we all need is clarity! Two of the most useful resources for Cloud 101 make up the common body of knowledge for the CCSK certification: Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing European Network and Information Security Agency: Cloud Computing Risk Assessment Once you have the basics down, there are several industry organizations and groups which... read more

Good Clouds, Evil Clouds: Why Microsoft Hasn’t Lost Yet in Cloud Computing

Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, IaaS, Malware, PaaS, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud Feb 6th, 2011 | 6 Comments
In a recent eWeek interview, Citrix CTO Simon Crosby described Conficker malware as “the world’s largest cloud.” He’s right. Cybercriminals use Conficker to create massive clouds of remotely-controlled PCs capable of carrying out a variety of cyber-attacks, including DDoS (Distributed Denial of Service) attacks on a scale larger than any centralized cloud provider could. We tend to think about data center-based clouds with names like Infrastructure-as-a-Service or Software-as-a-Service, but the future of really big clouds looks more like Conficker’s very powerful networks of distributed... read more

VMware Kool-Aid: “There’s No Cloud Without Virtualization”

Posted by Dave Asprey in Cloud, IaaS, PaaS, SaaS, Virtualization Jan 4th, 2011 | Comments Off
  I’m a huge fan of VMware, even though I spent some time competing with them when I ran strategic planning for the Citrix virtualization business (pre-Xen). I even tried to build a cloud with VMware  in 2002, when it wasn’t yet server-grade for data center operations. It’s a killer company with great virtualization software, and it’s done an incredible and outstanding job holding its own against industry giants like Microsoft, and pivoting from hypervisor vendor to cloud infrastructure vendor. That said, I have to wonder why, in this CNET interview, Chris Knowles, VMware’s... read more

Conflict of Interest Leads to Big Malware Attack

Posted by Dave Asprey in Cloud-based Security, Cyber crime, Malware, Security, Threats, Threats from the Cloud, Uncategorized Dec 14th, 2010 | 2 Comments
(Ed. note: While the following does not strictly deal with “cloud security,” we thought it was of such a degree of importance to post it here.) Today’s disclosure by Google and Microsoft that they were tricked into serving malware highlights an inherent conflict of interest between advertising-based businesses and the security needs of their customers. Ad networks like Google and MSN get paid when they sell ads, so they naturally focus on being the best at selling ads. Because these ad networks don’t get paid to keep people’s computers secure, they spend just enough on security... read more

Google Attack & (not) the Cloud

Posted by admin in Securing the Cloud Jan 21st, 2010 | Comments Off
When news of the “Google hack” (also referred to as Aurora, Google Attacks, and Hydraq) break-in of gmail accounts first occurred, some observers thought the news could hurt cloud computing.  As the story has evolved, it turns out that the attack was a straightforward endpoint exploit.   I don’t want to diminish the significance of the attack, but want to clarify that this does not highlight any particular cloud security issue and is a standard endpoint security issue. Trend Micro has published some nice, actionable information along with details of the Google attack.  My colleagues at... read more