Posted by
Mark Nunnikhoven in
Cloud
Apr 3rd, 2013 |
No Comments
Last week, we tackled the basics of monitoring your AWS deployment. This week we’re going to shift gears and take a look at encryption.
Data Drives Your Business
Your business runs on data and information. One of the biggest concerns about moving to the public cloud is the safety of that data. With a little due diligence, you can put those concerns to bed.
There are three key steps to protections your data in the cloud:
Identify and classify your data
Protect your data at rest
Protect your data in motion
Identify & Classify
You can’t take steps to protect your data until you...
Posted by
Christine Drake in
Cloud, Cyber crime, Privacy, Compliance and Identity, Securing the Cloud, Security, Threats
Feb 2nd, 2012 |
1 Comment
Recently I became a victim of identity theft. Criminals gained access to my name, address, date of birth, driver’s license number, social security number, and bank account number. I’ve spent the last 10 years marketing Internet security solutions, but now I know firsthand how painful it can be to individuals when a data breach occurs.
How did they get my personal information? Working in the security industry, I’m pretty careful. I’m good at recognizing phishing scams; emails that use various ploys to get you to reveal your personal information (see this paper I co-authored on the...
Posted by
Christine Drake in
Cloud, Privacy, Compliance and Identity, public cloud, Securing the Cloud
Jan 18th, 2012 |
1 Comment
Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”). The U.S. might seize your data or other governments might gain access for a multitude of reasons. Even if your government doesn’t have laws that allow data access, they may work with a government that does, and may hand over your data—perhaps without your knowledge.
But governmental seizure of data is only a small component of potential data loss. It doesn’t really...
Posted by
Christine Drake in
Cloud, Deep Security, hybrid-cloud, IaaS, Privacy, Compliance and Identity, private cloud, public cloud, Securing the Cloud
Sep 1st, 2011 |
5 Comments
By saying that encryption is not enough for cloud security, I don’t mean that you also need other types of protection like server security, identity management, etc. I think most people deploying cloud computing plan to implement more than encryption for security. What I mean is that encryption alone is not enough in an encryption solution when it comes to cloud environments.
Of course, industry-standard encryption is essential, but it’s table stakes. When dealing the multi-tenant nature of the public cloud, or even the inter-departmental shared resources of a private cloud, how encryption...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, Deep Security, hybrid-cloud, IaaS, Malware, Privacy, Compliance and Identity, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud, Virtualization
Jun 5th, 2011 |
1 Comment
For the last few months, we’ve been conducting a cloud, virtualization, and VDI security survey of 1200 IT professionals from larger companies in 6 countries around the world. Not only did I get to help shape the questions on the survey, I’ve also been on the team interpreting the results.
We’ve learned more than a few things we actually were not expecting to learn. Here is a collection of the most interesting top findings about the state of cloud and virtualization security. I’ll be blogging about some of them in more detail over the next few weeks, but in the meantime, here is the big...
Posted by
Dave Asprey in
Citrix, Cloud, Cloud-based Security, cloudbursting, Deep Security, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Virtualization, VMware
May 25th, 2011 |
Comments Off
Today at Synergy, Citrix announced “Project Olympus,” effectively making open source clouds a more viable option for enterprises. In the past, it was cloud providers like Rackspace who tended to focus on open source cloud infrastructure, while enterprises tended to make more conservative choices where support contracts were available.
The new support from Citrix, along with about 60 other supporting commercial hardware and software vendors, should go a long way towards helping enterprises see OpenStack as an enterprise-grade choice of cloud infrastructure. Enterprises can now get a Citrix-certified...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization
Apr 7th, 2011 |
1 Comment
For years now, if you knew where to shop on the shady side of the Internet cloud, you could pick up a botnet for cheap. But it was so much work to log in to IRC and pay with egold that a busy cybercriminal just couldn’t be bothered.
That’s not a problem anymore, thanks to Robopak. Applying the latest cloud provisioning and marketing analytics technologies, they’ve created an entirely new type of cloud service, Exploits as a Service, or EaaS. Robopak’s EaaS lets you pay as little as $30 per day to access Java, PDF, and IE exploits and roll them out to build your cybercrime...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, public cloud, Securing the Cloud, Security, Threats from the Cloud, Virtualization
Mar 23rd, 2011 |
Comments Off
Surveys indicate that security is the number 1 challenge about the cloud. Using encrypted, self-defending hosts mitigates many security-in-the-cloud issues. Dave Asprey, VP-Cloud Security for Trend Micro, presented to the SD Forum these 16 valuable points of advice regarding data privacy in the cloud.
PLEASE CLICK ON THE “READ MORE” BUTTON TO ADVANCE DIRECTLY TO THE PRESENTATION.
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Share/Bookmark
Posted by
Ron Clarkson in
Cloud, Cloud-based Security, Cyber crime, Malware, SaaS, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud
Jan 7th, 2011 |
1 Comment
Not too long ago, a friend of mine switched from iPhone to Android and he was quite loud about it on his Facebook wall, exclaiming that it was nice to have a phone that let you “make your own decisions.” This is a pretty common theme that I hear again and again from newly converted Android devotees and I think it’s pretty cool because let’s face it, our phones are an extension of our personalities. Whether it’s the ability to use removable storage or the ability to install any app you want, Android certainly offers the most freedom of any of the popular smartphones...
Posted by
Dave Asprey in
Cloud-based Security, Secure Data Centers, Securing the Cloud, Security
Dec 21st, 2010 |
7 Comments
For the past few years, ISPs and network providers have been clashing with large online media companies like Google, Yahoo, and YouTube over the concept of Net Neutrality. At issue is the question of whether an ISP should be able to block or slow access to some networks, some content, or some applications, and whether that ISP should be able to charge more for access or not. Today, ISPs charge only for bandwidth, regardless of how it’s used.
The FCC just announced a compromise that allows ISPs to arbitrarily slow access to some content or to charge more for access to others.
At first...
