Providing Insight Into the Cloud Computing Security, Privacy and Related Threats

Cloud Security Journal

Subscribe to Cloud Security Journal : eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloud Security Journal : homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

According to a recent Gartner study, by 2020, it will be unlikelythat any enterprise will have a "no cloud" policy, and hybrid will be the most common use of the cloud. While the benefits of leveraging public cloud infrastructures are well understood, the desire to keep critical workloads and data on-premise in the private data center still remains. For enterprises, the hybrid cloud provides a best of both worlds solution. However, the leading factor that determines the preference to the hybrid cloud, among other things, is "security." Moreover, as the growth of the public cloud infrastructure continues, it is not hard to observe two key directions of focus by the cloud providers, namely: The geographical expansiveness of their public cloud infrastructure to grow the number of availability zones The richness of their services catalog to ensure cloud adopters are n... (more)

API Security: OWASP 2017 RC1 Gets It Right | @CloudExpo #API #SOA #Microservices

API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API is orders or magnitude larger than any other attack surface area. Consider the fact the APIs expose cloud services, internal databases, application and even legacy mainframes over the internet. What could go wrong? API Security has been added to OWASP Top 10 2017 - RC1. This is a commendable step taken by the web application security thought leaders and is a clear indication of where the industry is heading. Security professionals have all the tools and awareness to fence in applications, databases and legacy systems through firewalls. OWASP has served the security professionals well... (more)

Cloud Computing and Data Residency Laws

Cloud service providers store data all over the globe, and are constantly moving that data from one datacenter to the next for reasons as wide-ranging as cost considerations and redundancy requirements. Does this mean that the requirements outlined in varying data residency laws and privacy regulations are directly at odds with how cloud computing works? The question is an especially delicate one when the cloud service provider stores and processes data in a jurisdiction that is perceived to have far less stringent privacy and data protection requirements - or may allow government agencies far broader data subpoena powers. Since the cloud computing model relies on distributed infrastructure to generate cost and flexibility benefits for customers, building a datacenter in each data residency jurisdiction quickly becomes cost-prohibitive. And, applying a set of const... (more)

Cloud Expo, Inc. Names Carmen Gonzalez CEO

SYS-CON announced today that "Cloud Expo, Inc." has spun out of SYS-CON Events, Inc. as a startup events management company which produces and presents Cloud Expo (TM) events worldwide. Cloud Expo, Inc. launched Cloud Expo (TM) events in 2007, and currently producing Cloud Expo East, Cloud Expo West, Cloud Expo Europe, Cloud Expo Tokyo, Cloud Expo Prague, Cloud Expo Hong Kong, and Cloud Expo Sao Paolo. All Cloud Expo marks and trademarks are registered trademarks of Cloud Expo, Inc. worldwide. Carmen Gonzalez was named CEO of Cloud Expo, Inc. Carmen served as the co-founder, president, and chief operating officer of SYS-CON Media since 1994. In this capacity, Carmen was in charge of SYS-CON's sales and marketing functions. Under her leadership, the company was named by Inc 500 among the fastest-growing 500 privately held companies in North America three years in a... (more)

The Top 250 Players in the Cloud Computing Ecosystem

In the run-up to the next Cloud Expo, 7th Cloud Expo (November 1–4, 2010) being held at the Santa Clara Convention Center in Silicon Valley, it's time to give my earlier list a complete overhaul. Here, accordingly, is an expanded list of the most active players in the Cloud Ecosystem. I have increased it from the 'mere' 150 I identified back in January of this year, to 250, testimony – as if any were needed! – to the fierce and continuing growth of the "Elastic IT" paradigm throughout the world of enterprise computing. Editorial note: The words in quotation marks used to describe the various services and solutions in this round-up are in every case taken from the Web sites of the companies themselves. Omissions to this Top 250 list should be sent to me via Twitter (twitter.com/jg21) and I will endeavor to include them in any future revision of this newly expanded rou... (more)

