Trend Cloud Security Blog – Cloud Computing Experts

Data Breach at Microsoft Highlights Security Problem in SaaS

Posted by Dave Asprey in Secure Data Centers, Securing the Cloud, Security, Threats, Uncategorized Dec 27th, 2010 | Comments Off
PC World reports that company data belonging to customers of Microsoft’s hosted business suite BPOS has been accessed and downloaded by other users of the software. Oops. Breaches have happened to Google, Microsoft, and countless other SaaS providers. Here, it was a relatively small breach where a misconfiguration – presumably by a Microsoft employee – created a hole globally.  To its credit, Microsoft spotted the problem and fixed it within 2 hours, and the data was relatively innocuous. But the damage is done. At the recent Gartner Data Center Conference, a room full of CIOs... read more

Will New Net Neutrality Policy Slow Enterprise Cloud Adoption?

Posted by Dave Asprey in Cloud-based Security, Secure Data Centers, Securing the Cloud, Security Dec 21st, 2010 | 7 Comments
For the past few years, ISPs and network providers have been clashing with large online media companies like Google, Yahoo, and YouTube over the concept of Net Neutrality.  At issue is the question of whether an ISP should be able to block or slow access to some networks,  some content, or some applications, and whether that ISP should be able to charge more for access or not. Today, ISPs charge only for bandwidth, regardless of how it’s used. The FCC just announced a compromise that allows ISPs to arbitrarily slow access to some content or to charge more for access to others. At first... read more

Conflict of Interest Leads to Big Malware Attack

Posted by Dave Asprey in Cloud-based Security, Cyber crime, Malware, Security, Threats, Threats from the Cloud, Uncategorized Dec 14th, 2010 | 2 Comments
(Ed. note: While the following does not strictly deal with “cloud security,” we thought it was of such a degree of importance to post it here.) Today’s disclosure by Google and Microsoft that they were tricked into serving malware highlights an inherent conflict of interest between advertising-based businesses and the security needs of their customers. Ad networks like Google and MSN get paid when they sell ads, so they naturally focus on being the best at selling ads. Because these ad networks don’t get paid to keep people’s computers secure, they spend just enough on security... read more

Cloud Security Alliance Congress 2010 Summary – Part 4 of 4

Posted by Justin Foster in Cloud-based Security, Cyber crime, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud, Virtualization Dec 13th, 2010 | Comments Off
Cloud Security Alliance Congress 2010 Summary – Part 4 of 4   The Cloud Security Alliance kicked off its first major event November 16-17, 2010 in Orlando, Florida. The CSA Congress 2010 successfully hosted 370 people with talks covering all aspects of cloud security over two days. For those who were not in attendance at Congress, this four-part series summarizes some of the most popular sessions at the event. This is the final part of a four-part series summarizing popular sessions at the Cloud Security Alliance Congress. Top Threats and Risks to Cloud Computing Michael Sutton from Zscaler... read more

Are Private Clouds Doomed by IT Departments?

Posted by Dave Asprey in Cloud-based Security, Privacy, Compliance and Identity, Securing the Cloud, Uncategorized, Virtualization Dec 13th, 2010 | Comments Off
I spent last week at Gartner’s Data Center Conference in Las Vegas and learned some very interesting things. Between the jam-packed conference tracks, the show floor, and the vendor-sponsored after-parties, there was just no time to count cards at the blackjack tables. That probably saved me a lot of money, since Caesar’s, which housed the conference, had $25 minimum bets. (ouch!) One of the more interesting sessions on cloud and security polled a large room of a few hundred IT execs about their concerns with internal clouds. They answered in this order: Culture and Politics Innovative... read more

Is the Federal Government’s Shiny New Cloud Secure?

Posted by Dave Asprey in Cloud-based Security, Cyber crime, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud, Virtualization Dec 9th, 2010 | 2 Comments
On December 5, 2010 the Washington Post printed this article: “Federal government moves forward with ‘cloud-first’ plan for new technology.” Trend Micro asked our VP of Cloud Security, Dave Asprey, to provide his thoughts and opinions about this government plan.  Here is what Dave wrote: It’s exciting to see that the GSA is leading the way to modernize the federal government’s IT by moving to “the cloud.”   However, in the rush to save money, the GSA may be repeating some mistakes that company IT departments have already made. To go to the cloud, the GSA had to... read more

Cloud Security Alliance Congress 2010 Summary – Part 3 of 4

Posted by Justin Foster in Cloud-based Security, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud, Virtualization Dec 7th, 2010 | 1 Comment
Cloud Security Alliance Congress 2010 Summary – Part 3 of 4 The Cloud Security Alliance kicked off its first major event November 16-17, 2010 in Orlando, Florida. The CSA Congress 2010 successfully hosted 370 people with talks covering all aspects of cloud security over two days. For those who were not in attendance at Congress, this four-part series will summarize some of the most popular sessions at the event. This is part three in a 4-part series of posts summarizing popular sessions at the Cloud Security Alliance Congress 2010 event held in November 2010 in Orlando, Florida. Keynote... read more

Why Identity Matters More in the Cloud Than the Enterprise

Posted by Dave Asprey in Cloud-based Security, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud Dec 6th, 2010 | Comments Off
The cloud is putting so much pressure on the old device-centric security model that it’s forcing a change to an identity-centric security model, where it matters far more who a person is than what device or network they are using. In a single day, one person might access cloud applications from his iPhone, home, main office, and Peet’s Coffee, and he may use his home PC, his work laptop, his phone, or even his Xbox. Trying to identify and secure what that person does based only on a device IP address or network address is simply a lost cause. But it gets worse because the same person may... read more

Cloud Security Alliance Congress 2010 Summary: Part 2 of 4

Posted by Justin Foster in Cloud-based Security, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud, Virtualization Dec 4th, 2010 | Comments Off
INTRODUCTION Cloud Security Alliance Congress 2010 Summary – Part 2 of 4 parts The Cloud Security Alliance kicked off its first major event November 16-17, 2010 in Orlando, Florida. The CSA Congress 2010 successfully hosted 370 people with talks covering all aspects of cloud security over two days. For those who were not in attendance at congress, this four-part series will summarize some of the most popular sessions at the event. Cloud Security Alliance Congress 2010 Summary – Part 2 This is part two in a series of posts summarizing popular sessions at the Cloud Security Alliance Congress... read more