Cloud Computing
Big Opportunities in the Cloud
May 16, 2012 Added by:Ben Kepes
Purists were adamant that the Private Cloud was flawed and that it could not deliver the benefits of the Public Cloud. On the other hand organizations were highly skeptical of the Public Cloud, listing its shortcomings in terms of security, reliability, compliance and control...
Comments (0)
Where Will the Buck Stop in Cloud Security?
May 15, 2012 Added by:Jayson Wylie
I don’t want to see the main outcome of security and data breaches become lengthy litigation. If cloud security boils down to he who has the best law team, the direction of security will have an approach of least exposure to litigation versus Cyber threats. This does not settle with me as a valid security driver for improving security posture...
Comments (0)
The Patchwork Cloud: Portability of Security in Cloud Computing
May 15, 2012 Added by:Rafal Los
Portability is important not just across your various cloud providers but also internally. What are we talking about here? First is the acknowledgement that security isn't exclusively about the perimeter anymore. The move to cloud computing environments hastens this awareness...
Comments (0)
Taming the WWW or Wild Wild West
May 13, 2012 Added by:Jayson Wylie
There is a reason the security world refers to exploitation on the Internet to activity ‘in the wild’. A comparison can be made to the lawless, tough and unforgiving world of the Wild West in American history. You can get your stuffz or scalp taken...
Comments (0)
The Absurdity of Cloud Computing and Hosted Services
May 12, 2012 Added by:Dan Dieterle
Many companies are turning to online services to help cut costs and restore some level of IT support to their organizations. But what truly makes you think that these online services are not going through the same internal cutbacks and employee changes to cut costs of their own?
Comments (7)
Keeping Security Relevant: From Control to Governance in the Cloud
May 11, 2012 Added by:Rafal Los
When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?
Comments (0)
FedRAMP Releases Updated Security Assessment Templates
May 11, 2012 Added by:Kevin L. Jackson
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and monitoring for Cloud Service Providers. This document has been designed for Third-Party Independent Assessors to use for planning security testing of CSPs...
Comments (0)
Is Cloud Security in the Clouds?
May 09, 2012 Added by:Jayson Wylie
Cloud security threats can come from the lack of designed and implemented security by the provider. This may be intentional or not but the lack of oversight or negligence in this area can potentially cause disputes over the difference of control versus accountability...
Comments (0)
The Patchwork Cloud: Making the Security Case
May 05, 2012 Added by:Rafal Los
When we think about cloud computing we can think of security as getting a bit of a gentle push, or shove in some cases. The way it is built and billed as services instead of individual components, and the increased emphasis on automation - security has a real chance of not being a roadblock...
Comments (0)
Five Conversations that will Shape Your Cloud Security Model
May 03, 2012 Added by:Rafal Los
We need to move away from the control model into a governance model and acknowledge we're not going to have control over all of our risk. Any notion that you have control is a delusion. Assuming that if you control the environment you have better security is a fallacy...
Comments (0)
More on Banking 2.0 - Who Ya Gonna Trust?
May 01, 2012 Added by:Ben Kepes
Banks sit on a far higher level of the trust spectrum than do companies like Google and Apple – at least in consumers minds. A study commissioned in 2010 that found that telecoms were seen as the second most trusted group, after banks, for securing personal information...
Comments (0)
Unmasking Agility: Cloud Reality or Myth of Marketing Hype?
April 30, 2012 Added by:Rafal Los
Agility is the ability of the IT department to provide services that adapt to the changing needs of your organization faster than before, with on-premise servers, systems and staff. Increasing your business' agility means that IT has done something to contribute to a business...
Comments (0)
The Patchwork Cloud - A Model Driven Approach
April 27, 2012 Added by:Rafal Los
As we discussed at OWASP AppSec APAC in Sydney recently, there is still too much focus being given to the security of infrastructure, and we're spending a disproportionate amount of time on the security of networks, servers, etc. rather than actually looking at the applications...
Comments (0)
Court Orders Megaupload Parties to Come Up with a Plan
April 25, 2012 Added by:Electronic Frontier Foundation
The government, which had originally seized files and still apparently holds all of Megaupload's financial assets, had argued that it had no obligation to make sure the files of innocent Megaupload users were returned and, in fact, believed that they could be destroyed...
Comments (0)
Cloud Adoption Tension: IT vs Business
April 19, 2012 Added by:Ben Kepes
On the side of IT it’s all about security, control and transparency. On the side of the business, it’s years of frustration at slow and cumbersome IT procurement processes – they want to get stuff done. It’s fair to say that we’re still in the Wild West of cloud adoption...
Comments (0)
ENISA: Guidelines for Monitoring Cloud Computing Contracts
April 05, 2012
Cloud computing services are increasingly important for governments and businesses, and information security is a key pain-point. To help solve this problem ENISA released a guide focusing on continuous security monitoring throughout the life-cycle of a cloud contract...
Comments (0)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform