Posted by
Christine Drake in
Cloud, Privacy, Compliance and Identity, public cloud, Securing the Cloud
Jan 18th, 2012 |
1 Comment
Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”). The U.S. might seize your data or other governments might gain access for a multitude of reasons. Even if your government doesn’t have laws that allow data access, they may work with a government that does, and may hand over your data—perhaps without your knowledge.
But governmental seizure of data is only a small component of potential data loss. It doesn’t really...
Posted by
Christine Drake in
Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization
Sep 8th, 2011 |
7 Comments
We often hear that security and privacy concerns are the main inhibitors to cloud adoption. But what are the true threats? Is the cloud really more dangerous than your on-site data center? I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation.
There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical...
Posted by
Christine Drake in
Cloud, Deep Security, hybrid-cloud, IaaS, Privacy, Compliance and Identity, private cloud, public cloud, Securing the Cloud
Sep 1st, 2011 |
4 Comments
By saying that encryption is not enough for cloud security, I don’t mean that you also need other types of protection like server security, identity management, etc. I think most people deploying cloud computing plan to implement more than encryption for security. What I mean is that encryption alone is not enough in an encryption solution when it comes to cloud environments.
Of course, industry-standard encryption is essential, but it’s table stakes. When dealing the multi-tenant nature of the public cloud, or even the inter-departmental shared resources of a private cloud, how encryption...
Posted by
Christine Drake in
Cloud, IaaS, private cloud, public cloud, Securing the Cloud, Security, Virtualization
Aug 30th, 2011 |
7 Comments
There’s a lot of talk about cloud computing and cloud security this week as many people are attending VMworld in Las Vegas (follow Trend Micro at VMworld). But not all types of cloud security are best suited for all types of cloud computing.
When people generically refer to “cloud computing” they usually mean the public cloud. But what about private clouds or hybrid clouds? The May 2011 Trend Micro cloud survey results showed that companies are adopting all three models almost equally. Although there are certainly overlaps in security best practices across these models, there are...
Posted by
Patrick Wheeler in
Cloud, Cloud-based Security, Consumerization of IT, hybrid-cloud, Privacy, Compliance and Identity, private cloud, public cloud, SaaS, Securing the Cloud, Security, Threats, Virtualization
Jun 20th, 2011 |
2 Comments
For all its hype iCloud does not represent a fundamentally new problem. Employees are already bringing personal devices to work and wanting to use them in their jobs, and these unmanaged devices are mixing personal and corporate data on a system that is outside the control of the security and IT teams. There are already many apps and cloud-based services for sharing data between users and between devices (such as Dropbox), and these services are giving security pros fits. What is new is that iCloud will make these things happen automatically, and potentially without the intent or even awareness...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, Deep Security, hybrid-cloud, IaaS, Malware, Privacy, Compliance and Identity, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud, Virtualization
Jun 5th, 2011 |
1 Comment
For the last few months, we’ve been conducting a cloud, virtualization, and VDI security survey of 1200 IT professionals from larger companies in 6 countries around the world. Not only did I get to help shape the questions on the survey, I’ve also been on the team interpreting the results.
We’ve learned more than a few things we actually were not expecting to learn. Here is a collection of the most interesting top findings about the state of cloud and virtualization security. I’ll be blogging about some of them in more detail over the next few weeks, but in the meantime, here is the big...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, DataCenter, Deep Security, hybrid-cloud, IaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud
Jun 2nd, 2011 |
No Comments
This is pretty cool. I gave a talk last week at the Glue Conference in Denver about how ambient clouds ( http://cloudsecurity.trendmicro.com/good-clouds-evil-clouds-why-microsoft-has… )work and even used Skype as an example of a massive-scale ambient cloud.
This case raises some very important new questions around ambient clouds. For instance, if you create an ambient cloud, one that you control using your own protocol, but where you have no control over when an endpoint may join it, what are the legal implications if someone else uses your protocol?
In an open source world, slapping a lawsuit...
Posted by
Dave Asprey in
Citrix, Cloud, Cloud-based Security, cloudbursting, Deep Security, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Virtualization, VMware
May 25th, 2011 |
No Comments
Today at Synergy, Citrix announced “Project Olympus,” effectively making open source clouds a more viable option for enterprises. In the past, it was cloud providers like Rackspace who tended to focus on open source cloud infrastructure, while enterprises tended to make more conservative choices where support contracts were available.
The new support from Citrix, along with about 60 other supporting commercial hardware and software vendors, should go a long way towards helping enterprises see OpenStack as an enterprise-grade choice of cloud infrastructure. Enterprises can now get a Citrix-certified...
Posted by
Greg Boyle in
Cloud, Cloud-based Security, Cyber crime, Malware, public cloud, SaaS, Securing the Cloud, Security, Threats, Virtualization
May 23rd, 2011 |
2 Comments
I recently had an interesting chat with the operator of our snack vending machine while making a coffee in the kitchen. She was restocking our machine and had her iPad sitting on the table. In their 2 person company they now have 2 iPads and a PC. They do their inventory control and tracking while onsite at customer premises via the iPad. Then they sync it with their PC and, using an online storage solution they transfer it to the cloud; this then syncs with their online accounting package. Her reason was very, very simple: she wants to reduce the amount of time they spend on bookkeeping and back-office...
Posted by
Bharath Chandrasekhar in
Cloud, Cloud-based Security, DataCenter, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security
May 11th, 2011 |
Comments Off
How difficult is it to run a public cloud service?
As all of us know, Amazon Web Services (AWS) experienced an outage on 21-Apr-2011 and that lasted for almost 4 days. Quite a lot of companies were affected and you can find the list here. The Internet was flooded with articles speculating what went wrong, whether cloud computing is viable in the long run, how Amazon services did not function as advertised, how the applications should be built, etc. While most offered their opinion in broad strokes such as “use multiple regions/clouds”, “use built-in redundancy”, “don’t use public clouds”,...
Stumble It!
Trend Cloud Security Blog – Cloud Computing Experts