Providing Insight Into the Cloud Computing Security, Privacy and Related Threats

Cloud Security Journal

Subscribe to Cloud Security Journal : eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloud Security Journal : homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Cloud Security Journal
Gartner says by 2020, a corporate "No-Cloud" Policy will be as rare as a "No-Internet" policy is today and specifically the Infrastructure as a Service (IaaS) market is projected to continue to grow more than 25 percent per year through 2019. This surge in cloud adoption also represent...
API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API...
API security is now a central concern for Web Application Firewalls (WAF).  For over a decade, WAFs have been  a necessary component of most web-based applications deployments. WAFs typically
API Security has finally made it into mainstream security consciousness. The premiere web application security OWASP Top 10 Threats has published its Release Candidate 1 (RC 1). SD Times provided a comprehensive overview on the implications of including
According to a recent Gartner study, by 2020, it will be unlikelythat any enterprise will have a “no cloud” policy, and hybrid will be the most common use of the cloud. While the benefits of leveraging public cloud infrastructures are well understood, the desire to keep critical worklo...
Experts are debating whether the Democratic National Committee’s (DNC) email system was hacked by the Russian military intelligence service (G.R.U.) or Guccifer 2.0, a lone wolf Romanian hacker. While this is a very important question, the answer will not change the results: over 20,00...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and t...
Private, public or hybrid cloud? This is the question that is being asked by C-level executives and IT professionals across the globe, as each enterprise continues to mature its cloud strategy and rethink the earlier role of cloud and whether to move away from an all public or private ...
The recent uptick in cyber attacks across all sectors of the economy, have reinforced for CIOs the need to be able to address corporate boards and customers on their strategies for protection and resilience for the coming 2016 year. Cloud, Big Data, and the liability issues in the n...
Malicious agents are moving faster than the speed of business. Even more worrisome, most companies are relying on legacy approaches to security that are no longer capable of meeting current threats. In the modern cloud, threat diversity is rapidly expanding, necessitating more sophisti...
Today’s case of Ashley Madison getting hacked and literally being kept at ransom is a classic case of something not very new, but something we need to take a look at with a fresh set of eyes. It’s not all the trouble all their customers will get into that I’m talking about, but the mer...
The cloud isn’t a fad. Businesses that don’t make the move are falling behind the competition. According to a recent ComputerWorld study, more than 40% of IT executives said that their organizations will spend more on Software as a Service (SaaS) and a mix of public, private hybrid and...
If cloud computing benefits are so clear, why have so few enterprises migrated their mission-critical apps? The answer is often inertia and FUD. No one ever got fired for not moving to the cloud - not yet. In his session at 15th Cloud Expo, Michael Hoch, SVP, Cloud Advisory Service at...
In recent years, the US government has become a leading advocate for continuous monitoring of security threats and vulnerabilities. But how effectively are departments and agencies in implementing these programs? And how do we measure success? Moving Towards Continuous Monitoring Tho...
With recent high profile data breaches companies should ensure they have the five following file governance policies in place in their company to secure their file assets. Ensure that an Identity Management policy is in-place, is clear, and if one exists that it is validated and check...
Many businesses are realizing the advantages of moving essential business services to cloud-based models, including communications, voice, and CRM. The associated advantages of the cloud have allowed businesses to be more flexible, scalable and enjoy higher cost savings. However, these...
At the end of the year, WhiteHat Security posted an interesting blog titled, "The Parabola of Reported WebAppSec Vulnerabilities" in which a downward trend in web application vulnerabilities (as collected by the folks at Risk Based Security's VulnDB) was noted beginning in 2008 after h...
You can’t have a conversation about technology today without the topic of security breaches ending up front and center as a key concern. This is understandable with all the high profile breaches that have been occurring on what seems a regularly scheduled event. Anthem, the nation’s se...
If your business has any investment in public cloud SaaS applications, then it’s time to invest in a Cloud Access Service Broker (CASB). That’s our takeaway from the recently released Gartner security report, “Emerging Technology Analysis: Cloud Access Security Brokers.” More and more...
They say that you are only as secure as your weakest firewall. But then is it just firewalls that protect our network and the information therein, or is it the framework the policies and the processes that have cracks that let the vulnerabilities seep through? Hackers will be hackers ...
There is no universal global guideline when it comes to how data is managed, secured, and accessed. Privacy laws vary from country to country and are still being defined in the digital age. In the face of trends like consumerization, mobility, and the distributed workplace, data reside...
