Trend Cloud Security Blog – Cloud Computing Experts

5 Questions to Ask Your Security Vendor about AWS

Posted by Justin Foster in Cloud Apr 30th, 2013 | No Comments
Over the past weeks we have been reviewing the top 10 tips for securing instances running on Amazon Web Services. We walked through the critical controls as part of the AWS shared security model. As noted in these tips, host-based security capabilities such as intrusion detection and prevention, anti-malware, and integrity monitoring are critical for protecting your applications and data. While some of these recommended tips involve configuring and tuning AWS itself, some require the use of third-party tools. So when looking for candidates for securing your cloud projects, here are five questions... read more

Top 10 AWS Security Tips: #9 Conduct Vulnerability Assessments

Posted by Justin Foster in Cloud Apr 10th, 2013 | No Comments
In this series, Mark and I have talked about hardening your AWS resources (both inside and outside of your instances) and preforming ongoing monitoring. The last two tips are around measuring your overall security so that you can understand your risks and measure your progress. It may be an old adage but it still rings true… You can’t manage what you can’t measure. You may have layer upon layer of defense, but unless you conduct a vulnerability assessment you don’t really know where you stand. Assess Your IaaS Conducting a vulnerability assessment includes identifying and prioritizing vulnerabilities... read more

Top 10 AWS Security Tips: #6 Secure Your Applications Using a Host-Based Intrusion Prevention System

Posted by Mark Nunnikhoven in Cloud Mar 20th, 2013 | No Comments
So far in this series, Justin and I have provided tips for securing the foundations of your AWS deployment. Taken together, these tips work to reduce the overall attack surface—the area exposed to the outside world—of your application. Now it’s time to add the next layer of controls to you application, starting with a host-based intrusion prevention system or IPS. Why IPS? At this point we’ve already disabled unused services on our instances and have blocked any unnecessary inbound ports using our firewalls. This is a fantastic start but it really only reduces the area we present... read more

Top 10 AWS Security Tips: #4 Protecting Guest Operating Systems

Posted by Mark Nunnikhoven in Cloud Mar 6th, 2013 | No Comments
Last week, Justin covered some of the high level issues around AMI development. This week, we’re going to take a look at how to protect the guest operating system running on your EC2 and VPC instances. AWS Recommendations AWS had published quite a few papers around their services. AWS Security Best Practices [PDF] and AWS Risk and Compliance [PDF] stand out as excellent security resources. In the best practices paper, under the section “Secure your Application” (pg. 4), they make a few recommendations which boil down to: patch ASAP use recommended secure settings for operating... read more

Top 10 AWS Security Tips: #3 Build a Secure Base Amazon Machine Image (AMI)

Posted by Justin Foster in Cloud Feb 28th, 2013 | 1 Comment
In our previous top tips for AWS security we looked at hardening access to your AWS resources through proper use of IAM, policies and authentication. In this tip we turn our focus to hardening your Amazon Machine Images (AMI). No matter whether you pronounce it A.M.I or Ahhh-ME (as the AWS folks do) your machine images are an important part of building applications on AWS. AMIs form the foundation of ‘Instances’ or the running machines in EC2 or VPC. AMIs can be private, communal or from the AWS marketplace. AMIs may include only the operating system, foundation for your application... read more

What does the Oracle at Delphi say about IaaS cloud offerings?

Posted by Jonathan Gershater in Cloud Dec 17th, 2012 | No Comments
Referencing Wikipedia: The Pythia , commonly known as the Oracle of Delphi, was the priestess at the Temple of Apollo at Delphi, located on the slopes of Mount Parnassus. The Pythia was widely credited for her prophecies inspired by Apollo. Amazon Web Service’s (AWS) first user conference in November 2012 was over-subscribed and sold out. Given that the company offers all the infrastructure you need (and then some) in a public cloud: Linux and Windows instances, databases, storage, elastic load balancers, messaging…. it has become apparent that Infrastructure as a Service... read more

It Gets Cloudy at Dell World

Posted by Dave Asprey in Cloud Dec 13th, 2012 | 2 Comments
Dell World this week was huge. In addition to turning up the cloud strategy to full volume, Dell had Bill Clinton as a guest speaker. Very worthwhile conference, especially the Dell World Social Think Tank: IT Innovation, where I joined about 10 senior cloud thought leaders and another dozen execs from Dell for an invitation-only discussion about the future of innovation in IT. (Hint: it’s all about the cloud and mobile). Check out the highlights here. This post is full of some juicy details because Dell provided some time with Kevin Jones, Dell’s VP & GM of Infrastructure and Cloud Computing... read more

What Are the True Dangers of the Cloud?

Posted by Christine Drake in Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization Sep 8th, 2011 | 7 Comments
We often hear that security and privacy concerns are the main inhibitors to cloud adoption.  But what are the true threats?  Is the cloud really more dangerous than your on-site data center?  I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation.  There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical... read more

Encryption is Not Enough for Cloud Security

Posted by Christine Drake in Cloud, Deep Security, hybrid-cloud, IaaS, Privacy, Compliance and Identity, private cloud, public cloud, Securing the Cloud Sep 1st, 2011 | 5 Comments
By saying that encryption is not enough for cloud security, I don’t mean that you also need other types of protection like server security, identity management, etc.  I think most people deploying cloud computing plan to implement more than encryption for security.  What I mean is that encryption alone is not enough in an encryption solution when it comes to cloud environments.  Of course, industry-standard encryption is essential, but it’s table stakes.  When dealing the multi-tenant nature of the public cloud, or even the inter-departmental shared resources of a private cloud, how encryption... read more

Matching Security to Your Cloud

Posted by Christine Drake in Cloud, IaaS, private cloud, public cloud, Securing the Cloud, Security, Virtualization Aug 30th, 2011 | 8 Comments
There’s a lot of talk about cloud computing and cloud security this week as many people are attending VMworld in Las Vegas (follow Trend Micro at VMworld).  But not all types of cloud security are best suited for all types of cloud computing.  When people generically refer to “cloud computing” they usually mean the public cloud.  But what about private clouds or hybrid clouds?  The May 2011 Trend Micro cloud survey results showed that companies are adopting all three models almost equally.  Although there are certainly overlaps in security best practices across these models, there are... read more

« Previous Entries