Be cloudy and secure...


Top Stories

Speaker Bio Sesh Murthy is the Co-Founder and CTO of Cloud Raxak. Before Cloud Raxak, he was the Vice President of Cloud Innovation at IBM Global Services. He has 29 years of experience in creating value for customers in cloud and technology services. His expertise includes cloud architecture and security, management service automation, strategic outsourcing, software, sales, and distribution. Download Slide Deck: ▸ Here Download Slide Deck: ▸ Here Enabling FinTechs for Success through Business-Driven Cloud Security FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. Download Slide Deck: ▸ Here In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, showed how proactive and automated cloud security enables FinTec... (more)

TechTarget: Cloud Storage Security at @CloudExpo NY | #SDN #DataCenter

At least 25% of workloads will never run on a public cloud, predicted Jeff Katzen, director of cloud practice at CenturyLink, a provider of everything from Internet and TV for homes to enterprise-grade cloud hosting services for global companies. During his Cloud Expo presentation, Katzen talked about CenturyLink clients whose decisions to implement hybrid cloud projects rest almost exclusively on their desire to control of some of their data, and protect it in very specific ways. "They want the ability to leverage a public cloud, but they also have very stringent security controls, so they also want dedicated security devices sitting in front of the public cloud platform," Katzen said. The key to utilizing cloud technology for all it's worth is to understand where its value can be applied to your unique architecture, he explained. Read TechTarget review here. @D... (more)

How to Turn Your Microwave into a Camera | @ThingsExpo #IoT #M2M #Security

You can turn a microwave into a camera and I’ll teach you how in a minute, but before I do, let me share this news item. In a recent interview with a reporter from the Bergen Record, Kellyanne Conway was asked about surveillance. She responded: “There are many ways to surveil each other now, unfortunately. There was an article this week that talked about how you can surveil someone through their phones, certainly through their television sets, any number of different ways. And microwaves that turn into cameras, etc. So we know that that is just a fact of modern life.” On its face, her statement about “microwaves that turn into cameras, et cetera” is ridiculous. It reminds me of the late Sen. Ted Stevens’ famous “Tubes” speech. I went right after “Uncle Ted” for his techno–faux pas, but even then, there were bigger issues to consider. It would be exceptionally easy ... (more)

Data Security in the Cloud, NoSQL & Big Data Systems

So, you have been using or thinking of employing the power of NoSQL and the emerging distributed data processing technologies such as Hadoop for your enterprise. These new frameworks provide several benefits including performance and also offer cost-effective solutions. These technologies also come with certain areas that are still in the process of design and development of which security is prominent. I'd like to discuss on the security best practices as these technologies shape up and as the adoption grows. Subscribe to this blog to stay tuned on the updates. Also, if you'd like to contribute to the design of security for modern frameworks, I'd love to hear from you. ... (more)

New Security Models for the 'Internet of Things' | @ThingsExpo [#IoT]

The Internet of Things needs an entirely new security model, or does it? Can we save some old and tested controls for the latest emerging and different technology environments? In his session at Internet of @ThingsExpo, Davi Ottenheimer, EMC Senior Director of Trust, will review hands-on lessons with IoT devices and reveal privacy options and a new risk balance you might not expect. Download Slide Deck: ▸ Here Speaker Bio: Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of the book "Securing the Virtual Environment: How to Defend the Enterprise Against Attack," published in May 2012 by Wiley. He formerly was responsible for security at Barclays Global Investors (BGI), the world's largest... (more)

Rip and Replace Won't Solve Twitter's Security Problems

Twittergate is (thankfully) behind us but it’s almost assuredly going to be the case that we’ll be rehashing this one for a while. This certainly isn’t the first time Twitter and security issues have clashed, and as in the past Twitter (and really any very public application in a similar situation) is the clear loser. And of course there comes the unsolicited advice offered regarding what Twitter needs to do to address its security issues. I am, of course, ignoring the fact that it wasn’t really even Twitter’s security that was breached and thus led to the offering of said advice. But let’s just pretend for a moment that Twitter still has security problems based on other, documented breaches in its security. You know, just like you and the 94% of other organizations out there that indicated they’ve experienced a breach in security in the last 6 months which goes a... (more)

