Trend Cloud Security Blog – Cloud Computing Experts
Currently Browsing: public cloud
The Pirate Bay: First Ever Working Redundant Array of Inexpensive Clouds?
Posted by Dave Asprey in Ambient Cloud, DataCenter, public cloud Nov 27th, 2012 | No Comments It’s really interesting to see that the Pirate Bay just found a new reason to get rid of its physical servers in exchange for moving to the cloud. Sure, lots of companies have made the move from physical servers to virtual servers to cloud, but it’s ironic that The Pirate Bay is inadvertently leading the charge towards more resilient cloud computing. The new architecture of The Pirate Bay is a highly variable cloud environment that looks more like an ambient cloud, or at least a distributed cloud, than a centralized cloud. The history of the cloud has taught us that things on the fringe... 10 Steps to Securing Your Journey to the Cloud
Posted by Jonathan Gershater in Cloud, Cloud-based Security, public cloud, Securing the Cloud, Security Sep 17th, 2012 | No Comments Consumers are understandably hesitant about using applications and storing data in the public cloud. Concerns such as: “Is my data secure?” “Who has access to my data?” “What happens if the public cloud provider suffers a breach?” or “Who is responsible if my data is exposed?” are common as they consider making the journey to the cloud. Despite an inherent loss of control with cloud computing, the consumer still bears some responsibility for their use of these services. The Cloud Standards Customer Council published the “Security for Cloud Computing: 10 Steps to Ensure Success”... The Hidden 3rd Party “Vulnerability” in Google Drive
Posted by Dave Asprey in Cloud, Privacy, Compliance and Identity, public cloud Apr 25th, 2012 | 4 Comments In 1998 I helped to create one of the first modern cloud services at Exodus Communications, and since then there has been a nagging concern in the back of my mind that legacy government interpretations of our Fourth Amendment rights would smack down enterprise adoption of cloud computing. That didn’t happen, thankfully. But now the Terms of Service for the new Google Drive may open a new legal argument that hurts adoption of cloud storage for everyone. To see why this can happen, it helps to understand how courts interpret the Fourth Amendment to the US Constitution, which provides that the... HIPAA hiccups
Posted by Jonathan Gershater in Cloud, Deep Security, Malware, Privacy, Compliance and Identity, public cloud, Securing the Cloud, Security, Threats Apr 2nd, 2012 | Comments Off Not a month goes by when there isn’t an announcement of a breach of electronic health records thereby disclosing personal and financial data; and that excludes breaches that are not publicly acknowledged. In a recent report from the American National Standards Institute (ANSI), 18 million Americans have had their personal health information stolen over the past two years. So one has to ask: considering the financial and legal implications of a breach of health records, why don’t organizations deploy security solutions to protect electronic health records? Answers often offered by CIOs... Where to store cloud encryption keys? Adhere to compliance guidance.
Posted by Jonathan Gershater in Cloud, Cloud-based Security, Privacy, Compliance and Identity, public cloud, Securing the Cloud, Security Mar 28th, 2012 | Comments Off I recently read a blog post outlining how a customer should evaluate where they should store their encryption keys when encrypting data in the cloud. The post outlines the various options for storing keys and concludes, “Enterprises must assess their risk tolerance and audit requirements before they can select a solution that best meets their encryption key management needs.“ I completely agree with the post. Risk tolerance assessments and adherence to audit standards are essential elements of any quality data security program. I would argue though, that if the customer is following... Government Data Seizures is Only One Type of Data Loss
Posted by Christine Drake in Cloud, Privacy, Compliance and Identity, public cloud, Securing the Cloud Jan 18th, 2012 | 1 Comment Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”). The U.S. might seize your data or other governments might gain access for a multitude of reasons. Even if your government doesn’t have laws that allow data access, they may work with a government that does, and may hand over your data—perhaps without your knowledge. But governmental seizure of data is only a small component of potential data loss. It doesn’t really... How do you know you won’t get bubonic plague at hotels?
Posted by Jonathan Gershater in Cloud, Cloud-based Security, public cloud, Securing the Cloud, Security Nov 10th, 2011 | 1 Comment Perhaps bubonic plague is uncommon, but influenza or cold germs are easily transmitted in the public domain. What degree of assurance do you have that when you check into your hotel room, that it is safe and sanitized? The hotel employs a cleaning staff and adheres to standards of cleanliness and hygiene to ensure your room is clean. However, door knobs, elevator buttons etc handled by the other guests all day, are an avenue of transport for infection. These are some of the risks we take in daily public life – our own immune systems and personal hygiene help to ward off illness and infection. When... Cloud and the merits of host based security
Posted by Jonathan Gershater in Cloud, Cloud-based Security, Deep Security, Privacy, Compliance and Identity, public cloud, Security Nov 9th, 2011 | Comments Off At cloudexpo yesterday, I chatted with Allan Allison, after his session on cloud security. Subsequently, I read his blog post which advises organizations considering the cloud, how they can leverage compliance factors when selecting a cloud provider (for example if the customer’s data is subject to HIPAA, HITECH, PCI and similar regulations). When you migrate to the cloud, compliance factors are one item to consider, security is another. If your applications and data are hosted on physical servers in your datacenter, under your control, security can be achieved with in-line network appliances... What Are the True Dangers of the Cloud?
Posted by Christine Drake in Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization Sep 8th, 2011 | 7 Comments We often hear that security and privacy concerns are the main inhibitors to cloud adoption. But what are the true threats? Is the cloud really more dangerous than your on-site data center? I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation. There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical... Encryption is Not Enough for Cloud Security
Posted by Christine Drake in Cloud, Deep Security, hybrid-cloud, IaaS, Privacy, Compliance and Identity, private cloud, public cloud, Securing the Cloud Sep 1st, 2011 | 5 Comments By saying that encryption is not enough for cloud security, I don’t mean that you also need other types of protection like server security, identity management, etc. I think most people deploying cloud computing plan to implement more than encryption for security. What I mean is that encryption alone is not enough in an encryption solution when it comes to cloud environments. Of course, industry-standard encryption is essential, but it’s table stakes. When dealing the multi-tenant nature of the public cloud, or even the inter-departmental shared resources of a private cloud, how encryption... 
Subscribe
