Trend Cloud Security Blog – Cloud Computing Experts

HIPAA hiccups

Posted by Jonathan Gershater in Cloud, Deep Security, Malware, Privacy, Compliance and Identity, public cloud, Securing the Cloud, Security, Threats Apr 2nd, 2012 | Comments Off
Not a month goes by when there isn’t an announcement of a breach of electronic health records thereby disclosing personal and financial data; and that excludes breaches that are not publicly acknowledged.  In a recent report  from the American National Standards Institute (ANSI), 18 million Americans have had their personal health information stolen over the past two years. So one has to ask: considering the financial and legal implications of a breach of health records, why don’t organizations deploy security solutions to protect electronic health records? Answers often offered by CIOs... read more

Do You Encrypt Your Data? A Plea to Businesses from an Identity Theft Victim

Posted by Christine Drake in Cloud, Cyber crime, Privacy, Compliance and Identity, Securing the Cloud, Security, Threats Feb 2nd, 2012 | 1 Comment
Recently I became a victim of identity theft.  Criminals gained access to my name, address, date of birth, driver’s license number, social security number, and bank account number.  I’ve spent the last 10 years marketing Internet security solutions, but now I know firsthand how painful it can be to individuals when a data breach occurs. How did they get my personal information?  Working in the security industry, I’m pretty careful.  I’m good at recognizing phishing scams; emails that use various ploys to get you to reveal your personal information (see this paper I co-authored on the... read more

Government Data Seizures is Only One Type of Data Loss

Posted by Christine Drake in Cloud, Privacy, Compliance and Identity, public cloud, Securing the Cloud Jan 18th, 2012 | 1 Comment
Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”).  The U.S. might seize your data or other governments might gain access for a multitude of reasons.  Even if your government doesn’t have laws that allow data access, they may work with a government that does, and may hand over your data—perhaps without your knowledge. But governmental seizure of data is only a small component of potential data loss. It doesn’t really... read more

“Hey, You, Get Off of iCloud!”

Posted by Patrick Wheeler in Cloud, Cloud-based Security, Consumerization of IT, hybrid-cloud, Privacy, Compliance and Identity, private cloud, public cloud, SaaS, Securing the Cloud, Security, Threats, Virtualization Jun 20th, 2011 | 2 Comments
For all its hype iCloud does not represent a fundamentally new problem. Employees are already bringing personal devices to work and wanting to use them in their jobs, and these unmanaged devices are mixing personal and corporate data on a system that is outside the control of the security and IT teams. There are already many apps and cloud-based services for sharing data between users and between devices (such as Dropbox), and these services are giving security pros fits. What is new is that iCloud will make these things happen automatically, and potentially without the intent or even awareness... read more

Cloud Security Alliance Congress 2010 Summary – Part 3 of 4

Posted by Justin Foster in Cloud-based Security, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud, Virtualization Dec 7th, 2010 | 1 Comment
Cloud Security Alliance Congress 2010 Summary – Part 3 of 4 The Cloud Security Alliance kicked off its first major event November 16-17, 2010 in Orlando, Florida. The CSA Congress 2010 successfully hosted 370 people with talks covering all aspects of cloud security over two days. For those who were not in attendance at Congress, this four-part series will summarize some of the most popular sessions at the event. This is part three in a 4-part series of posts summarizing popular sessions at the Cloud Security Alliance Congress 2010 event held in November 2010 in Orlando, Florida. Keynote... read more

Security Challenges in the Virtual Datacenter

Posted by admin in Cloud-based Security, Privacy, Compliance and Identity, Secure Data Centers, Virtualization Nov 16th, 2010 | Comments Off
As effective as today’s malware detection may be in physical environments, implementing a solution designed for these environments creates new challenges in the virtual world by not taking into account their inherent differences. These challenges directly impact the ability of enterprise virtualization efforts in their movement from cost-efficiency to quality of services and ultimately, to business agility. It is this last stage where IT can truly be delivered as a service – or via a cloud – and business can request these services on-demand. Trend Micro has an informative White Paper on this... read more

Divide and Reduce Risk: Segregation of Duties in the Cloud

Posted by admin in Cloud-based Security, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud, Virtualization Sep 21st, 2010 | Comments Off
Divide and Reduce Risk: Segregation of Duties  in the Cloud   Author: Todd Thiemann   Plenty of regulatory regimes mandate that enterprises have a segregation of duties or separation of duties (we will use the terms interchangably in this post) as a required internal control mechanism. Separation of duties divides the responsibility of a critical task among different people and provides “checks and balances” against fraud or error. ISACA has a nice journal article about Segregation of Duties here and Nick Szabo writes about the concept  here. Internal controls and Separation of Duties apply... read more

Top 5 Myths of Cloud Computing Security

Posted by admin in Securing the Cloud Jun 13th, 2010 | 1 Comment
As I read different blogs, IT industry analysts and media, I see contradictions galore.  Some articles position cloud computing as more secure (like this one) while other journalists highlight new security challenges (here, here, here and here).  The concept of the cloud is still emerging and fallacies around cloud computing abound.  Below are the five myths that I encounter most frequently while listening to conversations about cloud computing: 1) Virtual private clouds provided by Infrastructure-as-a-Service (IaaS) players are as secure as internal datacenters “Virtual private clouds”... read more

In the Cloud We Trust

Posted by Wael in Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud Apr 2nd, 2010 | Comments Off
This interview is the second in my series of talking with our partners to discuss the challenges posed by physical, virtual and cloud environments.  In early March Trend Micro entered into a partnership with Qualys to sell the QualysGuard IT Security and Compliance Suite along with Trend Micro Enterprise Security compliance offerings with the goal of providing a more comprehensive solution for customers worldwide.  This partnership delivers on Trend’s vision of “security that fits” by addressing both security and compliance needs. Recently I sat down with Philippe Courtot, Chairman and... read more

Cloud Security & Adoption Realities: OSSEC survey says…

Posted by admin in Cloud-based Security, Privacy, Compliance and Identity, Securing the Cloud Dec 18th, 2009 | Comments Off
OSSEC is an Open Source Host-based Intrusion Detection System project that has been around since 2003. It was acquired by Third Brigade in 2008, and then Third Brigade was acquired by Trend Micro in 2009. Trend Micro recently completed a global survey of the OSSEC installed base that yielded some interesting results. OSSEC performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alert and active response as ways to protect servers.  OSSEC has a phenomenally loyal base of users – we had 21% of the OSSEC email distribution list complete the survey (a... read more