Be cloudy and secure...

Security


Top Stories

Speaker Bio Sesh Murthy is the Co-Founder and CTO of Cloud Raxak. Before Cloud Raxak, he was the Vice President of Cloud Innovation at IBM Global Services. He has 29 years of experience in creating value for customers in cloud and technology services. His expertise includes cloud architecture and security, management service automation, strategic outsourcing, software, sales, and distribution. Download Slide Deck: ▸ Here Download Slide Deck: ▸ Here Enabling FinTechs for Success through Business-Driven Cloud Security FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. Download Slide Deck: ▸ Here In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, showed how proactive and automated cloud security enables FinTec... (more)

TechTarget: Cloud Storage Security at @CloudExpo NY | #SDN #DataCenter

At least 25% of workloads will never run on a public cloud, predicted Jeff Katzen, director of cloud practice at CenturyLink, a provider of everything from Internet and TV for homes to enterprise-grade cloud hosting services for global companies. During his Cloud Expo presentation, Katzen talked about CenturyLink clients whose decisions to implement hybrid cloud projects rest almost exclusively on their desire to control of some of their data, and protect it in very specific ways. "They want the ability to leverage a public cloud, but they also have very stringent security controls, so they also want dedicated security devices sitting in front of the public cloud platform," Katzen said. The key to utilizing cloud technology for all it's worth is to understand where its value can be applied to your unique architecture, he explained. Read TechTarget review here. @D... (more)

The Neglected Flipside of SOA Security

Joe McKendrick kicks off a thread on the current state of SOA Security. As usual, most discussion of SOA Security applies to "how SOA can be made secure". This is understandable. And, as some commentators have pointed out, there is a body of Best Practice out there on how to secure services in an SOA. For example, Randy Heffner provides lots of good advice on how to secure the services in an SOA) But, there has been relatively little debate on the flipside of SOA Security - how SOA can apply to security. Because, really, "SOA Security" is two separate things, solving two separate problems. The first, most obvious thing, is that it applies security to SOA. The problem it is solving here is "SOA is insecure". Randy Heffner's advice is good here: there are products and procedures for applying security to SOA. But, "SOA Security" also has the meaning of "applying SOA prin... (more)

Craig Balding: The Belgian Beer Lovers Guide to Cloud Security

This slide presentation by Craig Balding is informative not only about Cloud security but about Belgian beer also. And I have to tip my hat to anyone who can do a full beer-themed presentation about Cloud security and not make a corny joke about "cloudy" beer. The slides are here: http://cloudsecurity.org/2009/09/21/slides-from-my-brucon-talk-the-belgian-beer-lovers-guide-to-cloud-security/ ... (more)

2010 Year End Security Wrap

Figured I’d write this now since many of you will be celebrating the holidays over the next couple weeks and who really wants to read a blog when you’re reveling with family and friends.  It’s been an interesting year for information security, and for me too.  I started the year with New Decade, Same Threats? and wondered if the 2010 predictions of: social media threats, smarter malware/botnets, using the cloud for crime, financial DDoS, rogue software, Mac and Mobile malware, more breaches and a whole host of others would come through.  And boy did they. Social media was a prime target for crooks with the top sites as top targets.  Users were tricked to accepting and sharing friends that really weren’t friendly and social networks became a new hotbed for malware distribution.  As for malware, while many botnets and spam outfits got taken down this year, Stuxnet wa... (more)

Database Security in the Cloud

We often get requests for best practices related to relational database security in the context of cloud computing. People want to install their database of choice, whether it be Oracle, MySQL, MS SQL, or IBM DB2… This is a complex question but it can be broken down by asking “what’s new in the cloud?” Many techniques that have existed for ages remain important, so let’s briefly review database security in general. Database Security in Context A database usually does not stand alone; it needs to be regarded in the light of the environment it inhabits. From the security perspective, it pays to stop and think about: Application security. The application which uses the database (“sits atop” the DB) is itself open to various attacks. Securing the application will close major attack vectors to the data, such as SQL injection Physical security. In the cloud context, it mea... (more)

How Risky Are Your APIs?