Where Security and Current Events Meet

Yesterday we started getting floods of malware alerts for machines on many different networks that we manage going out to a site that was identified a while ago for MS08-067 type activity. So we did our due diligence and notified our clients that we were seeing this traffic attempting to leave their network. As of now the alerts are still coming in. If you've watched the news at all over the past couple of days you've heard about the events in Austin, TX involving a plane being intentionally flown into an IRS building there. Thankfully only the pilot was killed and our thoughts go out to everyone who has been a part of that terrible situation. So what do these two things have to do with each other? Well upon further inspection of the alerts we were seeing I noticed that it was all http traffic to one particular IP address and if it was indeed real malware calling home... (more)

Security Concerns with Private Cloud on TechNet Radio (Part 1)

In today's episode Sr. IT Pro Evangelists Blain Barton and Dan Stolts talk candidly about Security concerns and issues many IT Pros and organizations face today when thinking about Cloud Computing. Tune in as they discuss the Security Lifecycle, from assessing physical vulnerabilities within your company to how to defend your IT infrastructure as well as your data in the cloud. You can found the video and audio of the TechNet Radio show at: TechNet Radio: IT Time - Private Cloud Security Basics (Part 1) Security Concerns Private Cloud Security in the datacenter Physical Security Wireless Security Public Cloud o Certificates; Public keys; Private keys Planning is vital Security Life Cycle Business Continuity and Disaster Preparation Vulnerability Assessment Loss of Data Hacking Internal compromise Denial of Service DoS Biometrics Cameras Security PLAN Much, much more... (more)

JP Morgan Chase Suffers Massive Hack

JP Morgan Chase has announced that in June and July of this year over 76 million retail clients and over 7 million business clients had there personal information stolen from various company websites. The sites identified were:, JPMorganOnline, Chase Mobile and JPMorgan Mobile. At this time it appears that what was stolen was the clients; names, addresses, phone numbers and email addresses. The company did say that at this time “there is no evidence that your account numbers, passwords, user IDs, date of birth or Social Security number were compromised during this attack.” While it is at least reassuring that the breach did not get access to the more sensitive client account information, it is still troubling that once again a major hack has penetrated what we customers always assumed was a secure facility. And while it is true that the bank has not seen a... (more)

Burden of Security at 'Dev' in #DevOps By @Parasoft | @DevOpsSummit

Cloud Shifts the Burden of Security to Dev The move to the cloud brings a number of new security challenges, but the application remains your last line of defense. In his session at 15th Cloud Expo, Arthur Hicken, Evangelist at Parasoft, to discuss how developers are extremely well-poised to perform tasks critical for securing the application - provided that certain key obstacles are overcome. Speaker Bio: Arthur Hicken has been involved in automating various practices at Parasoft for almost 20 years. He has worked on projects including database development, the software development lifecycle, web publishing and monitoring, and integration with legacy systems. Arthur has worked with IT departments in companies such as Cisco, Vanguard, and Motorola to help improve their software development practices. He has taught at the College of DuPage in Illinois as well as dev... (more)

Putting the Year of the Data Breach to Rest By @Vormetric | @CloudExpo [#Cloud]

Tis’ the season – the season where I look back at predictions I made last year, the season where I evaluate and take a deep dive into the breach landscape and the season where I look into where 2015 is headed. In a March 2014 blog post, I discussed how the sheer amount of data breaches (i.e. Target, Adobe, Korea Credit Bureau, Neiman Marcus) is a clear sign cybercrime will continue to rise. We will dive into those predictions, stepping through where we stand today. But before we do so, we’ll provide a quick review on where we stand within the data breach landscape. 2014 Data Breach landscape: August 31, 2014: iCloud An alleged perpetrator was exposed on Reddit. The mainstream media leapt on to the story and got reactions from affected celebrities. The individual responsible for the breach used 4Chan to offer explicit videos from celebrities’ phone, as well as more t... (more)