Be cloudy and secure...


Top Stories

It’s safe to say, nearly all enterprise network security teams tightly control what physical devices get connected to their networks. Most have clearly defined process and procedures in place with regard to controlling and securing any new devices plugging into their physical networks. Industry statistics show that the vast majority of security breaches initiate from inside the network, and not from an intruder penetrating the perimeter, physical network access control has become standard practice. As a result, it is increasingly rare to allow anyone in an organization to plug in a new server or system without first making sure the new device has been adequately secured in accordance with their corporate security standards including anti-virus protection, firewall policies, etc.  For physical devices, the process begins as soon as the ‘box’ hits the receiving dock; ... (more)

Poll Confirms Cloud Security Concerns

Sam Gross is Vice President of Global IT Outsourcing Solutions at Unisys Corporation, where he leads the vision, strategy, technology development and implementation for Unisys innovative global IT outsourcing solutions. He is a recognized industry expert and thought leader in business and IT alignment, application management, service level management and enterprise systems management. Here's his latest Tweet: Sam_Gross: Poll shows security concerns top other barriers to cloud computing by ~35 percentage points. See results, lower right: ... (more)

The Neglected Flipside of SOA Security

Joe McKendrick kicks off a thread on the current state of SOA Security. As usual, most discussion of SOA Security applies to "how SOA can be made secure". This is understandable. And, as some commentators have pointed out, there is a body of Best Practice out there on how to secure services in an SOA. For example, Randy Heffner provides lots of good advice on how to secure the services in an SOA) But, there has been relatively little debate on the flipside of SOA Security - how SOA can apply to security. Because, really, "SOA Security" is two separate things, solving two separate ... (more)

Security Enhanced OpenSolaris Drupal Stack on EC2

Over the last few months, I have had a number of postings that have talked about security enhanced virtual machine images that we have made available on Amazon Web Services. The goal behind this work was to look at how we could improve baseline security in both virtualized and Cloud Computing computing environments by pre-integrating industry accepted recommended security settings. Organizations leveraging our work would have fewer security steps to undertake as our images were configured to be compliant with the recommendations published by the Center for Internet Security as pa... (more)

Craig Balding: The Belgian Beer Lovers Guide to Cloud Security

This slide presentation by Craig Balding is informative not only about Cloud security but about Belgian beer also. And I have to tip my hat to anyone who can do a full beer-themed presentation about Cloud security and not make a corny joke about "cloudy" beer. The slides are here: ... (more)

Websense Unveils TRITON Architecture Unifying Web, Data and Email Security

Websense, a provider of content security, on Wednesday introduced the new Websense TRITON unified security architecture, combining Websense Web, data and email security technologies into a single platform delivering unified content analysis and management. The Websense TRITON architecture integrates the real-time Web content analysis and malware protection of the Websense Web Security Gateway with Websense Data Security Suite and Websense Email Security to protect organizations and their essential information from blended threats and targeted attacks while easing administration a... (more)