Andi Mann from CA Technologies recently pointed out that, at every turn, customers are interacting more and more with businesses through applications. "Think of real estate businesses like Trulia, Zillow and Realtor.com," he wrote in Wired's Innovation Insights. "Or think about restaurants. It used to be that we'd call a restaurant to make a reservation, or even drop in and make a reservation. Now it's all on-line, through OpenTable, or Foursquare." This is the emergence of the Application Economy, where the application becomes the primary point of contact between the business and the customer. Much of this is being made possible through the use of Application Programming Interfaces (APIs) to link front-end applications to back-end information systems. This approach is exploding in popularity because it builds on well-understood techniques from the web and leverages ... (more)

Cisco To Present at Cloud Expo Silicon Valley and @ThingsExpo

It's time to face reality: "Americans are from Mars, Europeans are from Venus," and in today's increasingly connected world, understanding "inter-planetary" alignments and deviations is mission-critical for cloud. In her session at 15th Cloud Expo, Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems, will discuss cultural expectations of privacy based on new research across these elements: Applicable Laws: What constitutes data sovereignty, personal data and data breaches Lawful interception: How consumers feel about the means that governments use to obtain data from cloud services User Consent: The ability of third parties to gather data from cloud services for the purposes of business, health and even marketing purposes. Speaker Bio: Evelyn de Souza is a cloud compliance and data privacy strategy leader at Cisco responsible for championing ... (more)

How DevOps Became the New Normal | @DevOpsSummit [#DevOps]

How DevOps Became the New Normal Just last year, a CA Technologies and Vanson Bourne survey revealed that DevOps was not a sure-fire hit— 16 percent of senior IT professionals did not know what DevOps was, and an additional 18 percent had no plans to adopt it. Fast forward one year and the results tell an entirely new story. 88 percent of respondents had already adopted DevOps or plan to do so, up from 66 percent last year. In addition to senior IT professionals, this year’s respondents expanded to include senior Line-of-Business executives—precisely the people you’d expect would not know as much about DevOps. So how has DevOps become the new normal? The application economy happened – or, rather, it accelerated so quickly that enterprises have no choice but to consider DevOps.  In our most recent global survey on the application economy, 94% of Line of Business exec... (more)

How to Turn Your Microwave into a Camera | @ThingsExpo #IoT #M2M #Security

You can turn a microwave into a camera and I’ll teach you how in a minute, but before I do, let me share this news item. In a recent interview with a reporter from the Bergen Record, Kellyanne Conway was asked about surveillance. She responded: “There are many ways to surveil each other now, unfortunately. There was an article this week that talked about how you can surveil someone through their phones, certainly through their television sets, any number of different ways. And microwaves that turn into cameras, etc. So we know that that is just a fact of modern life.” On its face, her statement about “microwaves that turn into cameras, et cetera” is ridiculous. It reminds me of the late Sen. Ted Stevens’ famous “Tubes” speech. I went right after “Uncle Ted” for his techno–faux pas, but even then, there were bigger issues to consider. It would be exceptionally easy ... (more)

Rip and Replace Won't Solve Twitter's Security Problems

Twittergate is (thankfully) behind us but it’s almost assuredly going to be the case that we’ll be rehashing this one for a while. This certainly isn’t the first time Twitter and security issues have clashed, and as in the past Twitter (and really any very public application in a similar situation) is the clear loser. And of course there comes the unsolicited advice offered regarding what Twitter needs to do to address its security issues. I am, of course, ignoring the fact that it wasn’t really even Twitter’s security that was breached and thus led to the offering of said advice. But let’s just pretend for a moment that Twitter still has security problems based on other, documented breaches in its security. You know, just like you and the 94% of other organizations out there that indicated they’ve experienced a breach in security in the last 6 months which goes a... (more)