Trend Cloud Security Blog – Cloud Computing Experts

OpenPaas and CloudBees: Java in the Cloud

Posted by Bharath Chandrasekhar in Cloud, IaaS, PaaS, SaaS, Secure Data Centers, Securing the Cloud, Virtualization Feb 28th, 2011 | 1 Comment
One of the delivery models of Cloud Computing is Platform-as-a-Service. In its true definition, a PaaS provider takes care of the underlying infrastructure including the VMs, OS patches, elasticity, auto-scaling, firewalling, etc and provides an API — and a language runtime — to which the programmer should write the code. The users of PaaS have no control over the underlying infrastructure, i.e. there is nothing “open” about it. The most prominent PaaS offerings are Force.com from Salesforce (Apex), Google App Engine (Python and Java), and Microsoft Azure (.NET). It is obvious... read more

The Virtualization Treadmill: The More Things Change, the More They Stay the Same

Posted by Dave Asprey in Cloud, Cloud-based Security, Malware, Securing the Cloud, Security, Smart Protection Network, Virtualization Feb 10th, 2011 | Comments Off
Is Virtualization stupid? It forces guest VMs sharing a host to do the same things over and over, without sharing. It takes up countless hours of otherwise useful – and expensive – server time. Sure, it’s better to consolidate servers using virtualization than to leave them on separate hardware, but it’s still just plain wasteful when dozens of VMs on a single server suck CPU cycles to do the same things their neighbors are doing. Why do we allow this? For security and flexibility reasons. The predecessor of desktop virtualization was the Citrix Presentation Server, which... read more

Good Clouds, Evil Clouds: Why Microsoft Hasn’t Lost Yet in Cloud Computing

Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, IaaS, Malware, PaaS, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud Feb 6th, 2011 | 6 Comments
In a recent eWeek interview, Citrix CTO Simon Crosby described Conficker malware as “the world’s largest cloud.” He’s right. Cybercriminals use Conficker to create massive clouds of remotely-controlled PCs capable of carrying out a variety of cyber-attacks, including DDoS (Distributed Denial of Service) attacks on a scale larger than any centralized cloud provider could. We tend to think about data center-based clouds with names like Infrastructure-as-a-Service or Software-as-a-Service, but the future of really big clouds looks more like Conficker’s very powerful networks of distributed... read more

Conflict of Interest Leads to Big Malware Attack

Posted by Dave Asprey in Cloud-based Security, Cyber crime, Malware, Security, Threats, Threats from the Cloud, Uncategorized Dec 14th, 2010 | 2 Comments
(Ed. note: While the following does not strictly deal with “cloud security,” we thought it was of such a degree of importance to post it here.) Today’s disclosure by Google and Microsoft that they were tricked into serving malware highlights an inherent conflict of interest between advertising-based businesses and the security needs of their customers. Ad networks like Google and MSN get paid when they sell ads, so they naturally focus on being the best at selling ads. Because these ad networks don’t get paid to keep people’s computers secure, they spend just enough on security... read more

The Sky is Falling on Cloud Computing

Posted by Andrew in Securing the Cloud Oct 20th, 2009 | Comments Off
Adding to what my colleague Todd has written on the Microsoft/Danger data loss issue… What has been billed as a large scale failure of cloud computing, more specifically, cloud storage, is making headlines and generating lots of heat but little light. Major outage hits T-Mobile Sidekick users:  “Users of T-Mobile’s Sidekick have been suffering through a major outage over the past several days that left many without access to the Web or their address books.” Lawsuits filed over Sidekick outages:   “In that lawsuit, Thompson’s lawyers argue why the outage... read more

Danger and the Cloud

Posted by admin in Securing the Cloud Oct 19th, 2009 | Comments Off
T-Mobile USA’s Sidekick mobile phone service operated by Microsoft’s Danger subsidiary encountered a service disruption  that resulted in some Sidekick phone customers losing their personal information including contact names, phone numbers and digital photos  (the New York Times had a summary, and The Register has some juicy speculation on the origin of the outage).  Many commentators used this episode and other recent “cloud” system outages to cast doubt on the reliability of cloud computing.  I suggest taking a breath and a think. What happened to Microsoft with Danger was an IT... read more