Posted by
Christine Drake in
Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization
Sep 8th, 2011 |
7 Comments
We often hear that security and privacy concerns are the main inhibitors to cloud adoption. But what are the true threats? Is the cloud really more dangerous than your on-site data center? I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation.
There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical...
Posted by
Patrick Wheeler in
Cloud, Cloud-based Security, Consumerization of IT, hybrid-cloud, Privacy, Compliance and Identity, private cloud, public cloud, SaaS, Securing the Cloud, Security, Threats, Virtualization
Jun 20th, 2011 |
2 Comments
For all its hype iCloud does not represent a fundamentally new problem. Employees are already bringing personal devices to work and wanting to use them in their jobs, and these unmanaged devices are mixing personal and corporate data on a system that is outside the control of the security and IT teams. There are already many apps and cloud-based services for sharing data between users and between devices (such as Dropbox), and these services are giving security pros fits. What is new is that iCloud will make these things happen automatically, and potentially without the intent or even awareness...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, Deep Security, hybrid-cloud, IaaS, Malware, Privacy, Compliance and Identity, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud, Virtualization
Jun 5th, 2011 |
1 Comment
For the last few months, we’ve been conducting a cloud, virtualization, and VDI security survey of 1200 IT professionals from larger companies in 6 countries around the world. Not only did I get to help shape the questions on the survey, I’ve also been on the team interpreting the results.
We’ve learned more than a few things we actually were not expecting to learn. Here is a collection of the most interesting top findings about the state of cloud and virtualization security. I’ll be blogging about some of them in more detail over the next few weeks, but in the meantime, here is the big...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Threats from the Cloud
Mar 22nd, 2011 |
7 Comments
In our hectic cloud-based world, devops (the mixing of infrastructure operations with software development) has become the standard way we build and run high-scale sites from IaaS to SaaS. There are lessons to be learned from how we got here, especially because devops isn’t very security friendly.
Here’s how we got to this sorry state, from the perspective of someone who started working on cloud infrastructure in 1998. I’ve run both dev and ops functions in multiple cloud environments and launched two early cloud computing services. I also ran the Web & Internet Engineering program for...
Posted by
Justin Foster in
Cloud, Cloud-based Security, IaaS, PaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization
Feb 14th, 2011 |
1 Comment
A year ago we posted a compendium of Cloud and Cloud Security resources. This posting has been consistently among the top hits to the Cloud Security Blog proving that, when it comes to Cloud the one thing we all need is clarity!
Two of the most useful resources for Cloud 101 make up the common body of knowledge for the CCSK certification:
Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing
European Network and Information Security Agency: Cloud Computing Risk Assessment
Once you have the basics down, there are several industry organizations and groups which...
Posted by
Dave Asprey in
Cloud-based Security, Privacy, Compliance and Identity, Securing the Cloud, Uncategorized, Virtualization
Dec 13th, 2010 |
Comments Off
I spent last week at Gartner’s Data Center Conference in Las Vegas and learned some very interesting things. Between the jam-packed conference tracks, the show floor, and the vendor-sponsored after-parties, there was just no time to count cards at the blackjack tables.
That probably saved me a lot of money, since Caesar’s, which housed the conference, had $25 minimum bets. (ouch!)
One of the more interesting sessions on cloud and security polled a large room of a few hundred IT execs about their concerns with internal clouds. They answered in this order:
Culture and Politics
Innovative...
Posted by
Justin Foster in
Cloud-based Security, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud, Virtualization
Dec 7th, 2010 |
1 Comment
Cloud Security Alliance Congress 2010 Summary – Part 3 of 4
The Cloud Security Alliance kicked off its first major event November 16-17, 2010 in Orlando, Florida. The CSA Congress 2010 successfully hosted 370 people with talks covering all aspects of cloud security over two days.
For those who were not in attendance at Congress, this four-part series will summarize some of the most popular sessions at the event.
This is part three in a 4-part series of posts summarizing popular sessions at the Cloud Security Alliance Congress 2010 event held in November 2010 in Orlando, Florida.
Keynote...
Posted by
Justin Foster in
Cloud-based Security, Cyber crime, Privacy, Compliance and Identity, Securing the Cloud, Virtualization
Nov 29th, 2010 |
Comments Off
Cloud Security Alliance Congress 2010 Summary – Part 1 of 4 parts
The Cloud Security Alliance kicked off its first major event November 16-17, 2010 in Orlando, Florida. The CSA Congress 2010 successfully hosted 370 people with talks covering all aspects of cloud security over two days.
For those who were not in attendance at congress, this four-part series will summarize some of the most popular sessions at the event.
Keynote Address: Creating a Safer, More Trusted Internet
Scott Charney, the Corporate Vice President of Trustworthy Computing at Microsoft, kicked off the congress with his...
Posted by
admin in
Cloud-based Security, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud, Virtualization
Sep 21st, 2010 |
Comments Off
Divide and Reduce Risk: Segregation of Duties in the Cloud
Author: Todd Thiemann
Plenty of regulatory regimes mandate that enterprises have a segregation of duties or separation of duties (we will use the terms interchangably in this post) as a required internal control mechanism. Separation of duties divides the responsibility of a critical task among different people and provides “checks and balances” against fraud or error.
ISACA has a nice journal article about Segregation of Duties here and Nick Szabo writes about the concept here. Internal controls and Separation of Duties apply...
Posted by
Wael in
Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud
Apr 2nd, 2010 |
Comments Off
This interview is the second in my series of talking with our partners to discuss the challenges posed by physical, virtual and cloud environments. In early March Trend Micro entered into a partnership with Qualys to sell the QualysGuard IT Security and Compliance Suite along with Trend Micro Enterprise Security compliance offerings with the goal of providing a more comprehensive solution for customers worldwide. This partnership delivers on Trend’s vision of “security that fits” by addressing both security and compliance needs.
Recently I sat down with Philippe Courtot, Chairman and...
Stumble It!
Trend Cloud Security Blog – Cloud Computing Experts