Trend Cloud Security Blog

Cloud Security 2010

Posted by Eva in Securing the Cloud, Threats from the Cloud, Virtualization Feb 16th, 2010 | No Comments
We’re a few weeks away from the RSA Conference 2010 in San Francisco where I expect the hot topic will be cloud security.  Yes, I’m biased, but let’s face it, cloud computing is here to stay.  It provides real business value streamlining hardware and software while simultaneously giving IT budgets some breathing room.  And it fundamentally changes IT infrastructure and therefore, thus changing the way we secure data. Yesterday’s security threats used to damage computers and networks.  Today’s threats want to steal data and information – credit card numbers, social security numbers,... read more

Got Cloud Confusion? Check out these resources…

Posted by admin in Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Virtualization Jan 28th, 2010 | No Comments
Frank Gens of IDC says 2010 will be a transformational year for IT, driven in part by cloud computing.  Although cloud computing is a hot topic, a lot of IT folks remain confused and unsure about a host of issues from vendor selection and control to security and compliance.  We’ve tried to help by compiling a list of great resources to help you navigate these issues.  If you find others that are worth sharing, please let us know. There are several industry organizations and groups which help facilitate understanding of the cloud, provide best practices and enable standards: The Cloud Security... read more

PaaS and The Dark Side

Posted by Raimund in Securing the Cloud, Threats from the Cloud Nov 10th, 2009 | 1 Comment
The public cloud holds tremendous possibilities for goodness in lowering computing costs and increasing flexibility, but the dark side of the world is always ready to take advantage of cloud delivery models like Platform-as-a-Service (PaaS).  Arbor Networks recently spotted a Google AppEngine Platform-as-a-Service application being used for Command and Control (CnC) for a botnet (here is a news article).  Google promptly took down the application, but the event raises some interesting issues. In the malware realm, this is nothing new and has been referred to previously as “Malware as a Service”. ... read more

Preventing Catastrophic Failure

Posted by Jon in Securing the Cloud Nov 2nd, 2009 | 1 Comment
Recently, there have been some high profile failures of cloud computing, including the Sidekick outage, the DDos attack on Amazon’s EC2 and disruption to Google’s hosted email.  Following these debacles, some people have expressed scepticism about the cloud computing model. For example, a response to a CNET article was:  “Putting all your beans in a single point of failure for users (in an enterprise or corporation) is suicide.” Here I will consider a range of activities as “Cloud Computing” including SaaS, PaaS and IaaS.  All three raise some concerns for companies. Companies that... read more

Cloud Computing Standards, Dream vs. Reality

Posted by Justin in Secure Data Centers, Securing the Cloud Oct 28th, 2009 | 1 Comment
Portability and interoperability in cloud computing may seem tangential to security, but avoiding vendor lock-in is about more than having access to competitive pricing or better service. When relying on a single provider there is inherent risk, especially in the availability of the service and data. Throughout history the need for portability and interoperability has usually been dealt with through standardization. Standard railroad gauges enabled cross continental travel, just as TCP/IP unlocked worldwide communications. It’s not surprising then, that many people look at cloud computing... read more

When Data Gets Breached in the Cloud, Who Owns the Mess?

Posted by Todd in Securing the Cloud Oct 26th, 2009 | 2 Comments
Trend Micro has been talking to many data center security folks and Infrastructure-as-a-Service (IaaS) providers to understand the dynamics of cloud security.  Something that strikes me is their frequent (mis)perception that the Infrastructure-as-a-Service provider will take care of security in the public cloud. IaaS providers are doing a decent job of baseline security (physical security, perimeter firewall, load balancing, perhaps a network IDS/IPS, etc) and have to provide a basic ante to the game.  While the occasional IaaS vendor strives to differentiate themselves with higher degrees of... read more

The Sky is Falling on Cloud Computing

Posted by Andrew in Securing the Cloud Oct 20th, 2009 | No Comments
Adding to what my colleague Todd has written on the Microsoft/Danger data loss issue… What has been billed as a large scale failure of cloud computing, more specifically, cloud storage, is making headlines and generating lots of heat but little light. Major outage hits T-Mobile Sidekick users:  “Users of T-Mobile’s Sidekick have been suffering through a major outage over the past several days that left many without access to the Web or their address books.” Lawsuits filed over Sidekick outages:   “In that lawsuit, Thompson’s lawyers argue why the outage... read more

Danger and the Cloud

Posted by Todd in Securing the Cloud Oct 19th, 2009 | No Comments
T-Mobile USA’s Sidekick mobile phone service operated by Microsoft’s Danger subsidiary encountered a service disruption  that resulted in some Sidekick phone customers losing their personal information including contact names, phone numbers and digital photos  (the New York Times had a summary, and The Register has some juicy speculation on the origin of the outage).  Many commentators used this episode and other recent “cloud” system outages to cast doubt on the reliability of cloud computing.  I suggest taking a breath and a think. What happened to Microsoft with Danger was an IT... read more

DDoS and the Cloud: Sad but True

Posted by Todd in Cloud-based Security, Threats from the Cloud Oct 9th, 2009 | No Comments
Amazon EC2 customers recently suffered from a concerted Distributed Denial of Service (DDoS) attack that caused some consternation for the web-based code hosting service Bitbucket (news courtesy of my favorite IT tabloid, The Register).  An unfortunate fact of life about the massive DDoS such as Bitbucket appears to have suffered is that there is no defense once the incoming network pipes are full other than shutting off the DDoS.  Trend Micro has to wrestle with DDoS attacks as part of our antivirus business as well as our hosted security business (shameless sales plug: check out InterScan Hosted... read more

Why aren’t cloud services secured as a service?

Posted by Justin in Cloud-based Security, Securing the Cloud, Virtualization Sep 30th, 2009 | No Comments
Cloud-based security as a service offerings have seen a steady increase in popularity, due to the benefits that the deployment model provides. Security as a service enables rapid provisioning, cost savings and enhanced security through real-time updates and the community effect. With the explosive adoption of public cloud computing it’s time we apply the techniques used to provide security FROM the cloud, to provide security FOR the cloud. In public cloud environments like Amazon Web Services (AWS), the Elastic Compute Cloud (EC2) instances only provide firewall as a service. It’s up... read more

« Previous Entries