Blog Posts Tagged with "Cloud Security"
Big Opportunities in the Cloud
May 16, 2012 Added by:Ben Kepes
Purists were adamant that the Private Cloud was flawed and that it could not deliver the benefits of the Public Cloud. On the other hand organizations were highly skeptical of the Public Cloud, listing its shortcomings in terms of security, reliability, compliance and control...
Comments (0)
Where Will the Buck Stop in Cloud Security?
May 16, 2012 Added by:Jayson Wylie
I don’t want to see the main outcome of security and data breaches become lengthy litigation. If cloud security boils down to he who has the best law team, the direction of security will have an approach of least exposure to litigation versus Cyber threats. This does not settle with me as a valid security driver for improving security posture...
Comments (0)
The Patchwork Cloud: Portability of Security in Cloud Computing
May 15, 2012 Added by:Rafal Los
Portability is important not just across your various cloud providers but also internally. What are we talking about here? First is the acknowledgement that security isn't exclusively about the perimeter anymore. The move to cloud computing environments hastens this awareness...
Comments (0)
The Absurdity of Cloud Computing and Hosted Services
May 13, 2012 Added by:Dan Dieterle
Many companies are turning to online services to help cut costs and restore some level of IT support to their organizations. But what truly makes you think that these online services are not going through the same internal cutbacks and employee changes to cut costs of their own?
Comments (7)
Keeping Security Relevant: From Control to Governance in the Cloud
May 12, 2012 Added by:Rafal Los
When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?
Comments (0)
FedRAMP Releases Updated Security Assessment Templates
May 11, 2012 Added by:Kevin L. Jackson
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and monitoring for Cloud Service Providers. This document has been designed for Third-Party Independent Assessors to use for planning security testing of CSPs...
Comments (0)
Is Cloud Security in the Clouds?
May 10, 2012 Added by:Jayson Wylie
Cloud security threats can come from the lack of designed and implemented security by the provider. This may be intentional or not but the lack of oversight or negligence in this area can potentially cause disputes over the difference of control versus accountability...
Comments (0)
The Patchwork Cloud: Making the Security Case
May 06, 2012 Added by:Rafal Los
When we think about cloud computing we can think of security as getting a bit of a gentle push, or shove in some cases. The way it is built and billed as services instead of individual components, and the increased emphasis on automation - security has a real chance of not being a roadblock...
Comments (0)
Cyber Weapons - Bits Instead of Bullets Damage Nonetheless
May 04, 2012 Added by:Rafal Los
In this post I discuss some of the ramifications of digital weapons and put into context just what this means for your enterprise security strategy as your organization continues towards cloud/utility computing, mobility, and a larger presence on the Internet...
Comments (0)
Five Conversations that will Shape Your Cloud Security Model
May 03, 2012 Added by:Rafal Los
We need to move away from the control model into a governance model and acknowledge we're not going to have control over all of our risk. Any notion that you have control is a delusion. Assuming that if you control the environment you have better security is a fallacy...
Comments (0)
More on Banking 2.0 - Who Ya Gonna Trust?
May 01, 2012 Added by:Ben Kepes
Banks sit on a far higher level of the trust spectrum than do companies like Google and Apple – at least in consumers minds. A study commissioned in 2010 that found that telecoms were seen as the second most trusted group, after banks, for securing personal information...
Comments (0)
Google as a Cyber Weapon: New Attack Method Discovered
April 30, 2012 Added by:Pierluigi Paganini
The lesson learned is that it is possible to use Google as a cyber weapon to lauch a powerful "Denial of Money" attack against other platforms. In reality, the service in this case hasn't been interrupted, but the attack has made it extremely expensive to run...
Comments (0)
Outsourcing SIEM and Log Analysis
April 30, 2012 Added by:Marc Quibell
What are the risks of MSSPs managing the detection and analysis of network activity data for your company? There are some events that, if detected early, may avert lawsuits, data breaches and other embarrassing or career-ending moments for a company...
Comments (2)
The Patchwork Cloud - A Model Driven Approach
April 28, 2012 Added by:Rafal Los
As we discussed at OWASP AppSec APAC in Sydney recently, there is still too much focus being given to the security of infrastructure, and we're spending a disproportionate amount of time on the security of networks, servers, etc. rather than actually looking at the applications...
Comments (0)
Wait, What? Someone Has to Look at Those Logs?
April 27, 2012 Added by:Jack Daniel
Monitoring the performance of your MSSP is cheap insurance- the last thing you want to face is a failure of your service and the need to rebuild an in-house program. You thought getting all that data pushed out to the MSSP was a pain- just imagine trying to get it back...
Comments (1)
Court Orders Megaupload Parties to Come Up with a Plan
April 26, 2012 Added by:Electronic Frontier Foundation
The government, which had originally seized files and still apparently holds all of Megaupload's financial assets, had argued that it had no obligation to make sure the files of innocent Megaupload users were returned and, in fact, believed that they could be destroyed...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR