Blog Posts Tagged with "SaaS"
Penetration Testing the Cloud: Three Important Points
July 17, 2012 Added by:Brandon Knight
One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...
Comments (1)
Data Back-Up Strategies for Your Business
March 25, 2012 Added by:Robert Siciliano
Do you backup data? One of the problems with getting a small businesses to secure data is they think they need to load up thumbdrives, DVDs or tape devices manually. This is in fact tedious and overwhelming. I’ve got news for you, data backup is easy...
Comments (0)
Understanding Cloud Security Part Two
March 14, 2012 Added by:Neira Jones
Organisations need to ask cloud providers to disclose security controls and how they are implemented, and consuming organisations need to know which controls are needed to maintain the security of their information. Lack of thoroughness can lead to detrimental outcomes...
Comments (0)
Understanding Cloud Security Part One
March 11, 2012 Added by:Neira Jones
The cloud provides an opportunity to re-architect older applications and infrastructure to meet or exceed modern security requirements. At other times, the risk of moving sensitive data and applications to an emerging infrastructure might exceed tolerance levels...
Comments (0)
Cross-Border Sovereignty Issues in the Cloud
March 02, 2012 Added by:Rafal Los
It's about due care, process, and not rushing into a cloud computing migration. Take a rational approach and first understand the parameters you need to operate. Then enforce with prejudice those requirements on your vendors and know the way cloud computing is delivered...
Comments (0)
The Cloud’s Low-Rent District
March 01, 2012 Added by:Dave Shackleford
How many CSPs would take security more seriously if they knew there was a provision in every contract stating that customers could publicly describe security failings and immediately move their data and systems elsewhere with no questions asked? I’m sure you’re saying yeah, right...
Comments (1)
NETPeas COREvidence v1.0 Sneak Preview
February 02, 2012 Added by:Nabil Ouchn
COREvidence, a Software as a Service (SaaS) product, integrates multiple services to create a one-stop network security solution. Customers have immediate access to numerous technology leaders in vulnerability management, compliance achievement and monitoring...
Comments (0)
Living in the Clouds: Master the Cloud Event - Toronto
February 02, 2012 Added by:Rafal Los
Security is more about understanding the model you'll be undertaking than trying to fit some ideals you have about the cloud security nirvana. Each provider model (IaaS, PaaS, SaaS, etc.) has differing offerings and quirks for security. Watch those contracts closely...
Comments (0)
Content Raven – High Speed Low Drag
January 10, 2012 Added by:
Security professionals are always struggling to get usage statistics with security products. Content Raven gives you great metrics and analytics out of the box. I can track by user and/or device and /or location what the user has looked at and for how long...
Comments (0)
Vulnerability Response Done Right
January 09, 2012 Added by:Fergal Glynn
Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. As it turned out, the discussion forum where we found the XSS was a SaaS-based product called Lithium...
Comments (0)
Transparency in Cloud Services from the Security Perspective
December 16, 2011 Added by:Rafal Los
There is an operational perspective in terms of provider transparency. We are now starting to see cases where a SaaS service offering is built on top of a PaaS service, built using multiple IaaS services and that is enough to make anyone's head spin...
Comments (0)
Three Things Experts Won't Tell You About Cloud Security
December 14, 2011 Added by:Mike Meikle
Carefully crafted and monitored SLAs to keep vendors in check, mandating FIPS 140-2 certification of potential vendors and benefiting from vendor technology investments (economies of scale) can add significant weight to cloud solution providers being more secure than in-house solutions...
Comments (1)
Security: Tip Toeing Through the Clouds
September 28, 2011 Added by:Rafal Los
As elastic cloud computing becomes more popular, more critical applications and data will be living in those multi-tenant environments. While this is a fantastic development, security professionals can't let bad software development practices ruin the next biggest leap in business technology...
Comments (0)
Cloud Computing Solutions in Federal Agencies part 3
September 27, 2011 Added by:Kevin L. Jackson
Security is an issue with client management interfaces with the public cloud provider. These services are provided via the internet and permit access to a larger set of resources than traditional operating systems. Security risk can dramatically increase when this is combined with remote access...
Comments (0)
On Definitions – Keeping it Simple with OSSM
September 21, 2011 Added by:Ben Kepes
Spending so much time in the rarefied atmosphere of the twitterverse, it’s easy to assume that everyone “gets it”. The truth is somewhat different – the vast majority of people out there are still coming to terms. For them the Cloud is an unheard of concept and unexplained territory...
Comments (0)
Cloud Computing Solutions in Federal Agencies part 2
September 20, 2011 Added by:Kevin L. Jackson
Cloud outages can be a potential risk—and can have widespread implications for consumers of cloud services. This risk becomes even more severe if a mission-critical environment could be impacted. Security concerns have also slowed the widespread adoption of cloud computing...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)