Trend Cloud Security Blog – Cloud Computing Experts
Currently Browsing: Threats from the Cloud
Beyond Perimeter Defense to Data-Centric Security
Posted by Christine Drake in Cloud, Cloud-based Security, Consumerization of IT, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, VMware Oct 7th, 2011 | 1 Comment Traditionally businesses have focused their IT security on perimeter defense—blocking threats before they enter the network. This protection is still important. But with today’s cloud computing, mobile devices, and advanced persistent threats (APTs), businesses need security that protects their data wherever it travels and in whatever type of device it resides, requiring new data-centric security. Earlier this week, Trend Micro held its annual insight event for the analyst community and announced our new vision on data-centric security (see video clips of the event here and here). Back... What Are the True Dangers of the Cloud?
Posted by Christine Drake in Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization Sep 8th, 2011 | 7 Comments We often hear that security and privacy concerns are the main inhibitors to cloud adoption. But what are the true threats? Is the cloud really more dangerous than your on-site data center? I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation. There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical... Why Apple Should Release iFurnace Powered by iCloud: Another Case for Ambient Clouds
Posted by Dave Asprey in Cloud, Cloud-based Security, Threats from the Cloud Jul 27th, 2011 | Comments Off Check out the linked article from popsci.com. It reviews how researchers at Microsoft propose using servers installed in office buildings and apartments as “data furnaces” to keep people warm, effectively using what is today waste heat. This kind of thinking can help to prevent implementing “Super Cool Biz” programs in your city, as documented by John Hamalka, the CIO of Harvard Medical Center, who is attending Trend Micro’s Direction Conference in Japan. (I was planning to be there as well but my physician – not from Harvard – grounded me for a week or... The State of Cloud and Virtualization Security
Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, Deep Security, hybrid-cloud, IaaS, Malware, Privacy, Compliance and Identity, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud, Virtualization Jun 5th, 2011 | 1 Comment For the last few months, we’ve been conducting a cloud, virtualization, and VDI security survey of 1200 IT professionals from larger companies in 6 countries around the world. Not only did I get to help shape the questions on the survey, I’ve also been on the team interpreting the results. We’ve learned more than a few things we actually were not expecting to learn. Here is a collection of the most interesting top findings about the state of cloud and virtualization security. I’ll be blogging about some of them in more detail over the next few weeks, but in the meantime, here is the big... Ambient Cloud News: Skype protocol has been reverse engineered
Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, DataCenter, Deep Security, hybrid-cloud, IaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud Jun 2nd, 2011 | Comments Off This is pretty cool. I gave a talk last week at the Glue Conference in Denver about how ambient clouds ( http://cloud.trendmicro.com/good-clouds-evil-clouds-why-microsoft-has… )work and even used Skype as an example of a massive-scale ambient cloud. This case raises some very important new questions around ambient clouds. For instance, if you create an ambient cloud, one that you control using your own protocol, but where you have no control over when an endpoint may join it, what are the legal implications if someone else uses your protocol? In an open source world, slapping a lawsuit on... Chrome OS: So secure we don’t need security?
Posted by Rik Ferguson in Cloud, Cloud-based Security, Cyber crime, Malware, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud May 31st, 2011 | 2 Comments With the launch announcements of various Google Chrome netbooks, the focus of the press and security companies alike is beginning to take a closer look at the security promises made and also at some of the more ’media friendly‘ statements such as, “…users don’t have to deal with viruses, malware and security updates”. Let’s have a look at some of the security features of Chrome OS: 1 – Get out of my playpen. Each process runs in its own sandbox. Effectively this means that if an application is malicious or compromised, it is unable to interact with or otherwise affect... The Small Business Journey to the Cloud is Actually a Round Trip
Posted by Greg Boyle in Cloud, Cloud-based Security, DataCenter, hybrid-cloud, IaaS, PaaS, Privacy, Compliance and Identity, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization Apr 20th, 2011 | 2 Comments The Small Business Journey to the Cloud is Actually a Round Trip By Greg Boyle, Trend Micro Global Product Marketing Manager Many small businesses are still uncertain about cloud computing. They wonder if it can help with their profitability without being extremely risky. Let’s start by defining cloud computing in small business terms. There are two commonly agreed upon types of cloud computing: 1) software-as-a-service and 2) infrastructure-as-a-service. Software-as-a-service (SaaS) is cloud computing where the software you would normally install on your computers in the office is instead... New type of cloud emerges: Exploits as a Service (EaaS)
Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization Apr 7th, 2011 | 1 Comment For years now, if you knew where to shop on the shady side of the Internet cloud, you could pick up a botnet for cheap. But it was so much work to log in to IRC and pay with egold that a busy cybercriminal just couldn’t be bothered. That’s not a problem anymore, thanks to Robopak. Applying the latest cloud provisioning and marketing analytics technologies, they’ve created an entirely new type of cloud service, Exploits as a Service, or EaaS. Robopak’s EaaS lets you pay as little as $30 per day to access Java, PDF, and IE exploits and roll them out to build your cybercrime... Encryption in the Public Cloud: Advice for Security Techniques
Posted by Dave Asprey in Cloud, Cloud-based Security, public cloud, Securing the Cloud, Security, Threats from the Cloud, Virtualization Mar 23rd, 2011 | Comments Off Surveys indicate that security is the number 1 challenge about the cloud. Using encrypted, self-defending hosts mitigates many security-in-the-cloud issues. Dave Asprey, VP-Cloud Security for Trend Micro, presented to the SD Forum these 16 valuable points of advice regarding data privacy in the cloud. PLEASE CLICK ON THE “READ MORE” BUTTON TO ADVANCE DIRECTLY TO THE PRESENTATION. Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques Share/Bookmark Devops Does Not Make for Secure Ops
Posted by Dave Asprey in Cloud, Cloud-based Security, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Threats from the Cloud Mar 22nd, 2011 | 7 Comments In our hectic cloud-based world, devops (the mixing of infrastructure operations with software development) has become the standard way we build and run high-scale sites from IaaS to SaaS. There are lessons to be learned from how we got here, especially because devops isn’t very security friendly. Here’s how we got to this sorry state, from the perspective of someone who started working on cloud infrastructure in 1998. I’ve run both dev and ops functions in multiple cloud environments and launched two early cloud computing services. I also ran the Web & Internet Engineering program for... 
Subscribe