Cloud People: A Who's Who of Cloud Computing

Behind every cloud service or cloud-based solution, there are real people... A robust ecosystem of solutions providers has emerged around cloud computing. But who are the CEOs & CTOs behind those providers, who are the internal and external entrepreneurs driving companies involved in the Cloud, who are the leading engineers, developers, analysts, researchers, marketing professionals, authors...who, in short, are the people behind the cloud? This list will be updated weekly between now and November 4-7, 2013, when 13th Cloud Expo | Cloud Expo Silicon Valley opens its doors in the Santa Clara Convention Center, in the heart of California's Silicon Valley. Here are some highly prominent "Cloud People" to kick off with... RANDY BIAS | @randybias "Randy Bias is visionary. He sees things others don't." [Emphasis added.] That is how Mårten Mickos puts it, as succinctly as ever.... (more)

A Security Analysis of Cloud Computing

Security Pavillion at Cloud Expo With its ability to provide users dynamically scalable, shared resources over the Internet and avoid large upfront fixed costs, cloud computing promises to change the future of computing. However, storing a lot of data creates a situation similar to storing a lot of money, attracting more frequent assaults by increasingly skilled and highly motivated attackers. As a result, security is one - if not the - top issue that users have when considering cloud computing. Cloud Security Concerns Storing critical data on a cloud computing provider's servers raises several questions. Can employees/administrators at the cloud provider be trusted to not look at your data or change it? Can other customers of the cloud provider hack into your data and get access to it? Can your competitors find out what you know: who your customers are, what custom... (more)

How Do You Eat a Network Security Elephant?

One byte at a time. Now before you roll your eyes at my stupid pun, consider the deeper wisdom to this IT twist on an very old adage. Security is big. It encompasses a great many definitions, confronts a great many issues and is addressed through a great many solutions using a great many formats. For many organizations, it can be an overwhelming proposition. Beyond the issues of data defense, regulatory compliance, traffic management, identity regulation, archiving, reporting, access control, intrusion detection, encryption, app administration, help desk assistance, there is the job the IT pro was hired to do…ensure the smooth technical operation of their organization. Securing the disappearing network perimeter and beyond has become more than a full-time job in itself. This is a Gordian Knot conundrum for smaller enterprises and SMBs. In many cases, they are under... (more)

Prevention Not Detection Is the Key to Better Security

The high cost of unwanted intrusion and malware across corporate networks is well known. Less talked-about are the successful ways that organizations are thwarting ongoing, adaptive and often-insider-driven security breaches. Companies are understandably reluctant to readily discuss either their defenses or mishaps. Yet HP, one of the world's largest companies, is both a provider and a practitioner of enterprise intrusion detection systems (IDS). And so we asked HP to explain how it is both building and using such technologies, along with seeking some insider tips on best practices. [Disclosure: HP is a sponsor of BriefingDirect podcasts.] And so the next edition of the HP Discover Podcast Series explores the ins and outs of improving enterprise intrusion detection systems (IDS). We learn how HP and its global cyber security partners have made the HP Global Network ... (more)

Cloud Computing Intellectual Property Law: Part 3 | @CloudExpo #Cloud

Cybersecurity and the security of the data in the cloud is a hot topic. The number of companies hacked and the magnitude of losses have been growing at an alarming rate. Earlier this year, an international hacking ring stole as much as $1 billion from over 100 banks in 30 countries in what may be the biggest banking breach ever, and personal information for four million current and former federal employees was stolen when hackers breached the U.S. government's computer networks. What about your company's trade secrets? Are they next? In the "old days" the protection of trade secrets was a simple as locking up your company's code or formula in a safe or a secure, access-restricted area. But in today's connected world, where data is often stored on networks designed to be accessed remotely and shared by many employees, "locking up" confidential information while allo... (more)

IBM Cloud Computing Use Cases Group Releases Draft White Paper

IBM's experiment with group authorship for Cloud Computing interoperability is starting to pay off. Earlier today, Doug Tidwell posted the first draft of a Cloud Computing Use Cases White Paper produced extensively via a new Google group created to help define the various use case requires. The white paper was also released under a Creative Commons License with the intention of remixing for use within other white papers and marketing materials. In an email by Tidwell he said everything in the paper comes from the comments posted on the Google group. But also admits there are several areas that need a lot more discussion. The introduction of the whitepaper states that it utilizes existing customer based scenarios with the goal of highlighting the capabilities and requirements that need to be standardized in a Cloud environment to ensure interoperability, ease of integr... (more)