Christine Drake in
Cloud, Cloud-based Security, SaaS, Security, Smart Protection Network, Threats
Jan 19th, 2012 |
When people talk about cloud security it can mean either 1) security for the cloud—security that protects your cloud initiatives, like protection for virtual machines or data stored in the cloud; or 2) security from the cloud such as Security as a Service that uses the cloud to deliver some aspect of protection, like hosted email or web security. Here, I’d like to focus on security from the cloud that’s delivered in a hybrid model—a cloud-client architecture.
Using the cloud for security can deliver faster threat protection and better security. Traditional security has relied on signature...
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization
Apr 7th, 2011 |
For years now, if you knew where to shop on the shady side of the Internet cloud, you could pick up a botnet for cheap. But it was so much work to log in to IRC and pay with egold that a busy cybercriminal just couldn’t be bothered.
That’s not a problem anymore, thanks to Robopak. Applying the latest cloud provisioning and marketing analytics technologies, they’ve created an entirely new type of cloud service, Exploits as a Service, or EaaS. Robopak’s EaaS lets you pay as little as $30 per day to access Java, PDF, and IE exploits and roll them out to build your cybercrime...
Dave Asprey in
Cloud, Cloud-based Security, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Threats from the Cloud
Mar 22nd, 2011 |
In our hectic cloud-based world, devops (the mixing of infrastructure operations with software development) has become the standard way we build and run high-scale sites from IaaS to SaaS. There are lessons to be learned from how we got here, especially because devops isn’t very security friendly.
Here’s how we got to this sorry state, from the perspective of someone who started working on cloud infrastructure in 1998. I’ve run both dev and ops functions in multiple cloud environments and launched two early cloud computing services. I also ran the Web & Internet Engineering program for...
Jon Oliver in
Cloud, Cloud-based Security, Cyber crime, Malware, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud
Jan 17th, 2011 |
Today’s threat landscape has required security vendors to change their approach to protecting customer data. TrendLabs℠, Trend Micro’s threat research arm, states there are now 3.5 new threats released every second by cybercriminals. Traditional approaches to security just cannot keep up with this. Those traditional processes looked like this:
Customers would submit a suspicious file to their security vendor for analysis
The security vendor would analyze and confirm it as malicious
A signature would be created to identify that file as suspicious
The signature file would be published...
Dave Asprey in
Cloud-based Security, Cyber crime, Privacy, Compliance and Identity, Secure Data Centers, Securing the Cloud, Threats from the Cloud, Virtualization
Dec 9th, 2010 |
On December 5, 2010 the Washington Post printed this article: “Federal government moves forward with ‘cloud-first’ plan for new technology.”
Trend Micro asked our VP of Cloud Security, Dave Asprey, to provide his thoughts and opinions about this government plan. Here is what Dave wrote:
It’s exciting to see that the GSA is leading the way to modernize the federal government’s IT by moving to “the cloud.” However, in the rush to save money, the GSA may be repeating some mistakes that company IT departments have already made. To go to the cloud, the GSA had to...
John Maddison in
Apr 26th, 2010 |
With Cloud computing at front and center stage of IT conversation, a sub group, Software as a Service (SaaS) Security, has benefited from the tailwind. Infonetics Research recorded growth of 70% in 2009 and IDC in their Worldwide Security as a Service 2009-13 Forecast predicts a market of $2B this year. Last September Larry Ellison of Oracle ridiculed cloud computing. I think unless there is a fundamental shift in attitude it is going to be very hard for traditional software vendors to fully commit to the new model.
It reminds me a bit of 5-6 years ago when security appliances started to hit the...
Justin Foster in
Cloud-based Security, Securing the Cloud, Virtualization
Sep 30th, 2009 |
Cloud-based security as a service offerings have seen a steady increase in popularity, due to the benefits that the deployment model provides. Security as a service enables rapid provisioning, cost savings and enhanced security through real-time updates and the community effect.
With the explosive adoption of public cloud computing it’s time we apply the techniques used to provide security FROM the cloud, to provide security FOR the cloud.
In public cloud environments like Amazon Web Services (AWS), the Elastic Compute Cloud (EC2) instances only provide firewall as a service. It’s up...
John Maddison in
Sep 29th, 2009 |
It’s been almost four years ago since I started to look at the SaaS security model for Trend Micro. To be honest, being a software company, it was very hard getting anybody’s attention. However, the team persisted and sometimes learnt the hard way around what it takes to deliver high availability SaaS applications. Software as a Service (SaaS) is now a well established, cost effective way to deliver traditional software applications without the investment in infrastructure and qualified personnel. The most adopted applications for SaaS are around productivity such as CRM and ERP. However,...