Providing Insight Into the Cloud Computing Security, Privacy and Related Threats

Cloud Security Journal

Subscribe to Cloud Security Journal : eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloud Security Journal : homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API is orders or magnitude larger than any other attack surface area. Consider the fact the APIs expose cloud services, internal databases, application and even legacy mainframes over the internet. What could go wrong? API Security has been added to OWASP Top 10 2017 - RC1. This is a commendable step taken by the web application security thought leaders and is a clear indication of where the industry is heading. Security professionals have all the tools and awareness to fence in applications, databases and legacy systems through firewalls. OWASP has served the security professionals well... (more)

Cloud People: A Who's Who of Cloud Computing

Behind every cloud service or cloud-based solution, there are real people... A robust ecosystem of solutions providers has emerged around cloud computing. But who are the CEOs & CTOs behind those providers, who are the internal and external entrepreneurs driving companies involved in the Cloud, who are the leading engineers, developers, analysts, researchers, marketing professionals, authors...who, in short, are the people behind the cloud? This list will be updated weekly between now and November 4-7, 2013, when 13th Cloud Expo | Cloud Expo Silicon Valley opens its doors in the Santa Clara Convention Center, in the heart of California's Silicon Valley. Here are some highly prominent "Cloud People" to kick off with... RANDY BIAS | @randybias "Randy Bias is visionary. He sees things others don't." [Emphasis added.] That is how Mårten Mickos puts it, as succinctly as ever.... (more)

The Top 250 Players in the Cloud Computing Ecosystem

In the run-up to the next Cloud Expo, 7th Cloud Expo (November 1–4, 2010) being held at the Santa Clara Convention Center in Silicon Valley, it's time to give my earlier list a complete overhaul. Here, accordingly, is an expanded list of the most active players in the Cloud Ecosystem. I have increased it from the 'mere' 150 I identified back in January of this year, to 250, testimony – as if any were needed! – to the fierce and continuing growth of the "Elastic IT" paradigm throughout the world of enterprise computing. Editorial note: The words in quotation marks used to describe the various services and solutions in this round-up are in every case taken from the Web sites of the companies themselves. Omissions to this Top 250 list should be sent to me via Twitter (twitter.com/jg21) and I will endeavor to include them in any future revision of this newly expanded rou... (more)

Enomaly Launches Cloud Readiness Assessment Service

I'm happy to announce that Enomaly has launched a new Cloud Readiness Assessment Service for enterprises looking to take advantage of the economic and technical benefits that cloud computing offers. Determining the optimal opportunities for cloud computing can be difficult, not every application is suitable for the application of cloud technologies. Complex business requirements as well as technology factors will allow some applications to benefit from the application of cloud computing technologies while others can not. Identifying opportunities for the effective and rapid application of cloud computing can produce immediate benefits in reduced costs, shortened delivery lifecycles, better user experience, and improved service levels — but identifying these opportunities can be an error-prone and process. Organizations are now under pressure to take action; however, ... (more)

Five Reasons to Choose a Private Cloud

As enterprise interest in cloud computing offerings and concepts continues to increase, the number of solutions in both the public and private cloud spaces increases as well. There's been much debate over public versus private cloud, even to the point of debating whether there can be such a thing as a private cloud. I'm not here to debate the latter (in my opinion the location of the service has nothing to do with whether or not it is a cloud), but rather I want to take a look into why consumers would choose private clouds over their public counterparts. During the last several months, Ive been lucky enough to chat with numerous enterprise users about their thoughts on cloud computing. Quite a few of these users are already utilizing the cloud on some level, and they are doing this by leveraging both public and private clouds. In my experience, enterprises have bee... (more)