While news about the malicious hacking trade and the actions of elusive cyber-criminals continue to grab headlines, the third of our annual Insider Threat reports confirm that the risk posed by those legitimately ‘inside the fence’ continues to top business data security concerns. Of c...
Cloud security is a top concern for chief security officers. In almost any enterprise, cloud migration is a given fact and recent attacks have proven, yet again, that data security is a critical component in any cloud migration strategy. Below are four tips, specific to Infrastructur...
Data security has long been thought the exclusive domain of large enterprises. Why would cyber-criminals bother with small and midsized companies when the big prizes are to be found hacking into large organizations? Unfortunately an increasing number of smaller companies find themselv...
Eighty-nine percent of knowledge workers retain access to the sensitive corporate applications and files of former employers. Earlier this year, a member of the team at Site-Eye, one of the top time-lapse film companies in the UK, noticed a disturbing problem with one of its client'...
Cloud security is a top concern for any organization migrating to the cloud. The threats are many. For example, the fact your data resides in a shared, multi-tenant environment is a threat that has become a reality with the latest Xen virtualization bug, which allowed a malicious fu...
Target. Home Depot. Community Health Systems. Nieman Marcus. Their names have been all in the news over the past year, though probably not in a way they would like. All have had very public data breaches affecting anywhere from 350,000 (Nieman Marcus) to 4.5 million (Community Health S...
This week's "bad news" with respect to information security centers on Facebook and the exploitation of HTTP caches to affect a DDoS attack. Reported as a 'vulnerability', this exploit takes advantage of the way the application protocol is designed to work. In fact, the same author who...
While organizations spend the next few days and weeks patching OpenSSL vulnerabilities, the realization is setting in that we may never know the full extent of the damage caused by Heartbleed. Although Heartbleed was only announced in early April, it has actually been present in OpenS...
There are things we tend to take for granted in our everyday lives. We have certain expectations that don’t even have to be spoken, they’re just a given. If you walk into a room and turn on the light switch, the lights will go on, it’s assumed. If you turn the water faucet on, water wi...
Once you learn the definition of shadow IT, it shouldn’t be too shocking to learn how widespread it is at companies large and small all over the world. I hate to assume, but the odds are, that you yourself have used a non-IT approved SaaS option for the same reason as everyone else, m...
Skyhigh Networks releases their second edition of the Cloud Adoption and Risk Report. As with the first edition of the report, the purpose of the report is to provide hard data on the actual use of cloud services within enterprises of all sizes. This report summarizes data from approxi...
We’ve touched on cloud security risks here on the Ananova blog in the past. In case you missed any of the articles, here’s a quick fact: cloud hosting is just as risky as traditional hosting. While it may seem as if it is more vulnerable to hacker attacks, that is just simply not true....
DNS, like any public service, is vulnerable. Not in the sense that it has vulnerabilities but vulnerable in the sense that it must, by its nature and purpose, be publicly available. It can't hide behind access control lists or other traditional security mechanisms because the whole poi...
Threats to cloud infrastructure are widely discussed, but much of the talk is based on assumptions — the cloud must be less secure — and fears — this is something new, so I don’t quite understand all the implications yet. OK, we will say it: Security is an issue in the cloud … and in...
The new and enhanced HIPAA omnibus standard brings an interesting question with regards to cloud security and the shared responsibility model in IaaS clouds. Since the release of the HIPAA omnibus, we’ve received many questions around “BAA” agreements, and how the responsibility split ...
Another month brings another new study highlighting security concerns as the leading barrier to cloud uptake in the enterprise. Rather than decreasing, it seems like the concerns are going in the other direction. Security breaches (such as those at iCloud and DropBox) continue to make ...
With the endorsement by the Federal Financial Institutions Examination Council (FFIEC), smaller financial institutions which a beholden to many compliance audits and security issues can now explore the possibility of outsourcing security features from the cloud. Now these organizations...
The costs of holistic security are very different from company to company when considering direct costs, soft costs, hidden requirements, scope of services, and migration issues. What is it they say…you get what you pay for, right? In most cases, that is a spot on assessment but in te...
It happens every day. Someone in sales or research or HR or some other department finds an application they think might help with their goals--and they download it without any approval from IT. Seems harmless enough, but the creation of this Shadow IT actually creates more problems and...