Posted by
Justin Foster in
Secure Data Centers, Securing the Cloud
Oct 28th, 2009 |
1 Comment
Portability and interoperability in cloud computing may seem tangential to security, but avoiding vendor lock-in is about more than having access to competitive pricing or better service. When relying on a single provider there is inherent risk, especially in the availability of the service and data.
Throughout history the need for portability and interoperability has usually been dealt with through standardization. Standard railroad gauges enabled cross continental travel, just as TCP/IP unlocked worldwide communications. It’s not surprising then, that many people look at cloud computing...
Posted by
admin in
Securing the Cloud
Oct 26th, 2009 |
2 Comments
Trend Micro has been talking to many data center security folks and Infrastructure-as-a-Service (IaaS) providers to understand the dynamics of cloud security. Something that strikes me is their frequent (mis)perception that the Infrastructure-as-a-Service provider will take care of security in the public cloud.
IaaS providers are doing a decent job of baseline security (physical security, perimeter firewall, load balancing, perhaps a network IDS/IPS, etc) and have to provide a basic ante to the game. While the occasional IaaS vendor strives to differentiate themselves with higher degrees of...
Posted by
Andrew in
Securing the Cloud
Oct 20th, 2009 |
Comments Off
Adding to what my colleague Todd has written on the Microsoft/Danger data loss issue…
What has been billed as a large scale failure of cloud computing, more specifically, cloud storage, is making headlines and generating lots of heat but little light.
Major outage hits T-Mobile Sidekick users: “Users of T-Mobile’s Sidekick have been suffering through a major outage over the past several days that left many without access to the Web or their address books.”
Lawsuits filed over Sidekick outages: “In that lawsuit, Thompson’s lawyers argue why the outage...
Posted by
admin in
Securing the Cloud
Oct 19th, 2009 |
Comments Off
T-Mobile USA’s Sidekick mobile phone service operated by Microsoft’s Danger subsidiary encountered a service disruption that resulted in some Sidekick phone customers losing their personal information including contact names, phone numbers and digital photos (the New York Times had a summary, and The Register has some juicy speculation on the origin of the outage). Many commentators used this episode and other recent “cloud” system outages to cast doubt on the reliability of cloud computing. I suggest taking a breath and a think.
What happened to Microsoft with Danger was an IT...
Posted by
Wei in
Cloud-based Security
Oct 13th, 2009 |
1 Comment
Andreas Marx and Maik Morgenstern presented their paper “Why in-the-cloud scanning is not a solution” at the recent Virus Bulletin 2009 conference. The paper provided a list of the shortcomings of cloud-based security. Over the past year or so there have been several discussions on this topic, but Marx and Morgenstern have done a good job articulating the issues. However, I’d like to counter their issues with some thoughts:
Issue #1: The implementations are not proactive, but reactive in nature, despite better response times to new threats.
Reality: Replacing hash signatures with...
Posted by
admin in
Cloud-based Security, Threats from the Cloud
Oct 9th, 2009 |
Comments Off
Amazon EC2 customers recently suffered from a concerted Distributed Denial of Service (DDoS) attack that caused some consternation for the web-based code hosting service Bitbucket (news courtesy of my favorite IT tabloid, The Register). An unfortunate fact of life about the massive DDoS such as Bitbucket appears to have suffered is that there is no defense once the incoming network pipes are full other than shutting off the DDoS.
Trend Micro has to wrestle with DDoS attacks as part of our antivirus business as well as our hosted security business (shameless sales plug: check out InterScan Hosted...
Posted by
Andy Dancer in
Uncategorized
Oct 6th, 2009 |
Comments Off
Every day brings more headlines about social networking, cloud computing and Software as a Service (SaaS). Each of these fast growth areas shares an important element in common – they rely on a movement of data from private computers into the public cloud. The theory goes that this data is protected by the service provider who is an expert in their field. But in very few cases is that field data security, and there are important implications that should be considered.
Security Researches call for Google and others to use SSL to protect all of the interactions with their services. I agree...
Posted by
admin in
Securing the Cloud, Virtualization
Oct 5th, 2009 |
Comments Off
Trend Micro CEO Eva Chen took part in a Security Experts Roundtable at the InformationWeek 500 Conference in September. She was joined by Pacific Northwest Labs’ Jerry Johnson, RSA’s Mischel Kwon, and Time Warner’s Renee Guttman who shared their thoughts with Alex Wolfe about the changing nature of threats and the challenge of securing the cloud. The panel had some interesting thoughts about about where to invest security dollars and how to securely realize the benefits of cloud computing.
Share/Bookmark
Posted by
admin in
Securing the Cloud
Oct 2nd, 2009 |
Comments Off
The US Federal Government recently announced its apps.gov portal for applications. This CNet News article provides a summary of what was announced by Federal CIO Vivek Kundra. apps.gov is a nice storefront featuring productivity applications to be used on non-sensitive data, and as such this announcement did not make big waves in the security community. These are some of the baby steps necessary before the Feds can consider moving more sensitive applications into the cloud.
While the US Government is talking cloud computing, it is effectively driving towards a private cloud so that they...