The NSA Can't Stifle Cloud Momentum

InfoWorld's been doing a bang-up job covering the NSA spying scandal from the get go, and this blog from David Linthicum titled, “Let the NSA spy on us - We’re still moving to the cloud,” continues the trend. The Cliff's notes: In an IDG News survey, high-ranking IT executives in North America and Europe were asked about the effect the NSA snooping practices have had on their cloud computing strategy. Despite the furor over the NSA, these leaders are still committed to the cloud. Linthicum talks about the dollars and cents, that efficiency and agility benefits that the cloud provides to the enterprise far outweighs any concern that the NSA might be tapping into their communications. This echoes what we hear every day from our customers, but with a little more nuance that goes beyond quantifiable business benefits. For example, while there’s been a lot of water-coole... (more)

[video] @CloudExpo Private Cloud Panel | #IoT #PaaS #BigData #DataCenter

The Hybrid Era: Where Is All the Private Cloud? Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers? In this power panel at 19th Cloud Expo, moderated by Conference Chair Roger Strukhoff, Randy De Meno, Chief Technologist - Windows Products and Microsoft Partnerships, Commvault; Adam Rogers, Managing Director at ANEXIA; Yi Zheng, CPO and VP of Engineering at CDS Global Cloud; addressed these serious questions and examine the state of public and private cloud in the ... (more)

VMware Releases vCloud API Under Open Source License

For anyone interested, VMware has launched their Vcloud API specification. They describe their new "open" vCloud API as an interface for providing and consuming virtual resources from the cloud. It enables deploying and managing virtualized workloads in internal and external clouds. The vCloud API allows for upload and download of vApps along with their instantiation, deployment and operation. According to the vCloud FAQ, the API does not expose any aspect of the physical infrastructure (servers, storage, networks) or how the physical infrastructure is virtualized. In a cloud service only virtual forms of the infrastructure can be exposed through the API. The pure virtual nature of the API also helps make the API simple to use and implement I also found this tidbit interesting. For a cloud service to be multi-tenant, both its API and its implementation must support mu... (more)

Cloud Computing & Federal IT - What Does the Future Hold?

In a fast-moving discussion panel to round off an intense day of breakout sessions that is due to kick off with a keynote on Enterprise Cloud Computing by the Deputy CIO of the CIA, a SYS-CON.TV "Power Panel" at the 1st Annual Government IT Expo on October 6 in Washington DC will seek among other topics to match emerging federal cloud computing requirements against emerging capabilities from cloud providers to reveal the most advisable course of action for Federal decision makers. It will be moderated by Jeremy Geelan, GovIT Expo Conference Chair. Register Now For This Panel FREE with VIPguest Coupon Code (First 50 registrations): VIPguest [case sensitive] Register Today for GovIT Expo Sponsor and/or Exhibit at GovIT Expo View the Full Conference Schedule About the Panelists: Bob Gourley - Crucial Point Bob Gourley, former CTO of the Defense Intelligence Agency (DIA), ... (more)

Seeding the Cloud: The Future of Data Management

PowerBuilder Session at Cloud Expo Doing more with less is a familiar refrain for IT professionals, and today's challenging business environment has only increased the pressure on managers to achieve efficiencies, maximize performance and improve responsiveness of the data center. More and more frequently, IT is turning to virtualization to accomplish its mission-critical goals. The hot new trend in cloud computing is a natural extension of this drive toward virtualization. In the case of the public cloud, IT can add processing power and infrastructure as needed, and in the case of the private cloud, IT can improve the utilization of existing infrastructure. In other words, cloud computing platforms offer IT the opportunity to increase efficiencies and become more agile, transforming the data center into an environment that delivers greater benefits to end-users. ... (more)

Microsoft Open Source Chief Goes to the Cloud

Cloud Computing on Ulitzer Sam Ramji, Microsoft’s open source defector, whose imminent departure from the company became widely known when Microsoft set up its own CodePlex open source foundation a few weeks ago, has turned up at five-year-old cloud start-up Sonoa Systems, where he will head product strategy and business development. Sonoa, which has little open source exposure so far, does something called ServiceNet, which is supposed to set security and scaling policies for cloud-based services, acting as a proxy server between the service provider and the consumer. It says it provides the visibility, management and governance required to make cloud services and APIs as robust, compliant and scalable as internal on-premise applications. It uses a network-router design that supports the high concurrency required by the cloud with extremely low latency. The stuf... (more)